Stimulating Software Security Education at Community Colleges Through Training Workshops

Size: px
Start display at page:

Download "Stimulating Software Security Education at Community Colleges Through Training Workshops"

Transcription

1 Stimulating Software Security Education at Community Colleges Through Training Workshops Akbar Siami Namin Computer Science Department Texas Tech University Lubbock, TX, USA Fethi A. Inan College of Education Texas Tech University Lubbock, TX, USA Rattikorn Hewett Computer Science Department Texas Tech University Lubbock, TX, USA Abstract We report our experience with training instructors and faculty scholars from two and four-year colleges in the software and information security related areas. The purpose of offering the workshop was to provide training for faculty and instructors who had less opportunity to learn about the state-ofthe-art in software and information security research and education. The one-week long training in software security exposed the faculty and instructors to various aspects of cyber security research and practices. The workshop organizers have collected a rich set of data such as training sessions logs, questionnaires, interviews, and knowledge acquired for the purpose of conducting quantitative and qualitative analyses. We report the structure and theme of the training sessions on software and information security, delivery methodology, and feedbacks received from the faculty and instructors, who participated in the training sessions. Keywords Cybersecurity; faculty development, training workshop I. INTRODUCTION It is reported that the United States needs to produce far more IT graduates and in particular students with Information Assurance (IA) capabilities [1]. Hoffman et al. [2] note that maintaining and protecting software systems and sensitive data require a proper and systematic education in information warfare. Not only educational institutions but also corporations must adopt the best practices and integrate cybersecurity practices and exercises into their curriculum, organizations and workflows. A survey published by the Information Security Magazine reports that U.S. colleges and Universities are ranked among the poorest protected against cyber-attacks. Information assurance related areas such as operating system, information and data, network and Internet security are amongst the most important topics in security education [3]. In addition to these areas, we need also to include application and software security as an integral part of these predominant and important concepts. The needs for cyber security professionals in all aspects of education and business as well as homeland security and warfare demonstrate a clear demand for effective development of education and training programs with its grand intention to produce high quality and well-prepared workforce capable of protecting critical infrastructure. Raising the awareness against cyber crimes and educating prevention techniques against potential cyber-attacks are important to the national defense and homeland security. The U.S. economic infrastructure, such as power and water plants, heavily depend on computing systems such as SCADA (Supervisor Control And Data Acquisition). The SCADA-based smart grids are vulnerable to many threats and are the potential targets for attackers. The importance of securing computer networks motivates this project with its target in preparing the future workforce needed for protecting the U.S. critical infrastructure against malicious eavesdroppers. For instance, network intrusion attempts occur approximately 250,000 per hour, i.e. 6 million times per day, according to the U.S. Government and Department of Defense [4]. In particular, financial transactions and payment card data are highly vulnerable to cyber-attacks [5]. According to CWE/SANS and OWASP (Open Web Application Security Project), SQL (i.e., top 10 web application vulnerability) and OS code injections, i.e. insertion of a SQL query or OS command via the input data from the client to the application, are among the top 25 most dangerous software errors that can lead to serious vulnerabilities in software. The objectives of training the software related workforce is to build more secure software systems and thus prevent adversaries from obtaining or tampering critical data. The preparation of future cyber security professionals and workforce primarily depends on the availability of cybersecurity instructional courses as well as certifications and degree programs offered by higher education institutions. However, insufficient professional development specifically designed for faculty and instructors, who can create, develop, and integrate recent advancements of cybersecurity curriculum with hands-on experience, have been an escalating concern. Along with technological advances, cybersecurity is experiencing an explosion in growth with new and more complex threats, techniques, and applications. In order to achieve effective cybersecurity programs, instructors should be exposed to the recent advancement and the latest technology, skills, and confidence to effectively design and implement cybersecurity instructional lessons and course modules. Instructors, who are well prepared to cybersecurity education, are more likely to engage in security related teaching practices as compared to those who are less exposed to these kinds of activities. We report our experience with designing, recruiting, and implementing training workshops on software and information security for the faculty scholars and instructors, who teach at two and four-year colleges across the southwest region of the United States. More specifically, we report our observations regarding the satisfaction level that the workshop participants reported. The paper provides an extensive investigation and

2 assessment of the overall effectiveness of software security training program on participating faculty s learning, knowledge, satisfaction, and confidence. Throughout this paper, we refer to the faculty scholars and instructors who participated in our workshop as participants. In addition to stimulating and promoting cyber security research and education through training workshops, we are also interested in learning about the impact, effectiveness, and the knowledge the participants gained through traditional training workshops. In other words, we are interested in understanding about the learning outcomes and impact of the workshop and whether the traditional training through workshops can address the nationwide needs in security experts. There were several questions that motivated us to pursue the idea of offering training workshops: What were the learning outcomes for participating faculty after attending the training workshop on software and information security? Did participants gain more knowledge as the result of the training? Were the participants satisfied with the delivery methods and contents presented? Did the participants feel that they were competent enough to design and offer similar courses in software and information security in their home departments and institutions? The paper is structured as followings: The importance of teaching security related concepts is emphasized in Section II. The experience with curriculum design is discussed in Section III. Section IV reviews the experiences and education challenges with two and four-year colleges. We sketch the goals of the training workshop in Section V. The methodology employed for implementing the training workshop is presented in Section VI. Section VII reports the evaluation of the project. The valuable lessons learned through offering the training workshop is listed in Section VIII. Section IX concludes this paper. II. SOFTWARE SECURITY EDUCATION Educational institutes have critical and key roles in supplying the needed workforce for the nation s needs. The digital world, where we all live in, needs reliable technologies to facilitate daily businesses. It is important that the educational institutes take into account the paradigmatic shift that adjusts the existing stress from students as customers to the society as customers and thus feel more responsible for addressing the needs for highly prepared security experts. Taylor et al. [6] argue that computer security and its education is often overlooked in undergraduate degree programs. The educators are in common agreement and believe that undergraduate students must be engaged in security related areas earlier in their programs and courses such as CS0 and CS1 courses. Frazier et al. [7] propose designing and integrating security modules in both undergraduate and graduate levels and integrating software safety systems into the Computer Science program. More specifically, Frazier et al. suggest encompassing operating system security, software security testing, code review, risk and threat analysis, and database security into the CS programs, where the course module includes lecture materials, in class demonstrations as well as hands-on assignments. Taylor et al. [8] aim to review the previous recommendations regarding the security concepts covered in Computer Science education, and highlight the significance and key role of proper and realistic tests and hands-on experiences when teaching secure coding and programming. They [8] address the four myths as widely discussed and argued when teaching secure programming and coding practices: There are no rooms in the curriculum for a course in secure programming. The students taking more advanced classes often focus on class materials and not on the programming styles. There is a gap between theory and what has being taught in classrooms and practices. If students learn how to write secure programs, the state of software and system security will dramatically improve. Academic institutions are hierarchical educationally. The teaching strategies and ideas are being developed through different ways. However, it is important to remember there may exist no best way. We know what to do and how to do it. However, often instructors do not know how to teach secure programming. The Summit on Education in Secure Software, jointly sponsored by the National Science Foundation and Education and Human Resources (EHR), aims at developing a comprehensive agenda focusing on the formidable challenges of secure software education [9]. To meet the goals, the summit has three major objectives: to take into account the ideas and opinions of all cyber security stakeholders from academia, government, industry, certification and training institutions on teaching secure programming; to implement the ideas and opinions discussed by the cybersecurity stakeholders to create or improve existing teaching methods; to outline and observe the quality of education and to enable it to reach a broader audience, and shape inclusive agenda for secure software education that have objectives for dissimilar viewers, teaching methods, resources needed, and problems that are predicted to rise. Despite its importance roles, security concepts are less discussed in most Computer Science and Software Engineering textbooks often written briefly and primarily for the undergraduate level. It is crucial to include fundamental security concepts and techniques early in the undergraduate program and more specifically into software engineering courses [10]. III. DEVELOPING AND INTEGRATING CYBERSECURITY CURRICULUM Curriculum and course development is a practice to understand and address the student needs through designing course modules and assessing the learning outcomes. According to Conklin [11], a typical set of information security courses includes security principles, cryptography, digital forensics,

