Joel Brynielsson
Abstract
To authorize and initiate necessary investments and enforce appropriate policies and procedures, decision-makers need to have at least a fair understanding of computer security fundamentals. This paper presents the course design and the laboratory settings that have been developed for, and used within, the high rank officer curriculum at the Swedish National Defence College. The developed course looks at computer security from an attack versus defend viewpoint, meaning that computer attacks are studied to learn about prevention and self-defense. The paper discusses the pedagogical challenges related to education of high rank officers and similar personnel in light of recently-held courses and contrasts the course relative to similar undertakings. A standpoint taken is that computer security is best taught using hands-on laboratory experiments focusing on problem solving assignments. This is not undisputed since, e.g., high rank officers are busy people who are not fond of getting stuck learning about the peripherals.
- L. Armistead, editor. Information Operations: Warfare and the Hard Reality of Soft Power. Issues in Twenty-First Century Warfare. Brassey's, Inc., Washington, District of Columbia, 2004.Google Scholar
- M. Bishop. Computer security education: Training, scholarship, and research. IEEE Computer, 35(4):30--32, Apr. 2002. Google ScholarDigital Library
- L. Cohen, L. Manion, and K. Morrison. Research Methods in Education, chapter 14, pages 297--313. Routledge, London, sixth edition, 2007.Google Scholar
- E. Crowley. Information system security curricula development. In Proceedings of the Fourth ACM SIGITE Conference on Information Technology Curriculum, pages 249--255, Lafayette, Indiana, Oct. 2003. Google ScholarDigital Library
- H. W. Gardner. Educating for understanding. The American School Board Journal, 180(7):20--24, July 1993.Google Scholar
- J. Hill, C. Carver, J. Humphries, and U. Pooch. Using an isolated network laboratory to teach advanced networks and security. In Proceedings of the 32nd ACM SIGCSE Technical Symposium on Computer Science Education, pages 36--40, Charlotte, North Carolina, Feb. 2001. Google ScholarDigital Library
- C. E. Irvine, S.-K. Chin, and D. Frincke. Integrating security into the curriculum. IEEE Computer, 31(12):25--30, Dec. 1998. Google ScholarDigital Library
- D. Jacobson. Teaching information warfare with lab experiments via the Internet. In Proceedings of the 34th ASEE/IEEE Frontiers in Education Conference, pages T3C/7-12, Savannah, Georgia, Oct. 2004.Google ScholarCross Ref
- B. E. Mullins, T. H. Lacey, R. F. Mills, J. M. Trechter, and S. D. Bass. How the cyber defense exercise shaped an information-assurance curriculum. IEEE Security & Privacy, 5(5):40-49, Sept.-Oct. 2007. Google ScholarDigital Library
- G. W. Romney, C. Higby, B. R. Stevenson, and N. Blackham. A teaching prototype for educating IT security engineers in emerging environments. In Proceedings of the Fifth IEEE International Conference on Information Technology Based Higher Education and Training, pages 662--667, Istanbul, Turkey, May-June 2004.Google ScholarCross Ref
- L. S. Schadler and J. B. Hudson. The emergence of studio courses-an example of interactive learning. In C. Baillie and I. Moore, editors, Effective Learning and Teaching in Engineering, chapter 10, pages 156--168. RoutledgeFalmer, New York, 2004.Google Scholar
- S. K. Sharma and J. Sefchek. Teaching information systems security courses: A hands-on approach. Computers & Security, 26(4):290--299, June 2007.Google ScholarDigital Library
- R. S. Swart and R. F. Erbacher. Educating students to create trustworthy systems. IEEE Security & Privacy, 5(3):58--61, May-June 2007. Google ScholarDigital Library
- M. Wilson, D. E. de Zafra, S. I. Pitcher, J. D. Tressler, and J. B. Ippolito. Information Technology Security Training Requirements: A Role- and Performance-Based Model. NIST Special Publication 800--16, National Institute of Standards and Technology, U.S. Department of Commerce, Apr. 1998. Google ScholarDigital Library
Index Terms
- An information assurance curriculum for commanding officers using hands-on experiments
Recommendations
An information assurance curriculum for commanding officers using hands-on experiments
SIGCSE '09: Proceedings of the 40th ACM technical symposium on Computer science educationTo authorize and initiate necessary investments and enforce appropriate policies and procedures, decision-makers need to have at least a fair understanding of computer security fundamentals. This paper presents the course design and the laboratory ...
Security across the curriculum and beyond
FIE '12: Proceedings of the 2012 IEEE Frontiers in Education Conference (FIE)Society's dependency on information technology has drastically outpaced educational curricula and the opportunities that universities and higher education institutes provide to students from both technical (e.g., computer engineering, computer science) ...
Integrating Hands-on Cybersecurity Exercises into the Curriculum in 2018: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationWe need to greatly expand the community of faculty teaching cybersecurity using hands-on exercises. The number of security-focused competitions and exercises has increased in recent years so that faculty need to choose those that can best be integrated ...
Comments