Archives

These times of declining academic budgets coupled with increased demand for information assurance professionals presents unique challenges for academic departments wishing to build capacity in information assurance. This paper discusses the evolution of the Advanced System Security Education, Research, and Training (ASSERT) Lab at the University of Alaska Fairbanks. The effort began with the low cost construction of a proof-of-concept dedicated information assurance lab that was then used to leverage additional funding to build a high capacity research and educational environment to meet the needs of the students, faculty, and researchers who now utilize this vital facility.

The IT2005 model curriculum describes Information Assurance and Security as a pervasive theme that must be integrated throughout the IT curriculum. The associated knowledge area provides a minimum set of outcomes for every IT student associated with this important subject. Implementing a knowledge area that is required across the entire curriculum is a significant challenge, since security has historically been given weak coverage in computing courses. In this paper we introduce the approaches used in two IT programs for implementing the IT2005 requirement for IAS as a “pervasive theme”.

This paper responds to the need to understand the nature of forensic computing and the roles that are involved in the discipline. It defines the nature of the field and the roles and qualifications of the forensic computing practitioners who serve in the filed. It emphasizes the role of the specialist and the need for the development a tertiary curriculum which produces graduates who are able to take up entry-level graduate positions in Law Enforcement and government.

Security protocols are an important concept in teaching information security. Students need to understand both the sequence of passed information and computations, as well as the various attacks on them via eavesdroppers, forged messages, communication blocks, and message replays. A traditional approach to teaching protocols is to use a static diagram showing the transfer of messages between participants over time. This paper describes an interactive visualization tool that allows arbitrary protocols to be demonstrated visually in a user-controlled step-wise manner.

Traditional face-to-face courses have been used as the predominant delivery mode for degree programs in the area of information security. This mode of delivery is a barrier to information security education for the population of adult learners who are working information technology and law enforcement professionals. Participation in full distance learning programs has been minimal among the CAEIAE (Center of Excellence in Information Assurance Education) schools. An increase in online degree programs can increase the number of degree-qualified professionals in information security.

The long awaited final portion of the Department of Defense instruction on tracking and certifying Information Assurance education and training was released in December 2005. This paper delineates how one military contractor proposes to ensure that not only do they meet the requirements of this mandate, but also to offer a solution to support the government as well. This proposal could benefit a number of the CISSE institutions as they are listed as organizations that can provide the required training and education that the IA Workforce will need to comply with this requirement.

This paper discusses how the author integrated issues in Information Assurance into parts of the undergraduate curriculum at his university. The emphasis is on his course on computer ethics and the social implications of computing.

In order to effectively perform in today’s fast paced environment, the Information Systems Security Officer (ISSO) must be well prepared to deal with technical, regulatory and legal issues as well as policy oriented concerns. A multidisciplinary curriculum is therefore required to properly prepare the Information Assurance (IA) degree seeking student for the many challenges the future ISSO will face. To address this issue, Fountainhead College of Technology has implemented a bachelor degree program that attempts to simulate the “real-world” corporate or government agency environment. This paper provides an overview of the program methodology, coursework and labs required for the Bachelor of Applied Science in Network Security & Forensics (BASNSF) program.

The recent implementation of security and privacy regulations have increased the operational overhead of organizations. The authors attempt to identify challenges valuing information security investments by examining three primary approaches to measuring information value: Normative, Perceived and Real. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing value measurements for secure information systems. A framework is presented to suggest at what level in an organization and in what situations these information value approaches are most suitable.

In addition to enable students to understand the theories and various analysis and design techniques, an effective way of improving students’ capabilities of developing secure software is to develop their capabilities of using these theories, techniques and effective tools in the security software development process. In this paper, the development and delivery of a graduate-level course on secure software engineering with the above objective at Arizona State University are presented. The developing process, stimulating techniques and tools used in this course, as well as lessons learned from this effort, are discussed.