The Information Systems Security Laboratory (ISSL) is a security training, testing, and outreach laboratory created to support business and industry in Iowa, as well as across the Midwest region. Business and industry face ever-growing and constantly changing security challenges which create lifelong learning demands for information technology (IT) staff, as well as the general employee. As demonstrated with frequent news stories, breaches in corporate security cause financial hardships, loss of reputation, and/or reduction of competitive edge. Corporations want very much to avoid such problems and are willing to pay to have their employees educated in security issues. The IAC has offered a few fee based short course during the past 5 years to various groups across Iowa. Further, companies are consistently hamstrung by new government regulations that require certain levels of security to be met before being able to bid on government contracts. While larger companies may be able to handle these regulation demands internally, most medium and small companies do not have the resources to deal with these requirements, therefore limiting their ability to compete for contracts. For more information on the test lab email issl@iastate.edu
The ISSL is a partnership between ISU’s Information Assurance Center (IAC), the Center for Industrial Research and Service (CIRAS), the Department of Electrical and Computer Engineering, the College of Engineering, and the Institute for Physical Research and Technology (IPRT). These partners have outreach as part of their core mission and have historically provided both training and company assistance. One of the two lead organizations in the running of the ISSL is the IAC which is a nationally recognized center of excellence in computer security and has been offering formal security education for more than 15 years. The second lead organization is CIRAS, the industrial extension arm of Iowa State. Since 1963 CIRAS has been enhancing the performance of Iowa industry through applied research, education and technical assistance. Providing security training to industry in partnership with ISSL is a logical next step for CIRAS in helping to enhance the competiveness of companies.
The ISSL addresses many of the challenges corporations currently face and will continue to change and respond to the needs of the corporate community in Iowa and the Midwest Region with changing and ever evolving course offerings. In its inaugural year, ISSL will offer five types of services. Each type of service is listed below with example offerings provided.
Security Training for Information Technology (IT) Staff
The ISSL will offer short courses and workshops targeted at IT staff both in Iowa and the Midwest region to help them gain experience in information security issues. These short courses and workshops will range from one day to week-long events and will be offered to business and industry IT professionals, as well as state and local government IT employees at an affordable rate. Some topic workshops that could be developed include risk assessment, penetration testing, information warfare, legal and ethical issues in security, forensics, web security, cryptography and virtual server security.
On-Site Security Education
While the Security Training described above is designed as workshops and short courses which would be held on the ISU campus, the ISSL is prepared to take one or all of the short courses and workshops on the road to a business, industry or government location. Additionally, boutique services such as workshops designed to fit a company’s needs in security education can be designed and delivered on-site to their IT staff for a negotiated fee.
Security Literacy Training
Computer security education should not be exclusive to technical audiences. Applied, practical security education can be made accessible to all employees, even those with minimal technical backgrounds. During an average day, employees use passwords, connect to the Internet on an unsecure wireless connections, share media via external devices, surf the web, click on hyperlinks, share information via social networking, and much, much more. Each of these actions involves a potential risk and can result in malicious consequences, many of which the average employee is unaware. Security Literacy education materials will be developed and delivered via prepackaged modules to companies for the non-IT staff workplace employee as part of ISSL’s work. It is anticipated these online modules may be offered nationally through CIRAS participation in the NIST Manufacturing Extension Partnership program and through Engineering On-line Learning (EOL). In addition to offering online training, there is opportunity to present on-site in a face-to-face setting for corporations wanting to train large groups of employees in a short time period.
Security Product Testing
The ISSL staff have experience in security product testing and benchmarking. Building upon this past work, the ISSL can complete security testing for companies, both those who develop security products, as well as those wishing to implement a new security product. The tests can be head-to-head comparison of products or help in developing new products.
ISSL offered several types of testing.
Student driven testing:
Students test products typically setup as a contest by the organization wanting the testing. The event is often kicked off by a presentation from the organization describing the product and the test.
Product testing:
Companies can have specific products tested by the lab (either products they have created or third party producs they are interested in). Companies can access this service as a member in S2ERC or directly from the lab.
Product comparison testing
Companies can have a group of products tested to help make a decision as to the best product for there needs. Members in S2ERC gain access to all test results preformed as part of the S2ERC.
Product reviews:
The testing lab will provide product reviews to be published by organizations or magizines.
Security Regulation Compliance
The ISSL has the professional talent and expertise to help small and large companies understand security issues that drive regulations like HIPPA, PCI, DFARS, etc. The ISSL will develop curriculum materials that can be to educate those who need to comply with these government regulations. Additionally, the ISSL can provide consultative services to help companies ensure their compliance.
Past Testing Projects Performed by ISSL Staff
- Data Loss Prevention Product Bakeoff in Network World
- Red Team for World’s Largest Cyberdefense Competitions
- Penetration Testing for State Organizations
- Multi-use Office Device Penetration
Facilities include
- ISEAGE: Internet-Scale Event and Attack Generation Environment
- Specialized Traffic Generation and Analysis Tools
For more information on the test lab email issl@iastate.edu
S2ERC access to ISSL
Members of the S2ERC have access to the testing lab through:
- S2ERC Members get access and help guide annual bakeoffs
- Individual product testing through an S2ERC Affiliate Project
- Direct funding of ISSL projects outside S2ERC
Companies interested in access to the lab through S2ERC should contact: Dr. Tom Daniels s2erc@iastate.edu
