Securing information systems from attack and com-promise is a problem of massive scope and global scale. Traditional, long-term research provides a deep understanding of the foundations for protecting systems, networks, and infrastructures. But sponsors often need applied research that will create results for immediate application to unforeseen cybersecurity events. The Agile Research process is a new approach to provide this type of rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. The idea is to engage subject-matter experts fast enough to make a difference. Agile Research re-quires new levels of collaboration and performance, plus adaptive organizational structures that support this new way of working. In addition to its application in Government, Agile Research is being employed in academic settings, and is influencing how research requirements and researchers are identified and matched, and research traineeship.
Securing information systems from attack and com-promise is a problem of massive scope and global scale. Traditional, long-term research provides a deep understanding of the foundations for protecting systems, networks, and infrastructures. But sponsors often need applied research that will create results for immediate application to unforeseen cybersecurity events. The Agile Research process is a new approach to provide this type of rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. The idea is to engage subject-matter experts fast enough to make a difference. Agile Research requires new levels of collaboration and performance, plus adaptive organizational structures that support this new way of working. In addition to its application in Government, Agile Research is being employed in academic settings, and is influencing how research requirements and researchers are identified and matched, and research traineeship.
Part 1: Innovative Methods ; International audience ; As global threats to information systems continue to increase, the value of effective cybersecurity research has never been greater. There is a pressing need to educate future researchers about the research process itself, which is increasingly unpredictable, multi-disciplinary, multi-organizational, and team-oriented. In addition, there is a growing demand for cybersecurity research that can produce fast, authoritative, and actionable results. In short, speed matters. Organizations conducting cyber defense can benefit from the knowledge and experience of the best minds in order to make effective decisions in difficult and fast moving situations. The Agile Research process is a new approach to provide such rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. Purdue University is employing Agile Research as a teaching vehicle in an innovative, multi-university graduate program with government sponsor participation, as described in this paper. Because it simulates real-world operations and processes, this program is equipping students to become effective contributors to cybersecurity research.
Information Assurance and computer security are serious worldwide concerns of governments, industry, and academia. Computer security is one of the three new focal areas of the ACM/IEEE's Computer Science Curriculum update in 2008. This ACM/IEEE report describes, as the first of its three recent trends, "the emergence of security as a major area of concern." The importance of Information Assurance and Information Assurance education is not limited to the United States. Other nations, including the United Kingdom, Australia, New Zealand, Canada, and other members from NATO countries and the EU, have inquired as to how they may be able to establish Information Assurance education programs in their own country.The goal of this document is to explore the space of various existing Information Assurance educational standards and guidelines, and how they may serve as a basis for helping to define the field of Information Assurance. It was necessary for this working group to study what has been done for other areas of computing. For example, computer science (CS 2008 and associate-degree CS 2009), information technology (IT 2008), and software engineering (SE 2004), all have available curricular guidelines.In its exploration of existing government, industry, and academic Information Assurance guidelines and standards, as well as in its discovery of what guidance is being provided for other areas of computing, the working group has developed this paper as a foundation, or a starting point, for creating an appropriate set of guidelines for Information Assurance education. In researching the space of existing guidelines and standards, several challenges and opportunities to Information Assurance education were discovered. These are briefly described and discussed, and some next steps suggested.
In: Cooper, Stephen and Nickell, Christine and Piotrowski, Victor and Oldfield, Brenda and Abdallah, Ali E. and Bishop, Matt and Caelli, Bill and Dark, Melissa and Hawthorne, E. K. and Hoffman, Lance and Pérez, Lance C. and Pfleeger, Charles and Raines, Richard and Schou, Corey and Brynielsson, Joel (2009) An exploration of the current state of information assurance education. In: An Exploration of the Current State of Information Assurance Education. ACM, pp. 109-125.
