Patroling a predatory playground

Thieves, extortionists, and a host of other undesirables prowl the Internet. They want your wallet, your retirement account, your identity. They represent not just a nuisance but a threat. And if you're like most Internet users, you don't have a clue, warns the iSchool's .

"Most people are really good people, and they can't even think like a criminal," says the director for the iSchool's Center for Information Assurance and Cybersecurity (CIAC). "The average person blithely jumps on the Internet and goes about conducting business, trusting that it's safe. It's anything but."

The FBI tallied almost 207,000 complaints of Internet crime in 2007, including auction fraud, non-delivery of purchases, credit card fraud, spam, child pornography, and computer intrusions. With 1.4 billion people around the world now using the Internet, and "malware" attacks increasing at rates of 800 percent a year, those numbers are only a blip on the screen.

"You're out there with millions of people who want to do you harm. They could be in disguise, halfway around the world, in a country that doesn't have an extradition treaty with the U.S.," says Endicott-Popovsky, who holds a Ph.D. in computer science/computer security.

The Internet, she says, was never designed with security in mind.

Raising public awareness about cyberspace predation is high on the agenda at the iSchool's five-year-old center, the only one of its kind in Washington state. It's a go-to center for educating security professionals and a collaborative research hub for innovation and problem-solving. Leaders also mentor other colleges in starting up their own cybersecurity centers.

A certificate offered as part of CIAC, designated a National Center of Academic Excellence in Information Assurance Education and Research, takes matriculating and non-matriculating students through an intensive, three-course program. The first course focuses on information assurance, a term that addresses not just computer security but, in an age of mobile technology, broader protections of information flow. The second course takes on risk assessment and management. The third puts ideas mastered in the first two classes to work on real-world cases.

"There's a progression from intellectual understanding to application," says Endicott-Popovsky, who brings her own research into the classroom and encourages students to contribute. "It helps them to think about information assurance problems when they are advancing science."

As the center director, Endicott-Popovsky, who spent 20 years in IT architecture and project management, has no problem signing up guest lecturers for courses. "Security people are more than willing to share their knowledge," she says. "They're concerned that there are not enough people trained to do the jobs that need to be done."

More information about the iSchool's certificate programs in IT Security & Risk Management, offered by UW Professional & Continuing Education, is available from the UW PCE website.