Article

Teaching security best practices by architecting and administering an IT security lab

Authors:

Brady R. Stevenson,

Gordon W. RomneyAuthors Info & Claims

CITC5 '04: Proceedings of the 5th conference on Information technology education

Pages 182 - 187

https://doi.org/10.1145/1029533.1029578

Published: 28 October 2004 Publication History

Get Access

Abstract

Information Assurance(IA) can be learned by actively being involved in the "doing" process. Students within a university setting have architected, installed and administered a security lab. The value and need for security best practices becomes self-evident, daily, as the security lab services the needs of information technology (IT) courses and research for both undergraduate and graduate students. Additionally, a need exists to coordinate the administration of the security lab with the ongoing operation of general IT courses and labs. Stability in the infrastructure, lab and research areas can only be achieved by designing good security best practices. A best practice is defined as a process that has performed exceptionally well in industry or the everyday world. Learning to design and implement security best practices is a teaching opportunity for students preparing to be Network Engineers, Security System Engineers or Security Architects. The best practices of the security lab were patterned after IT industry policy concepts that effectively handled change while maintaining a secure and stable infrastructure. The security best practices were developed under the supervision of a student security team and faculty advisor. The use of the IT security lab by undergraduate and graduate students for security projects provided a test of the viability of the security best practices. With the security team and the security policies in place, a working security lab is a realistic learning model in training and educating IT undergraduates and graduates in proper security practices. Furthermore, the experience provides guidance in how to expand security best practices to include the entire educational enterprise of laboratories and IT infrastructure and teaching areas.

References

[1]

U.S.G.A.O. BPR Glossary of Terms. <http://www.gao.gov/special.pubs/bprag/bprgloss.htm. 1998>. Retrieved June 2, 2004.

Google Scholar

[2]

Skyrme, D.J. Are Your Best practices Really the Best. I3 Update / Entovation News. <http://www.skyrme.com/updates/u54_f1.htm>. Vol. 54, 2001. Retrieved June 27, 2004.

Google Scholar

[3]

Hewlett-Packard Development Company, L.P. <http://h41111.www4.hp.com/solutions/uk/en/lifecycle/best_practices.html>. Gartner best practices. 2004. Retrieved June 7, 2004.

Google Scholar

[4]

Coupe, T. Human, all too human. -On the behavior of scientists and universities. Universite' Libre de Bruxelles, <http://homepages.ulb.ac.be/~tcoupe/human.pdf>. 2001. (CHI '00) (The Hague, The Netherlands, April 1-6, 2000). ACM Press, New York, NY, 2000, 526--531. Retrieved June 7, 2004.

Google Scholar

[5]

Martinez, I. Luna, L. The Dynamics of Best Practices: A Structural Approach. <http://www.albany.edu/rockefeller/docs/martinez-luna.pdf>. Retrieved June 29, 2004

Google Scholar

[6]

Mattord, H.J., Whitman, M.E. Teaching Information Security Policy. 2004 IEEE Information Assurance Conference. West Point, New York. 2004.

Google Scholar

[7]

SANS. Internal Lab Security Policy. <http://www.sans.org/resources/policies/Internal_Lab_Security_Policy.pdf>. 2004. Retrieved June 5, 2004.

Google Scholar

[8]

CISCO. Network Security Policy: Best practices White Paper. <http://www.cisco.com/warp/public/126/secpol.html.> 2003. Retrieved on June 17, 2004.

Google Scholar

[9]

ITIL & ITSM World. <<http://www.itil-itsm-world.com>. 2004. Retrieved on June 29, 2004.

Google Scholar

[10]

CISCO. Network Security Policy: Best practices White Paper. <http://www.cisco.com/warp/public/126/secpol.html.> 2003. Retrieved on June 17, 2004.

Google Scholar

[11]

Stevenson, Travis. Conversation. Maverik Country Stores, Inc. Conversation June 15, 2004.

Google Scholar

[12]

University of Montana. Incident Handling Procedure. <http://www.mtech.edu/netserve/Security_Policies/Incident%20Handling%20Procedures.htm>. Retrieved June 30, 2004.

