|
|
|
|
Division of IT: Security
Classroom TechnologiesThe Division of IT Classroom Technologies program complements the Application Security Education Program by providing hands on exercises or real-world scenarios that highlight the security concepts being taught in the curriculum. This incorporates an extension of the Division of IT Information Security Guest Lecture series. Often a faculty member will desire to add additional reinforcement of concepts or practices described by a guest lecture. Subject-matter experts can provide presentations tailored to the specific course. In addition, the Classroom Technologies program focuses on developing central services and practices for the campus community to enhance the overall security posture of day to day activities. The focus is to empower researchers and instructors with the tools and practice they need to ensure that systems developed in the laboratory and the classroom are secure.Project in ProgressSecure Development Practice Laboratory ExercisesBoth the Department of Computer Science and the School for Information Science and Learning Technologies have requested additional practical exercises related to the Web Application Security Lecture. This project is focused on developing interactive lab exercises for students to walk through the process of securing pre-existing code that has not been developed in a secure manner.Information Systems Control and Assurance CollaborationThis semester, MU's Robert J Trulaske Sr., College of Business will utilize the software and resources of IBM's Academic Initiative to strengthen its Information Systems Control and Assurance education with a new security component. About 60 students per year will complete the course as part of the School of Acountancy's 150-hour master's of accountancy program. For more information, see the press release about this collaboration.Past ProjectsWeb Application Security Software Classroom PilotIn Winter Semester 2006, the Division of Information Technology, in conjunction with SPI Dynamics and the School of Information Science and Learning Technology, successfully piloted the use of the WebInspect web application security scanner in the classroom. Students were required to scan applications for vulnerabilities and repair them prior to turning in their assignments.Virtual Secure Development Environment PilotIn Fall Semester 2006 the Division of Information Technology in conjunction with SPI Dynamics, Microsoft and the Department of Computer Science piloted the deployment of the Virtual Secure Development Environment to students in both Network Security and Web Application Development courses. This pilot consisted of a DVD with Microsoft Virtual PC and a pre-built virtual machine image. The image contained time-limited versions of Microsoft Windows Server 2003, Microsoft Visual Studio 2005, Microsoft Threat Modeling and Analysis 2.0 and SPI Dynamics DevInspect. Students were given the opportunity to try the system on their own computer and use it as a platform to develop software for the remainder of the semester. |