Kannan, U., & Swamidurai, R. (2021, July), Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum  Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. 10.18260/1-2--37357

\bibitem{asee_peer_37357}
  Kannan, U., \& Swamidurai, R. (2021, July), \emph{Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum}
  Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference.
  10.18260/1-2--37357

Uma Kannan and Rajendran Swamidurai.  "Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum".  2021 ASEE Virtual Annual Conference Content Access, Virtual Conference, 2021, July.  ASEE Conferences, 2021.  https://peer.asee.org/37357 Internet.  23 Apr, 2024

\bibitem{asee_peer_37357}
  Uma Kannan and Rajendran Swamidurai.
  "Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum".
  \emph{2021 ASEE Virtual Annual Conference Content Access, Virtual Conference, 2021, July}.
  ASEE Conferences, 2021.
  https://peer.asee.org/37357 Internet.  23 Apr, 2024

@INPROCEEDINGS{asee_peer_37357
author = "Uma Kannan and Rajendran Swamidurai"
title = "Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum"
booktitle = "2021 ASEE Virtual Annual Conference Content Access"
year = "2021"
month = "July"
address = "Virtual Conference"
publisher = "ASEE Conferences"
note = {https://peer.asee.org/37357}
number = {10.18260/1-2--37357}
}

TY  - CPAPER
AB  - Cyber networks are the backbone of our 21st century economy. There are over 23 million successful small businesses across America, forming the economic foundation of local communities. Cyberattacks, ranging from identity theft to life threatening, present a growing threat to our nation. Industry is facing great challenges to hire sufficient, qualified security personnel. According to the ISC² (Association for inspiring a safe and secure cyber world) Foundation’s 2015 Global Information Security Workforce Study, cybersecurity job postings took 8% longer to fill than IT job postings overall. According to a report, about 40% of junior-level and over 50% senior and manager level security jobs are vacant. In lot of cases, even the people who should know how to do this job and know how to run these systems don’t even exist. One of the challenges faced in addressing cyber workforce issues is the well documented shortage of STEMC (Science, Technology, Engineering, Mathematics, and Computing) graduates to work in the cyber field. While STEMC careers in academia and industry are increasingly requiring technical skills for dealing with the cybersecurity and information assurance, undergraduate courses in computing, including those offered at ASU, fall short of providing key training to students in cybersecurity that integrate both theory and practice. Equipping students with such skills greatly improve their employability.

The U.S. Bureau of Labor Statistics’ (BLS’s) Occupational Outlook Handbook highlights our claim. This report projects that the employment growth from 2012 to 2022 for information security analysts will be 37%, much faster than the average for all jobs of 11%. These translate to over 27,400 new jobs in information security over the next 10 years. The report states that “Demand for information security analysts is expected to be very high as these analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating havoc on computer networks.” Additionally, the (ISC)² Foundation’s 2015 Global Information Security Workforce study points out that 1.5 Million MORE cybersecurity professionals will be needed to accommodate the predicted global shortfall by 2020.

Thus, industry’s growing need for individuals skilled in cybersecurity is both widely understood and well documented. According to ISC2 Foundation’s 2015 study on “Women in Security,” only approximately 10% of the current cybersecurity workforce is comprised of women. According to data from the United States Department of Labor which publishes the Bureau of Labor Statistics (BLS), Black or African-American’ people make up only 3% of the information security analysts in the U.S. Thus, there is an even bigger need to attract students of color and women (and, especially women in color) to the area of cybersecurity, to ensure they complete their degrees, and that they enter the workforce with equipped with the skills employers require.

Equipping students with practical knowledge of cybersecurity concepts is lacking in today’s academic arena. Colleges teach students the principles of computer networks, operating systems, and information assurance but developing practical cybersecurity solutions requires specific knowledge in cybersecurity industrial practices. Traditional university curricula do not address these areas sufficiently. We have taken a step in departing from the traditional curricula by orienting undergraduate courses to cybersecurity practices. Course material on operating system, computer networks, including computer and network security, is readily available. What is missing is the mechanism to introduce students to real-world cybersecurity issues encountered in the industry/real word.

Examination of universities’ course catalogs posted on the web, conference proceedings, and research digests show a flurry of research on cybersecurity at the graduate level, but there is little evidence cybersecurity practices being integrated into the undergraduate curriculum. The majority of activity in the undergraduate cybersecurity area comes from computer network course’s security modules. 

We used a two-stage process to integrate cybersecurity concepts into computing courses. The first part focused on theoretical and conceptual ideas behind the methods under discussion and the second part had hands-on experimentation. The initial set of courses in which we planned to integrate cybersecurity concepts are chosen using two criteria: suitability of material for pedagogical integration of cybersecurity concepts and impact on all computing and STEM majors. Instructors may eventually choose to expand the integration of methods to other computing courses. The initial set of courses includes: Computer Networks: a firm understanding of Network fundamentals is essential to being able to secure a network or attack one. The purpose of this course is to emphasize covering the fundamental concepts needed to understand computer attacks and defenses from a network perspective; Operating Systems: introduces the students to computer operating systems, with a strong emphasis on command line usage (Linux) and common administrative functions using Microsoft PowerShell; Information Security: The purpose of this course is to emphasize those aspects of information technology that are directly relevant to network and application layers security and to provide students the opportunity to obtain Security+ certification and/or Certified Ethical Hacker (CEH) certification. This modified course will leverage topics typically found in Security+ and CEH certification such as scanning networks, denial-of-service attacks, SQL injection, cryptography, penetration testing, threat management, identity management, security risk identification and mitigation, and network access control.

This paper will enhance understanding of how cybersecurity concepts can be integrated within a classroom environment and translate the results obtained into a framework of pedagogy and materials relevant and enabling for teaching cybersecurity, and the impact of involving students in wargaming teams to solve real cybersecurity problems.

AU  - Uma Kannan
AU  - Rajendran Swamidurai
CY  - Virtual Conference
DA  - 2021/07/26
PB  - ASEE Conferences
TI  - Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum
UR  - https://peer.asee.org/37357
DO  - 10.18260/1-2--37357
ER  -