Teaching Computer Security for High Rank Officers using Laboratory Experiments
2007 (English)In: Proceedings of the Third International Conference on Military Technology, 2007Conference paper (Refereed)
Understanding and dealing with computer security issues is normally considered a key objective for IT support personnel. From a broader perspective, however, information-based threats are primarily a concern for managers and superior commanders who need to authorize and initiate the necessary investments and to enforce the appropriate policies and procedures to protect the organization at hand. Enabling these latter-mentioned superior decision-makers to make well-founded decisions and to make sure the personnel actually conform to the approved procedures and practices requires the decision-makers to have at least a fair understanding of computer security fundamentals. For this purpose, the Swedish National Defence College is in the midst of putting together a series of courses within information assurance to fulfill the need of IT manager training in governmental organizations. This paper presents the course design and the laboratory settings that were used within the first experimental course taught to students becoming high rank officers, i.e., officers elected for the very last two years of education within the curriculum of ordinary Swedish military training. The course looks at computer security from an attack versus defend viewpoint, i.e., computer attacks are studied to learn about prevention and self-defense. The pedagogical challenges related to education of high rank officers or similar personnel are discussed in light of the recently-held course. A standpoint taken is that computer security is best taught using hands-on laboratory experiments focusing on problem solving assignments. This is not undisputed since, e.g., high rank officers are busy people who do not have time to get stuck learning about the peripherals. Also, it is emphasized that knowledge and tools within computer security by nature serve both the purpose of the attacker and the defender, meaning that from a technical viewpoint it is not possible to distinguish between attack and defense. Instead, this difference should be regarded purely as a question regarding intent.
Place, publisher, year, edition, pages
IdentifiersURN: urn:nbn:se:kth:diva-89591OAI: oai:DiVA.org:kth-89591DiVA: diva2:503384
Third International Conference on Military Technology. Stockholm, Sweden. 14-15 June 2007
QC 201205152012-02-152012-02-152012-05-15Bibliographically approved