SJSU Information Security Office - Campus Status News!
SJSU's Information Security Office maintains an incredibly important position on campus - to keep our systems clear of cyber threats and preventing disruptions - be it small or large - from happening. You can find out current campus security status by clicking here for the latest information!
SJSU Cyber Security Cluster Partnerships: NSF STC TRUST
SJSU is a founding institutional partner in NSF’s TRUST (Team for Research in Ubiquitous Secure Technology) Science and Technology Center. This partnership is made up of UC Berkeley, Stanford University, Carnegie Mellon University, Cornell University, Vanderbilt University and San José State University.
The Center was established in 2005, and its mission is focused on the development of cyber security science and technology that will radically transform the ability of organizations to design, build, and operate trustworthy information systems for the nation's critical infrastructure. Established as a National Science Foundation Science and Technology Center, TRUST is addressing technical, operational, legal, policy and economic issues affecting security, privacy and data protection as well as the challenges of developing, deploying and using trustworthy systems. (www.truststc.org)
SJSU's Dr. Sigurd Meldal concurrently serves as Co-Director of Education for the Center.
SJSU Cyber Security Initiatives
SJSU is committed to creating and maintaining the pipeline of cyber security professionals. The University expects to:
- Become an NSA/NSEE Center of Excellence for Information Assurance.
- Develop an interdisciplinary program involving the majority of colleges on campus that is designed to provide courses/certificates and career development for diverse students, including career changers, veterans and transfer students.
- Organize academic enrichment opportunities for K-12 youths and educators.
- Build partnerships and raise financial support with industry leaders to provide:
- Applied internships for SJSU students,
- Mentoring/teaching opportunities for industry leaders,
- Target training programs for SJSU cyber security students, and
- A place on the Cyber Security Industry Advisory Council for representatives from industry.
San José State is recognized as meeting the NSTISSI training standards of the Committee on National Security Systems
On April 17, 2013 San José State was recognized by the Committee on National Security Systems as meeting the national training standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 and 4012.
In the review the committee noted:
“The collective content utilizes and exposes the students to USG policies such as NIST, NSTISS, and also introduces industry certifications such as ISACA, COMPTIA and international ISO standards. The materials included many advanced topics. Examples include principles of modern cipher systems, understanding security protocols, brute force browsing, cross site scripting and reverse engineering. The Network Security course employs an online lab called 'deterlab,' which simulates buffer overflows, pathname attacks and SQL injections. Other tools used include nmap, snort, nessus, traceroute and netstat. The students also learn about botnet detection, prefix & IP hijacking, as well as securing legacy systems. Examples of supplemental readings include 'Verizon 2012 Data Breach Investigation Report,' 'Controlled and classified data reading and NSA/CSS Storage Device Declassification Manual,' and NIST Special Publications '800-53 and 800-37.'”
“The textbooks and supplemental readings included in the course content provide a foundation of references that are useful for the students’ growth and development and may continue to be so in their future careers. The students are also engaged in numerous online discussion forums and there is useful research, content and additional resources shared among the students primarily led by the instructor to respond to course assignments.
Students discuss many USG policies and processes such as the certification and accreditation process, with the new emphasis on risk management and continuous monitoring. Other course content include wireless, OPSEC/TEMPEST/EMSEC, Vulnerabilities & Threats, Countermeasures, biometrics, PKI, Need-to-Know principles, the importance of education, training and awareness, incident handling, forensics, ethics and laws, and DRP/BCP to name a few. The students perform tasks related to the topics outlined in the curriculum including research and hands-on labs.”
The certification process was managed by an interdisciplinary team from the Colleges of Engineering (Xiao Su, Computer Engineering), Business (Leslie J. Albert, Management Information Systems), and Science (Melody Moh, Computer Science).