3 (a) Gender distribution. (b) Career status. Fig. 1. Gender distribution and career status of the participants attending the training workshop. network security, application security, e-commerce security, policy and law, authentication and biometrics, and intrusion detection. Consistent with Conklin, Davis and Dark describe the common body of knowledge for computer security curricula in which four focus areas are identified as cryptography, secure computing systems, network security, and management [12]. Research on cybersecurity education shows that the current practice of cybersecurity education is unsatisfactory and needs substantial improvement to meet the required standards [13], [14], [15], [16], [17], [18], [19]. As a step forwards improving security education, Taylor and Azadegan propose using security checklists and scorecards in teaching students to develop secure code [20]. Furthermore, Taylor and Azadegan [21] present a platform for a security across the curriculum effort and integrating security curriculum into the core courses. IV. EXPERIENCES WITH TWO- AND FOUR-YEAR INSTITUTIONS Perez et al. [22] investigated two- and four-year institutions and observed that the challenges known to the research intensive educational institutions in teaching security related courses were common with these teaching institutes. Associate degree programs in information assurance, usually offered by community and technical colleges, play a key role in educating IA technicians, practitioners, and professionals in the United States. Perez et al. further claim that the large variation in the type of degree programs at community and colleges is primarily due to two factors: a) the absence of a set of curricular guidelines around which institutions can build their programs, and b) the lack of a clear understanding of the needs of the employers of the graduates of these programs. Perez et al. further suggest that developing closer and more functional relationships is needed to make progress on the articulation challenges. As a project supported by National Science Foundation, the ACM committee for Computing Educational Community Colleges (www.acmccecc.org) has conducted the strategic summit on the Computing Education Challenges at Community Colleges and observed that active collaborations were often missing, which are required among the various sectors of education including two- and four-year colleges and universities. Moreover, the unique characteristics of computing education in community colleges required approaches and solutions specifically tailored to address their needs [23]. V. GOALS OF THE CYBER SECURITY TRAINING WORKSHOP The training workshops aim at building a capacity for cyber security and thus introducing an educational model to be adopted by other geographical regions and academic institutions. The grant goals of this workshop are three-fold: 1) Offer summer professional development workshop on security related areas with its focus on software and information security for community college instructors and further assist them in developing and enhancing their own security-related course modules and curricula; 2) Design a series of follow-up activities for the participating community college instructors and mentor them for the objective of transferring the knowledge they have acquired through the training sessions to their home departments; 3) Evaluate the proposed project towards assessing its impact on capacity building of cybersecurity professionals across the southwest region and assess its applicability to similar faculty development program with the intention of introducing it as an education model to build a capacity of software and information security scholars; This two-year faculty development project aims to increase the number of higher education instructors who can design, develop, and teach courses pertinent to software and information security related areas. The workshop also provides opportunities for faculty to update and learn various themes of cybersecurity issues related. VI. SOFTWARE SECURITY TRAINING WORKSHOP We report the workshop and sessions structure, recruitment procedure, delivery methods, and data collection methodology. A. Recruitment and Participants The workshop organizers identified over 50 community colleges along with the two and four-year Universities located across the southwest region of the United States. The faculty members and instructors from these institutions were directly contacted and invited to apply for attending the training workshop. In the end, 27 faculty and instructors filled out the online application form and applied for the training workshop.

