发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2014 Information Security Curriculum Development Conference最新文献

筛选
英文 中文
Motivating secure coding practices in a freshman-level programming course 在新生级编程课程中激励安全编码实践
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670749
Bryson R. Payne, Aaron Walker
{"title":"Motivating secure coding practices in a freshman-level programming course","authors":"Bryson R. Payne, Aaron Walker","doi":"10.1145/2670739.2670749","DOIUrl":"https://doi.org/10.1145/2670739.2670749","url":null,"abstract":"Secure application development is becoming even more critical as the impact of insecure code becomes deeper and more pervasive in our personal and professional lives. The approach described in this paper seeks to motivate computer science students to write secure code almost from the very beginning by focusing on concrete examples of common software vulnerabilities in the second freshman-level programming course. Sample exercises and assignments are given as examples that can be reused in similar courses. While long-term data collection is still ongoing, initial results are promising enough that the method is presented here in detail to support university faculty interested in incorporating lessons and real-world examples in secure app development in their programming courses at any level.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115448116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
FERPA compliance in higher education 高等教育中的FERPA合规
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670740
H. Dunn
{"title":"FERPA compliance in higher education","authors":"H. Dunn","doi":"10.1145/2670739.2670740","DOIUrl":"https://doi.org/10.1145/2670739.2670740","url":null,"abstract":"This paper considers some of the issues institutions of higher education may face in attempting to comply with the requirements of FERPA. The ramifications of the law will be considered in light of its nearly 40-year history as well as application to the modern higher education environment. Relevant legal cases will be examined to provide an understanding of the law in practice. Finally, the law will be considered in light of technological advancements.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125978573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Network risk assessment base on multi-core processor architecture 基于多核处理器架构的网络风险评估
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670741
Carlo Labudiong, Wasim Alhamdani
{"title":"Network risk assessment base on multi-core processor architecture","authors":"Carlo Labudiong, Wasim Alhamdani","doi":"10.1145/2670739.2670741","DOIUrl":"https://doi.org/10.1145/2670739.2670741","url":null,"abstract":"Network Technology using Multi-core Processor Architecture can be additional enhanced the security through the development of network risk assessment. Preventing network attacks has become increasingly difficult and time consuming to all who deals in today's network technologies. These days' people are dependents on internet and its integration in our live and major information supplies. These dependencies increase the growth in the volume of network traffic which becomes difficulty in monitoring and analysis; therefore, attacks are more sophisticated and more complex to detect. By analyzing the multi-core processors for the network intrusion preventions involve a thorough approach on the analysis of customizing the frame work of multi-core processor architecture. Analyzing at the Active Network Interface (ANI), the lowest layer of the architecture, can provide the insight were network attacks can occur. This analysis can deliver an event-based system logs that allows opportunities to study the information of cache locality that are collected. By relating events with the packets that eventually stimulated them, this can determine when all analysis for a given packet has completed, and thus that it is safe to forward the pending packet providing none of the analysis elements previously signaled that the packet should instead be discarded. Results of the simulation analysis will verified the evaluation of the risk assessment at high-speed network and improve the performance and efficiency as well as its security. In this paper a proposes implementation of network risk assessment in the network system using multi-core processor to enhance the network security","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129454064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A comparison of different methods of instruction in cryptography 密码学中不同指令方法的比较
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670755
Frank H. Katz
{"title":"A comparison of different methods of instruction in cryptography","authors":"Frank H. Katz","doi":"10.1145/2670739.2670755","DOIUrl":"https://doi.org/10.1145/2670739.2670755","url":null,"abstract":"Cryptography is the foundation on which information and cyber security is built. As Mark Stamp has written, \"cryptography or 'secret codes' are a fundamental information security tool.\" [6] Without the ability to encrypt and decrypt messages or data, the fundamental characteristic of confidentiality, which is the prevention of \"unauthorized reading of information,\" [6] is lost. This could cause the potential exposure of trusted information. Given the importance of this discipline, teaching students the basics of cryptography should be an integral part of any curriculum in information and cyber security. For years students have been taught to perform cryptographic exercises by hand performing paper-and-pencil exercises, or by writing programs in a computer language to perform the cryptographic methods. Today, open-source GUI software exists that can teach students the methods of encrypting and decrypting messages. Consequently, it is of value to measure the effectiveness of teaching cryptography using paper-and-pencil exercises versus using software with a GUI interface.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128960892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A course module on mobile malware 关于移动恶意软件的课程模块
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670752
P. Johnson, Philip Harris, Keheira Henderson, Xiaohong Yuan, Li Yang
{"title":"A course module on mobile malware","authors":"P. Johnson, Philip Harris, Keheira Henderson, Xiaohong Yuan, Li Yang","doi":"10.1145/2670739.2670752","DOIUrl":"https://doi.org/10.1145/2670739.2670752","url":null,"abstract":"Many universities have introduced mobile computing into computer science curricula due to emerging popularity of mobile devices. The large amount of personal information stored in mobile devices as well as the trend of Bring Your Own Device (BYOD), make it very important to educate mobile device users with knowledge and skills about mobile security. Mobile security can be taught by standalone courses or integrated into existing curriculum by developing course modules. This paper describes a course module on mobile malware which includes a mobile malware tutorial, and two hands-on labs. Initial teaching experiences from integrating this course module in an existing computer security course are discussed.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121732967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Important of security governance, its dependence on other forms of governance, and its diverse application among industries 安全治理的重要性,它对其他形式的治理的依赖,以及它在行业中的多样化应用
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670742
U. Shah
