Archives

Tasked with improving enrollment and retention, institutions of higher education are increasingly utilizing online delivery in the battle to attract and retain students. Understanding effective online practices can improve the learning experience for both students and the institution. In this paper we describe the results of two studies whose purpose was to identify some best practices in online delivery of master’s level information assurance education utilizing a hybrid synchronous (real-time) and asynchronous delivery method.

In early 2012 the Information Assurance Courseware Evaluation (IACE) program certified a textbook as conforming with the training standard for information security professionals. The textbook was specifically developed to cover the training standard's requirements with the sole prerequisite of a basic computing course. This posed a series of challenges. The curriculum standard, published in 1994, does not attempt to outline an effective course of study and it is out of date in many ways. Some required topics are unlikely to appear in introductory or second-year courses. Moreover, the standard requires several technical topics whose details were previously classified and thus are poorly covered in the general literature.

In 2008, the director of the CIA Clandestine Information Technology office concluded that the US is short of 20,000 to 30,000 skilled cyber security specialists. At that time, there were to most reckonings only 1,000 experts. Yet there remains a relatively vague definition of what constitutes a skilled cyber security specialist and what skills such an individual should possess. In this paper we discuss what constitutes a cyberspecialist and how this differs from the typical view of Information Assurance and Security. We also note the connections between the cyber and physical domains. In conclusion we recommend key knowledge points and skills that we believe are key in securing, defending and protecting cyberspace.

Critical infrastructures such as the Supervisory Control and Data Acquisition (SCADA) systems have succumbed to the demands of greater connectivity. Although the scheme of connecting these critical equipment and devices to cyberspace has brought us tremendous convenience, it also enabled certain unimaginable risks and vulnerabilities. These risks and vulnerabilities are very critical to our daily existence and are perilous to ignore. This paper presents an overview of the vulnerabilities of SCADA systems. Also described are proof-of-concept methods of attacking some of these vulnerabilities.

Many Information Assurance courses include privacy topics. However, many of them do not address privacy issues systematically and comprehensively. Those courses do not offer students a complete picture of privacy from both data providers’ and data collectors’ perspectives. A coherent and consistent curriculum framework on teaching privacy needs to be defined. Moreover, students learn about possible invasion of privacy as a result of poor information system security, not about privacy as an essential principle in information systems. This paper discusses the importance of defining a consistent framework for teaching privacy in IA curriculum. Authors propose key learning outcomes and content modules, as well as two options to implement the framework. The framework can be used as a guide to design privacy courses and learning modules.

Online learning is expanding rapidly both for traditional student populations and for industrial and nontraditional student groups. This paper describes an experiment of migrating a computer security lecture course into a blended format, utilizing a combination of online and in-class delivery. The experiment was largely successful, but illuminated a number of factors to be considered in moving to an online format.

Our current computer and electrical engineering practices are insufficient to assure transactions through cyberspace. The critical flaw in these practices is mistaking reliability for security at the system design level. In this paper, we explicitly differentiate between reliability and security. We identify three pillars needed for an emerging cadre of cyber engineers, which include open-ended problem solving, cyber leadership and technical communication.

Constructivism is a learning theory that emphasizes learner-centered knowledge acquisition and assimilation. In this paper, I report my experience of implementing a constructivist learning environment in a Master’s course in information security. Following constructivist tenets, the implementation was composed of (a) a personal knowledge construction component culminating in a security presentation and (b) a social construction component in which students constructed knowledge with their peers. In addition to narratives of these components, potential drawbacks are discussed.

Recognized current industry demand for qualified software security professionals has fostered educators to develop innovative courseware that increases the ability of students to apply theory into practice and reflects what they have learnt in a real world context. This paper describes a reflective practice assessment task newly introduced in the Software Security Lifecycle course within the Master of Science (Cyber Security and Forensic Computing) program at the University of South Australia. The paper describes our experience in constructing this courseware task to balance the content of lectures and content of hands-on practicals delivered in our security laboratory during the specially allocated timeframe - an intensive week study workshop. It also provides preliminary students’ responses to the relevance of reflective practice in their assessment; and the overall impact of this courseware task on students.

Mission assurance is the assurance of the correctness,integrity, security, and availability of critical capabilities necessary to complete a mission successfully. National security depends on the integrity of command and control for military systems, the power grid, and financial systems. Thus, the alarming lack of personnel capable of doing mathematically rigorous specification, design, verification, testing, and procurement of trustworthy systems is a national weakness with profound implications for national security. This paper reports the results of a pilot program at the undergraduate level whose objectives include equipping undergraduate computer engineers and computer scientists with the theory, methods, and tools necessary for formal specification and verification of mission-essential functions in cyberspace.