Blending Information Systems Security and Forensics Curricula

Similar documents
Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

PIONEER TRAINING INSTITUTE

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

School of Engineering & Built Environment

SCHOOL OF APPLIED HANDS ON. HIGH VALUE. TECHNOLOGY LIVE AND ONLINE COURSES

BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

CYBERSECURITY: Scholarship and Job Opportunities

Information Systems and Tech (IST)

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Prof.Dr. Sotiraq Dhamo Doc. Julian Naqellari The University of Tirana Accounting Department

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

Course Specifications M. Tech. / PG Diploma Programme

Building the Cybersecurity Workforce. November 2017

College Of. Technological Innovation

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK. Department of Economics and Business. Curriculum Change

Apprenticeships CYBER SECURITY ADVANCED TO TECHNICAL MODERN APPRENTICESHIP FROM NQ-LEVEL TO SKILLED SECURITY ENGINEER

The fast track to top skills and top jobs in cyber. Guaranteed.

COMPUTER FORENSICS (CFRS)

IIT SCHOOL. Of APPLIed. Hands on. HigH value. technology. live and online CoURses

BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY

Academic Reference Standards (ARS) for Electronics and Electrical Communications Engineering, B. Sc. Program

Department of Business Information Technology

Bachelor of Information Technology (Network Security)

College Catalog ERRATA Sheet

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

Initial CITP and CSci (partial fulfilment). *Confirmation of full accreditation will be sought in 2020.

Bachelor of Applied Science Degree IT NETWORKING

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

INF - INFORMATION SCIENCES

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Accounting Ethics and Auditing

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Course Information

MASTER OF SCIENCE IN COMPUTER SCIENCE

Security in Today s Insecure World for SecureTokyo

The Information Technology Program (ITS) Contents What is Information Technology?... 2

Academic Program Review Cyber Security College of Southern Nevada 2017

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Bachelor of Science Information Studies School of Information Program Summary

E-guide Getting your CISSP Certification

Updated with information about the new certificate programs THE KU MSIT HANDBOOK 1

See Course and Program Development Policy and Procedures Iwww.ubalt.edu/Provostl for instructions. C5)PROGRAM ACTIONS. Original Program ntle:

MLIS eportfolio Guidelines

ROJECT ANAGEMENT PROGRAM AND COURSE GUIDE

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

ENGINEERING AND TECHNOLOGY MANAGEMENT

PROGRAMME SYLLABUS Information Architecture and Innovation (Two Years), 120

STUDENT AND ACADEMIC SERVICES

NCSF Foundation Certification

Developing Career-Relevant Academic Programs

USER EXPERIENCE DESIGN (UXD)

Construction and Property

Security and Privacy Governance Program Guidelines

Descriptions for CIS Classes (Fall 2017)

Master of Science (MS) in Information Assurance and Cybersecurity with a specialization in. Health Care Security

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Atlantic Bylaw Officers Association

How to Become a CMA (Certified Management Accountant) May 10, 2017

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

Master of Science (MS) in Information Assurance and Cybersecurity with a specialization in. Digital Forensics

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Management Information Systems

Overview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Programme Specification

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

STATE OF NORTH CAROLINA

Opportunities to Integrate Technology Into the Classroom. Presented by:

Academic Program Review Networking College of Southern Nevada 2017

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Health Education Community Health Education

INFORMATION TECHNOLOGY (IT)

High School Course Guide

Strengthening Capacity in Cyber Talent sans.org/cybertalent

MSc Computing and Technology (Part-Time)

Media Kit. California Cybersecurity Institute

BSc (Honours) Computer Science Curriculum Outline

CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

After advertising for the program, applicants will go through the following process: 1- Fill the application form before the specified deadline.

ACCOUNTING. Iowa State University

Implementing a National Strategy : the case of the Tunisian CERT

Computer Information Science xxx

Certified Cyber Security Analyst VS-1160

High School Course Guide Information Technology

PROGRAMME SPECIFICATION

Associate in Science and Bachelor of Science in Information Technology

QUALITY IMPROVEMENT PLAN (QIP) FOR THE CONSTRUCTION MANAGEMENT DEGREE PROGRAM

School of Engineering & Built Environment

Cybersecurity and the Board of Directors

Bachelor of Information Technology

New York State Teacher Certification Process

BSc/MSci Professional Accounting in Business Programme Structure

Transcription:

Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2012 Proceedings Midwest (MWAIS) 5-2012 Blending Information Systems Security and Forensics Curricula Jason Ferguson Friends University, jason_ferguson@friends.edu Follow this and additional works at: http://aisel.aisnet.org/mwais2012 Recommended Citation Ferguson, Jason, "" (2012). MWAIS 2012 Proceedings. 2. http://aisel.aisnet.org/mwais2012/2 This material is brought to you by the Midwest (MWAIS) at AIS Electronic Library (AISeL). It has been accepted for inclusion in MWAIS 2012 Proceedings by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact elibrary@aisnet.org.

