June 24, 2007
June 24, 2007
June 27, 2007
12.226.1 - 12.226.10
AN INTERDISCIPLINARY APPROACH TO INFORMATION SYSTEMS SECURITY EDUCATION: A CASE STUDY
Society is becoming increasingly dependent upon multi-user distributed information systems. Computer/communication networks facilitate increased productivity in organizations, but these systems also make the information, and information technology assets within the organizations vulnerable in the context of cyber security. Therefore, the designers and users of information technology and other production/logistic functions in these organizations have to be knowledgeable about the cyber security threats, and appropriate responses necessary for protecting the information assets. This growing awareness has led to a demand for information systems security education and training, not only in the information systems domain, but also in practically all engineering and technology activity areas.
This manuscript offers a perspective of how Penn State University-Altoona College, an undergraduate institution in Pennsylvania is taking steps to integrate ISA education into its four- year electromechanical engineering technology program. The college realizes that it is highly important for its engineering students to be knowledgeable about information systems security since engineers are now expected to have at least a basic understanding of current threats, the constant change in the nature of those threats, how these threats affect product development, personal safety, employee productivity, and organizational expenses.
The specific intent of an information systems security education curriculum should be to train professionals who are able to analyze, develop, implement, maintain, and protect the appropriate information needed by an organization. An ISA education curriculum should be context sensitive and domain-specific, because it has to be based on unique cyber threat profile applicable to the organization business model. Also, the curriculum should be dynamic because new vulnerabilities are being discovered very frequently. Finally, the curriculum should be multidisciplinary because information assurance includes concepts from various disciplines such as business, computer science, computer engineering, information systems, social sciences, criminal justice, and law.
A universally accepted common body of information systems security knowledge is still being developed for all technical activity areas, except Computer Science and Information Systems. In United States, many educational institutions developed information security assurance (ISA) educational models based on standards and guidelines promoted by the government or other organizations resulting in a large variety of information systems security education curricula .
In 2005, the ACM Special Interest Group for Information Technology Education (SIGITE) Curriculum Committee developed a list of the topical areas for the information assurance and security (IAS) domain of the information technology body of knowledge . The topical areas include: • Fundamental Aspects of Information Assurance and Security
Anwar, S., & Ryoo, J., & Dhillon, H., & Barnes, D. (2007, June), An Interdisciplinary Approach To Information Systems Security Education: A Case Study Paper presented at 2007 Annual Conference & Exposition, Honolulu, Hawaii. 10.18260/1-2--2257
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2007 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015