Volume 2, Issue 3

Volume 2, Issue 3 Editorial

Stylized Image of the Word Editorial

AUGUST 2003

This issue is slightly different than normal. The papers have been selected from those submitted to the Third World Information Security Education Conference held at the Naval Postgraduate School, Monterey, California in late June, 2003. The papers were chosen by the conference organizers – Cynthia Irvine (Naval Postgraduate School, Monterey, California) and Helen Armstrong (Curtin University, Western Australia), and were re-written for the journal. The theme for this edition of JIW is Information Security Education.

Teaching Competitive Intelligence and Cyberwarfare in a Business Context

ABSTRACT

Competitive intelligence has risen in profile over the past decade to become a key contributor to the survival of organizations operating in highly competitive environments. It is seen as an essential management tool in the current global marketplace. Several authors claim there is a need for the inclusion of competitive intelligence in Masters level studies however the area is rarely included in educational programs offered by tertiary institutions. This paper describes a course in competitive intelligence and cyberwarfare offered within IT-related Masters programs at Curtin University. The dominant teaching tool used is scenario work simulating realistic organizational situations incorporating competitive intelligence and cyberwarfare activities.

Teaching Hands-On Network Security: Testbeds and Live Exercises

ABSTRACT

Teaching practical network security requires the use of tools and techniques to support the educational process and to evaluate the students’ newly achieved skills. Two fundamental tools that support a hands-on approach to network security are testbed networks and live exercises. Testbed networks provide a safe environment where the students can experiment with the techniques and security tools that they learn about. Live exercises represent a valuable tool to test the students’ newly acquired skills and to teach the students the dynamics of network-based attack and defense techniques. 

Certification and Accreditation: A Program for Practitioner Education

ABSTRACT

Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well-defined understanding of the measures that have been taken to achieve security and the residual risk the system owner assumes during its operation. The U.S. military calls this analysis and vetting process certification and accreditation. Today there is a large, unsatisfied need for personnel qualified to conduct system certifications. An educational program to address those needs is described.

Security Dimension of IT in Developing Countries: Risks and Challenges

ABSTRACT

In the present paper we discuss security aspects of the Information and Communication Technology (ICT) from developing countries perspective. Specifically, we present and discuss our study done in Tanzania. We start by discussing the extents of computers and computer systems use and network connectivity, followed by level of IT security awareness and the country policies in relation to ICT implementations. Then we highlight various risks and challenges within the context and finally, we discuss some of the remedial steps and actions that are being taken to deal with the situations.

Enhancing Information Warfare Education Through the Use of Virtual and Isolated Networks

ABSTRACT

The Information Analysis and Research (IWAR) laboratory at the United States Military Academy (USMA) has proven to be an exceptional and necessary resource for educating our cadets and faculty studying information warfare. The laboratory has also been successful in motivating the need for continued education and training in this area on a much larger scope that touches the highest levels of our military and government. This paper justifies why information warfare laboratories are necessary, explains the laboratories design and organization, and describes the phenomenon that is occurring as a result of the IWAR laboratory.

Design and Implementation of an Information Security Laboratory

ABSTRACT

It has been recognized for some time now that education in information security is better served by a laboratory component that reinforces principle and theoretical analysis learnt in the class room with a follow-up hands-on component performed in an appropriate laboratory. In this paper we present the design of a highly reconfigurable laboratory for information security education. The design has been implemented successfully in ISIS - The Information Systems and Internet Security Laboratory at Polytechnic University. We also describe the rationale for our design and give examples of a few typical assignments that the laboratory facilitates.

Teaching Coursework Master – Computer Forensics

ABSTRACT

This paper discusses aspects of the computer forensic course taught in a Masters degree at Curtin University, Western Australia. Computer forensics is important to both the business and law enforcement environments. Along the path from the enactment of a crime through to the due process of courtroom litigation there are numerous obstacles that may challenge law enforcement and or security practitioners. This paper discusses teaching computer forensics as one of the roles that academia may play in assisting security practitioners and law enforcement agencies investigating computer related crime. It recognizes industry requirements and addresses an academic response for the need for computer forensic training and education by providing an overview of the computer forensic course taught in a Masters degree at Curtin University.

A Tutoring System for IT Security Education

ABSTRACT

The Institute for Telematics of the University of Trier is currently developing a tutoring system that teaches knowledge of IT security. In contrast to other tutoring systems, exercises are not made in a restricted simulation environment but on a real Linux system. This approach allows the learner to apply his or her skills easily in practice. Depending on the type of user (e.g., end user or administrator), different lectures are provided. Interaction takes place via a web browser-based interface. It provides the user with various navigation facilities, help assistance, and statistics on the current status of processing.

Using Outcomes-based Assessment as an Assurance Tool for Assurance Education

ABSTRACT

We discuss our efforts to deliver a graduate-level assurance curriculum with a strong emphasis on logic and formal methods. Specifically, we describe what we are teaching in two of our foundational courses, as well as what our students are learning. We also advocate the use of an outcomes-based approach when developing IA courses and curricula. We have found that focusing on the desired educational outcomes from the outset has made it easier to identify what is working and what is not, and we wish to share our experiences.

If You Go Down to the Internet Today – Deceptive Honeypots

ABSTRACT

This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.

Accessing Security Incident Information on the Internet

ABSTRACT

Computer security Incident Response teams have emerged due to the increase of computer crime. These can be national, international or organization based. Maintaining a CSIRT poses a number of problems. In this paper the authors describe two of the technical problems that CSIRT’s have, the storage and the acquisition of incident data. The paper describes a system based on the CORBA model that can be used for the efficient management of the incident recording database. The proposal also provides for alternative ways of accessing the database by companies and security analysts.

Is The IW Paradigm Outdated? A Discussion of U.S. IW Theory

ABSTRACT

The term information war (IW) helped describe one aspect of the unfolding revolution in military affairs in the 1990s. Today, technological developments are integrating the data processing capabilities of machines and the mind in ways not possible a decade ago. As a result, the old IW paradigm may no longer be applicable, making other potential paradigms and terms worthy of consideration. As the future unfolds, it will be interesting to see if Pentagon theorists use IW or a new term to express a threat to the security of the country, a category of warfare, a method of defense or influence, or leave the concept alone as a conceptual umbrella for a host of terms. Or, will the Pentagon simply update IW theory, perhaps developing Information Peace or Mind-Machine concepts that complement IW?

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com