1 / 15

Online Information Security Education through Anchored Instruction

www.prototus.org. Online Information Security Education through Anchored Instruction. Eric Imsand 1 , Larry Howard 2 , Ken Pence 2 , Mike Byers 3 , Dipankar Dasgupta 1. 1. 2. 3. Center for Information Assurance University of Memphis. Institute for Software Integrated Systems

duncan
Download Presentation

Online Information Security Education through Anchored Instruction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.prototus.org Online Information Security Education through Anchored Instruction Eric Imsand1, Larry Howard2, Ken Pence2, Mike Byers3, Dipankar Dasgupta1 1 2 3 Center for Information Assurance University of Memphis Institute for Software Integrated Systems Vanderbilt University SPARTA, Inc. Huntsville, AL Larry Howard Sr. Research Scientist larry.howard@vanderbilt.edu

  2. TRUST Autumn Conference 2008 Disturbing trends • “…remotely exploitable vulnerabilities have been increasing since the year 2000 and reached 89.4% of vulnerabilities reported in 2007.” • Source: “IBM Internet Security Systems X-Force 2007 Trend Statistics” • “In 2007, Google uncovered more than three million malicious Web addresses (URLs) that initiate drive-by downloads.” • Source: N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, “The Ghost In The Browser – Analysis of Web-based Malware”

  3. TRUST Autumn Conference 2008 Helping attackers? Source: Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May , ‘Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the “insecurity iceberg”’

  4. TRUST Autumn Conference 2008 Responses “Long game” • More trustworthy technologies • Fail-safe deployment models “Short game” • Increase awareness of threats among users • Make training on responses more readily available and valuable

  5. TRUST Autumn Conference 2008 Online Training Next Fire Safety Training In the event of fire, move quickly to the nearest exit, avoiding elevators. Hmm. a? • In the event of fire, you should • Put out the fire • Find the nearest elevator • Move quickly to the nearest exit • None of the above

  6. TRUST Autumn Conference 2008 Online Training Glad that’s over. What’s for lunch? • Thanks for using the Online Training System • This morning you have completed the following training: • Sexual Harassment • Fire Safety • Neurosurgery Despite the potential to reach large numbers of users, most online training is currently perceived as a bad joke.

  7. TRUST Autumn Conference 2008 ACT Online • FEMA sponsored free online training • for IT professionals, risk managers, and general users • University of Memphis Center for Information Assurance (CfIA) • with Vanderbilt University (ISIS) and SPARTA, Inc. www.act-online.net

  8. TRUST Autumn Conference 2008 Curriculum

  9. TRUST Autumn Conference 2008 Training Features ACT Online courses consist of modules anchored on authentic problem-solving situations with a common macro-structure.

  10. TRUST Autumn Conference 2008 Resources ACT Online learning resources can be freely explored by trainees to address the overarching challenge.

  11. TRUST Autumn Conference 2008 Search Like the web, assisted search features of ACT Online help trainees use learning resources and self-assessments.

  12. TRUST Autumn Conference 2008 Self-Assessments Clarify the question Criticize the response Provide resource(s) 1 2 3 ACT Online self-assessments enable trainees to confirm their understanding of resources with progressive feedback.

  13. TRUST Autumn Conference 2008 Evaluations ACT Online gives trainees credit for what they already know through pre-qualification, adapting the training in response.

  14. TRUST Autumn Conference 2008 Summary • Attackers increasingly target vulnerabilities widely distributed among user population • Lack of awareness and response by computer users is a serious near-term problem • Online training holds potential to reach large populations, but currently viewed as ineffective • ACT Online is using modern instructional techniques and features to change perception Visit us today at www.act-online.net

  15. TRUST Autumn Conference 2008 Acknowledgement • ACT Online is supported by Cooperative Agreement Number 2006-GT-T6-K009 administered by the Federal Emergency Management Agency, National Preparedness Directorate, National Integration Center, Training and Exercise Integration. • Points of view and opinions in this presentation are those of the author(s) and do not necessarily represent the position or policies of the United States Government.

More Related