Cybersecurity and Computer Forensics Education
Annual Report
Del Mar College
NSF Grant 0302734
(Original input was via NSF Fastlane, this is a copy of the field inputs)
Participant Individuals: CoPrincipal Investigator(s) : R. Brent Kesterson; Michael Harris;
Steven W Smith; Ira L WilskerCommunity college faculty(s) : Linda Ard; Ann Beheler; John
T FoustOther -- specify(s) : Miles Keller; Robert McFarland; Kenneth P Patterson; Robert
RamosTechnician, programmer(s) : Dee SalmonSenior personnel(s) : Lee SloanOther -specify(s) : Janet L WaltonUndergraduate student(s) : Denise Fanger
Type of Institution:2YR
Partner Organizations:Collin County Community College: In-kind Support; Personnel
Exchanges
Collin Community College, Preston Ridge Campus, is located in Frisco,
Texas. The Preston Ridge Campus is a member of a six school district
and is a grant partner institution with an approximate student body of
4,000 students, 9% Hispanic, 8% African-American, and 10%
Asian-American. DMC is partnered with this institution to share
training information regarding wi-fi security and convergence
technology.
Richland Community College: Collaborative Research; Personnel Exchanges
Richland Community College is located in Dallas, Texas, and is a
partner institution with an approximate 14,000 student body comprising
of 16% African-American, 14% Hispanic, and 14% Asian-American students
and is a member of the nine school Dallas County Community College
District. The College provides a co-pi for this project, R. Brent
Kesterson.
Lamar Institute of Technology: Collaborative Research; Personnel Exchanges
Lamar Institute of Technology is located in Beaumont, Texas and is a
partner institution with an approximate 6,300 student body comprising
27% African-American, 6% Hispanic, 2% Asian-American. The College
provides a co-primary investigator for this project, Ira Wilsker.
Coastal Bend Community College: Collaborative Research; Personnel Exchanges
Coastal Bend College, a partner institution in the Cybersecurity
project, has an enrollment of approximately 3,000 students, mostly
from underserved and 60% Hispanic. The College does not currently
offer a Cyber security program, it will participate in the
professional development activities of the project and will utilize
some of the developed curriculum modules and provide feedback.
Southwest Texas Community College: Collaborative Research; Personnel Exchanges
Southwest Texas Community College (SWTCC) is located in Uvalde, Texas,
and is a partner institution with approximately 4,000 students, mostly
underserved and 75% Hispanic.
SWTCC is one of Del Mar College's
Local Cisco Networking Academies and has partnered with Del Mar to
field test the security learning modules as they are completed.
Other collaborators:
Jolene Rogers, Iowa lakes Community College contacted project PI on
the scope of our forensics project. PI provided perspectives and other
organizations to contact, e.g. RCFLs, and state attorneys as well as
industry vendors to gain insights as to an avenue to pursue.
Dr. Donna Kaputa, Erie Community College-North, Williamville, NY,
contacted project PI to discuss grant proposal in Compute and Network
Security. PI provided perspectives on this tack and contributed to
their project in the area of proposal design and suggestions as well
as to organizations for insights.
Project Activities and Findings
Project Goal(s):
The DMC Cyber Security/Computer Forensics project consists of five goals that are
designed to advance technician training for this field:
a. Create the curriculum framework with server-based computer-based instruction
(CBI) interactive modules for the cyber-security courses that will support and standardize
the learning outcomes towards
industry recognized entry level and advanced technician certifications
in cyber security, such as Security+, GSEC (GIAC Security Essentials
Certifications), etc. These interactive multimedia training modules
will be able to support both traditional classroom and distance
learning delivery modes and provide a uniform methodology of training,
assessment, and documentation of learning objectives. Instructional
materials will incorporate existing exemplary training materials and
curricula developed from previous related grants.
b. Design and implement a tiered instructional delivery model,
replicable at other community college campuses to 1) leverage the use
of the developed CBI modules, 2) disseminate successful teaching
strategies, 3) promote an exportable model for teacher training at
both the community college level and upper level secondary public
schools, 4) to promote capacity building of instructors and programs.
c. Develop a model for articulated pathways for students from high school to the
community college and matriculating model from the
community college to a four-year institution.
d. Develop a Cyber Security AAS degree curriculum that can serve as a template
for a proposed applied associate degree.
e. Develop technician training certificates for workforce personnel and as an adjunct
to completing an Associate Degree in Networking Technology or Programming, etc.; e.g.
Security Associate Certificate I; Security Associate Certificate II; Security Associate
Certificate III.
Research and Education Activities:
I. Executive Summary:
A. The Cyber Security/Computer Forensics Project undertaken by Del
Mar College (DMC) is a three year grant funded project that will train
advanced technicians in the areas of cyber security, computer
forensics, data recovery and create curricula modules for
dissemination to community colleges. DMC, Corpus Christi, Texas is the
12th largest Hispanic serving community college in the nation,
enrolling over 25,000 students, 57% Hispanic, 60% female, and
predominately first generation college.
