Title: An Information Systems Security Course for the Undergraduate Information Systems Curriculum
1An Information Systems Security Course for the
Undergraduate Information Systems Curriculum
- Grace C. Steele
- Vojislav Stojkovic
- Computer Science Department
- and
- Jigish S. Zaveri
- Information Sciences and Systems Department
- Morgan State University
2Introduction
- Necessary to redesign IS Curricula and introduce
course in Information Systems Security to provide
students required knowledge, skills, abilities
to - Remain effective in meeting needs of society and
student body (Davis et al., 1997 Couger et al.,
1995) - Remain current in terms of body of knowledge
(lack of coverage of IS security issues in IS
curriculum Anderson et al, 2002) - Keep up with changes in technology and
environment - Provide strong foundation on which students build
lifelong learning/dev - Prepare students to become active learners in
digital economy (..it is responsibility of
educational system, particularly at undergraduate
college-university level, to prepare future IT
professionals for dynamic environment of the 21st
century Lightfoot, 1999) - Address issues of lack of trained ISS personnel
3Need for a Course in IS Security in
the Undergraduate IS Curriculum
- IS Security course needed in IS Curriculum due
to - Growth in telecommunications/networking-impact on
society - New technology environments (wireless, mobile,
virtual) - Financial losses due to lack of effective
security (Anderson, 2001) - Organizational, environmental trends (current IS
curricula .not well aligned with business needs
Lee et al., 1995) - Most current ISS courses are at graduate level,
vocational training, or located in Computer
Science or Engineering Department
(www.nstissc.gov/) - Other countries have already incorporated IS
security in the undergraduate curriculum core
body of knowledge (Underwood et al., 1997)
4Developing New Curriculum
- Curriculum changes in higher education due to
- Changes in knowledge, technology, general
environment and values - Changes reflect different practices and values of
specific knowledge fields (McKeen et al, 1987) - Changes in production and application of academic
knowledge - Shifts in emphasis on different criteria used to
evaluate production/application of knowledge - Changes in technologies
- New curriculum design must address stakeholders
educators, businesses, students and public - Goals and objectives of new curriculum need to be
specified
5Development of ISS Course
- Name of Course
- Information Systems Security
- Course Number
- INSS XXX Elective
- Dedicated elective course designed for IS seniors
- Knowledge and Competency
- Application level 4 (See Table 1 next slide)
- Statement of Needs
- Increased demand for IS security professionals in
organizations - Goal Statement
- Graduates should be able to function in
entry-level positions, have basis for career
growth
6Table 1. Goal Levels, Methods of Delivery and
Assessment(Davis et al, 1997)
7Development of ISS Course
- Goals of IS Security Course
- Learn about security in Microsoft/UNIX/Linux
operating systems and programming environments - Learn how to attack and defend system by
analyzing system for vulnerabilities and
ameliorating those problems - Understand strengths and weaknesses of
cryptography for security - Learn how to access and control systems,
resources, data - Learn basics of writing security-related programs
- Learn about security in networks
- Understand how to coordinate hardware and
software to provide data security against
internal and external attacks - Model systems involved through use of formal
models
8Development of ISS Course
- Learning Objectives and Outcomes
- Knowledge Objectives
- The role and importance of security policy
- Network-related security threats and solutions
- Principles of private/public-key encryption
- Principles of authentication
- Internet Protocol security architecture (IPSEC)
- Application Objectives
- Analyzing security protocols for weaknesses
- Designing/implementing authentication protocol
- Designing and/or implementing an encryption system
9Development of ISS Course
- Target Student Population
- ISS be included in IS Deployment and Management
Practices Presentation Area of IS97 Curriculum
Model Level 3 IS majors only - Senior, undergraduate IS majors, IS minors
- Students in final year of undergraduate study
- Prerequisites (KSA)
- All required IS courses
- Course Content
