As the title suggests, this chapter uses military principles and terminology to describe important components of an information technology education: security and maintaining information assurance. The paper is clearly written and well documented.
Fulp suggests that a curriculum must include an introduction to information assurance concepts throughout. In particular, the core courses should include, as a minimum, the topics reference monitor concept, the risk management equation, the defense-in-depth paradigm, and the principle of least privilege. This topics list could be augmented to include holistic security.
The paper discusses adding two curricular specializations to the core, in particular, follow-on courses to emphasize first tactical approaches and second strategic approaches to network security. For a capstone experience, the author describes adversarial exercises between student teams and “information warfare professionals from [the] NSA [National Security Agency]” to test network security. In addition to these adversarial exercises, the author’s curriculum should include reading exercises about current security issues. I suggest that resources such as http://csrc.nist.gov be used in the reading exercises, and should be part of the continuing education of the cyber warrior.
An important contribution of the paper is the author’s clear separation between the tactical and strategic approaches in information assurance methodology. This division is an important point for all information workers, particularly information technology managers and educators. The principles and terminology of this challenge are clearly described by the author.