102 research outputs found

    Redesigning the Information Assurance Undergraduate Curriculum at Regis University

    Get PDF
    When Regis University created the eSecurity curriculum in 2003, the lessons were pertinent to the then-current threats. Although the curriculum has slightly changed since then, the courses needed a major facelift to meet the ever changing cyber threats. The question of can Information Assurance courses at Regis University be refreshed to include virtual labs so they are based on ethical standards will be answered in this paper. Utilizing the Design Science methodology and incorporating Bloom â„¢s Taxonomy and the Jesuit educational approach, curriculum was identified and developed for the classroom and online students. By working with the Regis Distance Learning department, the thesis project was submitted for publication as part of the Regis Computer Networking courses

    Reengineering an Information Security Course for Business Management Focus

    Get PDF
    This paper describes an information security course that evolved from a technology-focused legacy systems course to a current-topics Web commerce course for MBA students with an emphasis on business management issues faced by today\u27s networked organizations. The paper also describes the use of an online component, implemented to enhance student learning in a technology-based environment, which fostered interactivity and discussions among students. Using this course as a model, the paper presents a rationale for revising content and describes the framework, pedagogy and learning materials that were used in the course to meet the changing needs of information security management

    Exploring the Cybersecurity Hiring Gap

    Get PDF
    Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data

    To What Extent Has Information Security Professionalism Achieved Recognition?

    Get PDF
    The practice of securing information was until recently associated strongly with securing the Information Technology systems which store and process it. As it has developed as a specialised area of work however, particularly as the critical importance of human and social factors has increasingly been recognised, it has acquired an identity separate from that of computing. The separation has been sufficient for the formation of a new, distinct occupation, with specialised credentialing bodies being established to attest to practitioners’ professional competence. This study is the first empirical academic investigation into the professionalisation of UK Information Security. It considers attitudes towards professional status, the desirability and practicality of licensing, the current standing of the occupation and its prospects for the future. The analysis draws heavily from the substantial Sociology of the Professions, both from the structural and procedural theory of profession-forming and the later critiques of motivation, class and power. Semi-structured interviews were undertaken with twenty-seven individuals comprising security analysts, managers, academics, professional bodies and the UK Government. Interviews took place between November 2012 and March 2015. Results are presented in two stages of analysis, using Actor–Network Theory as a theoretical lens. Whilst significant progress has been made towards forming a recognisable Information Security profession, its status is not yet comparable to more established peers. Aligned with US National Research Council findings but using a broader basis in professionalisation theory, the UK occupation was found to be too diffusely demarcated both internally and with respect to its bordering professions. It has yet to coalesce around distinct internal specialities with discrete qualification routes and establish the hierarchical arrangement of its major branches. Without such stratification of roles and a well-accepted claim to controlling a clearly demarcated body of knowledge, it is not possible to establish the boundaries of a graduate profession superior to any supporting para-professions, and thus position itself as requiring an advanced abstract education comparable to its peers. A rationalisation of credentials and institutions is required to produce a strong professional body which can advance the cause of the profession and properly establish and embed these roles. At present however – contrary to the tenor of much of the relevant sociology – neither the pursuit of professional status nor the exclusion of unqualified workers were found to be major motivators for current practitioners. By contrast government, the final arbiter of professional monopoly, is attempting urgently to increase the appeal of the profession to address a national skills shortfall, but is wary of direct market intervention in the form of licensing. Therefore, whilst change is rapid, significant impediments to full professional recognition remain

    Cybersecurity Stovepiping

    Get PDF
    I. Introduction II. The Concept of Stovepiping III. Stovepiping in Cybersecurity ... A. Policy Making, Complexity, and Change ... B. Complex Passwords: A Case Study ... 1. Fundamentals of Password Complexity ... 2. “Guessability”—the False Assumption ... a. Password Guessing via Authentication (Login) Interfaces ... b. Password Guessing via Unprotected/Unsanitized Service ... c. Offline Password Attacks ... 3. “Defense in Depth”—Measuring Marginal Benefit IV. Implications of the Stovepiping Disjuncture ... A. Addressing the Same Question … B. Overcoming Policy Entrenchment ... C. Risk-Analytic Framework for Cybersecurity V. Conclusio

    College of Engineering and Computing Graduate Catalog

    Get PDF

    In Pursuit of an Aptitude Test for Potential Cyberspace Warriors

    Get PDF
    The Air Force has officially assumed the cyberspace mission. To perform this mission well, it is important to employ personnel who have the necessary skill sets and motivation to work in a cyberspace environment. The first step in employing the right people is to screen all possible candidates and select those with an aptitude for acquiring the skill sets and with the motivation to perform this work. This thesis attempts to determine the necessary skills and motivations to perform the cyberspace mission and recommends a screening process to select the candidates with the highest probability for success. Since this mission is new, no one really knows what skills and motivations are necessary for it. To assist in determining the skills and motivations for cyber warriors, the author considers the skills and motivations of computer hackers. If the skills and motivations of successful hackers can be identified, those skills and motivations can be used as a tool for developing an aptitude test to be used as a screening device. A blueprint for an aptitude test is provided based on the findings of the hacker skills and motivations

