The Information Assurance Curriculum at Mesa Community College Meeting the Challenges of the 21st Ce - PowerPoint PPT Presentation


PPT – The Information Assurance Curriculum at Mesa Community College Meeting the Challenges of the 21st Ce PowerPoint presentation | free to download - id: ad436-ODZjN


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

The Information Assurance Curriculum at Mesa Community College Meeting the Challenges of the 21st Ce


Two year- Associate Degrees programs in Network ... 45% pursuing the Associate Degree ... Associate in Applied Science (AAS) Degree in Information Assurance ... – PowerPoint PPT presentation

Number of Views:122
Avg rating:3.0/5.0
Slides: 52
Provided by: orisfr
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Information Assurance Curriculum at Mesa Community College Meeting the Challenges of the 21st Ce

The Information Assurance Curriculum at Mesa
Community College Meeting the Challenges of the
21st Century
  • 17th Annual
  • Federal Information Systems Security Education
    and Awareness Conference
  • Presenters
  • Dr. Pinny Sheoran, Director, Business Industry
  • Dr. Oris Friesen, Chair, Enterprise Advisory
  • Robert Samson, Faculty
  • Business and Industry Institute
  • Mesa Community College
  • March 11, 2004

  • Introduction
  • Critical Information Infrastructure Protection
  • Role of Community Colleges in providing
    Information Assurance education and training
  • Community College Programs
  • Mesa Community College(MCC) and the Business and
    Industry Institute (BII
  • Information Assurance Advisory Board
  • The Information Assurance Program at MCCs BII
  • Driving forces
  • Models adopted
  • The IA program
  • Focus on prevention
  • Network security
  • IA preparedness
  • Focus on detection
  • Cyber Forensics
  • Cyber Forensics Crime Center
  • Conclusion

Critical Information Infrastructure
  • In the world of today, nearly all critical
    infrastructures include a vital information
  • To adequately protect such critical
    infrastructures it is essential that the
    associated information infrastructure be
  • Homeland Security Initiatives
  • Focus on physical security
  • Dependencies on information Digital worlds
  • Focus on infra-structure
  • Basic resources- water, power, utilities,
  • Basic services health, safety, communication
  • Dependencies on data, information and networked
  • The first-responders
  • In addition to first-responders to provide
    physical protections
  • Silent first-responder backbone of IT workforce,
    need to be prepared for a cyber attack on
    supporting information infrastructures
  • Specialists needed in
  • Network Security
  • Information Assurance and
  • Cyber Forensics.

Role of Community Colleges
  • Extensive and well established presence in
    Workforce Initiatives
  • Frequently providing One-stop workforce
  • Extensive involvement in IT Education and
    certification programs through affiliations such
  • Microsoft IT Academies focused on certification
    preparation for Microsoft technologies
  • Cisco Networking Academies- preparing IT
    workforce for Cisco technologies
  • Oracle Academic Initiatives preparing workforce
    for Database technologies
  • CompTIA member partnerships in CompTIA
    Standards development, Apprenticeship programs
    such as NITAS (National Information technology
    Apprenticeship System).

Role of Community Colleges
  • Education and Training. Affordable alternatives
  • Why these partnerships
  • Focus on applied skills,
  • Nimble and flexible
  • Affordable services and programs for the
    workforce- new entrants, or re-trainees.
  • Ability to build capacity and capabilities, in
    teaching staff, curriculum and delivery services
  • Responsive to the constant changing nature of the
    Information technologies
  • Integral role of Community Colleges
  • Seen in their communities as the affordable
    solutions for life-long learning
  • Serving the communities interest in accessing
    affordable entrée into Higher Education for
    first in family going to College citizens.
  • Local, and state mandates to prepare workforce
    for the 21st Century jobs.

