Asee peer logo

Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum

Download Paper |

Conference

2021 ASEE Virtual Annual Conference Content Access

Location

Virtual Conference

Publication Date

July 26, 2021

Start Date

July 26, 2021

End Date

July 19, 2022

Conference Session

Computing and Information Technology Division Technical Session 2

Tagged Division

Computing and Information Technology

Page Count

9

Permanent URL

https://peer.asee.org/37357

Download Count

157

Request a correction

Paper Authors

biography

Uma Kannan

visit author page

Dr. Uma Kannan is Assistant Professor of Computer Information Systems in the College of Business Administration at Alabama State University, where she has taught since 2017. She received her Ph.D. degree in Cybersecurity from Auburn University in 2017. She specialized in Cybersecurity, particularly on the prediction and modelling of insidious cyber-attack patterns on host network layers. She also actively involved in core computing courses teaching and project development since 1992 in universities and companies.

visit author page

biography

Rajendran Swamidurai Alabama State University

visit author page

Dr. Rajendran Swamidurai is an Professor of Computer Science at Alabama State University. He received his BE in 1992 and ME in 1998 from the University of Madras, and PhD in Computer Science and Software Engineering from Auburn University in 2009. He is an IEEE senior Member and ASEE Member.

visit author page

Download Paper |

Abstract

Cyber networks are the backbone of our 21st century economy. There are over 23 million successful small businesses across America, forming the economic foundation of local communities. Cyberattacks, ranging from identity theft to life threatening, present a growing threat to our nation. Industry is facing great challenges to hire sufficient, qualified security personnel. According to the ISC² (Association for inspiring a safe and secure cyber world) Foundation’s 2015 Global Information Security Workforce Study, cybersecurity job postings took 8% longer to fill than IT job postings overall. According to a report, about 40% of junior-level and over 50% senior and manager level security jobs are vacant. In lot of cases, even the people who should know how to do this job and know how to run these systems don’t even exist. One of the challenges faced in addressing cyber workforce issues is the well documented shortage of STEMC (Science, Technology, Engineering, Mathematics, and Computing) graduates to work in the cyber field. While STEMC careers in academia and industry are increasingly requiring technical skills for dealing with the cybersecurity and information assurance, undergraduate courses in computing, including those offered at ASU, fall short of providing key training to students in cybersecurity that integrate both theory and practice. Equipping students with such skills greatly improve their employability.

The U.S. Bureau of Labor Statistics’ (BLS’s) Occupational Outlook Handbook highlights our claim. This report projects that the employment growth from 2012 to 2022 for information security analysts will be 37%, much faster than the average for all jobs of 11%. These translate to over 27,400 new jobs in information security over the next 10 years. The report states that “Demand for information security analysts is expected to be very high as these analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating havoc on computer networks.” Additionally, the (ISC)² Foundation’s 2015 Global Information Security Workforce study points out that 1.5 Million MORE cybersecurity professionals will be needed to accommodate the predicted global shortfall by 2020.

Thus, industry’s growing need for individuals skilled in cybersecurity is both widely understood and well documented. According to ISC2 Foundation’s 2015 study on “Women in Security,” only approximately 10% of the current cybersecurity workforce is comprised of women. According to data from the United States Department of Labor which publishes the Bureau of Labor Statistics (BLS), Black or African-American’ people make up only 3% of the information security analysts in the U.S. Thus, there is an even bigger need to attract students of color and women (and, especially women in color) to the area of cybersecurity, to ensure they complete their degrees, and that they enter the workforce with equipped with the skills employers require.

Equipping students with practical knowledge of cybersecurity concepts is lacking in today’s academic arena. Colleges teach students the principles of computer networks, operating systems, and information assurance but developing practical cybersecurity solutions requires specific knowledge in cybersecurity industrial practices. Traditional university curricula do not address these areas sufficiently. We have taken a step in departing from the traditional curricula by orienting undergraduate courses to cybersecurity practices. Course material on operating system, computer networks, including computer and network security, is readily available. What is missing is the mechanism to introduce students to real-world cybersecurity issues encountered in the industry/real word.

Examination of universities’ course catalogs posted on the web, conference proceedings, and research digests show a flurry of research on cybersecurity at the graduate level, but there is little evidence cybersecurity practices being integrated into the undergraduate curriculum. The majority of activity in the undergraduate cybersecurity area comes from computer network course’s security modules.

We used a two-stage process to integrate cybersecurity concepts into computing courses. The first part focused on theoretical and conceptual ideas behind the methods under discussion and the second part had hands-on experimentation. The initial set of courses in which we planned to integrate cybersecurity concepts are chosen using two criteria: suitability of material for pedagogical integration of cybersecurity concepts and impact on all computing and STEM majors. Instructors may eventually choose to expand the integration of methods to other computing courses. The initial set of courses includes: Computer Networks: a firm understanding of Network fundamentals is essential to being able to secure a network or attack one. The purpose of this course is to emphasize covering the fundamental concepts needed to understand computer attacks and defenses from a network perspective; Operating Systems: introduces the students to computer operating systems, with a strong emphasis on command line usage (Linux) and common administrative functions using Microsoft PowerShell; Information Security: The purpose of this course is to emphasize those aspects of information technology that are directly relevant to network and application layers security and to provide students the opportunity to obtain Security+ certification and/or Certified Ethical Hacker (CEH) certification. This modified course will leverage topics typically found in Security+ and CEH certification such as scanning networks, denial-of-service attacks, SQL injection, cryptography, penetration testing, threat management, identity management, security risk identification and mitigation, and network access control.

This paper will enhance understanding of how cybersecurity concepts can be integrated within a classroom environment and translate the results obtained into a framework of pedagogy and materials relevant and enabling for teaching cybersecurity, and the impact of involving students in wargaming teams to solve real cybersecurity problems.

Kannan, U., & Swamidurai, R. (2021, July), Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. https://peer.asee.org/37357

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2021 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015