Information Security Curriculum Development 

Abstract: This paper reports on the need for Information Security Awareness educational programs to supplement teaching in Information Security. The need for such a program is demonstrated by findings resulting from a survey of university faculty and staff at Armstrong Atlantic State University conducted from February through April 2005 regarding the information security behaviors of such employees.

Abstract: In this paper, we discuss security issues with Cloud Based Computing and Cloud Operating Systems. Cloud computing has recently experienced a significant increase in popularity as major companies such as Google and Microsoft have started to release cloud based products, advertise the use of the cloud, and even release an open source Cloud OS. As the general public becomes more aware of cloud based computing and the popularity increases the demand for security will increase. This paper discusses both unique security concerns for cloud computing as well as shared security issues between cloud and traditional computing. Current solutions for these security risks are also discussed and evaluated. In addition, we propose a method for allowing the user to select specific security levels of security for items and make a list of security items that all users should be aware of before opting to use cloud based services.

Abstract: This paper presents an interactive exercise based on offensive denial of service techniques used by hackers. The goals of the exercise are to teach how a large class of denial of service (DoS) attacks work. Students will see that it is not necessary to use distributed DoS. Moreover, using virtualization, we created an exercise that was easy for faculty to use. We tested it on a class of computer science undergraduates, and while it was well-received by the students and easy for the faculty member, we learned some important lessons about designing hands-on exercises. In addition to teaching students about DoS attacks and how to defend against them, this exercise also requires students to look carefully at the HTTP protocol.In the following laboratory exercise, students learn offensive techniques in a context that prompts them to think critically about what makes networks secure and how they can be made more secure. The exercise involves the use of two newer but well-known denial of service attacks: 'SlowLoris' and 'R-U-Dead-Yet?' (RUDY). The students perform these attacks through a Java-based graphical interface, to make the lab more accessible. While carrying out the attacks, the students answer questions designed to improve their analytical skills and to better their understanding of TCP, HTTP, and application-layer security considerations.

Abstract: Because of their small size, memory capability, and the case with which information can be downloaded and removed from a facility, mobile devices pose a risk to organizations when used and transported outside physical boundaries. Mobile devices, including Personal Digital Assistants (PDAs), mobile phones, laptops, and smart phones can expose organizational data if not properly protected. This paper will cover areas of concern, different device types, and proposed solutions to mitigate the risks when using a mobile device.