4 The applicants had a very diverse background. Figure 1(a) demonstrates the gender distribution of the applicants. Figure 1(b) demonstrates the applicants appointments and career status at their home institutes. The applicants were part/full-time instructors with majority holding professorship positions at their home institutes. The bar-chart given in Figure 2(a) demonstrates the ethnical background of the applicants with majority being white. Furthermore, the bar-chart given in Figure 2(b) illustrates the highest degrees the applicants institutions offer. The workshop organizers selected 16 applicants for the final program. The selection criteria were developed and designed in accordance with the primary goal of the workshop in promoting software and information security education across the southwest region. B. Training Sessions and Delivery Format The one-week long workshop was organized into themes and sessions related to software and information security. Each topic was organized into four sessions. The topics and sessions were delivered by faculty with expertise in Computer Science and Electrical Engineering. Each theme concluded with a class activity where the participants developed a course syllabus and an application plan with the intention of integrating the topics and course modules presented in each theme into their own curriculum at their home institute. Tables I and II list the topics that were presented in software security and information security training themes. C. Data Collection In the beginning of the workshop, an information session was delivered. The participants, who were willing to participate in the questionnaires, were asked to enter a pseudonym when completing surveys and forms for pre/post evaluation instruments. To gather participants knowledge and skill level of curriculum development related to software security courses, a pre-test survey was administrated in the beginning of each theme. In the survey, participants were requested to provide a self-report indicating their prior knowledge in software and information security using a 5-point scale for various course modules. Similarly, the project investigators and trainers collected participants knowledge and skill level of curriculum development related to software security courses and topics in the end of the theme and assessed the overall satisfaction/evaluation of the whole theme. An application plan was also distributed among the participants to indicate whether they had any intention or plan to transfer the knowledge gained through the workshop to their home institutions. TABLE I. Session One Basic Concepts Session Two Advanced Topics Session Three Research Trends TABLE II. Session One Basic Concepts Session Two Advanced Topic I Session Three Advanced Topics II TRAINING SESSIONS FOR SOFTWARE SECURITY THEME. 1. The Root and Cost of Software Failure 2. Characteristics of Good Requirements (e.g. Security Requirements) 3. Characteristics of Secure Software 4. Secure Software Development Life Cycle Phase I. Security guidelines, rules, and regulations, Phase II. Security requirements, Phase III. Architectural and design reviews/threats modeling, Phase VI. Secure coding, Phase V. Black/white box testing, Phase IV. Determine exploitability 5. Hands-on Experience and Case Studies on Vulnerabilities (e.g. Buffer Overflow Attacks, SQL Injection Attacks, Cross- Site Scripting, Cookie Tampering, etc.) 1. Secure and Resilient Software Development (Attack pattern and Surface, Software security practice, System Design and Threats Categorizations and Ranking) 2. Security Testing basic processes and steps 3. Security testing vs. traditional software testing 4. Static Analysis (Bug findings, Style Checking, Type Checking, Security Vulnerability) 5. Application Security Principles and Practices (use positive security models, fail security, run with least privilege, keep security simple, detect intrusions, security test infrastructure, security test services, establish secure default) 6. Misuse and attack use case modeling 7. Threats and Risk modeling 8. Security design patterns 1. Risk-based Software Security 2. Metrics and Models for Security Maturity 3. Vulnerability management 4. Environment hardening 5. SAMM: Software Assurance Maturity Model 6. Building Security in Maturity Model (BSIMM) 7. BSI Software Security Framework 8. Penetration Testing 9. Web Applications and Session Attacks 10. Security engineering 11. Attack Graphs 12. Model-based Risk Quantification (Risk quantification, Estimated Exposure Degrees, Component Dependency Graph, Estimated Component Vulnerability, Likelihood Estimate, Severity Analysis). TRAINING SESSIONS FOR INFORMATION AND DATA SECURITY THEME. 1. Basic Network Security 2. Basic Cryptography 3. Conventional Cryptography 4. Cryptography - Type of Attacks 5. Shift Cipher 6. Substitution Cipher 7. Permutation Cipher 8. Hill Cipher 1. Stream Cipher 2. Autokey Cipher 3. Data Encryption Standard (DES) 4. DES Modes and Triple DES 5. Advanced Encryption Standard (AES) 1. Public Key Infrastructure (PKI) 2. Hash Functions 3. MD5 and SHA Hash Functions 4. Information Authentication - Digital Signature 5. Message Authentication Code 6. Key Distributions and Exchange VII. EVALUATION An education expert, the second author of this paper, designed and conducted the evaluation procedure of the workshop. The chief purpose of the evaluation was to assess whether traditional training workshops were affective in stimulating the participants interest in designing security related courses at their home institutes. A. The Evaluation Purpose and During the training workshop, the participants were requested to complete an anonymous survey and take part in one-to-one interviews with the project evaluator regarding their experience with the program. The major goal of the evaluation was to determine the degree of effectiveness of the traditional training workshop as well as the participants satisfaction. The

5 (a) Ethnics. (b) Highest degree. Fig. 2. The highest degree and ethnical background of the workshop applicants. project s impact on participants learning outcomes was also of salient interest. The workshop evaluation was structured around the following major questions: 1) How the workshop has influenced the participants learning outcomes? 2) Do the participants know more about software and information security as a result of the training workshop? 3) Are the participants more confident in their security knowledge after the workshop? 4) How significant is the impact of the training workshop on the participants interest? B. Pre/Post Sample Tests Tables III and IV list the set of questions that were asked from the participants at the beginning and end of the training sessions. Our data showed that the participants performed 50% better on the post-test questions after attending the training sessions. C. Data Collection Instruments The workshop organizers utilized a variety of data collection instruments and strategies (e.g. session logs, questionnaires, interviews, pre/post tests) in order to collect quantitative and qualitative data. The assessment metrics developed were as followings: Knowledge, a 5-point likert scaling metric to record the participants prior and post knowledge related to the materials presented in each session. Confidence, a 5-point scaling metric to measure the participants confidence for designing, developing, and offering similar software security courses at their home institutes. Workshop Impact, A 3-point scaling metric to assess the participants opinion about the project s impact on their interests, knowledge, and confidence with security related topics. In addition to questionnaires, a series of one-to-one interviews were also conducted to have a better insight of the participants reflections and experiences with the training workshop. TABLE III. Pre-Test Post-Test TABLE IV. Pre-Test Post-Test PRE AND POST TESTS FOR SOFTWARE SECURITY THEME. How does software fail? What is vulnerability? Give a short description of Confidentiality, Integrity, and Availability. Describe functional and non-functional requirements. List five examples of non-functional requirements. What is misuse use case? What is Secure Development Life Cycle (SDLC)? What is a threat model? What is security design review? List five cyber threats. How vulnerabilities get into all software? What are design and implementation vulnerabilities? List three security features that should be implemented when designing a banking system. Give a short description of how threats are ranked. What is attack surface? Give a short description of Physical Security, Network Security, Host Security, and Data Security. What is user positive security model? What is the elevated privilege attack? List five security practices that need to be considered when designing software. List two design phase recommendation for addressing the security of software. What is attack use case? What is penetration testing? How vulnerabilities get into all software? What are design and implementation vulnerabilities? What could affect the size of attack surface? What is risk-based security testing? PRE AND POST TESTS FOR INFORMATION AND DATA SECURITY THEME. What is buffer overrun? What are cookies and what is cookie tampering? What is integer overflow? What is SQL injection attack? What is symmetric key? Describe Caesar cipher. What is block cipher? What is cross-site scripting attack? What is input validation? What is session attack? Give a short description of integrity and availability. What is Public Key Infrastructure (PKI)? What is stream cipher? What is the use of one-way hash functions in cryptography? D. Project Impact on Participant Outcomes We report the project impact based on the assessment metrics we developed.

