Plante proposes a methodology to enhance teaching intelligence and security informatics in the context of existing computer science courses. The paper begins with a definition and discussion of intelligence and security informatics, and then provides general information on contextual security models and the Mitre-managed Common Vulnerabilities and Exposures (CVE) data repository and its applicability to business security. This is followed by methods to find sensitive data on business websites, and a section on vulnerability management.

The project plan was to use a CS2 class during two 50-minute sessions to see if the students’ intelligence and security informatics learning was enhanced. Students were organized in two- or three-person teams and given over 150,000 lines of CVE data and various code examples. They were to write a program in Java to input the data, eliminate any “RESERVED,” search data for items beginning with capital letters and create an entry for every different finding, sort the material in a binary tree, save the top 100 instances, and create a graphical user interface (GUI) that would display the data found.

The author lists six primary objectives that he expected the students to achieve, but he based student achievement on seven somewhat different items: completed binary tree; made tree generic; tested binary tree; used regular expressions; provided unified modeling language (UML) diagram; used priority queue; and included GUI. The success rate ranged from one team that completed all tasks to one that completed only one task, with the rest scattered between.

This project seemed to me to be more of a complicated exercise in Java programming since only one or possibly two of the six objectives were related to learning intelligence and security informatics, with no method or attempt to evaluate relevant student learning. There are also grammatical errors in the written material.