Archives

We present an approach to emphasizing good programming practices and style throughout a curriculum. This approach draws on a clinic model used by English programs to reinforce the practice of clear, effective writing, and law schools to teach students legal writing. We present our model for a good programming practices clinic, and discuss our experiences in using it.

This paper proposes a framework for teaching information security ethics at colleges and universities. The framework requires that students examine information security ethics from four dimensions: the ethical dimension, the security dimension, the solutions dimension and the personal moral development dimension. The intent is to use the framework to develop and/or select pedagogical resource materials for information security ethics education.

The East Stroudsburg University of Pennsylvania course "Risk Analysis / Certification and Accreditation" is offered as a model for implementation of NSTISSI 4015 – the National Training Standard for System Certifiers. The experiences of the instructors in teaching this course are illustrated.

In this paper we examine the Committee on National Security Systems (CNSS) 4011-4016 family of standards for high assurance academic programs. Currently, institutions that apply for the NSA Center of Academic Excellence in Information Assurance Education (CAEIAE) or Information Assurance Courseware Evaluation (IACE) designation must map their curricula to the CNSS standards. We survey academic institutions that have earned either the CNSS CAEIAE or IACE about their experiences in performing the mapping.

Network security plays an increasingly important role in technology. As the world gets more and more interconnected, the need for security increases. While there are several tools that offer a fair amount of security, it is still crucial that students are educated well on the design and operation of malware, and learn to develop countermeasures that prevent malicious activity. To assist in this, we developed a software package that studies the actions of known or suspected malware in a controlled environment, and provides information on the effects of malware on the system without actually compromising a system. By means of a virtual environment, this program collects data before and after the malware has infected the virtual machine.

Systems software and application software make it possible for our systems and networks to function effectively and efficiently, enabling creation, processing, storage and communication of the information assets that drive our economy and our way of life. Our dependency on the information infrastructure makes software assurance an essential element of national security and homeland defense. The interdependence of our critical infrastructures with the information infrastructure, the size and complexity of software systems, our increasing reliance on outsourcing for software development and maintenance, and the growing sophistication of malicious threats argue for increased rigor and use of software assurance methodology in developing or acquiring software.

College curricula for computer programming has been developed from a bottom up, primitive to system-level approach. Although efficient from a task centric viewpoint, this methodology leaves crucial learning tasks until after behavioral habits are reinforced through several courses of instruction. These habits are inadequate to meet the needs of current programming standards. The current learning process deemphasizes important issues such as security and testability, sacrificing them in the name of time. This paper outlines a new approach to provide a more comprehensive, systems engineering based education approach in an attempt to correct these deficiencies in the current instructional methodology.

The sixth annual US Service Academies Cyber Defense Exercise proved to be an opportunity to meet pre-planned learning objectives. Rather than focusing on the competition, the planning team designed the exercise to meet objectives which balanced: creativity versus realism, security versus network operations and timely incident reporting. Additional benefits included teaming and leadership opportunities as well as providing an outstanding recruiting tool for Computer Science and Information Technology majors.

We describe the development of an information security program which contains three security courses and a laboratory for the undergraduate students at New York City College of Technology, CUNY, one of the minority serving institution. We also explore collaboration with other minority serving institutions on information security education.

System security personnel fight a seemingly unending battle to secure their digital assets against an ever-increasing onslaught of attacks. Honeypots provide a valuable tool to collect information about the behaviors of attackers in order to design and implement better defenses, but most current configurations are static setups consisting of either low interaction or high-interaction environments. Although static honeypots help address this issue, the ability to construct dynamic honeypots easily would enable security personnel to identify potential security vulnerabilities in the attempt to build better defenses. This research effort describes a method to automatically and dynamically configure honeypots based on the results of network scans.