6 TABLE V. KNOWLEDGE GAINED: PAIRED t-test RESULTS WITH 16 PARTICIPANTS (N=16). Pre-Workshop Post-Workshop t p Effect Theme Mean SD Mean SD Value Value Size Information and Data Security Software Security Average Knowledge Gained. The pre/post-tests scores and the result of the survey were used to assess whether the participants gained any additional knowledge through attending the training sessions. Applying the paired statistical t-tests, we observed that the post security knowledge of the participants was significantly improved after attending workshop. Table V lists the results of the paired t-tests. Furthermore, a follow up examination indicated that participants knowledge gains were significant. Effect sizes were high, i.e. 0.81, showing that the significant differences were meaningful. Confidence Improvement. The significance of confidence improvement was analyzed by comparing the participants pre/post confidence scores. The results of the paired statistical t-tests indicated that participants confidence significantly had an increase after attending the training workshop. Table VI reports the confidence level of the participants before and after attending the training workshop. As Table VI indicates the effect sizes are high ranging from 0.69 to 0.82 indicating that the differences were significant and meaningful. The Project Impact. The overall effectiveness of the training workshop was assessed by the three measurements that asked participants to rate the workshop s impact on their interest. Table VII reports the participants opinion regarding the workshop s impact on their knowledge. The results showed that about two-thirds of the participants strongly agreed the workshop made a significant impact on their knowledge, confidence, and interests. VIII. LESSONS LEARNED The evaluation data indicated that the training workshop stimulated the participants knowledge, confidence, and interest pertinent to software and information security. While conducting surveys and questionnaires we learned that the training workshop could be further improved in order to address its goals better. A. Peer-to-Peer Interaction The participants expressed their satisfaction regarding meeting peers and building a network and community of scholars, who share common interests. Many of the participants have already started contacting their peers for the purpose of collaboration and sharing experiences. The participants showed their interest in learning more about their peers and their experiences in a more formal approach. Designing and implementing relevant activities for formal peer interaction and networking before, during, and after the workshop, where the participants can share their experiences, would promote better networking, collaborations, and participant satisfaction. B. Building A Learning Community While the training workshop offered an opportunity where the participants could interact directly with their peers, the continuous interactions and its sustainability were also a salient factor. Building a learning community where participants could establish connections and/or enhance already existing collaborations is very crucial for successful implementation of the workshop and its goals. A well designed online platform would allow participants to build a community of practitioners and scholars and a place for exchanging ideas, products, course modules, and lesson examples. C. Tailoring Contents to Participants Needs Although the evaluation data demonstrated the participants satisfaction with the course materials presented in each session, the participants showed their interest in some course modules more than some other parts. For instance, the course module on cryptography was very exciting for some participants but not very interesting for some others. Some participants even expressed their concerns and frustration with the difficulty level of the content and materials presented in the training sessions. With respect to the feedback the workshop organizers received, it seems it would be better to conduct a preliminary assessment and gather information about the participants interest in each related topic so that the workshop and its content could be tailored to the participants needs and thus improve the relevance and usefulness of the workshop. IX. CONCLUSION The results suggest that cybersecurity and in particular software security training program promoted participating faculty s knowledge, confidence, and interest in a positive direction. However, several strategies can be integrated in future training offerings to improve participants learning and their future activities to engage in design, development and implementation of software security courses and programs. Nonetheless, the training workshop demonstrated that it is possible to support current software security education programs at the community college level to produce both immediate graduates to fill everincreasing vacancies, and future student cadres for higher education programs that develop administrators and scientists in the field. ACKNOWLEDGMENT This project has been supported by National Science Foundation under grant award DUE-SFS to Texas Tech University. REFERENCES [1] C. Nickell, L. C. Prez, B. Oldfield, J. B. A. Gencer, E. Hawthorne, K. Klee, and A. L. S. Wetzel, Towards information assurance (ia) curricular guidelines, in In Proceedings of the 2010 ITiCSE working group reports, 2010.

7 TABLE VI. CONFIDENCE LEVEL: PAIRED t-test WITH 16 PARTICIPANTS (N=16). Pre-Workshop Post-Workshop t p Effect Description Mean SD Mean SD Value Value Size I feel confident that I can successfully teach a cybersecurity course I feel confident that I can create curriculum materials for a cybersecurity course I feel confident that I can apply the information presented in the workshop to my teaching NA I feel confident that I have the necessary knowledge and skills to design a new cybersecurity course I feel confident that I can help students when they have difficulty with cybersecurity related topics Average TABLE VII. WORKSHOP IMPACT ON PARTICIPANTS INTERESTS, KNOWLEDGE, AND CONFIDENCE. Strongly Disagree Disagree Neutral Agree Strongly Agree I am more interested to teach cybersecurity as a result of the training I am more confident in my cybersecurity knowledge as a result of the training I know more about cybersecurity as a result of the training [2] L. J. Hoffman, T. Rosenberg, R. Dodge, and D. Ragsdale, Exploring a national cybersecurity exercise for universities, IEEE Security and Privacy, vol. 3, no. 5, pp , [3] M. Dark, A profile of information security training needs on university campuses, in In EduCause Mid-Atlantic Regional Conference Proceedings, Baltimore, MD, 2001, pp [4] United state computer emergency readiness team (us-cert), August [5] Global security statistics and trends (trustware), [6] B. Taylor, H. Hochheiser, S. Azadegan, and M. O Leary, Crosssite security integration: Preliminary experiences across curricula and institutions, in Proceedings of the 13th Colloquium for Information Systems Security Education, Seattle, WA, June [7] A. Frazier, X. Yuan, Y. Li, and S. Hudson, Course modules for software security, in Proceedings of the 12th Colloquium for Information Systems Security Education, [8] B. Taylor, M. Bishop, E. Hawthorne, and K. Nance, Teaching secure coding: The myths and the realities, in Proceeding of the 44th ACM Technical Symposium on Computer Science Education, ser. SIGCSE 13. New York, NY, USA: ACM, 2013, pp [9] D. L. Burley and M. Bishop, Summit on education in secure software, The George Washington University and University of California, Davis, Tech. Rep. GW-CSPRI and UCD-CSE , [10] A. Wang, Security testing in software engineering courses, in 34th Annual Frontiers in Education, October [11] W. Conklin, The design of an information security practicum course, in Proceedings of the 2007 International Academy for Information Management - (SIGED pre-icis), Montreal, Canada, December [12] M. Dark and J. Davis, Defining a curriculum framework in information assurance and security, in Proceedings of the 2003 American Society for Engineering Education Annual Conference and Exposition, Nashville, TN, 2003, pp [13] S. Cooper, C. Nickell, L. C. Pérez, B. Oldfield, J. Brynielsson, A. G. Gökce, E. K. Hawthorne, K. J. Klee, A. Lawrence, and S. Wetzel, Towards information assurance (ia) curricular guidelines, in Proceedings of the 2010 ITiCSE working group reports, ser. ITiCSE-WGR 10. New York, NY, USA: ACM, 2010, pp [14] B. Taylor, S. Kaza, S. Azadegan, M. O Leary, and C. Turner, Injecting security in the curriculum experiences in effective dissemination and assessment design, in Proceedings of the 14th Colloquium for Information Systems Security Education, Baltimore, MD, [15] M. Dark and M. Bishop, Evaluating the efficacy of software security curriculum exercises, in Faculty Workshop on Secure Software Development, Orlando, FL, [16] M. Dark and J. Davis, Report on information assurance curriculum development, in Colloquium for Information Systems Security Education Proceedings, Redmond, WA, 2002, pp [17] J. Ekstrom, M. Dark, and B. Lunt, Implementation of information assurance and security in existing it curricula, in Proceedings of the American Society for Engineering Education, Chicago, IL, 2006, pp [18] B. Bogolea and K. Wijekumar, Information security curriculum creation: a case study, in Proceedings of the 1st annual conference on Information security curriculum development, ser. InfoSecCD 04. New York, NY, USA: ACM, 2004, pp [19] M. Dark, J. Ekstrom, and B. Lund, Integration of information assurance and security into the it2005 model curriculum, in Proceedings of the ACM SIGITE 2005 Conference, Newark, NJ, 2005, pp [20] B. Taylor and S. Azadegan, Using security checklists and scorecards in cs curriculum, in Proceedings of the 11th Colloquium for Information Systems Security Education, Boston, Massachusetts, June [21], Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum, in Proceedings of the 3rd annual conference on Information security curriculum development, ser. InfoSecCD 06. New York, NY, USA: ACM, 2006, pp [22] L. C. Pérez, S. Cooper, E. K. Hawthorne, S. Wetzel, J. Brynielsson, A. G. Gökce, J. Impagliazzo, Y. Khmelevsky, K. Klee, M. Leary, A. Philips, N. Pohlmann, B. Taylor, and S. Upadhyaya, Information assurance education in two- and four-year institutions, in Proceedings of the 16th annual conference reports on Innovation and technology in computer science education - working group reports, ser. ITiCSE-WGR 11. New York, NY, USA: ACM, 2011, pp [23] E. K. Hawthorne, K. J. Klee, and R. D. Campbell, Findings from an acm strategic summit on computing education in community colleges, in ITiCSE, 2011, p. 373.

