review-article

An exploration of the current state of information assurance education

Authors:

Stephen Cooper,

Christine Nickell,

Victor Piotrowski,

Brenda Oldfield,

E. K. Hawthorne,

Lance C. Pérez,

Charles Pfleeger,

Richard Raines,

Joel BrynielssonAuthors Info & Claims

ACM SIGCSE Bulletin, Volume 41, Issue 4

Pages 109 - 125

https://doi.org/10.1145/1709424.1709457

Published: 18 January 2010 Publication History

Abstract

Information Assurance and computer security are serious worldwide concerns of governments, industry, and academia. Computer security is one of the three new focal areas of the ACM/IEEE's Computer Science Curriculum update in 2008. This ACM/IEEE report describes, as the first of its three recent trends, "the emergence of security as a major area of concern." The importance of Information Assurance and Information Assurance education is not limited to the United States. Other nations, including the United Kingdom, Australia, New Zealand, Canada, and other members from NATO countries and the EU, have inquired as to how they may be able to establish Information Assurance education programs in their own country.

The goal of this document is to explore the space of various existing Information Assurance educational standards and guidelines, and how they may serve as a basis for helping to define the field of Information Assurance. It was necessary for this working group to study what has been done for other areas of computing. For example, computer science (CS 2008 and associate-degree CS 2009), information technology (IT 2008), and software engineering (SE 2004), all have available curricular guidelines.

In its exploration of existing government, industry, and academic Information Assurance guidelines and standards, as well as in its discovery of what guidance is being provided for other areas of computing, the working group has developed this paper as a foundation, or a starting point, for creating an appropriate set of guidelines for Information Assurance education. In researching the space of existing guidelines and standards, several challenges and opportunities to Information Assurance education were discovered. These are briefly described and discussed, and some next steps suggested.

References

[1]

Computing Curricula 2005, The Overview Report (http://www.acm.org/education/education/curric_vols/CC2005-March06Final.pdf)

[2]

Information Technology 2008, Curriculum Guidelines for Undergraduate Degree Programs in Information Technology (http://www.acm.org//education/curricula/IT2008%20Curriculum.pdf)

[3]

Computer Science 2008, An Interim Revision of CS 2001 (http://www.acm.org//education/curricula/ComputerScience2008.pdf)

[4]

Software Engineering 2004, Curriculum Guidelines of Undergraduate Degree Programs in Software Engineering (http://sites.computer.org/ccse)

[5]

Computing Curriculum 2001 (http://www.acm.org/education/curric_vols/cc2001.pdf).

[6]

Samuel T. Redwine, Jr., Editor. (2006). Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.0. US Department of Homeland Security, May.

[7]

http://www.swebok.org

[8]

The "CORE Body of Knowledge for Information Technology Professionals" (http://www.acs.org.au/ictcareers/index.cfm?action=show&conID=cbok3)

[9]

Report of the Task Force on the ACS Towards 2000, Australian Computer Society, November 1992.

[10]

Computing Curricula 2009: Guidelines for Associate-Degree Transfer Curriculum in Computer Science. http://www.acmtyc.org/WebReports/CSreport/

[11]

ACM Education Curriculum Recommendations. http://www.acm.org/education/curricula-recommendations

[12]

ACM TYCEC Curriculum, Assessment, and Pedagogy repository. http://www.capspace.org/

[13]

NSA list of CSEs http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml

[14]

SFS program solicitation http://www.nsf.gov/funding/pgm_summ.jsp?pims_id=5228

[15]

IASP program description http://www.defenselink.mil/cionii/sites/iasp/

[16]

NSA IASP program requirements http://www.nsa.gov/ia/academic_outreach/nat_cae/cae_iae_program_criteria.shtml

[17]

National Training Standard for Information Systems Security Professionals http://www.cnss.gov/Assets/pdf/nstissi_4011.pdf

[18]

NIST 800-16 Standard http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf

[19]

DoD 8570 Directive http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

[20]

DHS EBK http://www.us-cert.gov/ITSecurityEBK/EBK2008.pdf

[21]

ISO 17024 Standard http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=29346

[22]

IFIP WG 11.8 homepage http://www.118.ifip.info/

[23]

IFIP TC11 WB 11.8 Information Security Education, Proceedings WISE 2, 2nd World Conference Information Security Education, Edith Cowan University, Perth, Western Australia, July 12-14, 2001.

[24]

http://ftp.fas.org/irp/offdocs/pdd/pdd-63.htm

[25]

http://www.cnss.gov/

[26]

J. Ryan and C Schou (2004) On Security Education, Training and Certifications. Information Systems Control Journal. Volume 6.

[27]

http://www.sans.org

[28]

http://www.isc2.org

[29]

http://www.abet.org

[30]

http://www.qaa.ac.uk/reviews/ELIR/GoodPractice/InternalSubjectELIR.pdf

[31]

http://www.qaa.ac.uk

[32]

http://www.ed.gov

[33]

http://www/auqa.edu.au/

[34]

http://www.aacsb.edu/accreditation/

[35]

http://www.csab.org/

[36]

C. Schou, W. Maconachy, et al. (1993). Organizational Information Security: Awareness, Training and Education to Maintain System Integrity. In Proceedings of the Ninth International Computer Security Symposium. Toronto, Canada.

Digital Library

[37]

B. E. Mullins, T. H. Lacey, R. F. Mills, J. M. Trechter, and S. D. Bass. (2007) How the cyber defense exercise shaped an information-assurance curriculum. IEEE Security & Privacy, 5(5):40--49, Sept.- Oct.