Mesa Community College Stepping Forward to meet a
Critical need
  • Mesa Community College
  • Located in Mesa Arizona,
  • One of the fastest growing cities in the
  • 3rd Largest city in Arizona (Phoenix and Tucson
    are the other 2 cities)
  • Population of over 400,000
  • Serves 32,000 full and part time students
  • Has 2 comprehensive campuses and 4 centers
  • One of 10 colleges that form the Maricopa County
    Community College District
  • District of 10 colleges serve the residents of
    Maricopa County with a population of
    approximately 3 million.
  • The 10 colleges enroll approximately 180,000 full
    and part-time students

Mesa Community Colleges Business and Industry
  • Mesa Community College is recognized in the state
    and nationally as a leader in many Community
    College initiatives, including Campus Compact,
    Leadership Academy and Its Business and Industry
  • The Business and Industry Institute
  • One of Mesa Community Colleges Centers
  • Focused on Industry partnerships
  • Provides workforce education and training
    specializing in IT
  • Has over two decades of success in creating and
    supporting partnerships with major technology
  • Motorola- and the Motorola University partnership
  • Cisco networking Academies and the Cisco Academy
    Training Center Partnership
  • Microsoft, Oracle, Novell, Sun Microsystems
  • Serves approximately 2000 Students enrolled in
  • Certification programs such as Cisco
    certifications, Security Certified Professionals,
    Oracle, Sun Microsystems Solaris or Java)
  • Two year- Associate Degrees programs in Network
    Administration, Information Assurance, Cyber
    forensics, Bioinformatics
  • Professional training workshops
  • Profile of students
  • 49 have at least a Bachelors Degree
  • 40 attending for re-training, or professional
  • 50 pursuing some form of Industry certification
  • 45 pursuing the Associate Degree

Business and Industry Institute Information
Assurance Program Driving Forces
  • Employer Interests in expanding skills of network
    and database administrators in Information
  • Community, Businesses and Industry express a need
  • Creation of the Information Assurance Advisory
  • Extending existing capacity and capabilities
  • Extensive offerings from entry to advanced level
    courses, certificates and degrees in
  • Network administration
  • Database administration
  • Current IT curriculum development work by Cisco,
    Sun Microsystems, Microsoft, expanded into
    Network Security
  • Availability of national models for developing
    curriculum and education programs
  • CompTIA
  • GIAC
  • SANS
  • SCP
  • Interest of faculty and college financial support
    for professional certification of faculty in
    areas of IT security

BII Information Assurance Program
  • The Enterprise Advisory Board Chair
  • Dr. Oris Friessen

Information Assurance Advisory Board
  • Formed in Fall 2002
  • An action-oriented results-focused group
  • Defined desired outcomes for IA program
  • Defined broad program outlines to encompass the
    desired outcomes
  • Diverse membership

Information Assurance Advisory Board
  • The Enterprise Advisory Board functions as a
  • between enterprises (private and public) and MCC
  • for the development of a technologically literate
    workforce in various domains
  • For the Information Assurance domain, it
  • Information Assurance Advisory Board
  • Model for goal-oriented collaborative curriculum
  • Business Industry Institute
  • Model for engagement of workforce employers

Information Assurance Advisory Board
  • Roles
  • Recommending committee
  • For content
  • Marketing
  • Employer needs
  • Project employment prospects for graduates
  • Input and influences
  • Assess existing programs
  • Develop broad program competencies, and exit
    credentials (Degree, Certificate)
  • Collaborate with faculty
  • To develop individual courses, and
  • Define scope and sequence of courses in Degree,

Information Assurance Advisory Board
  • The Players
  • Academia
  • Business Industry Institute of Mesa Community
  • Arizona State University (ASU) and ASU East
  • Industry, Industry Associations and Economic
    Development Organizations
  • Cyber Security Committee of the Arizona
    Telecommunications Information Council (ATIC)
  • InfraGard
  • Cisco Systems, Boeing, Honeywell, Intel
  • Small Businesses -- Computer Technical Services
  • CompTIA
  • Arizona Technology Council
  • Government Agencies
  • Arizona Department of Public Safety (DPS)
  • Arizona Government Information Technology Agency

