Archives

This paper describes a practical case study used in a unit of study relating to security of computer facilities. The case study has been designed to draw together the theory presented in a number of security units previously completed by the students. The paper discusses the importance of experience in learning and describes the case study content and action requirements. This case study is currently being used within the School of Computer & Information Science within Edith Cowan University for security degrees.

In May 1998, the INFOSEC community became aware of the White Paper titled "The Clinton Administration’s Policy on Critical Infrastructure Protection: Presidential Decision Directive 63 (PDD-63). Shortly after this date, the National Security Agency (NSA) using its technology transfer charter, took a proactive stance to the PDD-63 by offering an INFOSEC Assessment Methodology (IAM) course to government and private sector security professionals. The intent of the course is to make available a qualitative (not quantitative) approach for carrying out a high-level policy/documentation review that is non-intrusive, uses non-attribution (the process is not an inspection or an audit), yet produces an analysis of an organization’s overall security posture.

Because all vulnerabilities of a network cannot be realized and penetration of the system cannot always be prevented, Intrusion Detection Systems (IDS s) have become necessary to ensure the security of a network. A great deal of research has been conducted on intrusion detection in a wired environment; however, new issues arise when trying to implement an IDS in a mobile, ad hoc environment. This paper discusses considerations when designing an IDS for a mobile, ad hoc network and describes an architectural model for IDS s that takes into account these and other pre-existing considerations.

Networks have become indispensable for conducting business in government, commercial, and academic organizations. Networked systems allow you to access needed information rapidly, improve communications while reducing their cost, collaborate with partners, provide better customer services, and conduct electronic commerce. While computer networks revolutionize the way you do business, the risks they introduce can be fatal to a business. Attacks on networks can lead to lost money, time, products, reputation, sensitive information, and even lives.

This paper extends the current concepts of integrating information security topics within existing academic programs to actually establishing a new academic discipline for Information Assurance (IA). It explores the business drivers for such a program and the core body of knowledge required to establish a viable program of academic study in IA. Students of tomorrow should have the opportunity to pursue an IA degree at both undergraduate and graduate levels.

This paper looks at the concept of cyberwarfare and discusses its application in both defense and business environments. An approach to teaching offensive and defensive skills in this area is presented. The warfare tactics of the ancient Mongols are described and used as a trigger for formulating tactics for more modern warfare in cyberspace. Action learning is an important facet of such a learning environment as students need to experience application of the theory in order to produce proficiency in using the required tools.

There is a worldwide shortage of information security specialists. Increased professional training through academic institutions is needed to help fill this demand. In this paper we describe our extensive experience in information security/assurance education over the past twelve years highlighting some of the lessons that we have learned. We describe our current flexible information security education program and discuss future developments in this program.

The author has reviewed the MBA online course descriptions for core and elective MIS courses at institutions with Centers of Academic Excellence in Information Assurance Education. The review shows that core MIS course descriptions have no reference to Information Assurance or information security. Few elective MIS courses mention such education. The paper makes recommendations for improving this situation.

Information Security college-level education efforts received a financial shot in the arm late last year with the announcement of a federal funding program to train an information security workforce. In this paper, we address issues surrounding development of a viable Computer Science, Information Security curriculum that meets the varying needs of the federal government, industry, and academia. The foundation of our program is research and education on information security and the underlying enabling technologies such as cryptography.

The Georgia Institute of Technology has recognized the importance of information security education and research by creating an interdisciplinary center called the Georgia Tech Informa- tion Security Center (GTISC). The educational goals of GTISC include the development of an information security curriculum that would serve students from a broad range of backgrounds. It takes an integrated approach to information security education that covers both technological and policy issues. A group of eight faculty from Georgia Tech has worked to create an innovative and broad curriculum that could be used to train future information security professional.