All too often colleges and universities are viewed in the security community as weak links that are easily exploited by those intent on causing harm or disruption to networks connected to the Internet. As such, they are often viewed as Internet pariahs, outcasts on the Internet not conforming to the accepted rules of behavior in terms of securing their infrastructures. This does not have to be the case, however, and colleges and universities can actually become community leaders in security. This paper discusses how an academic institution can take a prominent role in the community through leadership in a community cyber security exercise. The paper describes the Dark Screen exercise conducted in San Antonio, Texas and the university’s role in conducting this and other exercises.

As Information Security and Assurance programs are designed and implemented throughout the country, many academicians begin to struggle with the development of this new and exciting curriculum. Information Security represents an area distinct from traditional Information Systems, Computer Science or Information Technology fields, yet shares some of the same challenges in managing a technology based field. Those not familiar with the specifics of the Information Security professional will find it difficult to develop curriculum without outside support. The purpose of this draft model curriculum is to provide best practices and lessons learned from a study of numerous programs throughout the country. It is an ongoing project that welcomes outside input.

Within the last two decades, Federal agencies have been directed to engage in large-scale change efforts to develop and implement IT security programs that protect organizational assets. These efforts have been guided by regulations such the Federal Information Security Management Act (FISMA) and Office of Management and Budget Circular A-130, Appendix III, each of which specify that programs must be designed and executed immediately. All too often, program development efforts focus on compliance with these regulations and do not take action that supports changing cultural values. This paper advocates Federal agencies taking an approach to program development that reaches beyond compliance and enables cultural change. In doing so, this paper discusses how individual behavior change and organization-wide cultural change occur. Finally, the paper provides a step-by-step process for establishing a communications element within the IT security program to enable lasting change.

At the 7th Annual CISSE conference, 2003, a case study was presented regarding adding information assurance to the curriculum of a small private university in the Pacific Northwest with only a moderate budget and without hiring additional permanent faculty. In this paper, we continue to describe the evolution of that curriculum, this time describing the challenges of finding the best way to teach computer forensics, a cross-discipline subject that requires not only technical expertise, but an understanding of the relevant legal and evidence-collecting guidelines that govern a computer forensics investigation. This paper discusses strategies used to design a computer forensics course that combines all of the necessary elements in a way that actively engages students in their own learning. Using resources available within the community and building the course around a business game, the school was able to launch an enthusiastically received course. Central to the curriculum, the business game allowed students to learn while simulating a real world criminal investigation culminating in an actual courtroom where students used the products of their investigations to testify as "expert witnesses." The original stimulus to create this course came from an NSA Center of Excellence (University of Idaho) sponsored Computer Forensics Workshop that encouraged universities with an information assurance track to introduce courses in Computer Forensics. The lessons learned from this effort could prove useful to other universities contemplating similar attempts.

This paper discusses the trends in crime to utilize computer systems and the Internet and the resultant need for law enforcement to be knowledgeable about computer systems. Law enforcement’s education needs in electronic forensics is discussed, followed by the description of a masters program designed to give specific skills in the area of computer forensics and the associated technologies to meet those needs.

This paper responds to issues recently raised by Valli [1] and Schou [2] on the issues of the development of a modern undergraduate IT Security (Information Assurance) curriculum which links professional certification to academia. It details methods by which both industry standards, perspectives and research questions and also the (ISC)2 body of knowledge may be embedded in the undergraduate IT Security curriculum and thus both academia and the IT Security profession may be satisfied.

If we want to correlate alerts from various intrusion detection system (IDS) sources, its is necessary that the sources of alerts agree on what they actually are seeing, on how to report what they are seeing and on the amount of information they should report. In this paper, we review the Intrusion Detection Message Exchange Format (IDMEF) data model as an event data exchange mechanism and analyze how different correlation algorithms are being utilized in real-life systems. Based on these analyses, we propose a simple taxonomy of intrusion alert correlation algorithms, to complement the IDMEF data model.

This paper describes the methodology, implementation and results from the formation and execution of an undergraduate information assurance student group. In February 2001, our institution formed a student chapter of the Association for Computing Machinery’s Special Interest Group for Security, Audit and Control (ACM-SIGSAC) due to extensive interest by the student body in computer security and information assurance, as well as an awareness of the critical need by the faculty. This was the first information assurance student chapter formed out of the more than 600 ACM student organizations worldwide. The chapter was formed with an interdisciplinary approach in order to include a larger portion of the student body and thus influence a larger audience. This approach proved successful. Over the past three years, the group has grown from an idea to a vibrant organization of approximately 600 students. We believe that we have struck a chord with the students that merits examination. The primary goal of this paper is to provide a descriptive resource to educators who wish to implement a student information assurance group. It includes the purpose and methodology behind the formation of the group, our successes and failures, our lessons learned, and potential future directions.

Despite an urgent need to protect information in computer systems critical to business and government, the inadequacy of many security products combined with overmarketing and overstated claims leaves information managers with nowhere to turn. Cyber security education is needed to provide a population of individuals who can make sound choices for the operation and acquisition of information protection. A prerequisite is an adequate population of educators. We describe workshops intended to help educators new to the area of Information Assurance. The multiple objectives are: to identify key foundational topics to educators, to teach lessons learned regarding topics difficult to convey to students, and to create a sense of community among Information Assurance educators.

Education and training in the discipline of information assurance must allow for a dual approach to this activity. This dual approach becomes clear when the problem of “expert witnessing” in the information technology area during legal proceedings is considered. The basic concern lies in the need to clarify educational objectives against a background of two different and often opposing “market” demands on the education and training process as well as on the underlying discipline content. The two opposing “forces” may be categorized as firstly the “computer science and engineering (CSE)” or “base technology” approach while the second may be identified as the “information systems (IS)” or “business requirements” approach, mirroring the debate in the general IT education arena.

Powered by Phoca Download