Blending Information Systems Security and Forensics Curricula Jason Ferguson Friends University Jason_Ferguson@friends.edu ABSTRACT This paper describes the process of developing an Information Security and Forensics curriculum for a master s degree. The vision for this degree program is to offer a curriculum that differentiates Friends University in the marketplace from established security degrees by including courses in computer forensics. These are courses rarely seen in a security degree but supported by the regional marketplace that the university serves. Keywords Information Security, Forensics, Information Systems, Security Curriculum. INTRODUCTION Security for businesses of any size is of critical importance. A security incursion can shut down a company s most important operations, causing a loss in productivity, jeopardizing data integrity, negatively affecting revenue, and disrupting work communications (Ketel, 2008). Recent reports from Google on malware-infested smartphone applications and phishers using their cloud-based systems to conduct cyber-attacks underpin the reality that hackers are becoming more sophisticated (Garber, 2011). Even with a cursory review of news sources, it is difficult not to notice there is an abundance of security, privacy, and policy issues in the headlines on a daily basis. Furthermore, the continued volume of such reported security incidents has raised an important question within Friends University s Masters of Information Systems Program: How can this current program at Friends University evolve so that students can be skilled computer security professionals who are capable of reducing vulnerabilities in information systems? About Friends University Friends University is a 3000 student, private liberal arts university located in Wichita, Kansas, the largest metropolitan city in Kansas (Friends University, 2012). Its graduate school offers 12 Masters Degrees. Of these 12 degrees, the Masters of Management Information Systems (MMIS) is a 12 course, 36 credit hour degree program. Since 2005, the enrollment in the MMIS program has remained steady despite curricula changes. A goal of the graduate school is to enhance its ability to recruit students and expand the pool of potential students interested in an information systems related masters degree. FOCUS GROUP INTERVIEW Developing a curriculum for an information systems related discipline requires an analysis of the workforce needs and that sufficient faculty are available, with the proportionate academic and professional qualifications to fulfill the student needs. With no readily available market study, a decision was made to form a focus group to obtain a measure of the workforce needs that could guide the needs analysis and development of a new degree program. Personal interviews were conducted with Information Technology and Computer Forensics professionals to gather their thoughts on the needs and purpose of a security and forensics education. The demographic of the focus group included professionals from academia, criminal justice, and law enforcement (local, state, and federal), and military sectors all working in forensic, security, or cyber security roles. Proceedings of the Seventh Midwest Association for Information Systems Conference, Green Bay, Wisconsin, May 18-19, 2012 1