Welcome to the Summer Workshop on Cybersecurity for Faculty of Community Colleges in Texas The Program

Welcome to the Summer Workshop on Cybersecurity for Faculty of Community Colleges in Texas The Program Welcome to the Summer Workshop on Cybersecurity for Faculty of Community Colleges in Texas The Program July 14-18, 2014 Computer Science Department Texas Tech University Welcome To Texas Tech University

More information

DESIGNING WEB LABS FOR TEACHING SECURITY CONCEPTS ABSTRACT

DESIGNING WEB LABS FOR TEACHING SECURITY CONCEPTS ABSTRACT DESIGNING WEB LABS FOR TEACHING SECURITY CONCEPTS ABSTRACT Security education is critical in today s cyber threat environment. Many schools have investigated different approaches to teaching fundamental

More information

Developing an Undergraduate Information Systems Security Track

Developing an Undergraduate Information Systems Security Track Developing an Undergraduate Information Systems Security Track Aditya Sharma asharma@nccu.edu Marianne C. Murphy mmurphy@nccu.edu Mark A. Rosso mrosso@nccu.edu Donna Grant grantd@nccu.edu Computer Information

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Cybersecurity Educational Standards

Cybersecurity Educational Standards Cybersecurity Educational Standards Stephen Cooper, Stanford University Elizabeth Hawthorne, Union County College Lance C. Pérez, University of Nebraska - Lincoln Susanne Wetzel, Stevens Institute of Technology

More information

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Sponsored by the U.S. Department of Homeland Security (DHS), the Software Engineering Institute

More information

An Information Assurance and Security Curriculum Implementation

An Information Assurance and Security Curriculum Implementation Issues in Informing Science and Information Technology Volume 3, 2006 An Information Assurance and Security Curriculum Implementation Samuel P. Liles and Reza Kamali Purdue University Calumet, Hammond,

More information

Development of an Interdisciplinary Information Technology Auditing Program

Development of an Interdisciplinary Information Technology Auditing Program Development of an Interdisciplinary Information Technology Auditing Program Chienting Lin, Li-Chiou Chen, Pace University Abstract This paper provided an example for the development of an interdisciplinary

More information

Sponsored by National Science Foundation

Sponsored by National Science Foundation P a g e 1 The 1 st Cyber Security Workshop for Community College Faculty in West Texas Sponsored by National Science Foundation Organizers: Texas Tech University, Angelo State University, University of

More information

Developing an Open Educational Resource for Secure Software Development

Developing an Open Educational Resource for Secure Software Development Developing an Open Educational Resource for Secure Software Development Dr. Heather Richter Lipford Assistant Professor, Department of Software and Information Systems Dr. Bill Chu Chair, Department of

More information

Secure Code Development

Secure Code Development ISACA South Florida 7th Annual WOW! Event Copyright Elevate Consult LLC. All Rights Reserved 1 Agenda i. Background ii. iii. iv. Building a Business Case for Secure Coding Top-Down Approach to Develop

More information

Security in Computer Literacy- A Model for Design, Dissemination, and Assessment

Security in Computer Literacy- A Model for Design, Dissemination, and Assessment Security in Computer Literacy- A Model for Design, Dissemination, and Assessment Claude F. Turner Department of Computer Science Bowie State University (301) 860-3965 cturner@bowiestate.edu Blair Taylor

More information

Educational Requirement Analysis for Information Security Professionals in Korea

Educational Requirement Analysis for Information Security Professionals in Korea Educational Requirement Analysis for Information Security Professionals in Korea Sehun Kim Dept. of Industrial Engineering, KAIST, 373-1, Kusong-dong, Yusong-gu, Taejon, 305-701, Korea shkim@kaist.ac.kr

More information

MS Information Security (MSIS)

MS Information Security (MSIS) MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in

More information

Information Assurance Curricula and Certifications

Information Assurance Curricula and Certifications Information Assurance Curricula and Certifications Abstract Victor Piotrowski Department of Mathematics and Computer Science University of Wisconsin-Superior vpiotrow@uwsuper.edu Although there have been

More information

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group, Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs

More information

Master of Science in Early Childhood Education Singapore, 2004 2005

Master of Science in Early Childhood Education Singapore, 2004 2005 Master of Science in Early Childhood Education Singapore, 2004 2005 Sponsored by Wheelock College s Center for International Education, Leadership, and Innovation and RTRC Asia in Singapore Background