- Course Outline (See figure 1 - next slide - for
the different Learning Units in the Information
Systems Security course outline)
10Figure 1. Information Systems Security Course
Outline
- 1. Introduction
- Internet, Intranet -- Structure,
growth, possibilities - Related subjects, overview of course
- Definition of terms/concepts in computer
network and Internet security - basic security principles (privacy,
confidentiality, integrity, availability,
accountability) - -access control, firewalls, biometric devices
- 2. Threats, Risks and Vulnerabilities
- Viruses, worms (e.g. Trojan Horses)
- Intrusion detection and types of attacks
- Denial of service attacks
- Security countermeasures
- 3. Data Security Policies/Admin. Security
Procedural Control - Institution, legislation, privacy,
basic policies/protocols - Legal and ethical issues in information
systems security - 4. Security models
- Access matrix, multilevel, mandatory,
discretionary models - Role-Based Access Control
- 5. Designing Secure Systems
- Secure system design methodology
- 7. Operating Systems Security
- Unix, Windows XP, Linux
- Hardened operating systems
- Types of OS attacks
- 8. Network Security
- SSL, Kerberos, VPNs, Wireless systems
- Dial-up vs. dedicated
- Public vs. private
- Traffic analysis
- 9. Database Security
- Authorization systems in Oracle and
similar database systems. - 10. Programming Language Security
- Programming Language security
problems (e.g. buffer overflow, pointers, arrays,
etc.) - Java security
- 11. Cryptography
- Symmetric and public key systems,
PKI - Strengths (complexity, secrecy,
etc.) - Encryption, Key management
- 12. Distributed Systems Security
11Development of ISS Course
- Instructional Strategies and Testing and
Evaluation of Students - Cooperative learning techniques (Slavin, 1990)
- Cooperative learning strategies provide positive
interdependence, individual accountability and
face-to-face interaction - Simulation learning becomes meaningful when
students make association between concepts and
ideas (Eggen Kauchak, 1988) - Group projects
- Case studies
- Evaluate - using structured practice, homework,
detailed exams, process performance using
simulation and modeling tools, case study
analysis and group research projects
12Implications for IS and Future Research
- Changes to Curriculum and Instruction
- Requires investment of much resources into
process - Bond needs to be established between
teaching/learning infrastructure and curricula,
between technology infrastructure, classroom and
teaching material - Students need to be encouraged to become active
learners - New and more effective method of instruction need
to be introduced to produce more effective
learning - Students should be made part of curriculum
development process - more motivated to learn if
actively involved - Faculty need to be retrained, new facilities and
teaching resources needed
13Implementation of the ISS Course
- Implementation issues
- Integration into current curriculum
- New facilities and equipment
- Qualified people to teach course
- Development and implementation of new
instructional strategies - Changes in internal policies and procedures
- Use of industrys best practices
- Joint effort between academia and industry
14Conclusion
- No consensus on what information systems security
knowledge, skills and abilities to include in
undergraduate IS curriculum and placement for
material within the curriculum - IS curriculum needs to be updated regularly to
reflect rapid changes in environment - Academia needs to work with government and
industry on this issue to properly prepare
students for an information economy - Students need to be encouraged and motivated to
become active learners in digital economy
15Thanks!
- The authors would like to thank the following for
their support with this research - NASAs NERTS project and Ms. Shirl Byron - NRTS
Project Director sbyron_at_morgan.edu at MSU -
- Dr. William Lupton, Chair, Computer Science
Department, MSU -
- Faculty in the Department of Information Science
and Systems, MSU -
- Carnegie Mellon University
-
16Authors Contact Information
- Grace C. Steele gsteele_at_morgan.edu
- Vojislav Stojkovic stojkovi_at_morgan.edu
- Computer Science Department
- Morgan State University
- 1700 E. Cold Spring Lane
- Baltimore, MD 21251
- Jigish S. Zaveri - jzaveri_at_jewel.morgan.edu
- Information Sciences and Systems Department
- Morgan State University
- 1700 E. Cold Spring Lane
- Baltimore, MD 21251