The past decade has seen an enormous increases in storage of
highly sensitive data on computer systems and distributed networks
that are vulnerable to unauthorized access. There has been a
corresponding rise in the sophistication and number of attempts to
breach system security. Presently a demand for technician training to
ensure the security of data for emergency services, government
operations and public/ private infrastructures, e.g.,transportation,
telecommunications, and energy exists. There has not been a
corresponding increase in cybersecurity/computer forensics technician
training at the associate degree level nor is there dissemination of
training modules for adaptation into community college curriculums.
DMC's project was developed to address this need to support capacity
building.
DMC's cybersecurity and computer forensics project encompasses
the development and dissemination of a comprehensive curriculum with
supporting computer based instructional modules to train technicians
at the associate degree level in cyber security to include network
security, computer forensics, data recovery, and related areas of
cyber crime, evidence collection, and technical and legal
investigative protocols. The associate degrees developed have been
organized around three core components: 1) academic, 2) information
technologies, and 3) new cybersecurity/information assurance courses
developed to address the following topics: networked servers; advanced
programming; ethics and law; network security and telecommunications;
encryption and viruses; computer forensics; investigative techniques
and rules of evidence; cryptography; encryption technologies; access
control systems, intrusion detection and response; security
architecture and auditing; information assurance; security management
practices; and disaster recovery planning.
B. Major achievements and progress related to the NSF project (not
including staff development or industry conferences) to date are
listed in a log format as follows:
July 03
The Texas community college security consortium (which
includes NSF partnered project institutions and investigators)
submitted ITSY course rubrics for approval to the THECB for inclusion
into the state's course inventory.
Sept 03
Texas Community Colleges received approval from THECB for use
of ITSY 'Information Technology Systems Security' courses
14 Oct 03 DMC CSIT Local Industry Advisory Board met, reviewed and
approved revision of CIS degrees to include two Associate Degree
Specializations in the security field. Reviewed nine (9) new
Information Technology Systems Security (ITSY) course titles and
descriptions to support the new degrees and made suggestions for
inclusion into department inventory.
31 Oct 03 Submitted the nine (9) new ITSY course rubrics with other
eighty additional course inventory changes for review and approval by
Del Mar College Curriculum Committee. Received approval for inclusion
in 2004-05 school catalog and institution's course inventory.
7 Nov 03 Submitted two specific security degree plan revisions under
the department's current Computer Information Systems degree;
Associate Degree in Computer Information Systems, Information Systems
Specialization, Computer Forensics Associate Emphasis, Associate
Degree in Computer Information Systems, Information Systems
Specialization, Information Systems Security Associate Emphasis, to
Del Mar College Curriculum Committee for review and approval.
Received formal approval from that committee to prepare for formal
submission to the Texas Higher Education Coordinating Board for
inclusion into the 2004-05 school catalog.
20 Nov 03 Visit by PI to UTSA-San Antonio, MIS Division and Northside
Independent School District, resulted in the replacement of a proposed
member of the National Visiting Committee and the addition of a NVC
nominee. Groundwork laid for the development of an articulation into
the UTSA-MIS-Information Assurance program was initiated.
17 Dec 03 Project investigators participated in UTSA's Center for
Information Assurance and Security's (CIAS) 'Operation Dark Screen'
computer security exercise preplanning session with municipal, county,
and military 'first responders'. The project's NVC chairman, Dr. Greg
White, was the exercise planner and leader.
21 Jan 04 Project PI met with Dan Talley, representative of WKMC
Architects, to discuss requirements for the specifications and
requirements for the possible inclusion of a dedicated forensics lab
in the 'Emerging Technologies' Building which is scheduled for
groundbreaking in summer '05.
4 Feb 04 Project investigators participated in UTSA-CIAS 'Operation
Dark Screen, Phase I', computer security exercise with area first
responders.
1 Mar 04 Submitted new degree plans to the Texas Higher Education
Coordinating Board for review and approval to be officially
implemented as a degree specialization under the Department's degree
program.
5 Mar 04 External Evaluator visit by Dr. Phil Linerode to collect data
and produce first external report.
Mar 04
Del Mar CSIT Department became a member of the National
Cybersecurity Consortium
Findings:
II. Project Findings.
The narrative of this project report will be described
relative to the first year activities found in the 'Project Activities
and Timetable' chart as submitted in the project proposal. First year
events and actions were designed to be formative, process centered,
initiative, and analytical with the end state to have identified job
skills, learning objectives and completed the necessary activities to
support course development. The majority of these objectives support
project goal (a), curriculum development.