    A multi-layer model for e-government information security assessment

    Get PDF
    The emphasis on the value of time from the knowledge workers and citizens has driven governments towards the transformation to the electronic method in offering government services to the public. This underpinned the need of launching e-governments worldwide. The inter-government integration, information sharing and collaboration is required to provide the citizens with well integrated services. The level of trust is one of the key factors for the integration and information sharing between the government departments. Information security contributes directly to the increased level of trust between the government departments by providing an assurance of confidentiality, integrity, and availability of sensitive governmental information. The research reported in this thesis delivers a new model that can be used as a tool to assess the level of security readiness of government departments, a checklist for the required security measures, and as a common reference for the security in the government departments in Dubai. Based on extensive literature research a new model was developed using a qualitative approach to build the overall structure and the number of layers in it. A quantitative approach was adopted during the research study to confirm the importance of the model layers and sub layers. The applicability of the model was tested and the Dubai e- government authority was taken as a case study to validate the model and its layers. The research contributes to the theoretical knowledge of the information security modelling concept in four ways. First the literature review of existing security model and their coverage of security aspects. Second, the analysis of the security threats related to the e- services. Third, the construction of a new security model based on the academic research on each layer. Fourth, the applicability of the model was in the validated case study selected.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

    Development of Information Technology Auditing Teaching Modules: An Interdisciplinary Endeavor between Seidenberg and Lubin Faculty

    Get PDF
    The original goals of the project were to develop interdisciplinary Information Technology (IT) Auditing teaching modules, to be integrated into courses offered by both Business and Information Technology disciplines during Fall 2009 and Spring 2010. IT Auditing is an interdisciplinary field which requires understanding audit, control, technology and security concepts in accordance with audit standards, guidelines, and best practices. Thus, IT Auditing requires interdisciplinary knowledge across IT and Accounting/Auditing domains. With increasing use of IT in business processes, the demand for IT Auditors is increasing rapidly, offering a lucrative career path. Acquiring IT Audit related knowledge and skills will help our students improve their career opportunities by exploring this growing field. Based upon the curriculum content areas of the CISA Exam as well as the ISACA Model Curriculum, we proposed the following three interdisciplinary teaching modules for IT Auditing: 1) IT Auditing Frameworks & Business Continuity; 2) IT Lifecycle Management & Service Delivery; and 3) Protection of Information Assets. We had developed the three teaching modules. Each individual module can be covered in one to two weeks. The entire set of three IT Auditing modules can then be covered in 3-4 weeks of class time. For each of the individual modules, we had developed presentation slides, reading lists and online quizzes based on the CISA Exam. We had also identified an overarching case study to be used throughout the three individual modules for continuity reasons