Listed below in Table 1 is the theme of the questions asked during the interview session. These interviews were conducted in a group setting. 1. Looking back at the higher education you received, what do you wish you had learned? 2. What do you see as the future needs of your profession? 3. What are the intrinsic rewards of your career? 4. In your opinion, what are the characteristics of a successful person for this type of degree? 5. What is your opinion on the best method to stay current in this dynamic industry? Table 1. Interview Questions The focus group agreed that the need for educational offerings in information security and forensics is well documented (Dhillon & Hentea, 2005). In addition, the focus group shared that within the industries they represented, there were strategic plans taking shape that included increases or creation of job positions that would require education in the areas of information security and/or forensics. In addition, the focus group determined that there are a number of bachelor, masters, and doctoral programs in information security, computer forensics, and computer security and information assurance, but there are no such programs offered within the regional demographic area that Friends University serves. Table 2 contains a few of the most compelling statements made by focus group members: 1. The demand currently outweighs the supply of skilled, qualified, and possibly certified computer experts in the area of forensics and security. 2. Employees with education in information security and/or forensics are needed in law enforcement, state and local government agencies, military, and corporate environments essentially any facility that utilizes computers. 3. Graduates will be in demand, especially those who have availed themselves of a technical, handson, well-rounded education with curriculum in computer information security, networking, psychology, accounting, business, and criminal justice. Table 2. Interview Results One of the goals was to ensure that the degree would be a differential in the marketplace from established security degrees by including courses in computer forensics, courses rarely seen in a security degree but supported by the market needs identified by the focus group research. In addition, with this diversification of curriculum offerings, the recruitment potential would appeal to a wider audience. A mapping of the focus group recommendations to the selection of new courses that will provide the topical concentration with added research concentration in the areas of information security and forensics for the new degree program are presented in Table 3. FACULTY QUALIFICATIONS The starting point for determining the needed faculty qualifications to oversee the new degree program started with examining the existing graduate school s policy on faculty qualifications. The policy on faculty qualifications states, A faculty member in the Graduate School holds a doctoral degree or a terminal master degree for disciplines in which a terminal master degree is the highest degree awarded. Alternatively, faculty members may be employed based on equivalent professional experience. Currently, two full-time faculty members are available to teach in the new program. The experience of these existing faculty members covers a range of topics in the information systems discipline, including extensive theoretical preparation in information security and forensics, but limited industry experience in those specific areas. As a consequence of this situation, the University in the short-term will rely largely on adjunct faculty with real-world experience and professional certifications to fill this gap. Proceedings of the Seventh Midwest Association for Information Systems Conference, Green Bay, Wisconsin, May 18-19, 2012 2

PROGRAM CURRICULUM DEVELOPMENT METHODOLOGY Vaughn, Dampier, and Warkentin (2004) advocate that there are three models for security related curricula: 1. Incorporate topics within existing courses 2. Integrate security into software engineering program 3. Create a degree focused on computer security In accordance with the approach adopted by Vaughn, the purpose of this paper is to extend the discussion of the latter option: creation of an Information Security and Forensics degree program. The specific focus on this research paper will be at a private liberal arts four year university within a graduate school. For a liberal arts institution such as Friends University, the primary objective is teaching and student learning. In addition, any new degree program must contribute to the overall goal of the university and the graduate school. There is an amount of practical pre-requisite conceptual knowledge, both basic and advanced information system-related, knowledge that students need to matriculate successfully into courses of study in information security and forensics. Instead of taking a forklift approach to the existing MMIS program and shelving the entire curricula, it was decided that a review of the curriculum should be completed with the goal being to identify which courses, if any, should be adopted for inclusion in the new degree program. After a collaborative review with faculty members and the focus group, it was determined there were seven existing courses in the MMIS curriculum that are relevant and will sufficiently support the pre-requisite knowledge students will need. The following courses were identified and adopted for the new degree program proposal: Research Methods in Information Systems (MIS 525) introduces students to applied research methodologies, analytical tools, and publication standards. Information Security and Policy Development (MIS 640) provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Data Communications and Networking (MIS 550) covers current communications and networking technology and addresses the strategic importance of communications and networking in the current business environment. Students will gain an in-depth understanding of network technologies and the way these technologies can be integrated to support the strategic IT mission of businesses. Special attention is paid to network topology, internetworking, TCP/IP, switching, and routing. Database Systems (MIS 580) provides experience in managing the design and development of database systems including fundamentals of database architecture and database applications. The focus of the IT Audit and Controls (MIS 575) is on understanding information controls, the types of controls and their impact on the organization, and how to manage and audit them. Project Management for Information Systems (MIS 625) assumes that project management in the modern organization is a complex team-based activity, where various types of technology are an inherent part of the project management process. The Research Project (MIS 690) course provides an opportunity for students to identify, research, develop, implement, and evaluate solutions for a complex problem within their chosen area of emphasis. Since the confines of a graduate degree at Friends University is 36 credit hours, the adoption of seven courses, 21 credit hours left a balance of five new courses, consisting of a total of 15 additional credit hours, that would need to be identified. Table 3 provides a mapping of the focus group recommendations to the selection of new courses that will provide the topical concentration with added research concentration in the areas of information security and forensics for the new degree program. Proceedings of the Seventh Midwest Association for Information Systems Conference, Green Bay, Wisconsin, May 18-19, 2012 3