Objective 1. Conduct task analysis:
Three of the project's primary investigators (Kesterson, Harris, Lee)with
representatives from other Texas community colleges (eight
total, three of which are partnered in this NSF project, e.g. Collin
County Community College, Richland College, Southwest Texas Community
College) participated in a consortium under the auspice of the Texas
Higher Education Coordinating Board (THECB) from September 2002
through August 2003 to develop curriculum materials to facilitate the
implementation of IT security programs in the state's community
colleges. The awarding of the NSF grant allowed Del Mar College (DMC)
to leverage the results/work from this consortium into a regional
program with eventual goal of developing web/server-based
instructional modules and strategies for national dissemination.
The state's Career Development Resources (CDR), a unit of the Texas Workforce
Commission, had identified security as an 'emerging
occupational area' thus preempting our requirement to determine need.
Consequently the group proceeded to conduct a comprehensive skills
analysis using the Performance Criteria Analysis (PCAL) method, a
hybrid DACUM and occupational analysis process, lead by Co-PI Brent
Kesterson. (See attached PCAL file). The PCAL process provided a more
time and cost effective option to obtain critical data for curriculum
development than the traditional DACUM process and has been used in
other NSF programs , e.g. MATEC,
The targeted occupation title was the 'computer security specialist'. Entry-level skills,
knowledge, and attributes (KSA) needed by this worker were then identified. A gap
analysis was initiated to
determine the difference between entry level (characteristics) of the
student target population and the skills level required of the
occupational field. This resulting data then provided a starting and
stopping point (scope) for the resulting curriculum design/framework.
The data also provided the contextual basis to meet nature of the job
as well as to provide the basis for describing the behavioral
characteristics of the ideal worker.
A review of existing curriculum for use by higher education for the target
occupation at the state and national level was then conducted. As documented in
numerous NSF and other white papers, a paucity of material outside of proprietary and
industry training institutes, e.g. Global Knowledge, Learning Tree International, SANS, etc.
(Note objectives 1, 3, and 4 are tied closely in the instructional design process). This
NSF project team carried forward the work accomplished previously from the THECB
consortium.
Objective 2: Attend technical/ vendor/certification seminars on
cybersecurity and computer forensics.
Activities related to this objective were easily documented as staff development is a
requirement for faculty promotion and staff retention at the project's primary institution.
Pertaining to security and forensics training topics, nine faculty and staff members from Del
Mar and one from our partnered institution, Lamar Technical Institute,
attended or have enrolled in thirty-six (36) separate training
seminars of which twenty (20) were three or more days in duration.
Significant is that no training costs were derived from the current
NSF grant (at the time of this writing) as those training
opportunities were supported by previous year funding from existing
state or institutional personal development grants applied for by the
individual member. Security and information assurance topics had been
previously targeted by the department as an 'emerging technology'
prior to knowledge of this award from its department's annual unit
review process and from the plethora of news articles in trade
publications. All five of the project's investigators attended at
least one industry conference with two individuals attending two.
Objective 3: Develop industry based learning objectives.
The PCAL process, described in Objective 1, provided KSA
characteristics of the ideal entry level IT security specialist and an
analysis as to the knowledge, skills, and attributes for a person to
be successful at the entry level. These characteristics were stated in
a behavioral statement and compiled in a spreadsheet. In other words,
the behavioral statement (performance criteria) listed in the
spreadsheet became a textual description of what a successful student
would be able to do as the result of completing a course of training
that addressed those behaviors. Industry representatives with subject
matter expertise in computer security and forensics were identified by
partnered schools and asked to analyzed each of those statements. Each
of these behavior statements or performance criteria were then rated
for characteristics, importance, proficiency, frequency and difficulty
using a scale of 1 to 4 (See Rating file). Subject matter experts
(SME) could add additional performance behavior statements if they
thought a critical skill had been omitted from the earlier process. In
short, the SME validated the statement listed on the premise of what a
computer security specialist should know and be able to do. The data
was then compiled. The committee members then analyzed the aggregated
listing by averaging all of behavioral ratings. All behavioral
objectives averages with a rating below 3.0 were then removed. The
rationale behind this criteria was that behaviors below this value
were identified as 'nice to know' skills but not essential for the
entry-level specialist. It was agreed by the members of the Texas
consortium, that retaining all skill sets would limit the number of
institutions using the developed materials as this would require more
staff expertise and logistical and equipment support. Setting the
rating level at 3.0 was determined to define the 'essential skills'
set.
The members of the consortium then performed an additional analysis, a crosswalk,
which grouped/aligned the skills into clusters which eventually formed the basis/link to
the development of a course title and description (See Crosswalk and ITSY Course File).
The KSAs were then converted to learning objectives meeting standard learning
Objectives criteria.
Objective 4: Validate learning objectives with industry partners
The activities of Objective 4 are linked closely with those of
objective 3 as the PCAL survey and ranking methodology used is
essentially a validation of the core behaviors for all of the derived
learning objectives by industry experts. Additionally, the principal
investigators along with DMC's faculty subject matter experts
validated these skill sets against the National Workforce Center for
Emerging Technologies (NWCET) Cybersecurity skill standards as
outlined in NWCET's Building A Foundation for Tommorow's appendices.