More information

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the

More information

Security Education for the new Generation

Security Education for the new Generation Security Education for the new Generation SESSION SESSION ID: ID: MASH-W02 Wednesday, Feb 26, 9:20 AM @ WEST 3018 Jacob West Chief Technology Officer HP Enterprise Security Products Matt Bishop Professor

More information

The Ideal Future for Intelligence Education: Rebuilding and Balancing Practice and Theory

The Ideal Future for Intelligence Education: Rebuilding and Balancing Practice and Theory The Ideal Future for Intelligence Education: Rebuilding and Balancing Practice and Theory Runner-up, 2012 IAFIE Essay Contest, Graduate Student Category Alexander Homan Neill Graduate Student - University

More information

(Instructor-led; 3 Days)

(Instructor-led; 3 Days) Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of

More information

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification 1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer

More information

Computer Security Curriculum at the Univ. of Wisconsin Eau Claire. Paul J. Wagner wagnerpj@uwec.edu

Computer Security Curriculum at the Univ. of Wisconsin Eau Claire. Paul J. Wagner wagnerpj@uwec.edu Computer Security Curriculum at the Univ. of Wisconsin Eau Claire Paul J. Wagner wagnerpj@uwec.edu Background! Attended week-long workshop at Indiana University of Pennsylvania in 2002 with colleague Andy

More information

Running Head: LEADERSHIP ACADEMY ASSESSMENT 1. Name of Person(s) completing report or contributing to the project: Reina M.

Running Head: LEADERSHIP ACADEMY ASSESSMENT 1. Name of Person(s) completing report or contributing to the project: Reina M. Running Head: LEADERSHIP ACADEMY ASSESSMENT Name of Department: Office of Multicultural Student Success (OMSS) Name of Contact Person: Jeff Brown Name of Person(s) completing report or contributing to

More information

Postprint. http://www.diva-portal.org

Postprint. http://www.diva-portal.org http://www.diva-portal.org Postprint This is the accepted version of a paper presented at International Conference on Learning and Teaching in Computing and Engineering (LaTiCE) 2014, 11-13 April 2014,

More information

Comparison of Secure Development Frameworks for Korean e- Government Systems

Comparison of Secure Development Frameworks for Korean e- Government Systems , pp.355-362 http://dx.doi.org/10.14257/ijsia.2014.8.1.33 Comparison of Secure Development Frameworks for Korean e- Government Systems Dongsu Seo School of Information Technology Sungshin University dseo@sungshin.ac.kr

More information

EECS 588: Computer and Network Security. Introduction January 14, 2014

EECS 588: Computer and Network Security. Introduction January 14, 2014 EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

Math Science Partnership (MSP) Program: Title II, Part B

Math Science Partnership (MSP) Program: Title II, Part B Math Science Partnership (MSP) Program: Title II, Part B FLOYD COUNTY: COLLABORATIVE SYMPOSIUM FOR MATH IMPROVEMENT IN FLOYD COUNTY SCHOOLS ANNUAL EVALUATION REPORT: YEAR TWO Report Prepared by: Tiffany

More information

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Certifications and Standards in Academia Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Accreditation What is it? Why is it important? How is it attained? The National Centers

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

Session T1H Introducing Security in a Chemical Engineering Design Course Using Adaptive Online Learning

Session T1H Introducing Security in a Chemical Engineering Design Course Using Adaptive Online Learning Introducing Security in a Chemical Engineering Design Course Using Adaptive Online Learning Ken Debelak, Larry Howard, Yuan Xue, Christina Lee, Janos Sztipanovits Vanderbilt University, Nashville, TN 37235

More information

Certificate in Cyber Security

Certificate in Cyber Security Certificate in Cyber Security Offered as a partnership between Cape Peninsula University of Technology (CPUT), French South African Institute of Technology (F SATI), CS Interactive Training and Boshoff

More information

A Multi-Tier Approach to Cyber Security Education, Training, and Awareness in the Undergraduate Curriculum (CSETA)

A Multi-Tier Approach to Cyber Security Education, Training, and Awareness in the Undergraduate Curriculum (CSETA) Paper ID #9796 A Multi-Tier Approach to Cyber Security Education, Training, and Awareness in the Undergraduate Curriculum (CSETA) Dr. Nikunja Swain P.E., South Carolina State University Dr. Swain is currently

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Toward Curricular Guidance in the Cyber Sciences

Toward Curricular Guidance in the Cyber Sciences Toward Curricular Guidance in the Cyber Sciences 1 6 J U N E 2 0 1 5 2 0 1 5 C I S S E L A S V E G A S D A V I D G I B S O N, U S A I R F O R C E A C A D E M Y B E T H H A W T H O R N E, U N I O N C O

More information

1 Past AOL reports and reviews are available at http://www.kennesaw.edu/cetl/aol/reports.html

1 Past AOL reports and reviews are available at http://www.kennesaw.edu/cetl/aol/reports.html 1 ASSURANCE OF LEARNING REPORT DEGREE PROGRAM: Master of Science in Information Systems (MSIS) REPORT AUTHOR(S): Amy B. Woszczynski, PhD SUBMISSION DATE: January 29, 2010 1. Following up on the previously

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

Increasing student retention through an enhanced mentoring and tutoring program. Abstract

Increasing student retention through an enhanced mentoring and tutoring program. Abstract Increasing student retention through an enhanced mentoring and tutoring program Hua Li, Kai Jin Industrial and Mechanical Engineering Department hua.li@tamuk.edu, kai.jin@tamuk.edu Mohamed Abdelrahman

More information

Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process DRAFT

Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process DRAFT Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process DRAFT Overview In 2011, The University of Texas System Chancellor unveiled

More information

College/School/Major Division Assessment Results for 2012-2013

College/School/Major Division Assessment Results for 2012-2013 College/School/Major Division Assessment Results for 2012-2013 1) College/School: School of Agriculture: Animal Science Unit 2) Review your student learning outcomes (SLOs). Please update as needed. The

More information

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC)

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong competitive edge in the Nation

More information

MPA Program Assessment Report Summer 2015

MPA Program Assessment Report Summer 2015 MPA Program Assessment Report Summer 2015 Introduction: This was the second full year for doing learning outcomes assessment based on the 2009 NASPAA accreditation standards and conducting our exit interviews

More information

Designing and Coding Secure Systems

Designing and Coding Secure Systems Designing and Coding Secure Systems Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class covers secure coding and some design issues from a language neutral approach you can

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

EFFECTIVELY COUNSELING GRADUATING STUDENTS

EFFECTIVELY COUNSELING GRADUATING STUDENTS EFFECTIVELY COUNSELING GRADUATING STUDENTS Executive Summary Introduction Are graduating students prepared to enter the job market and succeed in their first jobs? How are students utilizing college career