{"title":"Important of security governance, its dependence on other forms of governance, and its diverse application among industries","authors":"U. Shah","doi":"10.1145/2670739.2670742","DOIUrl":"https://doi.org/10.1145/2670739.2670742","url":null,"abstract":"This paper will discuss the different levels of governance and their relationship to each other---specific to information security. It will indicate the implications that corporate and IT governance have on security governance. The main priority of this paper will be to concentrate on three forms of governance that impact an organization---corporate governance, information technology governance, and information security governance. Specifically, how corporate and IT governance impact the success of information security governance. The paper will indicate the roles and goals of each form of governance and how they ultimately build to information security governance. It will also entail the methodologies used to implement good governance within an organization to understand how that impacts security governance. Upon reading this paper, the value and importance of governance will be visible. There is a varying degree of differences with the application and goals of security governance based on the industry---this will be discussed with an evaluation of four very different industries---the biotechnology, e-learning, healthcare, and the retail industry. Comparing such different industries will help to understand the wide range of variability involved in discovering the purpose and implementation of Information Security Governance.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134416565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A course module on clickjacking 点击劫持的课程模块
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670750
L. Simpkins, Xiaohong Yuan, Jung Hee Kim
{"title":"A course module on clickjacking","authors":"L. Simpkins, Xiaohong Yuan, Jung Hee Kim","doi":"10.1145/2670739.2670750","DOIUrl":"https://doi.org/10.1145/2670739.2670750","url":null,"abstract":"Clickjacking is a form of UI-Redress where a victim thinks they are browsing the webpage they see, but click actions are actually on a hidden webpage. Methods for detecting and preventing clickjacking attacks are available, however. One of these methods should be included to let the website recognize it is in an iFrame, and then \"break\" out of the frame, i.e. refresh the page directly to its URL, or not load the page in the first place. Currently it is important to increase the implementation rate of these methods in websites. This paper introduces a clickjacking course module which includes a tutorial of clickjacking, and a hands-on lab. Our teaching experience with this course module is discussed. This course module can be adopted in web security or network security courses introducing how clickjacking works.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115565875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
VoIP security governance in small/medium organizations 中小型组织中的VoIP安全治理
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670746
James M. Anderson
{"title":"VoIP security governance in small/medium organizations","authors":"James M. Anderson","doi":"10.1145/2670739.2670746","DOIUrl":"https://doi.org/10.1145/2670739.2670746","url":null,"abstract":"Information security has become an important part of business in recent years. The purpose of this document is to examine information security governance as it relates to the growing field of Voice over Internet Protocol. The paper will begin with an examination of the central components of information security governance---corporate governance and information technology governance. Once this foundation is created, the paper will explore VoIP specific issues as they relate to information security governance, such as common attacks, vulnerabilities, and protocols. Because policy is, arguably, the most important aspect of information security governance, the final part of the paper will explore this topic as well as common issues.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125306403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Design insider threat hands-on labs 设计内部威胁动手实验室
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670756
H. Chi, David Angulo Rubio
{"title":"Design insider threat hands-on labs","authors":"H. Chi, David Angulo Rubio","doi":"10.1145/2670739.2670756","DOIUrl":"https://doi.org/10.1145/2670739.2670756","url":null,"abstract":"Insider threat continues to be of serious concern to governmental organizations and also to private companies. There is few hands-on labs/modules available for training current students, the future information assurance professionals. This paper will classify the different actors and vectors involved in these attacks focusing specifically on Information Technology (IT) sabotage, theft of intellectual property and insider fraud. Then, we will describe how to design virtual hands-on labs mainly to current or future technology security professionals. The training hands-on labs will enhance trainee's knowledge and practical security skills about how to mitigate insider threat attacks. In addition, the training hands-on labs will be implemented via CyberCIEGE, an innovative video game and tool to teach computer and network security concepts.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"9 14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131596015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
More data, more security challenges: integrating analytics in to the information security curriculum 更多数据,更多安全挑战:将分析整合到信息安全课程中
Proceedings of the 2014 Information Security Curriculum Development Conference Pub Date : 2014-10-11 DOI: 10.1145/2670739.2670743
Nazia Badar, Jaideep Vaidya, V. Atluri
{"title":"More data, more security challenges: integrating analytics in to the information security curriculum","authors":"Nazia Badar, Jaideep Vaidya, V. Atluri","doi":"10.1145/2670739.2670743","DOIUrl":"https://doi.org/10.1145/2670739.2670743","url":null,"abstract":"Today, the emerging role of technological advances and availability of cloud computing platforms has greatly impacted the way organizations are doing business. In fast pace, dynamic business environment, traditional methods to ensure information security are no longer useful. Organizational security data is quite complex. Managing large volumes of such data becomes difficult to process using on-hand data management tools or traditional data processing applications. Moreover, formation of electronic collaboration with previously unknown business partners on one hand brings many opportunities to improve business profits, but on the other hand, ensuring the security of organizational resources becomes a major issue. The problem compounds when security professionals are not skilled at handling unstructured, large volume of data. In this paper, we discuss the importance of integrating big data analytics in to the curriculum of information security. Also, we will discuss the limitations of existing information security curriculum from the perspective of preparing students for assuming the role of security professionals. Mainly, we have identified four main topics of information security where big data analytics may play an important role. The goal of this paper is to help universities around the world in improving existing information security programs.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115375259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信