Google Scholar

Cited By

View all

Meso PDing YXu S(2014)Applying Protection Motivation Theory to Information Security Training for College StudentsJournal of Information Privacy and Security10.1080/15536548.2013.108456729:1(47-67)Online publication date: 7-Jul-2014
https://doi.org/10.1080/15536548.2013.10845672
Romney GSinha BDey PAmin M(2013)The agility, flexibility and efficiency of hypervisors in engineering education2013 12th International Conference on Information Technology Based Higher Education and Training (ITHET)10.1109/ITHET.2013.6671036(1-8)Online publication date: Oct-2013
https://doi.org/10.1109/ITHET.2013.6671036
Stewart KHumphries JAndel TWainer GShaffer CMcGraw RChinni M(2009)Developing a virtualization platform for courses in networking, systems administration and cyber security educationProceedings of the 2009 Spring Simulation Multiconference10.5555/1639809.1639877(1-7)Online publication date: 22-Mar-2009
https://dl.acm.org/doi/10.5555/1639809.1639877
Show More Cited By

Index Terms

Teaching security best practices by architecting and administering an IT security lab
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features

Recommendations

An isolated, multi-platform network sandbox for teaching IT security system engineers
CITC5 '04: Proceedings of the 5th conference on Information technology education

The objective of this paper is to describe the successful deployment and operation of a student managed, isolated network "Sandbox" laboratory used for teaching Information Technology (IT) Security System Engineers. Laboratories for training Network ...
Teaching information systems security courses: A hands-on approach

It has become imperative for companies, governments, and organizations to understand how to guard against hackers, outsiders, and even disgruntled employees who threaten their information security, integrity and daily business operations. To address ...
The Dartmouth Cyber Security Initiative: Faculty, Staff, and Students Work Together

The Dartmouth College Cyber Security Initiative (CSI) is a collaboration between faculty, staff, and students that focuses on projects to improve the security of Dartmouth's information systems. The CSI gives students experience in real-world, hands-on ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CITC5 '04: Proceedings of the 5th conference on Information technology education

October 2004

300 pages

ISBN:1581139365

DOI:10.1145/1029533

General Chair:
Richard Helps
Brigham Young University
,
Program Chair:
Eydie Lawson
Rochester Institute of Technology

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SIGITE04

Sponsor:

SIGITE04: ACM Special Interest Group for Information Technology Education Conference 2004

October 28 - 30, 2004

UT, Salt Lake City, USA

Acceptance Rates

Overall Acceptance Rate 176 of 429 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
1,759
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Meso PDing YXu S(2014)Applying Protection Motivation Theory to Information Security Training for College StudentsJournal of Information Privacy and Security10.1080/15536548.2013.108456729:1(47-67)Online publication date: 7-Jul-2014
https://doi.org/10.1080/15536548.2013.10845672
Romney GSinha BDey PAmin M(2013)The agility, flexibility and efficiency of hypervisors in engineering education2013 12th International Conference on Information Technology Based Higher Education and Training (ITHET)10.1109/ITHET.2013.6671036(1-8)Online publication date: Oct-2013
https://doi.org/10.1109/ITHET.2013.6671036
Stewart KHumphries JAndel TWainer GShaffer CMcGraw RChinni M(2009)Developing a virtualization platform for courses in networking, systems administration and cyber security educationProceedings of the 2009 Spring Simulation Multiconference10.5555/1639809.1639877(1-7)Online publication date: 22-Mar-2009
https://dl.acm.org/doi/10.5555/1639809.1639877
Albee PCampbell LMurray MTongen CWolfe JSweeney BFeinstein DEkstrom J(2007)A student-managed networking laboratoryProceedings of the 8th ACM SIGITE conference on Information technology education10.1145/1324302.1324319(67-74)Online publication date: 18-Oct-2007
https://dl.acm.org/doi/10.1145/1324302.1324319

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An isolated, multi-platform network sandbox for teaching IT security system engineers

Teaching information systems security courses: A hands-on approach

The Dartmouth Cyber Security Initiative: Faculty, Staff, and Students Work Together