More information

The GW CyberCorps Program

The GW CyberCorps Program The GW CyberCorps Program www.seas.gwu.edu/cybercorps Introduction The need for educated personnel in the government s cyber security workforce is critical to the nation s security. As evidenced by remarks

More information

Using Visualization to Teach Security

Using Visualization to Teach Security Using Visualization to Teach Security Dino Schweitzer, Wayne Brown Academy Center for Cyberspace Research, United States Air Force Academy, CO dino.schweitzer@usafa.edu Abstract. Interactive visualization

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Master of Science in Information Systems & Security Management. Courses Descriptions

Master of Science in Information Systems & Security Management. Courses Descriptions Master of Science in Information Systems & Security Management Security Related Courses Courses Descriptions ISSM 530. Information Security. 1 st Semester. Lect. 3, 3 credits. This is an introductory course

More information

GEMS-U Program Description

GEMS-U Program Description GEMS-U Program Description (GEMS-U) is an innovative, exclusive statewide program, spearheaded by the Alabama Department of Education. The GEMS-U program is designed to develop and disseminate high-quality

More information

Proposal for a Graduate Certificate in Information Assurance Education Track 2. Submitted. by the. School of Technology West Lafayette Campus

Proposal for a Graduate Certificate in Information Assurance Education Track 2. Submitted. by the. School of Technology West Lafayette Campus Graduate Council Document 03-24a Approved by the Graduate Council 11/20/03 Proposal for a Graduate Certificate in Information Assurance Education Track 2 Submitted by the School of Technology West Lafayette

More information

Integrating Software Assurance and Secure Programming Concepts and Mindsets into an Undergraduate Computer Science Program

Integrating Software Assurance and Secure Programming Concepts and Mindsets into an Undergraduate Computer Science Program Integrating Software Assurance and Secure Programming Concepts and Mindsets into an Undergraduate Computer Science Program Striving to Achieve the Goals of the SEI/CERT Software Assurance Curriculum Project

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

A Process Model for Establishing Engineering Technology Programs at Technical Colleges

A Process Model for Establishing Engineering Technology Programs at Technical Colleges A Process Model for Establishing Engineering Technology Programs at Technical Colleges George D. Gray Applied and Engineering Technology Division Wichita Area Technical College Raju Dandu Engineering Technology

More information

CyberNEXS Global Services

CyberNEXS Global Services CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS

More information

CERIAS Tech Report 2012-14 A Curriculum Model for Industrial Control Systems Cyber-Security with Sample Modules by J. Chris Foreman, James H.

CERIAS Tech Report 2012-14 A Curriculum Model for Industrial Control Systems Cyber-Security with Sample Modules by J. Chris Foreman, James H. CERIAS Tech Report 2012-14 A Curriculum Model for Industrial Control Systems Cyber-Security with Sample Modules by J. Chris Foreman, James H. Graham, Jeffrey L. Hieb, Rammohan K. Ragade Center for Education

More information

2 0 0 7 Sponsorship Packet On behalf of The Center for Infrastructure Assurance and Security (CIAS) I would like to invite you to participate through sponsorship at our second National Collegiate Cyber

More information

PANEL TITLE: UNIVERSITY APPROACHES TO INFORMATION SECURITY EDUCATION - CHALLENGES, ISSUES, SUCCESSES, AND OPPORTUNITIES

PANEL TITLE: UNIVERSITY APPROACHES TO INFORMATION SECURITY EDUCATION - CHALLENGES, ISSUES, SUCCESSES, AND OPPORTUNITIES PANEL TITLE: UNIVERSITY APPROACHES TO INFORMATION SECURITY EDUCATION - CHALLENGES, ISSUES, SUCCESSES, AND OPPORTUNITIES PANEL CHAIR: Dr. Rayford Vaughn ( Mississippi State University): Dr. Vaughn teaches

More information

Cyber Security & Data Privacy. January 22, 2014

Cyber Security & Data Privacy. January 22, 2014 Cyber Security & Data Privacy January 22, 2014 Today s Presenters Bob DiBella Director of Product Management Aclara Technologies Srinivasalu Ambati Application Architect, Consumer Engagement Aclara Technologies

More information

Kerry Kidwell-Slak and Kate Phelps Assistant Directors, Professional Practice UMBC Shriver Center

Kerry Kidwell-Slak and Kate Phelps Assistant Directors, Professional Practice UMBC Shriver Center Kerry Kidwell-Slak and Kate Phelps Assistant Directors, Professional Practice UMBC Shriver Center } Science: Biology, Chemistry, Biochemistry, Environmental, Physics, Psychology, Atmospheric Sciences

More information

The Importance of Using Hacker Contests and Mindset in Teaching Networks and Information Assurance

The Importance of Using Hacker Contests and Mindset in Teaching Networks and Information Assurance The Importance of Using Hacker Contests and Mindset in Teaching Networks and Information Assurance Thomas A. Babbitt This paper was completed and submitted in partial fulfillment of the Master Teacher

More information

Delta Courses. *The College Classroom. The College Classroom: International Students, International Faculty. Diversity in the College Classroom

Delta Courses. *The College Classroom. The College Classroom: International Students, International Faculty. Diversity in the College Classroom COURSE CATALOG Contents Introduction... 3 Delta Courses... 4 The College Classroom... 4 The College Classroom: International Students, International Faculty... 4 Diversity in the College Classroom... 4

More information

Course Modules for Software Security

Course Modules for Software Security Course Modules for Software Security Austin Frazier, Xiaohong Yuan, Yaohang Li, Stephan Hudson, North Carolina A&T State University Abstract Each year the reported number of security vulnerabilities increases

More information

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office CSUSB, Information Security & Emerging Technologies Office Last Revised: 03/17/2015 Draft REVISION CONTROL Document Title: Author: File Reference: CSUSB Web Application Security Standard Javier Torner

More information

ANALYSIS OF SOFTWARE THREATS AND SOFTWARE SECURITY. Department of Computer Science & IT University of Jammu, Jammu

ANALYSIS OF SOFTWARE THREATS AND SOFTWARE SECURITY. Department of Computer Science & IT University of Jammu, Jammu ANALYSIS OF SOFTWARE THREATS AND SOFTWARE SECURITY Dr. Deepshikha Jamwal Bhawana Sharma Research Scholar Research scholar jamwal.shivani@gmail.com bhawana32_mca@yahoo.co.in Department of Computer Science

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

Comparative Analysis of PhD programs in Engineering Education

Comparative Analysis of PhD programs in Engineering Education Paper ID #13515 Comparative Analysis of PhD programs in Engineering Education Mr. Homero Gregorio Murzi, Virginia Tech PhD. student of Engineering Education at Virginia Tech. Mr. Prateek Shekhar, University

