Archives

In this paper, we present our experiences of the first phase of our proposed two phase project for incorporating standardization and virtualization approaches in the undergraduate and graduate computer security courses and curriculum at pilot universities and various community college institutions. We detail as a case study our experiences by developing a model for generating faculty, laboratory instructor and most importantly student interest in imparting and disseminating computer security education.

Several educators have noted the benefits of providing students a hands-on experience in security education. Different approaches, such as traditional labs, competitions, virtual labs, and simulated web labs have been proposed. At our institution, we have used a variety of different approaches over the years and have concluded that the best approach depends on the complexity of the concepts being taught and the student background in the area. As a result, we now use a combination of lab approaches based on the subject. This paper will describe the different ways of providing hands-on labs, our decision process for the appropriate format, and our experiences with using this approach.

In the area of computing, there are a plethora of curricular and training standards that attempt to define content for a computing curriculum. In addition, there are several accrediting bodies and standards. The task of building and maintaining a degree program aligned with one or more of these standards is a daunting one. Maintaining the appropriate documentation for managing such a process is time-consuming and space-intensive.

The demand for information systems security education has never been higher, while the availability of high-quality information systems security instruction and of well-qualified instructors are both extremely limited. Meeting the demand requires converting teaching from an individual activity to a community-based research activity. As a result, Carnegie Mellon University’s Open Learning Initiative and the Software Engineering Institute’s CERT® Program have collaborated in the development of an online secure coding module that exemplifies how to capture expert content, ensure high-quality learning, and scale to meet rapidly growing demand. This paper describes this effort and how high-quality information systems security instruction can be scaled to meet existing and projected demand.

A number of cyber security competitions currently exist. Some are aimed at high school students, some at professionals, and some at security professionals. By far the largest number of competitions take place at the collegiate level. Currently there is very little that ties these competitions together and at times it may seem that the competitions themselves are competing against each other. For these competitions to take the next step toward establishing themselves collectively as a recognized competition program they need to come together and establish a Collegiate Cyber Security Championship Cup and the program that would run it.

The modern world of computing familiar to most college students is one based on mobile devices that rely increasingly on cloud storage. In this world, all students need to have a conceptual and practical understanding of the inherent computing, data, and privacy/security issues involved, but most institutions treat CyberSecurity education only as part of the institution’s computing or information security curricula. At best, most students are introduced to this modern world through superficial courses on using mobile devices. The authors propose to make computer security and information assurance part of the general education for all undergraduates.

Computers have controlled physical systems for decades, but increasingly today, these systems are being interconnected to enterprise IT systems via the Internet. The reasons revolve around efficiency, but the practical matter is that IT personnel are encountering these non-standard IT systems and must learn to integrate them into their operational world. To introduce students to the world of SCADA networks and protocols, together with the operational and security requirements, a laboratory facility is designed and constructed with accompanying curriculum.

Discussion on cyberwarfare or information warfare has been dominated by visuals of high tech command centers with giant plasma screens. Tactical exploitation of captured enemy digital devices: laptops, handhelds, PDAs, cell phones, etc. is sometimes neglected. One of the growing challenges posed by the growth of digital information and digital devices is how to train the existing combat force for safe exploitation of captured digital devices. Auburn University researchers have been participating in an ongoing training effort to re-task injured service members to serve as digital investigators.

Current information security education approaches tend to focus on theories and concepts. Although these conventional education strategies have their own advantages, students can also benefit from pedagogical strategies that are more interactive and scenario-driven. In particular, the current net-generation of students are often more likely to prefer learning in a feedback-rich and contextualized environment. Therefore, an environment in which learning occurs in a game-like context can be highly effective in teaching students information security topics, especially in introductory courses.

Tasked with a goal of increasing profits for their shareholders, corporations are fleeing to the cloud to help defray some of the costs of doing business. Unfortunately, much of this mass migration is being done without adequate consideration for the security implications of moving to a potentially multi-jurisdictional environment. In this paper, we explore cloud service consumers from an educational perspective and provide discussion of some scenarios that can be used in an academic setting to increase awareness of some of the important security considerations that should be investigated prior to making a move to a cloud platform.