In spite of over 30 years of research, new information security issues of every nature emerge in a growing rate. Indeed, achieving a secure system is arguably one of the most difficult tasks practitioners may face in their professional lives. Having a secure system demands a mix of procedural, technological, and scientific actions and capabilities that few teams have and even fewer professionals master.
Because of mainstream educational practice limitations, forming professionals that can handle both the comprehensiveness and depth necessary for success in information security is a challenge. These reasons are further explored ahead in this paper.
In this paper we report how Assurance Cases were successfully employed as the technical backbone of a course in secure system conception and implementation, as a means to achieve a holistic approach in teaching information security to both individuals and teams.
Education in information security has been receiving attention for over a decade [15, 17]. In general terms, proposals can be classified with respect to four main aspects: duration, scope, integration with other curricula, and the existence of an underlying framework.
When single, self-contained courses are considered, usually there is the need to compromise either in terms of scope or lab practice: as shown in , most security courses are in the form of lectures, even though hands-on classes were shown to present very promising results [11, 12]. Also, it is important to note that the vast majority of hands-on single class courses are either on attacks, security management or risk assessment topics.
Although complex, learning how to conceive, design and implement secure systems can be achieved with a proper mix of baseline security awareness, coaching and managerial methodology. In this paper we reported the first (to the best of our knowledge) use of information assurance methodology as a backbone for security teaching. Both self-perception evaluations (with Likert scales) and practical results showed that students were able to internalize hands-on knowledge on the subject. Nevertheless, there is room for improvement - the attack phase was of intense learning, but its duration was reduced: the development phase took considerable time and closer schedule control would allow for smaller delays. Also, although course results are consistent, the sample size in terms of students is small.
Save time by running Oracle Access Governance as a hybrid solution alongside Oracle Identity Governance 12c. When used in hybrid mode, managers can easily renew or revoke access entitlements in Oracle Access Governance with a direct connection to Oracle Identity Governance. Cross-system integrations save time by eliminating manual, error-prone processes between hybrid mode environments, allowing organizations to respond faster to security risks. 153554b96e