More information

Center of Academic Excellence Cyber Operations Program 2013 Application

Center of Academic Excellence Cyber Operations Program 2013 Application Center of Academic Excellence Cyber Operations Program 2013 Application Name of Institution: Mailing Address of Institution: Date: Institution s President s Name and Official Email Address: Department

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

PRO-NET. A Publication of Building Professional Development Partnerships for Adult Educators Project. April 2001

PRO-NET. A Publication of Building Professional Development Partnerships for Adult Educators Project. April 2001 Management Competencies and Sample Indicators for the Improvement of Adult Education Programs A Publication of Building Professional Development Partnerships for Adult Educators Project PRO-NET April 2001

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Master of Science in Security Informatics (MSSI) Information Security Institute (JHUISI) The Johns Hopkins University

Master of Science in Security Informatics (MSSI) Information Security Institute (JHUISI) The Johns Hopkins University Master of Science in Security Informatics (MSSI) Information Security Institute (JHUISI) The Johns Hopkins University Securing cyberspace and our national information infrastructure is now more important

More information

Cybersecurity for Energy Delivery Systems 2010 Peer Review. William H. Sanders University of Illinois TCIPG Center Overview

Cybersecurity for Energy Delivery Systems 2010 Peer Review. William H. Sanders University of Illinois TCIPG Center Overview Cybersecurity for Energy Delivery Systems 2010 Peer Review Alexandria, VA July 20-22, 2010 William H. Sanders University of Illinois TCIPG Center Overview TCIPG Summary Extend and integrate previously

More information

Cyber Defense Exercise: A Service Provider Model

Cyber Defense Exercise: A Service Provider Model Cyber Defense Exercise: A Service Provider Model Jeffrey A. Mattson Software Engineering Institute, Carnegie Mellon University, 4500 5th Avenue, Pittsburgh, PA 15218 jmattson@cert.org Abstract. Cyber Defense

More information

Security Training-as-a-Service (STr-aaS) Service Details & Features

Security Training-as-a-Service (STr-aaS) Service Details & Features Security Training-as-a-Service (STr-aaS) Service Details & Features Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware

More information

The introduction covers the recent changes is security threats and the effect those changes have on how we protect systems.

The introduction covers the recent changes is security threats and the effect those changes have on how we protect systems. 1 Cyber-attacks frequently take advantage of software weaknesses unintentionally created during development. This presentation discusses some ways that improved acquisition practices can reduce the likelihood

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

Standard: Web Application Development

Standard: Web Application Development Information Security Standards Web Application Development Standard IS-WAD Effective Date TBD Email security@sjsu.edu # Version 2.0 Contact Mike Cook Phone 408-924-1705 Standard: Web Application Development

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

Engineering our Future New Jersey: Partnerships, the Critical Element

Engineering our Future New Jersey: Partnerships, the Critical Element Engineering our Future New Jersey: Partnerships, the Critical Element Elisabeth McGrath, Stevens Institute of Technology Dawna Schultz, Stevens Institute of Technology Abstract: Engineering Our Future

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Systems and Global Engineering: A Pilot Study for High School Students and Teachers

Systems and Global Engineering: A Pilot Study for High School Students and Teachers Systems and Global Engineering: A Pilot Study for High School Students and Teachers Mercedes McKay, Stevens Institute of Technology Beth McGrath, Stevens Institute of Technology Debra Brockway, Stevens

More information

Master of Science in Early Childhood Education Singapore, 2005 2006

Master of Science in Early Childhood Education Singapore, 2005 2006 Master of Science in Early Childhood Education Singapore, 2005 2006 Offered by RTRC Asia in Collaboration with Wheelock College s Center for International Education, Leadership, and Innovation Background

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

Guide for Designing Cyber Security Exercises

Guide for Designing Cyber Security Exercises Guide for Designing Cyber Security Exercises VICTOR-VALERIU PATRICIU Computer Science Department Military Technical Academy Bucharest, Bd. George Cosbuc, no. 81-83 ROMANIA victorpatriciu@yahoo.com ADRIAN

More information

Information Security Curriculum Creation: A Case Study

Information Security Curriculum Creation: A Case Study Information Security Curriculum Creation: A Case Study Bradley Bogolea College of Engineering The Pennsylvania State University University Park, Pa 16802 bdb194@cse.psu.edu Kay Wijekumar School of Information

More information

EECS 588: Computer and Network Security. Introduction

EECS 588: Computer and Network Security. Introduction EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

Define & Assess Skills - Smart Grid Security Specialists

Define & Assess Skills - Smart Grid Security Specialists Define & Assess Skills - Smart Grid Security Specialists SANS 2011 North American SCADA & Process Control Summit Michael Assante President & CEO NBISE michae.assante@nbise.org 208-557-8026 Cyber Security:

More information

University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course

University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course Effective Term: 2147 (Fall 2014) University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course Subject Area - Course Number: COMPSCI 462 (See Note #1 below) Cross-listing: N/A Course Title:(Limited

More information

Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process

Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process Policies for Evaluating Faculty: Recommendations for Incorporating Student and Peer Reviews in the Faculty Evaluation Process Overview Effective teaching is the core of any outstanding university and is

More information

Introducing Software Engineering to the Freshman Student

Introducing Software Engineering to the Freshman Student Introducing Software Engineering to the Freshman Student Yi Liu, Wei Wang and Onyeka Ezenwoye Department of Electrical Engineering and Computer Science South Dakota State University Brookings, SD 57007

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

white SECURITY TESTING WHITE PAPER

white SECURITY TESTING WHITE PAPER white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...

More information

New Media for Teaching Applied Cryptography and Network Security

New Media for Teaching Applied Cryptography and Network Security published as: J. Hu, D. Cordel, Christoph Meinel: New Media for Teaching Applied Cryptography and Network Security; In Proceedings of the 1st European Conference on Technology Enhanced Learning (EC-TEL

More information

Principles to Guide the Design and Implementation of Doctoral Programs in Mathematics Education

Principles to Guide the Design and Implementation of Doctoral Programs in Mathematics Education Principles to Guide the Design and Implementation of Doctoral Programs in Mathematics Education A Task Force Report for the Association of Mathematics Teacher Educators Forward This report, in some ways,

More information

CS 464/564 Networked Systems Security SYLLABUS

CS 464/564 Networked Systems Security SYLLABUS CS 464/564 Networked Systems Security SYLLABUS College: College of Science Department: Department of Computer Science Syllabus Title: CS 464/564 Networked Systems Security Call Number: 1. Meet the Professor

More information