Towards a framework for the integration of information security into undergraduate computing curricula

With the rapid rise of the world’s reliance on technology, organisations are facing an increased demand for a security savvy workforce. It is, therefore, important that computing graduates possess the necessary information security skills, knowledge and understanding that can enable them to perform their organisational roles and responsibilities in a secure manner. The information security skills, knowledge and understanding can be acquired through a computing qualification that is offered at a higher education institution. The ACM/IEEE, as a key role player that provides educational guidelines for the development of computing curricula, recommends that information security should be pervasively integrated into the curriculum. However, its guidelines and recommendations do not provide sufficient guidance on “how” this can be done. This study therefore, proposes a framework to address the pervasive integration of information security into computing curricula. Various research methods were used in this study. Firstly, a literature review was undertaken to inform the various phases and elements of the proposed framework. The literature reviewed included relevant information security education standards and best practices, including key computing curricular guidelines. Secondly, a survey in the form of semi-structured interviews supported by a questionnaire were used to elicit computing educators’ perspectives on information security education in a South African context, including the perceived challenges and ideas on how to integrate information security into the curricula. Finally, elite interviews were conducted to validate the proposed framework. It is envisaged that the proposed framework can assist computing departments and undergraduate computing educators in the integration of information security into the curricula thereby helping to ensure that computing graduates exit higher education institutions possessing the necessary information security skills, knowledge and understanding to enable them to perform their roles and responsibilities securely.

[1]  A. Khelifi,et al.  Using ISO 27001 in teaching information security , 2012, IECON 2012 - 38th Annual Conference on IEEE Industrial Electronics Society.

[2]  Charles Border,et al.  Security education within the IT curriculum , 2003, CITC4 '03.

[3]  Ronald C. Dodge Information Assurance and Security in the ACM/IEEE CS2013 , 2013, World Conference on Information Security Education.

[4]  R von Solms,et al.  Information Security Governance , 2008 .

[5]  Xiannong Meng,et al.  Approaches to Undergraduate Instruction in Computer Security , 2005 .

[6]  John McCumber Assessing and Managing Security Risk in IT Systems: A Structured Methodology , 2004 .

[7]  Lynn Ann Futcher,et al.  An Educators Perspective of Integrating Information Security into Undergraduate Computing Curricula , 2016, HAISA.

[8]  Benjamin L. Tomhave Alphabet Soup: Making Sense of Models, Frameworks, and Methodologies , 2005 .

[9]  Shiva Azadegan,et al.  Moving beyond security tracks: integrating security in cs0 and cs1 , 2008, SIGCSE '08.

[10]  Herbert J. Mattord,et al.  A Draft Model Curriculum for Programs of Study in Information Security and Assurance , 2004 .

[11]  S. Rajasekar,et al.  Research Methodology , 2006, Knowledge Management Techniques for Risk Management in IT Projects.

[12]  Sokratis K. Katsikas Health care management and information systems security: awareness, training or education? , 2000, Int. J. Medical Informatics.

[13]  J. van Leeuwen,et al.  Information Security , 2003, Lecture Notes in Computer Science.

[14]  Elmarie Kritzinger,et al.  Information security education : bridging the gap between academic institutions and industry , 2005 .

[15]  John M. D. Hill,et al.  A Comprehensive Undergraduate Information Assurance Program , 2003, World Conference on Information Security Education.

[16]  Joan Hash,et al.  Building an Information Technology Security Awareness and Training Program , 2003 .

[17]  Rossouw von Solms,et al.  Information Security Education in South Africa , 2010, Inf. Manag. Comput. Secur..

[18]  Elmarie Kritzinger,et al.  A conceptual analysis of information security education, information security training and information security awareness definitions , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[19]  Gary Hinson,et al.  Information Security Awareness , 2009 .

[20]  B. Bloom,et al.  Taxonomy of Educational Objectives. Handbook I: Cognitive Domain , 1966 .

[21]  Rossouw von Solms,et al.  Information Security Governance: A model based on the Direct-Control Cycle , 2006, Comput. Secur..

[22]  Lynn Futcher,et al.  Towards a Pervasive Information Assurance Security Educational Model for Information Technology Curricula , 2011, World Conference on Information Security Education.

[23]  M. Whitman,et al.  Management Of Information Security , 2004 .

[24]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.