Information Assurance Advisory Board
  • Created because of a perceived need for Cyber
    Security Education
  • Industry and Businesses
  • Recognized a need to get up to speed on security
    after 9/11
  • ATIC Launched Cyber Security Committee
  • Took Inventory of Existing Programs
  • Very little available
  • Recognized Need for New Local Cyber Security
    Education Programs
  • Sponsored Cyber Security Seminar at Intel
  • ATIC , ASU and BII partner to explore Academias
    involvement in Cyber Security Education
  • Leverage Existing BII Partnerships (e.g., Sun,
    Cisco, CompTIA)

Information Assurance Advisory Board
  • Defining Outcomes for the program in the broadest
    terms resulted in
  • Emphasis on Broad Topic of Information Assurance
  • IA encompasses those operations that
  • Protect and defend information and systems
  • Ensure their
  • Availability,
  • Integrity
  • Authentication
  • Confidentiality
  • Non-repudiation.
  • This includes providing for restoration of
    information systems by incorporating capabilities
  • Protection
  • Detection
  • Reaction

Information Assurance Advisory Board
  • Training and Education Programs in Existence in
    Fall 2002 in Arizona
  • Information Technology (IT)
  • Microsoft It Academies, Novell Academies
  • Network Administration
  • Cisco Networking Academies
  • Database Administration
  • Oracle academic initiatives
  • Very Little in Network Security and Nothing in
    Information Assurance

Information Assurance Advisory Board
  • Academic Activity- Where is the Action?
  • Universities
  • Limited workforce training activity
  • Private Institutions
  • High cost
  • Community College advantages
  • Leaders in partnering with technology companies
    to deliver training and education
  • Availability of a pool of industry certified
  • Quick to market
  • Committed to workforce development
  • Affordable

Information Assurance Advisory Board
  • Explored Models for curriculum development
  • GIAC certifications
  • Vendor based certifications
  • Cisco certifications
  • Microsoft certifications
  • Sun Microsystems
  • ISC2
  • ASIS
  • CompTIA

IA curriculum
CompTIA presented a Framework at the League For
Innovation at the Community Colleges conference
IA Curriculum
  • Adoption of the CompTIA framework
  • Domain Specific
  • Followed the GIAC certification as basis for
    identifying cores objectives for courses
  • Identified essential course-work specific to
    vendor technologies
  • Created a single course that would serve as the
    core required foundation for the IA program
  • Established completion of network certifications,
    or course work as pre-requisites

The Information Assurance (IA) Program at BII
  • During this last year we developed and
    implemented a comprehensive Information Assurance
  • The program encompasses
  • A dozen or more new courses.
  • Compilation of a scope and sequence of study in
    IA and related courses for 3 Certificates and an
    AAS degree
  • Certificates include
  • Network Security
  • Information Assurance
  • Cyber Forensics Technician (under development)
  • Two year degree culminating in an
  • Associate in Applied Science (AAS) Degree in
    Information Assurance

Network Security Certification (8 courses --
26 credits)
Network Security Certification Courses
Focus of this certificate is preparation of
foundational skills in IA with emphasis on
knowledge and skills related to vendor specific
technologies Pre-requisites Certificates or
Degree in Network Administration Foundation
Courses CIS270 - Security certification
preparation PHI214 - Business ethics Vendor
Specific Skills in Security Cisco - CNT185,
AND CNT186 Wireless and Cisco router
security Microsoft CIS175CG, OR MST259 Unix
Solaris or Linux CIS238US Next
Step Certificate in Network Security is a
Pre-requisite for the Next level of study in
Information Assurance
Information Assurance Certification (6 courses --
21 credits)
CIS279DA (Practical Applications in Information
Assurance Capstone)
CIS273DA (Information Audit and Risk Analysis)
CIS273DB (Digital Authentication and Public Key In
CIS273DC (Data Assurance and Disaster Recovery)
CIS247DL (Legal Issues Surrounding Information
CIS247DA (Cyber Forensics and Incident Handling)
Indicates a Pre-Requisite Course
Indicates No Specific Course Order
Indicates Number of Credit Hours
Information Assurance Certification Courses
This certificate provides the Student preparation
in a broad understanding of the Domain specific
knowledge for Information Assurance. Pre-requisit
es Certificates or Degree in Network
Security GIAC certifications drive the content
and objectives of the courses Course content is
complementary to each other, allowing students to
take a combination of courses at the same
time Capstone course provides the student an
integrated learning experience or participating
in internships, case studies and formal report
preparations and presentations.
The capstone experience
  • CIS279DA
  • Practical Applications in Information Assurance
  • Practicum on application of core skills and
    knowledge in information assurance to real world
    scenarios or simulations of situations
    representing information security vulnerabilities
    comparable to the SANS/GIAC simulation exercises.
    The key competencies are
  • Case Studies
  • Creation of policies and procedures
  • Preparation of incident and response reports
  • Presentations of policy recommendations based on
    Case Study and simulation exercises.
  • Prerequisites all of the courses required to
    obtain the Information Assurance Certificate