The principal investigators of this project will be presenting all of
the behavioral statements identified by the Texas consortium along
with additional learning objectives beyond the 'essential' to the DMC
local industry advisory board, which consists of representatives from
the area's petrochemical industries, the military, municipalities, law
enforcement, law offices, and project management firms at their spring
meeting in April '04. These learning objectives will also be
presented to the members of the National Visiting Committee. It was
felt that materials developed by this NSF grant would eventually be
made available to a broader cross section of institutions where the
larger and more resource endowed schools would be better able to
implement a more robust program where those skills described earlier
as 'nice to know' might be essential in a competitive employment
market which is sure to occur as this field matures over time.
Objective 5: Select and develop course materials
The actions required by this objective, supporting the project's
goals (a) and (b), will occur throughout the life of this project as
course development is an iterative process with constant revision and
updating of information, software, and supporting hardware as
procedures/protocols mature, technology evolves, and security threats
morph.
Objective 6. Submit degree plan to curriculum board:
An 'Information Systems' specialization under the Computer
Information System (CIS) Associate of Applied Science (AAS) degree was
formulated by departmental and project members under guidelines of the
THECB's Guidelines for Instructional Programs in Workforce Education
(GIPWE)in the summer of '03. Two tracks or emphasis were developed
under this specialization, a computer forensics emphasis and a pure
security technician emphasis were prepared. The proposals and
supporting course descriptions were submitted to the DMC Computer
Science and Information Technology (CSIT) industry advisory board for
review and action in their fall '03 meeting (copy of minutes
attached). The degree proposals were then presented on two separate
occasions to the DMC curriculum committee, an institutional internal
review board charged with evaluating program need and compliance with
state guidelines, in October and November of '03. Both tracks were
unanimously approved and recommend for submission to the next higher
echelon of approval in early spring '04. The actions targeting this
objective supports the attainment of the project goal(d).
Objective 7. Develop recruiting strategies and materials:
A multi-faceted approach has been taken to give the project the most cost effective
and wide dissemination but yet market the program to a specific technical population. The
project's approach has included the use of print media, direct contact/presentation and a
curriculum strategy to target/attract students from multiple entry points. Potential students
were identified to originate from (a) high school (b) other majors e.g. Music, English, etc.
(c) existing departmental student population (d) those already possessing either a
technical associate degree program or baccalaureate degree and (e) directly from the
workforce. Activities utilized thus far have included the following: (1) divisional newsletter
articles (2) community newspaper articles (3) recruitment at four school district career
day/fairs (4) revision of school catalog to include new program (5) development of
departmental curriculum flyers and program brochures which are in draft format undergoing
approval by the institution's college relations department (7) establishment of an ATE
project website with linkage to the existing departmental page which is undergoing approval
by the institution's web advisory committee (8) inviting high school networking classes for
an institutional visits (9) faculty presentations to school district counselors (10)
presentations and exhibit at a technology exposition (11) presentations at Tech-Prep
Consortium meetings(12) an exhibit at a national conference (13)
presentation at a chamber of commerce meeting.
The most effective strategy employed is where we target the
approximately 750 class members of the eighteen Local Cisco networking
academies that comprises the Del Mar College Regional Cisco Academy.
This is a prime 'self selected' population of technically oriented
students with knowledgeable instructors whom in the whole are more
effective than school guidance counselors for recruiting and have
greater rapport with them on a daily basis. Our Regional Cisco support
technicians contact these campuses and classes under contract for a
weekly technical support visit and are able to update both instructor
and students on departmental offerings and programs. A strong and
effective Tech-prep and dual credit program is in placed to facilitate
articulation of students into our program.
Another strategy employed utilizes the ITSY 1300 'Fundamentals of Computer
Security' class as an elective or course substitute in CS/IT degree curriculums, e.g.
networking, programming,
multimedia-development, etc. More significant is that this class
serves as an internal recruiting opportunity to market a second 'field
of study' to our existing majors.
Recruiting strategies under discussion for future incorporation
include: (1) having the department's multimedia classes develop a
promotional CD-Rom as a term project (2) the development and
sponsorship of an annual area high school networking/technology
competition among our Local Cisco academies in which recruitment and
security program awareness activities could be embedded with a theme
such as 'Defending the Alamo' (3) the development of a specific
internship with several of our municipal or governmental partners for
more public awareness (4) participation and exhibition in additional
secondary technical teacher education state conferences.
Objective 8. Begin enrolling students in new security courses:
Subsequent to receiving the grant in June '03, members of the project advised
approximately 75 students who requested information about the security curriculum. In
spring 2004, 54 students were enrolled in three security classes composing of two
sections of ITSY 1300 'Fundamentals of Information Security' and one section of ITSY
1342 'Information Technology Security'. Approximately 70% of these
students were from the population that had been previously advised.