    The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League

    Get PDF
    03.07.2014 kehtestati Vabariigi Valitsuse määrus nr. 108, mis reguleerib Kaitseliidu kaasamise tingimusi ja korda küberjulgeoleku tagamisel. Seega võivad Kaitseliidu küberkaitse üksuse (KL KKÜ edaspidi KKÜ) kutsuda olukorda toetama erinevad asutused: näiteks Riigi Infosüsteemide amet (RIA), infosüsteemi järelevalveasutus või kaitseministeerium või selle valitsemisala ametiasutused oma ülesannete raames. KKÜ-d saab kaasata info- ja sidetehnoloogia infrastruktuuri järjepidevuse tagamisel, turvaintsidentide kontrollimisel ja lahendamisel, rakendades nii aktiivseid kui passiivseid meetmeid. KKÜ ülesannete kaardistamisel täheldati, et KKÜ partnerasutused / organisatsioonid ei ole kaardistanud oma spetsialistide olemasolevaid pädevusi ja sellele lisaks puudub ülevaade digitaalse ekspertiisi kogukonnas vajaolevatest pädevustest. Leitut arvesse võttes seati ülesandeks vajadustest ja piirangutest (võttes arvesse digitaalse ekspertiisi kogukonda kujundavaid standardeid) ülevaatliku pildi loomine, et töötada välja digitaalse ekspertiisi kompetentsipõhine raamistik, mis toetab KKÜ spetsialistide arendamist palkamisest pensionini. Selleks uurisime KKÜ ja nende olemasolevate koolitusprogrammide hetkeolukorda ning otsustasime milliseid omadusi peab edasise arengu tarbeks uurima ja kaaluma. Võrreldavate tulemuste saa-miseks ja eesmärgi täitmiseks pidi koostatav mudel olema suuteline lahendama 5-t järgnevat ülesannet: 1. Oskuste kaardistamine, 2. Eesmärkide seadmine ja ümberhindamine, 3. Koolituskava planeerimine, 4. Värbamisprotsessi kiirendamine ning 5. Spetsialistide kestva arengu soodustamine. Raamistiku väljatöötamiseks võeti aluseks National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) pädevusraamistik mida parendati digitaalse ekspertiisi spetsialistide, ja käesoleval juhul ka KKÜ, vajadusi silmas pidades. Täiendusi lisati nii tasemete, spetsialiseerumise kui ka ülesannete kirjelduste kujul. Parenduste lisamisel võeti arvesse töös tutvustatud digitaalse ekspertiisi piiranguid ja standardeid, mille lõpptulemusena esitati KKÜ-le Digitaalse Ekspertiisi Pädevuse ontoloogia, KKÜ struktuuri muudatuse ettepanek, soovitatavad õpetamisstrateegiad digitaalse ekspertiisi kasutamiseks (muudetud Bloomi taksonoomia tasemetega), uus digitaalse ekspertiisi standardi alajaotus – Mehitamata Süsteemide ekspertiis ja Digitaalse Ekspertiisi Pädevuse Mudeli Raamistik. Ülesannete ja oskuste loetelu koostati rahvusvaheliselt tunnustatud sertifitseerimis-organisatsioonide ja erialast pädevust pakkuvate õppekavade abil. Kavandatava mudeli hindamiseks kasutati mini-Delphi ehk Estimate-Talk-Estimate (ETE) tehnikat. Esialgne prognoos vajaduste ja prioriteetidega anti KKÜ partnerasutustele saamaks tehtud töö kohta ekspertarvamusi. Kogu tagasisidet silmas pidades tehti mudelisse korrektuurid ja KKÜ-le sai vormistatud ettepanek ühes edasise tööplaaniga. Üldiselt kirjeldab väljapakutud pädevusraamistik KKÜ spetsialistilt ooda-tavat pädevuse ulatust KKÜ-s, et suurendada nende rolli kiirreageerimisrühmana. Raamistik aitab määratleda digitaalse ekspertiisi eeldatavaid pädevusi ja võimekusi praktikas ning juhendab eksperte spetsialiseerumise valikul. Kavandatud mudeli juures on arvestatud pikaajalise mõjuga (palkamisest pensionini). Tulenevalt mudeli komplekssusest, on raamistikul pikk rakendusfaas – organisatsiooni arengule maksimaalse mõju saavutamiseks on prognoositud ajakava maksimaalselt 5 aastat. Antud ettepanekud on käesolevaks hetkeks KKÜ poolt heaks kiidetud ning planeeritud kava rakendati esmakordselt 2019 aasta aprillikuus.In 03.07.2014 Regulation No. 108 was introduced which regulates the conditions and pro-cedure of the involvement of the Estonian Defence League (EDL) Cyber Defence Unit (CDU) in ensuring cyber security. This means that EDL can be brought in by the Information System Authority, Ministry of Defence or the authorities of its area of government within the scope of either of their tasks e.g. ensuring the continuity of information and communication technology infrastructure and in handling and solving cyber security incidents while applying both active and passive measures. In January 2018 EDL CDU’s Digi-tal Evidence Handling Group had to be re-organized and, thus, presented a proposal for internal curriculum in order to further instruct Digital Evidence specialists. While describing the CDU's tasks, it was noted that the CDU's partner institutions / organizations have not mapped out their specialists’ current competencies. With this in mind, we set out to create a comprehensive list of needs and constraints (taking into account the community standards of DF) to develop a DF-based competence framework that supports the devel-opment of CDU professionals. Hence, we studied the current situation of CDU, their existing training program, and contemplated which features we need to consider and ex-plore for further development. In order to assemble comparable results and to achieve the goal the model had to be able to solve the 5 following tasks: 1. Competency mapping, 2. Goal setting and reassessment, 3. Scheduling the training plan, 4. Accelerating the recruitment process, and 5. Promoting the continuous development of professionals. The frame-work was developed on the basis of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), which was revised to meet the needs of DF specialists, including EDL CDU. Additions were supplemented in terms of levels, specialization, and job descriptions. The proposals included the DF limitations and standards introduced in the work, which ultimately resulted in a proposal for a Digital Forensics Competency ontology, EDL CDU structure change, Suggested Instruc-tional Strategies for Digital Forensics Use With Each Level of revised Bloom's Taxonomy, a new DF standard subdivision – Unmanned Systems Forensics, and Digital Forensic Competency Model Framework. The list of tasks and skills were compiled from international certification distribution organizations and curricula, and their focus on DF Special-ist Competencies. Mini-Delphi or Estimate-Talk-Estimate (ETE) techniques were applied to evaluate the proposed model. An initial estimation of competencies and priorities were given to the EDL CDU partner institutions for expert advice and evaluation. Considering the feedback, improvements were made to the model and a proposal was put forward to the CDU with a future work plan. In general, the proposed competence framework describes the expected scope of competence of an DF specialist in the EDL CDU to enhance their role as a rapid response team. The framework helps in defining the expected compe-tencies and capabilities of digital forensics in practice and offers guidance to the experts in the choice of specialization. The proposed model takes into account the long-term effect (hire-to-retire). Due to the complexity of the model, the framework has a long implementation phase — the maximum time frame for achieving the full effect for the organization is expected to be 5 years. These proposals were approved by EDL CDU and the proposed plan was first launched in April 2019
    corecore