An information assurance curriculum for commanding officers using hands-on experiments

Abstract

To authorize and initiate necessary investments and enforce appropriate policies and procedures, decision-makers need to have at least a fair understanding of computer security fundamentals. This paper presents the course design and the laboratory settings that have been developed for, and used within, the high rank officer curriculum at the Swedish National Defence College. The developed course looks at computer security from an attack versus defend viewpoint, meaning that computer attacks are studied to learn about prevention and self-defense. The paper discusses the pedagogical challenges related to education of high rank officers and similar personnel in light of recently-held courses and contrasts the course relative to similar undertakings. A standpoint taken is that computer security is best taught using hands-on laboratory experiments focusing on problem solving assignments. This is not undisputed since, e.g., high rank officers are busy people who are not fond of getting stuck learning about the peripherals. © 2009 ACM.