Honolulu, Hawaii
June 24, 2007
June 24, 2007
June 27, 2007
2153-5965
Information Systems
10
12.226.1 - 12.226.10
10.18260/1-2--2257
https://peer.asee.org/2257
808
Dr. Sohail Anwar is currently serving as an associate professor of engineering and the Program Coordinator of Electrical Engineering Technology at Penn State University. Altoona College. Since 1996, he has also served as an invited professor of Electrical Engineering at IUT Bethune, France. Dr. Anwar is serving as the Production Editor of the Journal of Engineering Technology and an Associate Editor of the Journal of Pennsylvania Academy of Science.
Jungwoo Ryoo is an Assistant Professor in Information Sciences and Technology at Penn State Altoona,Pennsylvania. His main research interests include information assurance and security, software engineering,and networking. More specifically, he is interested in software security, network/cyber security, security
management particularly in small and medium-sized
organizations, software architecture,Architecture
Description Languages (ADLs), object-oriented software development, formal methods, and requirements engineering. He has a significant industry experience (Sprint and IBM) in architecting and implementing secure, high-performance software for large-scale network management systems. He received his Ph.D. in Computer Science from the University of Kansas in 2005.
AN INTERDISCIPLINARY APPROACH TO INFORMATION SYSTEMS SECURITY EDUCATION: A CASE STUDY
Abstract
Society is becoming increasingly dependent upon multi-user distributed information systems. Computer/communication networks facilitate increased productivity in organizations, but these systems also make the information, and information technology assets within the organizations vulnerable in the context of cyber security. Therefore, the designers and users of information technology and other production/logistic functions in these organizations have to be knowledgeable about the cyber security threats, and appropriate responses necessary for protecting the information assets. This growing awareness has led to a demand for information systems security education and training, not only in the information systems domain, but also in practically all engineering and technology activity areas.
This manuscript offers a perspective of how Penn State University-Altoona College, an undergraduate institution in Pennsylvania is taking steps to integrate ISA education into its four- year electromechanical engineering technology program. The college realizes that it is highly important for its engineering students to be knowledgeable about information systems security since engineers are now expected to have at least a basic understanding of current threats, the constant change in the nature of those threats, how these threats affect product development, personal safety, employee productivity, and organizational expenses.
Introduction
The specific intent of an information systems security education curriculum should be to train professionals who are able to analyze, develop, implement, maintain, and protect the appropriate information needed by an organization. An ISA education curriculum should be context sensitive and domain-specific, because it has to be based on unique cyber threat profile applicable to the organization business model. Also, the curriculum should be dynamic because new vulnerabilities are being discovered very frequently. Finally, the curriculum should be multidisciplinary because information assurance includes concepts from various disciplines such as business, computer science, computer engineering, information systems, social sciences, criminal justice, and law.
A universally accepted common body of information systems security knowledge is still being developed for all technical activity areas, except Computer Science and Information Systems. In United States, many educational institutions developed information security assurance (ISA) educational models based on standards and guidelines promoted by the government or other organizations resulting in a large variety of information systems security education curricula [1].
In 2005, the ACM Special Interest Group for Information Technology Education (SIGITE) Curriculum Committee developed a list of the topical areas for the information assurance and security (IAS) domain of the information technology body of knowledge [2]. The topical areas include: • Fundamental Aspects of Information Assurance and Security
Anwar, S., & Ryoo, J., & Dhillon, H., & Barnes, D. (2007, June), An Interdisciplinary Approach To Information Systems Security Education: A Case Study Paper presented at 2007 Annual Conference & Exposition, Honolulu, Hawaii. 10.18260/1-2--2257
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2007 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015