ABSTRACT
Information Security is a critical part of the technology infrastructure. A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum. The purpose of this paper is to present a case study on our approach to creating an undergraduate curriculum that will enhance existing degree programs in Computer Science and Information Technology to provide an increased awareness of Information Security concepts. Our rationale includes: research on existing Information Security programs, review of other Information Security curriculum development efforts, assessments and surveys of workforce needs in Information Technology pertaining to security, applying government directives, and the process of creating a curriculum to address the discovered gaps. Our approach is unique in its usage of surveys of Information Technology professionals, interviews with professionals, and a comprehensive survey of workforce needs in Information Security along with a review of other curriculum development efforts. From this case study, we will be able to suggest and define an Information Security curriculum that will best answer today's security challenges.
- Ross, Seth. (1999) Unix System Security Tools. Computer Security a Practical Definition. Available on March 12, 2004 at http://www.albion.com/security/intro-4.html]] Google ScholarDigital Library
- Khosla, Pradeep. (2003) Carnegie Mellon University Announces new degrees in Information Security to address needs of Government, Industry. Available on March 12, 2004http://www.ini.cmu.edu/academics/MSISTM/msistm_curricu.htm]]Google Scholar
- NSTSC (2003) National Strategy to Secure Cyberspace. A National Cyberspace Security Awareness and Training Program. p. 37 Available on March. 12, 2004 at http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf]]Google Scholar
- Information Security (Master of Science in Information Security Technology and Management - MSISTM). 13 Jan 2003. Carnegie Mellon University. Available on March 12, 2004 at http://www.ini.cmu.edu/academics/MSISTM/index.htm]]Google Scholar
- Master of Science in Computer Science Concentration in Information Security. James Madison University. Available on March 12, 2004 at http://www.infosec.jmu.edu/website/overview.htm]]Google Scholar
- Infosec Graduate Program. Purdue University. Available on March 12, 2004 at http://www.cerias.purdue.edu/education/graduate_program/]]Google Scholar
- Master of Science in Security Informatics. Johns Hopkins University. Available on March 12, 2004 at http://www.jhuisi.jhu.edu/education/index.html]]Google Scholar
- Master of Science degree program in Information Security and Assurance. George Mason University. Available on March 12, 2004 at http://www.isse.gmu.edu/ms-isa/]]Google Scholar
- Crowley, Ed. "Information System Security Curricula Development." Proceeding of the 4th conference on information technology curriculum on Information technology education. Oct 2003. Available on March 12, 2004 at portal.acm.org/]] Google ScholarDigital Library
- Dark, Melissa. Davis, Jim. "Report on Information Assurance Curriculum Development". The Center for Education and Research in Information Assurance and Security (CERIAS). Available on March. 12, 2004 at http://www.cerias.purdue.edu/education/post_secondary_edu cation/undergrad_and_grad/curriculum_development/information_assurance/]]Google Scholar
- Border Ph.D., Charles. Holden, Ed. "Security Education within the IT Curriculum". Proceeding of the 4th conference on information technology curriculum on Information technology education. Oct 2003. Available on March 12, 2004 at portal.acm.org/]] Google ScholarDigital Library
- Azadegan, S. Lavine, M. O'Leary, M. Wijesinha, A. Zimand, M. "An Undergraduate Track in Computer Security". ACM SIGCSE Bulletin, Proceedings of the 8th annual conference on Innovation and technology in computer science education, Volume 35 Issue 3. June 2003. Available on March 12, 2004 at portal.acm.org/]] Google ScholarDigital Library
- Yang, Andrew. "Computer Security and Impact on Computer Science Education". The Journal of Computing in Small Colleges, Proceedings of the sixth annual CCSC northeastern conference on The journal of computing in small colleges, Volume 16 Issue 4. April 2001. Available on March 12, 2004 at portal.acm.org/]] Google ScholarDigital Library
- Infosecurity Conference and Exhibition 2003. Available on March 12, 2004 at http://www.infosecurityevent.com/]]Google Scholar
- The Information Systems Security Association (ISSA)®. Available on March 12, 2004 at http://www.issa.org/]]Google Scholar
- The Open Web Application Security Project (OWASP). Available on March 12, 2004 at http://www.owasp.org/]]Google Scholar
- ICAT Metabase: A CVE Based Vulnerability Database. National Institute of Standards and Technology. Available on March 12, 2004 at http://icat.nist.gov/]]Google Scholar
- Information Assurance Curriculum and Certification: State of the Practice. Carnegie Mellon University. Available on March 12, 2004 at http://www.sei.cmu.edu/publications/documents/99.reports/99tr021/99tr021chap0chap02.html]]Google Scholar
- National Information Assurance Education and Training Program (NIETP). National Security Agency (NSA). Available on March 12, 2004 at http://www.nsa.gov/ia/academia/acade00001.cfm]]Google Scholar
- Awareness, Training, and Education Computer Resource Center (CSRC). National Institute for Standards and Technology (NIST). Available on March 12, 2004 at http://csrc.nist.gov/ate/]]Google Scholar
Index Terms
- Information security curriculum creation: a case study
Recommendations
The effect of a university information security survey on instruction methods in information security
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum developmentThis paper reports on the need for Information Security Awareness educational programs to supplement teaching in Information Security. The need for such a program is demonstrated by findings resulting from a survey of university faculty and staff at ...
Designing and teaching information security curriculum
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum developmentWith increasing interest by students and faculty in Information Security Curriculum, and increasing demand for information security professionals from industry, many institutions are beginning the task of creating a meaningful information security ...
Embedding information security curricula in existing programmes
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum developmentThere is a need for educators of information technology professionals to monitor the demands of the market and to adjust their programmes and curriculum accordingly. A number of universities and colleges have sought opportunities to extend their ...
Comments