Archives

This paper discusses promoting the information security program at an academic institution through a student organization dedicated to information security. It first gives an overview of the benefits associated with having such a student organization. It then details the components required for the organization to be successful. Emphasis is placed on describing various types of popular and beneficial activities.

Current Intel-based computer architecture, at least from the iAPX-286 CPU onwards, owes its security structure in large part to the earlier MULTICS program. This developed from the 1960s to late 1970s to create a secure, time-shared computing environment. However, in current commodity operating systems of today the major security principles of that architecture are largely ignored. This paper discusses this failure of systems and supporting software systems to use well established security hardware features in computers as a failure in education related to IT security, and even software engineering, over at least the last twenty year period. At the same time, IT systems managers are being asked to consider enhanced security in relation to National Information Infrastructure Protection (NIIP) as a cooperative effort between Government and the private sector, against growing international standards.

This paper and presentation provides a look at instructional methods for information assurance (IA) using simulation. The simulation methods of 1) Packet Wars, 2) Sniffers + Network Design Tools, 3) Canned Attack/Defend Scenarios, 4) Management Flight Simulators, and 5) Role-playing are presented. These techniques are presented as options for educating a variety of IA constituency including network administrators, functional managers, security managers, and naïve users. Each method is demonstrated and its value supported by providing examples and by drawing upon conclusions from the author’s experiences using them in a classroom environment. The session looks at simulation as a foundation for providing benefits in understanding computer security by providing a long term view of security, demonstrating a balancing act of data, program, and network access versus restriction, presenting a competition for limited defensive resources, involving cooperation from a variety of players, and staging an analysis of risk tradeoffs.