Program Status
  • Four full-time faculty complete vendor and other
  • Six courses are being offered at BII- Program
    offerings launched in Fall of 2003.
  • About 50 students have completed them to date
  • Students were requesting enrollment before
    courses were approved
  • Fall 2004, First group of students to complete
    Network Security Certificate
  • Several IA courses have been adopted at other
    Maricopa community colleges (The basic Security
    Plus course CIS270)
  • National recognition, White House selects BII as
    a Model Workforce preparation program, providing
    cutting edge training and education. President
    Bush Visits Mesa and talks with 3 of the students
    regarding their preparation and successes.
  • Articulation has been established with ASU-East
  • Community involvement is high due to Advisory
    Board involvement

Cyber Forensics
  • The IA board members interest in increasing the
    available pool of IT professionals with
    examiner skills
  • Original impetus provided by interest of Law
    Enforcement in expanding the program to provide
    examiner education
  • Voice of Industry and other government agencies
    in the need for IT professionals to be well
    prepared to
  • Examine
  • Report
  • Respond
  • Present in court, properly gather evidence

Cyber Forensics Technician Certification
  • Understanding of Forensics
  • Hardening infrastructure
  • Media analysis
  • Understanding of hardware and software
  • Legal Issues
  • Policies and Procedures
  • Risk Analysis
  • Disaster Recovery
  • Preparation for Legal presentation
  • Courses identified
  • Introduction to Cyber Forensics
  • Windows, Unix OS courses
  • Computer hardware, repair, installation, building
    and maintenance
  • Media analysis
  • Use of forensics toolkits
  • Capstone experiences in real-world cases and
    presentation via Moot Court experiences

Cyber Forensics and Community Interest
  • Law enforcement agencies focus on what is often
    called computer forensics
  • Human Resources issues deal with the larger and
    more general topic of computer/network
    forensics or simply network forensics.
  • The target employers for cyber forensics
    technicians in the future will not be computer
    forensics for law enforcement so much as it will
    be network forensics for
  • corporations,
  • government agencies and the
  • insurance industry.
  • Many of the issues to be dealt with will be
    related to Human Resources policies and the
    gathering of data in a pristine condition.

Cyber Forensics Crime Center
  • The State of Arizona Department of Public Safety
    (DPS) already maintains a computer forensics
    crime lab that is made available to other
    agencies for
  • Instruction and
  • Evaluation of real world cyber forensics cases.
  • The focus is on Law Enforcement Agencies and what
    is normally termed Computer Forensics.
  • The plan is to use the crime lab to provide
  • hands-on teaching of cyber forensics techniques,
  • similar to the teaching hospital approach
    frequently employed by Medical Schools.
  • This would be part of a Capstone course in Cyber

Cyber Forensics and Community Interest in a
Crime Center
  • Consortium of Academia, Industry, Government
    agencies and law enforcement
  • Provide a formal organizational structure to
  • Research
  • Education
  • Training
  • Services
  • Key elements
  • Provide a safe-house for examining cyber-crime
  • Provide examination experiences for students in
    the Cyber-forensics program
  • Provide ASU-East opportunities for developing
    tools, testing tools, defining best practices and
  • Provide University graduate students research

