Teaching Security Defense Through Web-Based Hacking at the Undergraduate Level

The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today’s attacks but what about tomorrow\u27s? As the types of attacks change so must the cybersecurity professional. The only way for the cybersecurity professional to achieve this nimbleness is to understand the structural anatomy of the various attack types. Understanding the threat environment is the key to future success. Security defense through offensive techniques should and can be taught at the undergraduate level. Using the OWASP Mutillidae project [5], students can have a self-contained, sandbox environment for dissecting and discussing cyber attacks

Preparing millennials as digital citizens and socially and environmentally responsible business professionals in a socially irresponsible climate

As of 2015, a millennial born in the 1990's became the largest population in the workplace and are still growing. Studies indicate that a millennial is tech savvy but lag in the exercise of digital responsibility. In addition, they are passive towards environmental sustainability and fail to grasp the importance of social responsibility. This paper provides a review of such findings relating to business communications educators in their classrooms. The literature should enable the development of a millennial as an excellent global citizen through business communications curricula that emphasizes digital citizenship, environmental sustainability and social responsibility. The impetus for this work is to provide guidance in the development of courses and teaching strategies customized to the development of each millennial as a digital, environmental and socially responsible global citizen

ePortfolios: Mediating the minefield of inherent risks and tensions

The ePortfolio Project at the Queensland University of Technology (QUT) exemplifies an innovative and flexible harnessing of current portfolio thinking and design that has achieved substantial buy-in across the institution with over 23000 active portfolios. Robust infrastructure support, curriculum integration and training have facilitated widespread take-up, while QUT’s early adoption of ePortfolio technology has enabled the concomitant development of a strong policy and systems approach to deal explicitly with legal and design responsibilities. In the light of that experience, this paper will highlight the risks and tensions inherent in ePortfolio policy, design and implementation. In many ways, both the strengths and weaknesses of ePortfolios lie in their ability to be accessed by a wider, less secure audience – either internally (e.g. other students and staff) or externally (e.g. potential employees and referees). How do we balance the obvious requirement to safeguard students from the potential for institutionally-facilitated cyber-harm and privacy breaches, with this generation’s instinctive personal and professional desires for reflections, private details, information and intellectual property to be available freely and with minimal restriction? How can we promote collaboration and freeform expression in the blog and wiki world but also manage the institutional risk that unauthorised use of student information and work so palpably carries with it? For ePortfolios to flourish and to develop and for students to remain engaged in current reflective processes, holistic guidelines and sensible boundaries are required to help safeguard personal details and journaling without overly restricting students’ emotional, collaborative and creative engagement with the ePortfolio experience. This paper will discuss such issues and suggest possible ways forward

Synergistic literacies: Fostering critical and technological literacies in teaching legal research methods at the University of Waikato

Nowadays, new law courses are not approved unless both the "needs analysis" is convincing and the "consumer demand" is certain. Needs and demands today are driven by new pressures for technological literacy accelerated by globalisation and the current revolution in information and communication technologies (ICTs). The popular logic is that new global "knowledge economies" need "knowledge workers" or "wired workers" to labour in the new e-markets for goods and services and to use the burgeoning number and high quality of electronic information databases now essential to legal research. Students are acutely aware of these developments as well as of the highly competitive nature of the contemporary labour market for law graduates. Consequently, students are demanding more "how to" research skills training. This article puts in context the reasons why, at the University of Waikato, we regard creating synergy between critical and technological literacy as essential for teaching and learning law-in-context research methods, and then describes the curriculum we designed for a legal research methods course in order to trial this approach. From the start we have been clear that the new course was not just to be a "how to" course, and that we would be concentrating on critical literacy as much as technological literacy. For us, critical literacy is fundamental because it relates to the way in which one analyses the world, a process described as "becoming aware of the underlying structure of conceptions".1 This awareness includes the politics in the architectures that constitute the Internet and the assembly of information accessible on it. We designed our curriculum for critical literacy around five types of analysis. Our shorthand for this is to call these "the five 'Cs'". Our five interrelated categories for analysis focus on: Change - in society, economy and culture Concepts - legal and sociological concepts and analytical frameworks Critique (and standpoint or perspective) Comparisons (and Contrasts) Contexts. We argue that, at a minimum, these are the conceptual tools necessary to critique and engage the operation of the law in the context of society, noting especially inequalities and injustices. Throughout the course students are encouraged to harness technological literacy to each dimension of their analysis. This article consists of two main parts. The first part ("Context and Assumptions") explores in some depth the reasons for the need to teach critical literacy alongside technological literacy. The second part ("The Legal Research Methods Course") describes our efforts to promote the synergy between critical and technological literacies in the context of a fourth year optional course, Legal Research Methods 2000, at the University of Waikato School of Law

Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier

As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property. Two parallel developments in academic data collection are converging: (1) open access requirements, whereby researchers must provide access to their data as a condition of obtaining grant funding or publishing results in journals; and (2) the vast accumulation of 'grey data' about individuals in their daily activities of research, teaching, learning, services, and administration. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities are exploiting these data for research, learning analytics, faculty evaluation, strategic decisions, and other sensitive matters. Commercial entities are besieging universities with requests for access to data or for partnerships to mine them. The privacy frontier facing research universities spans open access practices, uses and misuses of data, public records requests, cyber risk, and curating data for privacy protection. This paper explores the competing values inherent in data stewardship and makes recommendations for practice, drawing on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.Comment: Final published version, Sept 30, 201

Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information. A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C. These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution

Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information. A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C. These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution