11,490 research outputs found
The Development of Information Assurance and Cyber Security Competencies
Information assurance and cybersecurity has become a critical element in the daily lives of almost every individual and organization across the globe. To be able to protect Personal Identity Information (PII), Intellectual Property (IP) and organizational trademarks requires producing more cybersecurity practitioners. The problem being addressed by this study is the identification of comprehensive competency levels for information assurance and cybersecurity practitioners is unknown. This research created definitions for three levels of cybersecurity practitioners that can be utilized by government, industry and academia individuals and organizations. 14 core competencies for cybersecurity practitioners were identified and defined. The Qualtrics survey was distributed through email by sending a link to survey participants. To obtain the opinions of the government the survey was distributed to the United States Army Information Technology and Security community and the Department of Homeland Security (DHS) Office of Technology. To gain insight from the academia community the survey was distributed to the Purdue community and affiliates of the Center for Education and Research in Information Assurance and Security (CERIAS) and the Department of Computer and Information Technology. For input from the industry the following Information Assurance and Security departments of the following companies received the survey: Lockheed Martin Cybersecurity, Cook Medical, RSA Security, LLC., Dell, Cisco, SAP Software Solutions, and Business Applications and Technology. The data was analyzed using SPSS a statistical software package available to Purdue faculty, staff, and students. Overall there were 61 government participants, 27 industry participants, and 13 academia participants. The one-way ANOVA test for all the government, industry and academia practitioners yielded many significant findings. Some of the most important competencies that spanned across all affiliations and levels were Access Control and Incident Management and Response. This research aimed to identify a broad list of competencies that could be used to design training, curriculum, and certification courses for cybersecurity practitioners
Multinational perspectives on information technology from academia and industry
As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template â Vulnerability Anti-Pattern â that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
The Federal Information Security Management Act of 2002: A Potemkin Village
Due to the daunting possibilities of cyberwarfare, and the ease with which cyberattacks may be conducted, the United Nations has warned that the next world war could be initiated through worldwide cyberattacks between countries. In response to the growing threat of cyberwarfare and the increasing importance of information security, Congress passed the Federal Information Security Management Act of 2002 (FISMA). FISMA recognizes the importance of information security to the national economic and security interests of the United States. However, this Note argues that FISMA has failed to significantly bolster information security, primarily because FISMA treats information security as a technological problem and not an economic problem. This Note analyzes existing proposals to incentivize heightened software quality assurance, and proposes a new solution designed to strengthen federal information security in light of the failings of FISMA and the trappings of Congressâs 2001 amendment to the Computer Fraud and Abuse Act
Recommended from our members
The THREAT-ARREST Cyber-Security Training Platform
Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organizationâs system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed
National Security Space Launch
The United States Space Forceâs National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clintonâs National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on âassured access to space,â 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022.
This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie
- âŠ