Cybersecurity Educational Standards

Similar documents
Toward Curricular Guidance in the Cyber Sciences

Cyber Security at NSU

Proposed Education & Workforce Development Plan for FY2015. Education & Workforce Development Work Group Andrew Turner November 2014

This report describes the preliminary findings from the first year of a twoyear. pilot study conducted between Union County College (UCC) and Stevens

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Sabbatical Leave Application

An Analysis of Academic Background Factors and Performance in Cyber Defense Competitions

How To Train On Information Security

UNM Information Assurance Scholarship for Service (SFS) Program

Meeting the CAE IA/CD Knowledge Units Requirements for the Polytechnic University of Puerto Rico

Building a Cybersecurity Workforce with Remote Labs

in Information Security and Assurance

In Response to Section 942 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law ) Terry Halvorsen DoD CIO

Computer Security Courses/Programs

Cyber Education: A Multi-Level, Multi-Discipline Approach

Learn About Computer Network Security - A Review

Goal. Vision. CAE 2Y Program Eligibility and Summary

Goal. Vision. CAE IA/CD Program Eligibility and Summary

Building a Successful Cyber-security Program

Cyber Innovation and Research Consortium

Information Systems Education Journal

Department of Computer Science and Information Systems

ONLINE BACHELOR DEGREE PROGRAMS

ARTICULATION AGREEMENT Community College of Baltimore County Associates Degree in Criminal Justice. and

Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid

Cybersecurity High School and Beyond

ARTICULATION AGREEMENT Carroll Community College Associate of Science Degree in Forensic Science. and

Toward Curricular Guidelines for Cybersecurity. Report of a Workshop on Cybersecurity Education and Training

College of Business. Role and Mission. Idaho Falls Programs. EITC/Idaho State University Program. Undergraduate Curriculum Learning Goals.

Transfer Agreement Fort Hays State University: B.S. in Information Systems Engineering (ISE)

Just Say No to Teaching Ethical Hacking

University of Maryland University College: Master of Science in Digital Forensics and Cyber Investigation

AC : DEVELOPMENT AND IMPLEMENTATION OF A MASTERS PROGRAM IN COMPUTER INFORMATION TECHNOLOGY

CURRICULUM VITAE EXPERIENCE

UNO COLLEGE OF INFORMATION SCIENCE & TECHNOLOGY

FORENSIC SCIENCE EDUCATION PROGRAMS ACCREDITATION COMMISSION. FEPAC Computing and Information Science Technology. Call for Comments September 2015

Information Systems Technology & Cybersecurity Programs

PA State System of Higher Education Board of Governors

How To Become A Cybersecurity Consultant

Curriculum Committee Meeting Approved March 20, 2014

ARTICULATION AGREEMENT

ACADEMIC AFFAIRS COUNCIL ******************************************************************************

Bachelor of Applied Arts and Sciences

Computer Science & Information Security (BS) Program Learning Assessment Assessment Period

Interdisciplinary Program in Information Security and Assurance. By Kossi Edoh NC A&T State University Greensboro

Computer Science at James Madison University

University Mission School Mission Department Mission Degree Program Mission

Erik Jonsson School of Engineering and Computer Science Interdisciplinary Programs

Homeland Security Education: The Current State. The Naval Postgraduate School, Center for Homeland Defense and Security

IA Degree Programs with Course Descriptions for Sixteen Community Colleges and Two Universities

David Keathly University of North Texas

MASTER OF SCIENCE IN EDUCATION AND CERTIFICATION OPTIONS

How To Transfer From Bcmd.Edu To A Bmd.Org

Union County College Faculty Curriculum Committee. New Program Proposal Form

s,~ Interim Vice President for Academic Affairs

DESIGNING WEB LABS FOR TEACHING SECURITY CONCEPTS ABSTRACT

Computer Science Curriculum Revision

Timely Completion at the University of New Mexico: Excessive Credits and Baccalaureate Degree Program Minimums

School of Business and Leadership Dr. Anita Underwood, Dean

Erik Jonsson School of Engineering and Computer Science

ARTICULATION AGREEMENT Harford Community College Associate Degree in Criminal Justice. and

Cyber Security in the Nuclear Age. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C.

COMPUTER SECURITY EDUCATION

Transcription:

Cybersecurity Educational Standards Stephen Cooper, Stanford University Elizabeth Hawthorne, Union County College Lance C. Pérez, University of Nebraska - Lincoln Susanne Wetzel, Stevens Institute of Technology

Background In response to the White House s 60-day Cybersecurity Review, information assurance (IA) education assumed renewed priority at DHS, NSA, and NSF o DHS interested in an Essential Body of Knowledge (www.us-cert.gov/itsecurityebk/) o NSA/DHS co-owners of the CAE designation o DoD Information Assurance Scholarship Program o NSF Scholarship For Service Program Fundamental Question o Are U.S. IA educational programs sufficient to meet the emerging needs of industry or government?