Cyber Forensics and Community Interest in a
Crime Center
  • Community Benefits
  • Services to small businesses and government
  • Teaching (A teaching learning Cyber crime Lab)
  • Creation of curriculum content through
    collaboration of Law enforcement experts and
    teaching faculty from the University and
    Community College
  • Practicum and real-world internship experiences
    for Students
  • Service to Industry and Government agencies
    through safe-house for examining white-collar
    crime incidents
  • Creation of a Cyber-crime swat team

  • The MCC Information Assurance Program is directly
    related to the protection of critical information
  • The program has the potential to provide a large
    number of "first responders," to information
    infrastructure attacks, in the form of educated
    and trained specialists in
  • Network Security
  • Information Assurance and
  • Cyber Forensics

  • Contact Information
  • Dr. Oris Friesen, Chair
  • Information Assurance Industry Advisory Board
  • Business and Industry Institute
  • Mesa Community College
  • Email
  • Dr. Pinny Sheoran, Executive Director
  • Business and Industry Institute
  • Mesa Community College
  • Email
  • Bob Samson
  • CCAI, CCNA, HTI, Net, A, CLI
  • Full-time Faculty-Security Lead
  • Business and Industry Institute
  • Mesa Community College
  • Email

Course Information
  • Coursework in the IA program

Network Security Certification Courses
  • CIS270
  • Essentials of Network and Information Security
  • Threats to security of information systems
    responsibilities and basic tools for information
    security, including communication security,
    infrastructure security, organizational security
    and basic cryptography. Introduction to the
    language of network security and hardware,
    software and firmware components of an
    information security system for local,
    metropolitan, enterprise, and wide area networks.
    Helps prepare participants for the Comptia
    Security exam and the GIAC Security Essentials
    Certificate (GSEC).
  • Prerequisites CNT150, or (MST150 or MST150 any
    module), or permission of instructor.

Network Security Courses
  • CNT185
  • Cisco Network Security
  • Applications of Cisco Networking technologies in
    designing and implementing security solutions to
    reduce risk of revenue loss and vulnerability.
    Hands-on experience and skills in security policy
    design and management, security technologies,
    products and solutions, firewall and secure
    router design, installation, configuration and
    maintenance, AAA (Authentication, Authorization,
    and Accounting) and VPN (Virtual Private Network)
    implementation using firewalls and routers.
    Preparation for the MCNS (Managing Cisco Network
    Security) and CSPFA (Cisco Secure PIX Firewall
    Advanced) exams toward certification as a Cisco
    Firewall Specialist. Exams also apply to CCSP
    (Cisco Certified Security Professional)
  • Prerequisites CNT170, or permission of

Network Security Courses
  • CNT186
  • Fundamentals of Wireless LANs
  • Design, planning, implementation, operation, and
    troubleshooting of wireless networks. Overview of
    technologies, security, and design best practices
    with emphasis on hands-on skills in wireless LAN
    (local area network) setup and troubleshooting,
    802.11a 802.11b technologies, products and
    solutions, site surveys, resilient WLAN design,
    installation and configuration, WLAN Security -
    802.1x, EAP (Extensible Authentication Protocol),
    LEAP (Light Extensible Authentication Protocol),
    WEP (Wired Equivalent Privacy), SSID (Service Set
    Identifier), and vendor interoperability
    strategies. Prepare students to earn Cisco
    Wireless LAN Support Specialist designation and
    to take the Certified Wireless Network
    Administrator (CWNA) exam.
  • Prerequisites CNT170, or permission of

Network Security Courses
  • CIS175CG
  • Designing a Secure Microsoft Windows 2000
  • Information and skills necessary to design a
    security framework for small, medium and
    enterprise networks using MS Windows 2000
    technologies. Covers security risks and
    requirements, administrative access, user
    accounts, file resources, and backup procedures.
    Securing access emphasized.
  • Prerequisites None.

Network Security Courses
  • MST259
  • Designing Windows Network Security
  • Knowledge and skills to analyze business
    requirements and processes to design a security
    solution for a Microsoft Windows network.
    Preparation for Microsoft certification
  • Prerequisites or Co requisites MST157 or
    permission of instructor.

Network Security Courses
  • CIS238US
  • UNIX Security
  • Unix system administration and security
    management including directory structure, access
    control and authentication mechanisms, password
    management, system logs and monitoring, process
    accounting, configuring public services,
    restricted environments, the sudo command, SSH
    (Secure Shell), file system mount options, file
    integrity management, immutable/append-only files
    and system security levels, loadable kernel
    modules, rootkits, non-executable stacks,
    backups, common vulnerabilities and exposures,
    and firewall filtering.
  • Prerequisites CIS238, or permission of

Network Security Courses
  • CIS271DA
  • Security Certified Professional (SCP)-Hardening
    the Infrastructure
  • Network security-related fundamentals, issues,
    and skills for systems administrators to
    implement network security. Includes network
    security basics, advanced Transmission Control
    Protocol/Internet Protocol (TCP/IP), IP packet
    structure and analysis, routing and access
    control lists, securing Windows computers,
    securing Linux computers, Internet security, and
    hacker attack techniques.
  • Prerequisites (CNT150 and MST 150) or permission
    of instructor.

Network Security Courses
  • CIS272DA
  • Security Certified Professional (SCP) - Network
    Defense and Countermeasures
  • Architecture of network defense and skills for
    system administrators to implement network
    defense. Includes network defense fundamentals,
    designing and configuring firewalls, configuring
    Virtual Private Networks (VPNs), designing and
    configuring an Intrusion Detection System (IDS),
    analyzing intrusion signatures, performing risk
    analysis, and creating a security policy.
  • Prerequisites CIS271DA or permission of

Network Security Courses
  • PHI214
  • Business Ethics
  • Philosophical consideration of moral problems
    arising in business practice, including corporate
    responsibility, government regulation, hiring
    practices, and advertising. Application to both
    the United States and other countries.
  • Prerequisites None.

Information Assurance Courses
  • CIS247DA
  • Cyber Forensics and Incident Handling
  • Forensic and advanced incident handling
    techniques in a lab setting with hands-on skills
    in incident response, forensic preparation,
    Windows forensics, UNIX and Linux forensics, data
    recovery and analysis, malicious code analysis,
    law enforcement interaction and case law,
    corporate and managerial legal concerns and
    direction. Prepares students for GIAC Certified
    Forensic Analyst (GCFA) Certification and IACIS
    Certified Forensic Computer Examiner (CFCE)
  • Prerequisites CIS270.

Information Assurance Courses
  • CIS247DL
  • Legal Issues of Information Assurance
  • Legal implications of organizational computing
    policies, interaction with legal counsel and law
    enforcement, evidence collection and
    preservation, risk management of liability, and
    loss of property and risk mitigation through
  • Prerequisites CIS270 or permission of instructor.

Information Assurance Courses
  • CIS273DA
  • Information Audit and Risk Analysis
  • Knowledge, skills, and abilities in basic risk
    analysis techniques to secure information and to
    conduct a technical audit of essential
    information systems. Prepares students for the
    GIAC Systems and Network Auditor certification.
  • Prerequisites CIS272DA or permission of

Information Assurance Courses
  • CIS273DB
  • Digital Authentication and Public Key
    Infrastructure (PKI)
  • Knowledge and skills necessary to plan and
    implement PKI (Public Key Infrastructure) and
    Digital Authentication security methods and
    biometrics. Preparation for Security certification examination Security
    Certified Network Architect (SCNA).
  • Prerequisites CIS272DA or permission of

Information Assurance Courses
  • CIS273DC
  • Data Assurance and Disaster Recovery
  • Security and protection of data with emphasis on
    physical security of data servers and storage,
    disaster recovery plan and procedures, backup
    management and procedures, business continuity
    planning for unusual conditions, data
    confidentiality, integrity, and assurance, data
    retention policy and procedures, data warehouse,
    data use authorization and authentication,
    securing data in the mobile environment, handling
    data in response to cyber crime, data risk
    identification and assessment, and user education
    in and awareness of data assurance.
  • Prerequisites CIS270 or CNT185 or CIS271DA or
    permission of instructor.

(No Transcript)