The class student demographics consisted of 51 males and 3 females
with 37% Hispanic and 2% Asian students. Most students, 92%, have a
predominately networking curriculum background and the remaining were
programming majors. Four students had previously completed an
Associate degree in networking and one student possessed both a
Bachelor and Masters degree in English.
Objective 9. Submit Degree to Texas Higher Education Coordinating
Board and receive approval:
Degree proposals approved by the DMC curriculum committee outlined earlier in
Objective 6 were then prepared for electronic submission to the THECB on March 1, 2004
to begin the external review process. Feedback on this submission is expected from the
THECB in June/July '04.
Objective 10. Develop three cybersecurity certificates for post degree
and existing workforce.
Certificates are in draft formats and were presented to our industry advisory
committee in October '03. The committee tabled action on those certificates until spring
'04 on my recommendation. This action had no material impact on the approval of the
curriculum changes or the security degrees proposed as courses are developed and offered
would remain unaffected for academic year fall '04 thru summer '05.
This agenda item will be brought up again at the next advisory meeting
scheduled for this semester (spring '04) . A discussion will be held
in regards to whether a two or three certificate format is more
appropriate. The recommended format will then be prepared and
presented to the DMC curriculum committee in fall '04, to the Texas
Higher Education Coordinating Board in spring '05 with anticipated
inclusion in the fall '05 catalog. The intent and rationale for
certificates was to create optional exit points for students with
existing degrees or for those IT workforce individuals needing
additional education/training. The rationale for the delay was due to
the enormity of re-engineering our entire department's program.
Eighty-eight of eighty-nine courses had some change as to description,
funding code, learning objectives and scans competencies. The revision
of all ten existing associate of science and associate of applied
science degrees was also required. This objective addresses project
goal (e). This goal should be reported accomplished in the next
annual report.
III. Existing Program Impact
Security issues within information technology circles has taken
the forefront in discussions. Its a 'hot' topic and no doubt one of
the few reliable growth fields left in IT. It has been no different
among members of the project's host institution CSIT department.
Fully half of the full-time tenured faculty and 100% of its embedded
technical support staff personnel have participated in security
training seminars. In spring of '02, the CSIT five member core
curriculum committee initiated an extensive examination of the eight
existing AAS degrees (last extensively revised in fall '99) and
informally surveyed for the 'hot/buzz' topics of their industry
friends. It found that the topics of connectivity and database rose
to the top. With this in mind, the committee examined the existing
CSIT core subjects, consisting of 6 common courses found in each CSIT
degree. The committee found that networking/connectivity was
ubiquitous in every information technology endeavor and that database
technologies was being targeted by the state's CDR. With this in
mind, the core committee recommended to the department in the whole
the replacement of two courses in all AAS degree plans to reflect the
addition of a networking and database programming course. This
resulted in huge project to re-engineer all of the department's ten
degrees in spring and summer of '03. Proposals and presentations were
submitted to the department's four industry advisory board
subcommittees for review and suggestions. The subcommittees
eventually endorsed the revision proposal. The department's industry
advisory board approval provided the 'green light' to submit all
revised degree plans to DMC’s curriculum committee in fall '03 . With
the advent of the NSF award in summer '03, security issues received
additional emphasis in the introductory networking course, ITNW 1421.
Consequently all students are introduced to connectivity and security
issues early in their degree plans. The introductory database
requirement, ITSW 1407, identifies the database as the valuable
resource that is being protected/guarded. This strategy reflects that
security and information assurance is the routine 'way to conduct
business'. Security issues are now being brought into the introductory
programming classes. All of the department's course syllabi and
learning objectives are being revised to infuse 'safe computing' and
'reliable information' as inferred from the NWCET cybersecurity skill
sets and learning objectives.
A part of the recruitment and retention aspects of this project
will involve the awareness of the long term goals/plans of the
potential students beyond the AAS. Consequently three regional
universities have been contacted and visited concerning future
graduates and upward articulation which addresses one of the projects
fourth goal of articulation and matriculation. On 6 June '03, Dr.
Robert Diersing, Dean of Business at Texas A&M University-Kingsville,
TX, was contacted to inform him of the grant award but also to make
arrangements for a BAAS presentation by his staff to our potential
graduates (Dr. Julie Reyna presented to DMC counseling staff in Oct
'03). On 20 Nov '03, the project's PI visited the campus of UT-San
Antonio, TX, to meet with the CIAS director, Dr. Greg White but also
visited with the MIS Chairperson, Dr. Glenn Dietrich. Dr. Dietrich
expressed strong interest in articulating students into their BBA-MIS
Information Assurance program and the development of a technical
Bachelors degree, the BAAS. On 16 Feb 04, Peter Gawenda from
UT-Brownsville, TX, was contacted about its new Bachelor of Technology
degree for an articulation meeting. These upper division schools will
provide our project's future graduates multiple educational options.
IV. Significant carry-over of funds (> 20%).
The PI anticipates a significant carry-over of funds of approximately
48% from the first year proposed budget. This is due to the logistics
of establishing many of the processes, personnel assignments and
accounting infrastructures. The project in the first year is in a
startup mode and focused on process initiation. Although anticipatory
while awaiting the grant proposal's status, the enormity and scope of
shifting departmental perspective and reallocating resources to
support a concrete project upon award brought home the reality that
many critical events and milestones must now be accomplished and given
priority. Project's senior members at DMC were under direct
responsibility of the PI and were immediately reassigned duties, no
carryover of funds is anticipated in this category. Due to the
scheduling/timing of the award (June '03) and the process of
establishing sub-contracts and liaising with the Texas Engineering
Experiment Station, our grant fiscal agent, co-PIs Kesterson and
Wilsker began work on the project in the second quarter of the
project. Subcontract funds will have a 25% carryover from first year
allocations (approximately $5,800 remaining). The hiring of the
project's media specialist and student assistants was also delayed to
1st quarter 2nd year, due to the fact that course and curriculum
materials were in a research and formative stage and not yet in a form
to be converted to module format. Consequently, these people would
have been under utilized and the decision was made not to hire until
sufficient quantities material was generated. Identification of
relevant topics, lab activities and desired course material has been
identified and will be subcontracted for development to other faculty
and subject matter experts to rectify this situation. Consequently
90% of this funding (approximately $50,000 remaining) will be carried
forward. Design of brochures, curriculum promotional materials, etc.
was borne by the department's budget for the first year. Only 30% of
allocated funding was obligated (approximately $1,750 remaining).
Travel and related security training costs/ were offset by previously
acquired development and travel grants received previous to the grant
award year (approximately $8,000 remaining). None of the allocated
funding for software was obligated as the entry level courses offered
thus far, the PIs were able to use shareware, public domain tools, and
time-limited demoware ($12, 500 remaining). Software will be procured
as the advance security classes are being offered to obtain the latest
versions and extend their usefulness. None of the indirect funds
earned were obligated ($80,000).
In this same period, the host institution has supported the
project with nearly $45,000 in funding for equipment purchases. The
equipment acquired includes 16 rack mounted servers, 4 mobile rack
pods, 2 equipment racks, and 16 laptops.
V. Summary
The PI feels that as project momentum builds, deliverables
development increase, implementation and dissemination phases are
initiated, the need for funds expenditure will accelerate and that the
underobligation funding situation will be self correcting. I do not
foresee any major problems from a project perspective aside from
inherent time management needed for project partner networking,
personnel changes and the political sensitivities of working in a
collaborative multi-institutional environment. At this point, no
deviations from goals or deliverables are expected. Many opportunities
for collaboration have arisen from this NSF participation. The PIs of
the program look forward to the project's recent association with the
National Cybersecurity Consortium and the collaboration with
Miami-Dade and Virginia Community College System.
VI. Addenda
On January 30 Dr. Phillip Linerode, the project's external
evaluator was contacted and provided project materials and an verbal
overview of the Del Mar NSF project. Arrangements were made for the
project's first site visit and audit. On March 5, 2004, Dr. Linerode
conducted a site visit to review the project's progress, activity
artifacts and view materials under development. He also conducted
visits and interviews with project members and supervising personnel.
Dr. Linerode provided the PI with evaluation insights, documentation
suggestions, and course development documentation advice. His onsite
comments indicated that all stated 1st year objectives appear to have
been substantially met as the majority were formative in nature. He
plans to visit the project on a more periodic basis to more fully
engage in the process. An unsigned copy of his report is provided and
he will mail a signed copy to the NSF project officer.
A copy of the signed DMC industry advisory board dated 13 Oct '03
will be forwarded to project officer via e-mail as the file attachment
process of FASTLANE became problematic. The PCAL, Crosswalk, and
Rating Scale files referenced previously are similarly forwarded as
the conversion process skewed cells and alignments.
The National Visiting Committee has not met yet, although all
members have been contacted and/or personally visited. Its first
meeting is tentatively set for late May or early June due to the
number of educators on the roster. The PI is aware that this report
will remain incomplete until the NVC's findings are submitted.
Training and Development:
Project members and faculty are engaged in gaining additional subject
matter expertise to be incorporated into later course offerings.
Training and Development activities are listed as follows:
Gonzalez, G.
1.SANS Institute 'Securing Unix' (Currently enrolled)
2.Working Connections IT Conference 'Intermediate Network Security'
(Completed 10-15 Aug 03)
3.'Implementing Network Security', Microsoft Events (registered for
15Apr'04)
4.'Implementing Application and Data Security', Microsoft Events
(registered for 15Apr'04)
Hattox, D.
1.Cisco Fundamentals of Network Security (Completed Aug 04)
2.'Faculty Professional Development and Curriculum in Cybersecurity',
Miami-Dade/Virgina Community College System, National Cybersecurity
Consortium, (9-15May '04) registered class student designate
3.'Implementing Network Security', Microsoft Events (registered for
15Apr'04)
4.'Implementing Application and Data Security', Microsoft Events
(registered for 15Apr '04)
Harris, M.