Focus Group Recommendations Organizations are seeking skilled, qualified, and possibly certified computer experts in the area of forensics and security. Organizations are creating 5-10 year strategic plans to create cyber crime departments Consequently higher education institutions should to be responsive to this need. Graduates will be in demand, especially those who have availed themselves of a technical, hands-on, well-rounded education with curriculum in computer information security, networking, psychology, accounting, business, and criminal justice. New Course Selection Computer Forensics I (MIS 585) Computer Forensics II (MIS 595) Cyber Security (MIS 655) Network Security (MIS 535) Seminar in Information Security and Forensics (MIS 670) Table 3. Mapping of Focus Group Recommendations to New Course Selection Based on recommendations made by the focus group and faculty members, the following new courses will provide the topical concentration with added research concentration in the areas of information security and forensics for the new degree program: Computer Forensics I (MIS 585): This course covers both the principles and practice of digital forensics. Students will examine the societal and legal impact of computer activity including computer crime, intellectual property, privacy issues, and legal codes. The methods and standards for extraction, preservation, and deposition of legal evidence in a court of law are described. Computer forensics investigation techniques for collecting computer-related evidence at the physical layer from a variety of digital media and performing analysis at the file system layer is presented. Computer Forensics II (MIS 595): This course builds on the principles and practices presented in the Computer Forensics I course. Students will learn advanced concepts of computer forensics. Students will continue to develop competences in the forensic extraction of computer evidence at a logical level using a variety of operating systems and applications. Prerequisite: Computer Forensics I (MIS 585) with an earned grade of C or better. Network Security (MIS 535): Network security covers a broad area, including the security of devices that comprise the network infrastructure, the security of the traffic sent over that infrastructure, applications that utilize the network, the user community, and the policies that govern usage of that network. The course explores elements of network security architecture and design patterns are used to understand how these elements can be combined into an integrated design that effectively supports the security policies of the enterprise. Cyber Security (MIS 655): A study of cyber security that integrates knowledge gained through previous coursework and experience, and builds on that conceptual foundation through integrative analysis, practical application, and critical thinking. Students will gain a thorough understanding of the organizational roles that perform cyber security work as well as the management of those roles. Current and emerging issues in cyber security are considered. Prerequisite: Information Security and Policy Development (MIS 640) with an earned grade of C or better. Seminar in Information Security and Forensics (MIS 670): This course provides the framework for the introduction and research of current and emerging information security and/or computer forensics topics. Topics are driven by the dynamic nature of the information technology industry. STATUS OF DEGREE PROGRAM PROPOSAL In January 2012, the curriculum committee reviewed the new degree proposal and recommended that the proposal be forwarded to the graduate school s Academic Council for consideration. The remaining checkpoints for this proposal are the Academic Council, University Academic Cabinet, and University President s Cabinet. The proposed timeline for obtaining approval of the proposed degree program is April 2012, with the first cohort of students starting in the spring term of 2013. CONCLUSION In this paper, an examination of Friends University s initial approach to creating a graduate curriculum that supports an Information Security and Forensic degree was presented. Our approach included an analysis of the workforce needs and the Proceedings of the Seventh Midwest Association for Information Systems Conference, Green Bay, Wisconsin, May 18-19, 2012 4

faculty qualifications required to teach and oversee the program. One unique aspect of our approach is the usage of focus group interviews of professionals from academia, criminal justice and law enforcement (local, state, and federal), and military sectors all working in forensic, security, or cyber security roles. The curricular components of this degree program address both the pre-requisite conceptual knowledge and topical concentration with added research concentration in the areas of information security and forensics that will meet the workforce needs. REFERENCES 1. Dhillon, H., Hentea, M. (2005). Getting a cybersecurity program started on low budget, Proceedings of the 43rd Annual Southeast Regional Conference, March18 20, Kennesaw, GA, USA, Vol. 1, ACM, 294-300. 2. Friends University. (2012). About Friends, Retrieved February 5, 2012, from http://www.friends.edu/about-friends 3. Garber, L. (2011). News Briefs, IEEE Security and Privacy, 9, 5, 13-15. 4. Ketel, M. (2008). IT security risk management, Paper presented at the 46th Annual Southeast Regional Conference, Auburn, AL. 5. Vaughn, R., Dampier, D., and Warkentin, M. (2004). Building an information security academic program, Proceedings of the 1st Annual Conference on Information Security Curriculum Development, New York, NY, USA, ACM, 41-45. Proceedings of the Seventh Midwest Association for Information Systems Conference, Green Bay, Wisconsin, May 18-19, 2012 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback