2011 Information Security and Computer Applications Conference

February 25, 2011

The first of this annual conference provides a forum for discourses in cybersecurity Trends and Education. This conference will facilitate vigorous discussions on pedagogical techniques and materials on matters of information security, assurance, and privacy. The main goal of this gathering is to build and nurture a consortium of institutions whose mutual interest is to train and educate future cybersecurity professionals.

Session Abstracts

Adding Practical Security to Your Computer Course

Mark Ciampa, Assistant Professor, Western Kentucky University

It is no surprise that our students do not know how to make their computers secure from attackers. A growing number of voices in business, education and government are now calling for schools to provide practical security instruction to all of their students (and not just teach network security only to IT majors). Many schools are now adding instruction about practical computer security to their Introduction to Computers course in order to reach all students early in their college life. It does not take an advanced knowledge of computer security in order to teach it; instead, teaching the basics of practical security can be done by virtually any instructor. In this presentation we will look at how to teach practical desktop, Internet, and personal security in your Introduction to Computers course.

Advanced Persistent Threat (APT) Against U.S. Business, Education, and Government IT Installations

Tom Madden, Chief Information Security Officer (CISO), Centers for Disease Control and Prevention

This unclassified discussion will cover in general terms the workings of the APT. It will include an overview of the vectors and exploits currently being used to take financial information and information of value about products, organizations and people. In addition, some successful social engineering methods will be discussed.

Supply Chain Security and IT Governance

Nainika Patnayakuni, Assistant Professor, University of Alabama at Huntsville

Security of global supply chains has been of significant concern to organizations since the September 2001 terrorist attacks. Major earthquakes, tsunamis and other natural and manmade disasters such as power failures routinely disturb the flow of raw materials and products through the supply chain. Supply chain security has been defined as the application of policies, procedures, and technology to protect supply chain assets from the impact of natural and manmade disasters While significant resources have been invested by organizations towards security and disaster recovery efforts, limited guidelines are available to organizations who want to successfully navigate such low probability and high risk supply chain disasters. Since Information Technology (IT) forms the blueprint of supply chain integration and connectivity efforts, it is essential that we seek to understand the linkages between supply chain security and an organizations' IT management and business strategy. IT approaches to implementing supply chain security have focused on the use of technologies such as RFID (Lee 2004), and on encryption and information sharing (Autry and Bobbit 2008). IT governance looks at who makes IT related decision in organizations and how these decisions are made and establishes an accountability framework for these decisions. There is a need for an integrative framework that looks at the relationship between an organizations' IT governance and the implications for supply chain security.

A Novel Application-Oriented Approach to Teaching Computer Security Courses

Xiao Qin, Associate Professor, Auburn University

In the past few years, numerous universities have incorporated computer security courses into their undergraduate curricula. Recent studies show that students can effectively gain their knowledge and experience in building secure computer systems by conducting course projects. However, existing computer security laboratory exercises are comprised of small-scale, fragmented, and isolated course projects, making it inadequate to prepare undergraduate students to implement real-world secure computing systems. Conventional wisdom in designing computer security course projects pays little attention to train students to assemble small building blocks into a large-scale secure computing and information system. To overcome students' lack of experience in implementing large-scale secure software, we propose a novel application-oriented approach to teaching computer security courses by constructing course projects for computer security education. In this pilot project we will develop an extensible application framework for computer security course projects. The framework will provide valuable learning materials that can enable undergraduate students to gain unique experience of building large-scale trustworthy computer systems. Course projects are implemented as plugin modules of an application-based framework. After integrating all the security modules together in the framework, undergraduate students can experiment with various ways of implementing sophisticated secure computer and information systems.

Cengage Emerge with Computers Series and Global Tech Watch Software

Stephen Perry and Derek Stignani, Cengage Learning

Emerge with Computers is a new and revolutionary way to teach and learn about digital literacy. Students learn technology by experiencing it. Emerge with Computers leverages the latest technologies to encourage discovery learning. RSS feeds, YouTube videos, and Web links are standard on most Emerge with Computers pages. Students can explore, peruse, skip over, delve, wander, and drill down into interesting information as they see fit.

Security Education Workshop-Center of Academic Excellence for Information Assurance Education and Training Program for 2 Year Institutions (CAE2Y)

Guillermo Francia, III, Professor, Jacksonville State University

The National Information Assurance Education and Training Centers of Excellence program is open to nationally or regionally accredited 2-year Community Colleges, technical schools, state or federally endorsed IA/Cybersecurity training centers or U.S. Government IA/Cybersecurity training centers. This talk covers the six criteria for measurement and reviews the application process for CAE2Y designation.