Additional Questions Is the CAE/IAE designation appropriate for all institutions offering IA educational programs? What is the source and history of IA training and educational efforts? Is there enough coherence between existing IA educational efforts to consider developing a BoK? What is the variety of IA degree programs at different institutions (2-year, 4-year, graduate)?

ITiCSE Working Groups working group o term used by ITiCSE for small groups examining a particular question o different from standards working groups, e.g., ACM, IEEE, ANSI, NIST, etc. NSF funded a series of three working groups : o ITiCSE 2009 An Exploration of the Current State of Information Assurance Education o ITiCSE 2010 Towards Information Assurance (IA) Curricular Guidelines o ITiCSE 2011 Information Assurance Education in Two and Four-Year Institutions

2009 ITiCSE

Members Steve Cooper, leader Christine Nickel, coleader Victor Piotrowski Brenda Oldfield Ali Abdallah Matt Bishop Bill Caelli Melissa Dark Elizabeth Hawthorne Lance Hoffman Lance C. Pérez Charles Pfleeger Richard Raines Corey Schou Joel Brynielsson

Charge Explore and document the space of various existing IA educational standards and guidelines Examine these standards and guidelines in the context of other curricular guidelines in computing

Some Documents Examined Information Technology 2008, Curriculum Guidelines for Undergraduate Degree Programs in Information Technology http://www.acm.org//education/curricula/it2008%20curriculum.pdf Computer Science 2008, An Interim Revision of CS 2001 http://www.acm.org//education/curricula/computerscience2008.pdf Software Engineering 2004, Curriculum Guidelines of Undergraduate Degree Programs in Software Engineering http://sites.computer.org/ccse Computing Curriculum 2001 http://www.acm.org/education/curric_vols/cc2001.pdf Samuel T. Redwine, Jr., Editor. (2006). Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.0. US Department of Homeland Security, May The CORE Body of Knowledge for Information Technology Professionals http://www.acs.org.au/ictcareers/index.cfm?action=show&conid=cbok3 Report of the Task Force on the ACS Towards 2000, Australian Computer Society, November 1992 Computing Curricula 2009: Guidelines for Associate-Degree Transfer Curriculum in Computer Science http://www.acmtyc.org/webreports/csreport/ ACM Education Curriculum Recommendations. http://www.acm.org/education/curricula-recommendations ACM TYCEC Curriculum, Assessment, and Pedagogy Repository http://www.capspace.org/ CAE Program Requirements http://www.nsa.gov/ia/academic_outreach/nat_cae/cae_iae_program_criteria.shtml National Training Standard for Information Systems Security Professionals http://www.cnss.gov/assets/pdf/nstissi_4011.pdf NIST 800-16 Standard http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf DoD 8570 Directive http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf DHS EBK http://www.us-cert.gov/itsecurityebk/ebk2008.pdf ISO 17024 Standard http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=29346

Outcomes Historical context for IA Review of assessment and accreditation practices of current education IA is a discipline in its own right

Findings Need for governing body (e.g., ACM or IEEE) to develop educational guidelines (2-year, 4-year and graduate levels) Facilitation of articulation from the lower academic division (associate degree) into the upper academic division (baccalaureate degree) Government, industry and academia must work together to increase the IA faculty pipeline

2010 ITiCSE Towards Information Assurance (IA) Curricular Guidelines

Members Steve Cooper, leader Christine Nickell, coleader Lance C. Pérez, coleader Brenda Oldfield, coleader Joel Brynielsson Asım Gençer Gökce Beth Hawthorne Karl Klee Andrea Lawrence Susanne Wetzel

Charge Explore the feasibility of defining a body of knowledge (BoK) for IA education Demonstrate the feasibility of defining appropriate and comprehensive student learning outcomes for a sample subject in the proof-of-concept BoK for IA education

Starting Point Survey: o Based on the ten CISSP knowledge domains o Sent to all CAE-IAE/CAE-R/CAE2Y institutions during CISSE and left open up to ITiCSE 2010 o Approximately 30 responses

Survey of IA Areas Fundamental Concepts Cryptography Security Ethics Security Policy Digital Forensics Access Control Security Architecture and Systems Network Security Risk Management Attacks/Defenses Secure Software Design and Engineering Operational Issues

Survey results oareas comprehensive Outcomes osome differences (current vs. ideal): Increase: Ethics; Policy; Digital Forensics; Secure Software Design and Engineering Decrease: Network Security; Attacks/Defense; Access Control ooperational Issues was absorbed into other areas

Outcomes Continued Determined sample subjects within each area of the proof-of-concept BoK, e.g., o Secure Software Design and Engineering Secure Software Specification Secure Coding Secure Testing Program verification and simulation Language-based Security Secure Design Maintenance

Outcomes Continued Sample description for sample subject Secure Coding based on student learning outcomes: Detailed description of topics: Quick definition Key principles Examples/common issues Use verbs from Bloom s Taxonomy (from AS CS Degree Transfer document) to specify learning outcomes Categorize outcomes as core or elective Add assessment rubric for learning outcomes Mapping of outcomes to topics

