THE RESPONSE OF HIGHER EDUCATION
TO INFORMATION WARFARE

By Dr. Charles W. Reynolds
Director, Department of Computer Science, and
Interim Dean, College of Integrated Science and Technology
James Madison University



The Information Security Curriculum at James Madison University

The information security program at James Madison University includes the following courses organized into segments:

1. Computer Science Core Segment

Operating Systems and Networks -- Concepts and principles of multiple user operating systems. Memory, CPU (central processing unit), I/O (input/output) device allocation, scheduling, and security. Memory hierarchies, performance evaluation, analytic models, simulation, concurrent programming, and parallel processors.

Data-base Management Systems -- Types of physical storage and access methods; data models; relational algebra and calculus, and definition and query languages; dependencies, decomposition, and normalization; data-base design; recovery; consistency and concurrency; distributed data bases. Examples from commercial data bases.

Application Software Development -- The software development life cycle, software project management, development tools and methods, software quality assurance, programming language paradigms and their use in software development.

2. Information Security Technical Segment

Introduction to Information Security -- Overview of threats to the security of information systems, responsibilities, and basic tools for information security, and for the areas of training and emphasis needed in organizations to reach and maintain a state of acceptable security.

Trusted Systems -- Definition of a "Trusted System," and considerations pertaining to the design, evaluation, certification and accreditation of trusted systems, including hardware considerations, software considerations such as developmental controls, validation/verification, assured distribution and other assurance issues. Implementation, configuration management, and systems administration of trusted systems. Importance of understanding the psychology and the successful modus vivendi of the attacker to generating and maintaining a powerful defense.

Cryptography -- This course provides the student with an understanding and the ability to implement major encryption protocols. It deals with the design and analysis of systems that provide protection for communications or resist cryptographic analysis.

3. Information Security Management Segment

Information Systems Vulnerability, Risk, and Analysis -- Vulnerabilities and risks inherent in the operation and administration of information systems are identified and explored.

Information Security Audit Controls -- Students develop plans and conduct an information security audit to include an in-depth physical security survey. They develop and implement standards for monitoring the normal activities of an information system.

Policy, Procedures, Legal Issues, and Ethics -- Development, evaluation, and implementation of administrative security policies and procedures in a UNIX system in a secure environment. Preparation of a Security Administrative Guide or an annex for such a document.

4. Information Security Capstone Project

A final capstone project integrates the whole program with a project that challenges participants to analyze the security of an information system, to survey and analyze the effectiveness of available options for enhancing that security, to review the broader legal and ethical context of those options, and to select and propose an implementation procedure for one of the options.

Preparatory Classes -- Students not ready to begin the core segments may enroll in a preparatory sequence of three classes: Accelerated Fundamentals of Computer Programming, Advanced Fundamentals of Computer Programming, and Accelerated Fundamentals of Computer Systems.

U.S. Foreign Policy Agenda
USIA Electronic Journal, Vol. 3, No. 4, November 1998