1.Cisco Fundamentals of Network Security (currently enrolled)
2.SANS '10 Domains of the CISSP Security' (currently enrolled)
3.Working Connections IT Conference 'Network Security' (Completed Aug
'02)
4.Working Connections IT Conference 'Intermediate Network Security'
(Completed 10-15Aug 03)
5.'Implementing Network Security', Microsoft Events (registered for
15Apr'04)
6.'Implementing Application and Data Security', Microsoft Events
(registered for 15Apr'04)
Knox, W.
1. Working Connections IT Conference 'Introduction to Network
Security' (10-15 Aug'03)
2. 'Writing Secure Code - Best Practices', Microsoft Events
(registered for 15Apr'04)
3.'Essentials of Application Security', MSDN Security Briefing,
Microsoft Events (registered for 15Apr'04)
Leja, S.
1. 'Writing Secure Code - Best Practices', Microsoft Events
(registered for 15Apr'04)
2.'Essentials of Application Security', MSDN Security Briefing,
Microsoft Events (registered for 15Apr'04)
3.'Implementing Network Security', Microsoft Events (registered for
15Apr'04)'
4.Implementing Application and Data Security', Microsoft Events
(registered for 15Apr'04)
Lee, L.
1. Security+, LearnKey (currently enrolled)
2. CISSP 'Law, Investigation & Ethics' LearnKey (currently enrolled)
Patterson, K.
1. ICIAS Forensic computer Examiner Training Program (Certified
Electronic Evidence Collection Specialist designation) 28 April - May
9, '03, completed.
2. NW3C (National White Collar Crime Center) Advanced Data Recovery
and Analysis, Microsoft Windows NT/2000/XP 13-16 January '03,
completed.
Smith, S.
1. SANS 'Security Track 1', July 26-30, '03, completed.
2.'TCP/IP' Fall-03 Texas A&M University Corpus Christi, completed.
3. 'Operating Systems Software' Fall '03Texas A&M University -Corpus
Christi
4. 'Writing Secure Code - Best Practices', MSDN Security Briefing,
Microsoft Events (registered for 15Apr'04)
5. 'Essentials of Application Security', MSDN Security Briefing,
Microsoft Events (registered for 15Apr'04)
6. 'Faculty Professional Development and Curriculum in Cybersecurity'
Miami-Dade/Virgina Community College System, National Cybersecurity
Consortium,(9-15May'04), registered class student designate
Stewart, K.
1. Cisco Fundamentals of Network Security (currently enrolled)
2. SANS Institute '10 Domains of the CISSP Security' (Completed 1 Feb
04)
3. Working Connections IT Conference 'Intermediate Network Security'
(Completed 10-15 Aug'03)
4. 'Implementing Network Security', TechNet Security Briefing,
Microsoft Events (registered for 15Apr'04)
5. 'Implementing Application and Data Security', TechNet Security
Briefing, Microsoft Events (registered for 15Apr'04)
Wilsker, Ira
1. FBI Infragard, Cybersecurity Track, Houston TX (19-22 Oct '03)
Outreach Activities:
Although the project is in its first year the following
professional/industry outreach and participation activities have been
accomplished:
Harris, M.
1. CYBERSECURITY ISSUES: An ATE Roundtable Discussion AACC and NSF ATE
National PI conference (23Oct'03)
Kesterson, B.
1.'Cybersecurity Summit', National Cybersecurity Consortium, League of
Innovations, Milwaukee, WI. (18Oct '03)
Lee, L
1. 'Cybersecurity Summit', National Cybersecurity Consortium, League
of Innovations, Milwaukee, WI. (18Oct '03)
2. CYBERSECURITY ISSUES: An ATE Roundtable Discussion AACC and NSF ATE
National PI conference (23Oct'03)
Smith, S.
1. 'Cybersecurity Summit', National Cybersecurity Consortium, League
of Innovations, Milwaukee, WI. (18Oct '03)
2. CYBERSECURITY ISSUES: An ATE Roundtable Discussion AACC and NSF ATE
National PI conference (23Oct'03)
Wilsker, I.
1. Computer and Technology Expo, Houston TX, by Ira Wilsker (19-20Sep
'03)
Additional outreach activities are listed in a log format with a short
description.
9 Sept 03
Beaumont Civic Center, 'Computer Security Issues', by Ira
Wilsker to community leaders and citizens
15-16 Oct 03 Lamar University, guest lecture by Ira Wilsker on
information security.