Findings International community should define a BoK based on student learning outcomes International community should define location of programs w.r.t. various disciplines International community should define pathways, especially between 2-year colleges and 4-year institutions

2011 ITiCSE IA Education at Two- and Four-Year Institutions

Members Lance C. Pérez, leader Stephen Cooper, co-leader Elizabeth Hawthorne, coleader Susanne Wetzel, co-leader Joel Brynielsson Asım Gençer Gökce John Impagliazzo Youry Khmelevsky Karl Klee Margaret Leary Amelia Philips Norbert Pohlman Blair Taylor Shambhu Upadhyaya

Charge Identify examples of undergraduate IA curricula two- and four-year level both within and outside the U.S. Identify articulation challenges Provide recommendations for moving forward

IA Education Outside the U.S. Few equivalent to U.S. associate-degree programs Most IA programs reside at the post-graduate level Examined 7 baccalaureate degree programs

Non-U.S. Bachelor Degree Programs Country Institution Bachelor Program Title Canada Seneca Informatics and Security Germany Bochum IT Security Germany Offenburg IT Security Malaysia University of Technology Malaysia Computer Network Security Russia Moscow Institute of Physics and Technology (MFTI) PhysTech Informatics and Security Sweden Blekinge Security Engineering United Kingdom East London Information Security Systems

IA Education at 4-Year U.S. Colleges 73 CAE institutions offer baccalaureate degrees with IA concentration or minors 42 in CS departments 16 in CIS departments 6 in Security departments 5 in IT departments 4 in Informatics schools/departments 3 in Electrical and Computer Engineering departments 1 in Software Engineering department 1 in Criminal Justice department

Baccalaureate-degree Programs Examined Institution Degree Type Program Name Towson University (CAE/IAE) Kennesaw State University (CAE/IAE) Rochester Institute of Technology (CAE/IAE) Stevens Institute of Technology (CAE/IAE, CAE-R) BS BS BS BS Computer Science with a Security Track Information Security and Assurance Information Security and Forensics Cybersecurity Mercy College, New York BS Cybersecurity Pennsylvania College of Technology BS Information Technology University of Wilmington BS Computer and Network Security University of Texas, San Antonio (CAE/IAE, CAE-R) Oklahoma State University Institute of Technology BBA BT Infrastructure Assurance Information Assurance and Forensics

IA Education at 2-Year U.S. Colleges 16 programs examined o 14 AAS degree programs workforce-oriented o 2 AS degree programs transfer-oriented Combination of CAE2Y and non-cae2y

Associate-degree Programs Examined Institution Degree Type Program Name Owens Community College (CAE2Y) Anne Arundel Community College (CAE2Y) The Community College of Baltimore County (CAE2Y) Ashville Buncomb Technical Community College AAB AAS AAS AAS System Security and Information Assurance Information Assurance and Cybersecurity Information Systems Security Information Systems Security Craven Community College AAS Information Systems Security Gwinnett Technical College AAS Information Security Specialist Bossier Parish Community College AAS Northern Virginia Community College AAS Information Network Security Specialist Information Systems Technology with a Network Security

Associate-Degree IA Programs cont d Institution Whatcom Community College (CAE2Y) Degree Type Program Name AS Technical (not for transfer) Computer Information Systems with a Network Security concentration Highline Community College AAS Networking Specialist Highline Community College AAS Data Recovery/ Forensics Specialist Hagerstown Community College (CAE2Y) AAS Information Systems Technology with a Computer Forensics concentration Broome Community College AAS Computer Security and Forensics Oklahoma City Community College (CAE2Y) Oklahoma City Community College (CAE2Y) Harrisburg Area Community College AAS AS (for transfer) AS (for transfer) Computer Science Cyber/Information Security concentration Computer Science Cyber/Information Security University Parallel Computer Information Security

IA Education at 2-Year U.S. Colleges Two examples of AAS degrees o Network Security o Digital Forensics

AAS IA degree - Network Security (66 credits) Technical Ethics Network Security Fundamentals Digital Forensics Capstone General Education Supporting

Criminal Justice AAS IA degree - Digital Forensics (65 credits) Technical Digital Forensics Security Fundamentals Network Internship General Education Supporting

AS designed to transfer into BS Computer Science with a IA track (65 credits) Technical Computer Science Security Fundamentals Supporting General Education

Findings Articulation Challenges for AAS programs Insufficient math and science Level of technical courses Few AAS degree programs transfer into applied BS degree programs AS degree programs transfer into BS CS with IA track degree programs

Findings Continued Increasing variety of IA degree programs at each education level Articulation between 2-year and 4-year degree programs still challenging

Summary and Recommendations A sequence of three ACM ITiCSE working groups explored The history of IA education The feasibility of defining a BoK for IA The variety of IA degree programs in a broad international context IA community needs an international effort to define a set of educational guidelines

Work supported in part by the National Science Foundation under Grants DUE 1023963 and DUE 1139421. Any opinions, findings, and conclusion or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information