Information Assurance and computer security are serious worldwide concerns of governments, industry, and academia. Computer security is one of the three new focal areas of the ACM/IEEE's Computer Science Curriculum update in 2008. This ACM/IEEE report describes, as the first of its three recent trends, "the emergence of security as a major area of concern." The importance of Information Assurance and Information Assurance education is not limited to the United States. Other nations, including the United Kingdom, Australia, New Zealand, Canada, and other members from NATO countries and the EU, have inquired as to how they may be able to establish Information Assurance education programs in their own country. The goal of this document is to explore the space of various existing Information Assurance educational standards and guidelines, and how they may serve as a basis for helping to define the field of Information Assurance. It was necessary for this working group to study what has been done for other areas of computing. For example, computer science (CS 2008 and associate-degree CS 2009), information technology (IT 2008), and software engineering (SE 2004), all have available curricular guidelines. In its exploration of existing government, industry, and academic Information Assurance guidelines and standards, as well as in its discovery of what guidance is being provided for other areas of computing, the working group has developed this paper as a foundation, or a starting point, for creating an appropriate set of guidelines for Information Assurance education. In researching the space of existing guidelines and standards, several challenges and opportunities to Information Assurance education were discovered. These are briefly described and discussed, and some next steps suggested.
vol I. - Chapter 1. Introduction / Tarek Saadawi and Louis Jordan 1. - PART I: STRATEGY AND POLICY ASPECTS . - Chapter 2. Developing a Theory of Cyberpower / Stuart H. Starr 15. - Chapter 3. Survivability of the Internet / Michael J. Chumer 29. - Chapter 4. Are Large Scale Data Breaches Inevitable? / Douglas E. Salane 51. - Chapter 5. The Role of Cyberpower in Humanitarian Assistance/Disaster Relief (HA/DR) and Stability and Reconstruction Operations / Larry Wentz 81. - PART II: SOCIAL AND LEGAL ASPECTS. - Chapter 6. The Information Polity: Social and Legal Frameworks for Critical Cyber Infrastructure Protection / Michael M. Losavio, J. Eagle Shutt, and Deborah Wilson Keeling 129. - Chapter 7. The Attack Dynamics of Political and Religiously Motivated Hackers / Thomas J. Holt 159. - PART III: TECHNICAL ASPECTS. - Chapter 8. Resilience of Data Centers / Yehia H. Khalil and Adel S. Elmaghraby 183. - Chapter 9. Developing High Fidelity Sensors for Intrusion Activity on Enterprise Networks / Edward Wagner and Anup K. Ghosh 207. - Chapter 10. Voice over IP: Risks, Threats, and Vulnerabilities / Angelos D. Keromytis 223. - Chapter 11. Toward Foolproof IP Network Configuration Assessments / Rajesh Talpade 263. - Chapter 12. On the New Breed of Denial of Service (DoS) Attacks in the Internet / Nirwan Ansari and Amey Shevtekar 279. - Vol. II. - 1. Introduction / Tarek Saadawi, Louis H. Jordan, Jr., and Vincent Boudreau 1. - PART I: ECONOMICS AND SOCIAL ASPECTS OF CYBER SECURITY . - 2. Exploring the Economics of the MaliciouscSoftware Market / Thomas J. Holt 17. - 3. The Emergence of the Civilian Cyber Warrior / Max Kilger 53. - PART II: LAW AND CYBERCRIME. - 4. Changing the Game: Social and Justice Models for Enhanced Cyber Security / Michael M. Losavio, J. Eagle Shutt, and Deborah Wilson Keeling 85. - 5. An Institutional and Developmental Analysis of the Data Breach Disclosure Laws / Melissa Dark 107. - 6. Cyber Security and Identity: Solutions for Critical Infrastructure that Protect Civil Liberties and Enhance Security / Joshua Gruenspecht 139. - 7. Exploring the Utility of Open Source Data to Predict Malicious Software Creation / George W. Burruss, Thomas J. Holt, and Adam M. Bossler 183. - PART III: CYBER INFRASTRUCTURE. - 8. ISP Grade Threat Monitoring / Abhrajit Ghosh 221. - 9. The Challenges Associated with Assessing Cyber Issues / Stuart H. Starr 235