18 Oct 03
League of Innovation, Chaired Cybersecurity Summit,
National Cybersecurity Consortium, League of Innovations, Milwaukee,
WI., chaired by Co-PI B. Kesterson
24 Oct 03
NSF ATE Conference, Washington DC, Project exhibit by PI
Lee and Co-PIs Harris and Smith
6 Nov 03
Lamar State College, 'Cybercrime and Information
Security', by Ira Wilsker, Beaumont, TX
25 Nov 03
Banquette High School 'Career Days', Banquette, TX by PI
L.Lee to approximately 55 students
18-19 Nov 03 Cyber security presentation by P. Patterson to three DMC
classes for E.Smith ITSC1301 classes, with approximately 45 students
9 Dec 03
King High School, CC. TX, Presentation to guidance
counselors by S. Smith, J. Delassen
17 Dec 03
Project investigators participated in UTSA's Center for
Information Assurance and Security's (CIAS) 'Operation Dark Screen'
computer security exercise preplanning session with municipal, county,
and military 'first responders'. The project's NVC chairman, Dr. Greg
White, was the exercise planner and leader
6 Jan 04
'The Secure Educational Network: Issues & Answers for the
Classroom Educator', 2004 Annual Educational Technology Expo & Library
Media Book Fair, Educational Service Center Region 2, by M. Harris, L.
Lee & S.W. Smith
4 Feb 04
Project investigators participated in UTSA-CIAS 'Operation
Dark Screen, Phase I', computer security exercise with Coastal Bend
Area first responders.
13 Feb 04
Tulso-Midway High School 'Career Days' by presented G.
Gonzalez to approximately 60 students
3 Mar 04
'Career And Technology Educators Day' West Oso ISD for
Vocational Counselors, teachers and students, K. Stewart presented to
several hundred students and teachers
2 Apr '04
'
South-Texas Career Expo' Kingsville Exposition Center,
(scheduled) D. Abarca, B. Dufrain, G. Gonzalez, S. Leja, B. Poplin,
S.W. Smith
Co-PI Ira Wilsker from partnered Lamar Institute of Technology has
written numerous computer security articles this past year for use by
many computer user groups throughout the country in their individual
newsletters or websites. A sample of some of the articles are listed
below.
1. 'Spam - Bane of the Internet', Ira Wilsker TBCS newsletter, CPUG
newsletter 8/03
2. 'Attack of the WORMS - Did We Learn Anything', Ira Wilsker, CPUG
newsleter 8/03
3. 'What We Should Have Learned By Now' by Ira Wilsker
4. 'Stay Alert with Security Alerts' by Ira Wilsker
5. 'Computer News and Updates' by Ira Wilsker
6. 'Computer News and Update' Part II, by Ira Wilsker
7. 'New and Interesting Technologies from COMDEX', by Ira Wilsker
8. 'Protecting Yourself from Identity Theft'by Ira Wilsker
9. 'Hi! 'I'm from the Government and I'm Here to Help Your Computer,
by Ira Wilsker, PCLifeline
10. 'Computer Viruses and Spam ruled in 2003' by Ira Wilsker
PCLifeline
11. 'Home Computer Security' by Ira Wilser, CSWF News and Views, Jan
04, APCUG Reports
12. 'Cyberfraud: Pfishing', by Ira Wilsker Bits & Bites, TBCS
Newsletter
News articles in appearing in print publications for the past year
include:
Spring 2003 Three New CIS Degrees' Information Superhighway
Newsletter, Division of Business and Career Programs
02 Jun 03 'NSF Funds Cybersecurity Project at Del Mar College' Texas
A&M Engineering News, Texas A&M College Station Newsletter
13 Jul 03 'Del Mar To Teach About Data Security', Corpus Christi
Caller Times
1 Sept 03 'Del Mar College Cybersecurity Program' Corpus Chamber of
Commerce Newsletter
Curricular target(s) of Project
Project Products, Publications, Materials
Journal Publications:
Book(s) of other one-time publications(s):
Other Specific Products:
Internet Dissemination
Additional Information
Special Requirements for Annual Project Report:
Unobligated Funds: $150000.00
Categories for which nothing is reported:Products: Journal PublicationsProducts: Book or other
one-time publicationProducts: Other Specific ProductProducts: Internet DisseminationContributions
Within DisciplineContributions to Other DisciplinesContributions to Education and Human
ResourcesContributions to Resources for Science and TechnologyContributions Beyond
Science and EngineeringSpecial Reporting RequirementsAnimal, Human Subjects, Biohazards
Contact Information for Project: Colloborating AwardsProject Activities and Findings: Innovations
or Unique Successes to DateProject Activities and Findings: Other Features of Project
Curricular target(s) of Project: Discipline(s) Affected by ProjectCurricular target(s) of Project:
Subject(s) Affected by ProjectCurricular target(s) of Project: Title(s) of Course(s) Affected by
ProjectCurricular target(s) of Project: Summary Description of Pedagogical Approaches
Project Products, Publications, Materials: Types of productsProject Products, Publications,
Materials: Other Types of Products
Internet Dissemination: FTP Server AddressInternet Dissemination: Gopher Server Address
Additional Information: Description of Equipment or InstrumentationAdditional Information:
Additional Sources of Funding