An information assurance curriculum for commanding officers using hands-on experiments

To authorize and initiate necessary investments and enforce appropriate policies and procedures, decision-makers need to have at least a fair understanding of computer security fundamentals. This paper presents the course design and the laboratory settings that have been developed for, and used within, the high rank officer curriculum at the Swedish National Defence College. The developed course looks at computer security from an attack versus defend viewpoint, meaning that computer attacks are studied to learn about prevention and self-defense. The paper discusses the pedagogical challenges related to education of high rank officers and similar personnel in light of recently-held courses and contrasts the course relative to similar undertakings. A standpoint taken is that computer security is best taught using hands-on laboratory experiments focusing on problem solving assignments. This is not undisputed since, e.g., high rank officers are busy people who are not fond of getting stuck learning about the peripherals.

[1]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.

[2]  Udo W. Pooch,et al.  Using an isolated network laboratory to teach advanced networks and security , 2001, SIGCSE '01.

[3]  Mark Wilson,et al.  SP 800-16. Information Technology Security Training Requirements: a Role- and Performance-Based Model , 1998 .

[4]  G.W. Romney,et al.  A teaching prototype for educating IT security engineers in emerging environments , 2004, Information Technology Based Proceedings of the FIfth International Conference onHigher Education and Training, 2004. ITHET 2004..

[5]  Leigh Armistead,et al.  Information Operations: Warfare and the Hard Reality of Soft Power , 2004 .

[6]  Robert F. Erbacher,et al.  Educating Students to Create Trustworthy Systems , 2007, IEEE Security & Privacy.

[7]  S. Griffis EDITOR , 1997, Journal of Navigation.

[8]  Ed Crowley Information system security curricula development , 2003, CITC4 '03.

[9]  D. Jacobson Teaching information warfare with lab experiments via the Internet , 2004, 34th Annual Frontiers in Education, 2004. FIE 2004..

[10]  L. Cohen,et al.  Research Methods in Education , 1980 .

[11]  Howard Gardner Educating for Understanding. , 1993 .

[12]  Matt Bishop Computer security education: training, scholarship, and research , 2002 .

[13]  Linda S Schadler,et al.  The emergence of studio courses – an example of interactive learning , 2004 .

[14]  Robert F. Mills,et al.  How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum , 2007, IEEE Security & Privacy.

[15]  Sushil K. Sharma,et al.  Teaching information systems security courses: A hands-onapproach , 2007, Comput. Secur..