One of the most enjoyable aspects of graduate studies at a brick-and-mortar university is the research lunch, sometimes called a brown-bag lunch. Students, staff and faculty gather for an informal lunch to discuss a specific paper or topic. For example, at Norwich University, we have had several years of weekly lunchtime meetings of the Special Interest Group on Security, Audit and Control (SIGSAC) of the student chapter of the Association for Computing Machinery (ACM). These meetings are enormous fun, and we have a variety of article discussions, movies, guest speakers, riotous arguments, and Monty Python versions of security lectures.

I think that everyone interested in security awareness should try organizing brown-bag lunches in their own enterprise. Any interesting paper or lecture can serve as the basis for valuable exchanges to further continuing awareness and education.

Today I want to point to one of the outstanding sites for material that can serve as the basis for such vigorous interchange: the vast collection of research and educational lectures, documents and links available from the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University in West Lafayette, Ind.

CERIAS developed out of the COAST project (Computer Operations, Audit, and Security Technology) started in 1991 in the Computer Sciences Department at Purdue under the direction of professors Eugene “Spaf” Spafford and Samuel Wagstaff Jr. In 1999, COAST became part of CERIAS, which is acknowledged as “one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.” 

Spaf himself is a luminary in the world of information assurance, with dozens of recognition awards for his excellence in research, teaching, and service to the profession and to national security. I have personally driven more than 100 miles to be present at a lecture by Spaf and count myself lucky for the privilege.

The CERIAS site is vast. Starting at the home page, we see a list of upcoming events on the right-hand side that can instantly attract our attention. At the time of writing, the next event was a lecture by the well-known and highly respected professor Edward W. Felten of the Princeton Secure Internet Programming (SIP) Laboratory. 

There’s an archive of seminars dating all the way back to 1994; starting in 2003, CERIAS began making digital recordings available of the seminars, and there are now about 125 of these video files (about 500MB each in various formats) on a wide variety of topics available to anyone who wants to enliven a lunch meeting or a course.

Another valuable resource is the education page which has links to a number of useful categories such as K-12 resources, Post-Secondary Education, and Secure Programming Curriculum. 

The Tools & Resources page includes links to:
* The Reports & Papers Archive, which in turn includes links to 2,175 articles or abstracts (at this writing).
* The CERIAS Hotlist, which has several categories of additional links such as system security, network security and so on.
* CERIAS Learning Products, a page which catalogs a number of security-awareness videos and other tools that one can buy or download free.

The CERIAS Weblogs include topical commentaries by CERIAS staff on a wide variety of interesting topics. There are usually several new ones per week and you can subscribe to an alerts service using syndication services or e-mail.

Finally, you can subscribe to a free PDF newsletter about CERIAS that provides news and announcements of upcoming events by sending an e-mail request. 

There is more, but I’m running out of space, and anyway, Spaf informs me that the Web site is undergoing a redesign over the next few months, so I’ll close with a kudos to the CERIAS team!

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.