1 / 15

Online Information Security Education through Anchored Instruction - PowerPoint PPT Presentation

  • Uploaded on

www.prototus.org. Online Information Security Education through Anchored Instruction. Eric Imsand 1 , Larry Howard 2 , Ken Pence 2 , Mike Byers 3 , Dipankar Dasgupta 1. 1. 2. 3. Center for Information Assurance University of Memphis. Institute for Software Integrated Systems

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Online Information Security Education through Anchored Instruction' - duncan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Online Information Security Education through Anchored Instruction

Eric Imsand1, Larry Howard2, Ken Pence2, Mike Byers3, Dipankar Dasgupta1




Center for Information Assurance

University of Memphis

Institute for Software Integrated Systems

Vanderbilt University


Huntsville, AL

Larry Howard

Sr. Research Scientist

[email protected]

TRUST Autumn Conference 2008

Disturbing trends

  • “…remotely exploitable vulnerabilities have been increasing since the year 2000 and reached 89.4% of vulnerabilities reported in 2007.”

    • Source: “IBM Internet Security Systems X-Force 2007 Trend Statistics”

  • “In 2007, Google uncovered more than three million malicious Web addresses (URLs) that initiate drive-by downloads.”

    • Source: N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, “The Ghost In The Browser – Analysis of Web-based Malware”

  • TRUST Autumn Conference 2008

    Helping attackers?

    Source: Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May , ‘Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the “insecurity iceberg”’

    TRUST Autumn Conference 2008


    “Long game”

    • More trustworthy technologies

    • Fail-safe deployment models

      “Short game”

    • Increase awareness of threats among users

    • Make training on responses more readily available and valuable

    TRUST Autumn Conference 2008

    Online Training


    Fire Safety Training

    In the event of fire, move quickly to the nearest exit, avoiding elevators.



    • In the event of fire, you should

    • Put out the fire

    • Find the nearest elevator

    • Move quickly to the nearest exit

    • None of the above

    TRUST Autumn Conference 2008

    Online Training

    Glad that’s over.

    What’s for lunch?

    • Thanks for using the Online Training System

    • This morning you have completed the following training:

      • Sexual Harassment

      • Fire Safety

      • Neurosurgery

    Despite the potential to reach large numbers of users, most online training is currently perceived as a bad joke.

    TRUST Autumn Conference 2008

    ACT Online

    • FEMA sponsored free online training

      • for IT professionals, risk managers, and general users

    • University of Memphis Center for Information Assurance (CfIA)

      • with Vanderbilt University (ISIS) and SPARTA, Inc.


    TRUST Autumn Conference 2008

    Training Features

    ACT Online courses consist of modules anchored on authentic problem-solving situations with a common macro-structure.

    TRUST Autumn Conference 2008


    ACT Online learning resources can be freely explored by trainees to address the overarching challenge.

    TRUST Autumn Conference 2008


    Like the web, assisted search features of ACT Online help trainees use learning resources and self-assessments.

    TRUST Autumn Conference 2008


    Clarify the question

    Criticize the response

    Provide resource(s)




    ACT Online self-assessments enable trainees to confirm their understanding of resources with progressive feedback.

    TRUST Autumn Conference 2008


    ACT Online gives trainees credit for what they already know through pre-qualification, adapting the training in response.

    TRUST Autumn Conference 2008


    • Attackers increasingly target vulnerabilities widely distributed among user population

    • Lack of awareness and response by computer users is a serious near-term problem

    • Online training holds potential to reach large populations, but currently viewed as ineffective

    • ACT Online is using modern instructional techniques and features to change perception

      Visit us today at www.act-online.net

    TRUST Autumn Conference 2008


    • ACT Online is supported by Cooperative Agreement Number 2006-GT-T6-K009 administered by the Federal Emergency Management Agency, National Preparedness Directorate, National Integration Center, Training and Exercise Integration.

    • Points of view and opinions in this presentation are those of the author(s) and do not necessarily represent the position or policies of the United States Government.