{"title":"Ongoing threats to information protection","authors":"M. Whitman, H. Mattord","doi":"10.1145/2885990.2885994","DOIUrl":"https://doi.org/10.1145/2885990.2885994","url":null,"abstract":"The threat landscape facing the use of information systems is constantly changing. This short summary of a recent survey of the threats to information protection provides a concise summary of the perceptions of number of current practitioners and how the organizations with which they are associated perceive this evolving threat environment.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125858785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Disaster recovery planning","authors":"J. Vuong","doi":"10.1145/2885990.2886006","DOIUrl":"https://doi.org/10.1145/2885990.2886006","url":null,"abstract":"In this paper, the importance of formulating a proper disaster recovery plan is discussed. The disaster recovery plan is part of the contingency plans that organizations create to prepare for adverse events that could affect the productivity or daily operations of the work place. To create a disaster recovery plan, an organization must have an understanding of the use of the plan, the creation process, and the types of possible adverse events.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"156 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133006314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Penetration testing in a box","authors":"L. Epling, Brandon Hinkel, Yim-Fun Hu","doi":"10.1145/2885990.2885996","DOIUrl":"https://doi.org/10.1145/2885990.2885996","url":null,"abstract":"Network and application vulnerability assessments have a tendency to be difficult and costly; however, failing to have an assessment done and fixing security loopholes may result in a security breach by malicious attackers. A security breach can cost an organization time and money remediating the damage, such as lost confidential business information, which far exceeds the cost of a security assessment. Our solution for this problem is a semi-automated system that can help a penetration tester, security professional, or systems administrator, scan and report on the vulnerabilities of a network and services running on the network. It is also able to perform some simulated attacks. This system relies on a miniaturized computer to host the necessary components to conduct a security assessment. This system has been done in an open source manner to allow others to contribute and benefit from a community effort in the name of security.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127719722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Integrate mobile devices into CS security education","authors":"H. Chi","doi":"10.1145/2885990.2885991","DOIUrl":"https://doi.org/10.1145/2885990.2885991","url":null,"abstract":"Mobile computing, popularized for social media, has emerged as a delivery vehicle of choice for commercial, medical and military applications. The ubiquity of wireless and satellite communication and the rapid evolution of powerful devices that exploit this infrastructure have pushed mobile application development, in many instances, ahead of the capabilities to ensure the secure and safe utilization of these applications. The gap between capabilities and the ability to safeguard information assets must not be ignored, given the documented rise in the number and sophistication of threats and the broadening vulnerabilities of mobile applications and systems worldwide. We are focusing on how to integrate mobile apps/devices into our cyber security courses. In addition, case studies and hands-on labs are discussed in our practice","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128447618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"From student research to intrusion detection","authors":"N. Paul Schembari","doi":"10.1145/2885990.2885995","DOIUrl":"https://doi.org/10.1145/2885990.2885995","url":null,"abstract":"We describe a multi-year project that began as mostly undergraduate student research in data mining applied to computer forensics and has now grown into a prototype for an intrusion detection system. The IDS assumes we have delimited data that can be separated into records such as IP packets, system calls, etc. The data mining approach uses the Bag of Words methodology where we form a matrix model of the data, and then cluster the records using k-means clustering and sparse nonnegative matrix factorization. With no training, these clusters are evaluated to determine if they represent normal system actions or attack vectors. This prototype system has accuracy levels similar to systems that use supervised learning on a specific set of data. We discuss future plans to make improvements with continued student investigation. Overall, we found this to be a great partnership between faculty and student research.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128649978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Creation of a bootable Kali Linux USB drive with persistent storage","authors":"Ryan Wilson","doi":"10.1145/2885990.2885997","DOIUrl":"https://doi.org/10.1145/2885990.2885997","url":null,"abstract":"Information Security training requires hands-on experimentation to develop skills and apply classroom instruction. The ideal environment is available to students in class and at home and should provide resources from which the students can further their learning independently. This paper describes an approach to building a bootable USB flash drive based on Kali Linux that contains a persistent storage partition containing additional resources for student learning. Students are then able to use the same environment for completing in class labs and at home learning and experimentation.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115364990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Julio C. Rivera, P. Gangi, Allen C. Johnston, James L. Worrell
{"title":"Undergraduate student perceptions of personal social media risk","authors":"Julio C. Rivera, P. Gangi, Allen C. Johnston, James L. Worrell","doi":"10.1145/2885990.2885998","DOIUrl":"https://doi.org/10.1145/2885990.2885998","url":null,"abstract":"This paper describes a study designed to collect student perceptions of the personal risks incurred when using social media. The study used the Delphi method to rank the social media risks perceived by students. The students' rankings were compared to the personal risks identified and ranked by a group of Library and Information Science professionals. Although there is some agreement between the rankings from the two groups, there are also considerable differences. The paper suggests that educating students about the actual risks they face in using social media is important, and should include all students. For students specializing in information security, it suggests that additional emphasis should be placed on learning about human behavior and social engineering.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124886923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Simpkins, Xiaohong Yuan, Jwalit Modi, J. Zhan, Li Yang
{"title":"A course module on web tracking and privacy","authors":"L. Simpkins, Xiaohong Yuan, Jwalit Modi, J. Zhan, Li Yang","doi":"10.1145/2885990.2886000","DOIUrl":"https://doi.org/10.1145/2885990.2886000","url":null,"abstract":"Companies track users' online behavior for profit, using technologies such as browser cookies, flash cookies, AdID, and web beacons. This data is typically anonymous, but there are still privacy concerns. Users also may not know they are being tracked in this manner. There are regulations in the US and legislation in the EU pertaining to online behavioral tracking, and several methods to prevent or limit this tracking. This paper covers a course module which includes an introduction to the topic of web tracking and privacy, and two case studies. Our teaching experience with this course module is discussed. This course module can be adopted in web security courses introducing legal and privacy issues related to the web.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129400868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the 2015 Information Security Curriculum Development Conference","authors":"M. Whitman, Humayun Zafar","doi":"10.1145/2885990","DOIUrl":"https://doi.org/10.1145/2885990","url":null,"abstract":"","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116803111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asif Iqbal, Hanan Al Obaidli, Mário A. M. Guimarães, O. Popov
{"title":"Sandboxing: aid in digital forensic research","authors":"Asif Iqbal, Hanan Al Obaidli, Mário A. M. Guimarães, O. Popov","doi":"10.1145/2885990.2885993","DOIUrl":"https://doi.org/10.1145/2885990.2885993","url":null,"abstract":"Finding digital forensic artifacts in the ever changing and complex digital world can be a daunting task for any digital forensic investigator. Familiar tools, such as Sandboxie and Symantec Workspace virtualization used as an aid in forensic investigations may significantly decrease the learning curve. The value of sandboxing for digital forensic investigations is demonstrated here through the research via the appropriate comparative analysis.","PeriodicalId":236418,"journal":{"name":"Proceedings of the 2015 Information Security Curriculum Development Conference","volume":"145 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124665589","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}