Digital Library

[38]

http://www.hsv.se/

[39]

http://csrc.nist.gov/groups/SMA/fisma/index.html

[40]

L. Hoffman (1974). Course outline for computer security and privacy. SIGCSE Bull. 6, 3 (Sep. 1974), 13--17.

Digital Library

Cited By

Resch C(2023)Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science CoursesProceedings of the 2023 ACM Conference on International Computing Education Research - Volume 210.1145/3568812.3603465(87-91)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3568812.3603465
Payne BCigularova DCostanzo JDas SMann MPerez K(2021)Impact of Articulation Agreements on Student Transfer between Higher Education Institutions: A Case Study of a Cybersecurity ProgramCommunity College Journal of Research and Practice10.1080/10668926.2021.188700746:8(573-588)Online publication date: 17-Feb-2021
https://doi.org/10.1080/10668926.2021.1887007
Hao JHan G(2020)On the Modeling of Automotive Security: A Survey of Methods and PerspectivesFuture Internet10.3390/fi1211019812:11(198)Online publication date: 16-Nov-2020
https://doi.org/10.3390/fi12110198
Show More Cited By

Index Terms

An exploration of the current state of information assurance education
1. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education
        Information science education

Recommendations

Information assurance education in two- and four-year institutions
ITiCSE-WGR '11: Proceedings of the 16th annual conference reports on Innovation and technology in computer science education - working group reports

The 2011 ITiCSE working group on information assurance (IA) education examined undergraduate curricula at the two- and four-year levels, both within and outside the United States (US). A broad set of two-year IA degree programs were examined in order to ...
Towards information assurance (IA) curricular guidelines
ITiCSE-WGR '10: Proceedings of the 2010 ITiCSE working group reports

Information assurance and information security are serious worldwide concerns. Computer security is one of the three new focal areas of the ACM/IEEE's Computer Science Curriculum update in 2008. This ACM/IEEE report describes, as the first of its three ...
Integration of information assurance and security into the IT2005 model curriculum
SIGITE '05: Proceedings of the 6th conference on Information technology education

In this paper we present the context of the work of the Curriculum Committee on IT2005, the IT curriculum volume described in the Overview Draft document of the Joint Task Force for Computing Curriculum 2004. We also provide a brief introduction to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCSE Bulletin

ACM SIGCSE Bulletin Volume 41, Issue 4

December 2009

205 pages

ISSN:0097-8418

DOI:10.1145/1709424

Issue’s Table of Contents

Copyright © 2010 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 January 2010

Published in SIGCSE Volume 41, Issue 4

Check for updates

Author Tags

Qualifiers

Review-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
1,418
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)4

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Resch C(2023)Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science CoursesProceedings of the 2023 ACM Conference on International Computing Education Research - Volume 210.1145/3568812.3603465(87-91)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3568812.3603465
Payne BCigularova DCostanzo JDas SMann MPerez K(2021)Impact of Articulation Agreements on Student Transfer between Higher Education Institutions: A Case Study of a Cybersecurity ProgramCommunity College Journal of Research and Practice10.1080/10668926.2021.188700746:8(573-588)Online publication date: 17-Feb-2021
https://doi.org/10.1080/10668926.2021.1887007
Hao JHan G(2020)On the Modeling of Automotive Security: A Survey of Methods and PerspectivesFuture Internet10.3390/fi1211019812:11(198)Online publication date: 16-Nov-2020
https://doi.org/10.3390/fi12110198
Asghar MLuxton-Reilly AZhang JSherriff MHeckman SCutter PMonge A(2020)A Case Study of a Cybersecurity ProgrammeProceedings of the 51st ACM Technical Symposium on Computer Science Education10.1145/3328778.3366918(16-22)Online publication date: 26-Feb-2020
https://dl.acm.org/doi/10.1145/3328778.3366918
Paul PBhuimali AAithal PRajesh R(2019)Vulnerability in Information Technology and Computing- A Study in Technological Information AssuranceInternational Journal of Management, Technology, and Social Sciences10.47992/IJMTS.2581.6012.0074(87-94)Online publication date: 19-Nov-2019
https://doi.org/10.47992/IJMTS.2581.6012.0074
Parrish AImpagliazzo JRaj RSantos HAsghar MJøsang APereira TStavrou ERößling GScharlau B(2018)Global perspectives on cybersecurity education for 2030: a case for a meta-disciplineProceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education10.1145/3293881.3295778(36-54)Online publication date: 2-Jul-2018
https://dl.acm.org/doi/10.1145/3293881.3295778
Kalyanam RYang BZilora SAyers TBogaard D(2017)Try-CybSIProceedings of the 18th Annual Conference on Information Technology Education10.1145/3125659.3125683(41-46)Online publication date: 27-Sep-2017
https://dl.acm.org/doi/10.1145/3125659.3125683
Knowles WSuch JGouglidis AMisra GRashid A(2017)All That Glitters Is Not GoldComputer10.1109/MC.2017.445122650:12(60-71)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.1109/MC.2017.4451226
Weiss RLocasto MMache JAlphonce CTims JCaspersen MEdwards S(2016)A Reflective Approach to Assessing Student Performance in Cybersecurity ExercisesProceedings of the 47th ACM Technical Symposium on Computing Science Education10.1145/2839509.2844646(597-602)Online publication date: 17-Feb-2016
https://dl.acm.org/doi/10.1145/2839509.2844646
Brynielsson JFranke UAdnan Tariq MVarga S(2016)Using cyber defense exercises to obtain additional data for attacker profiling2016 IEEE Conference on Intelligence and Security Informatics (ISI)10.1109/ISI.2016.7745440(37-42)Online publication date: Sep-2016
https://doi.org/10.1109/ISI.2016.7745440
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents