Dotting i’s and Crossing T’s: Integrating Breadth and Depth in an Undergraduate Cybersecurity Course

The importance of updating, expanding and improving what is taught in cybersecurity curricula is increasing as the security threat landscape becomes more dangerous, breaches become more frequent, and the number of deployed Internet of Things (IoT) devices, known for their security challenges, grows exponentially. This paper argues that a profile of “T-shaped” skills, which is known to be desirable in many consulting and design professions, is being reflected in the latest manifestations of cybersecurity curriculum design and accreditation. A model of learning that yields “T-shaped” professionals combines the ability to apply knowledge across domains (breadth) with the ability to apply functional and disciplinary skills (depth). We present the design of a junioror senior-level cybersecurity course in which the horizontal stroke of the “T” (representing breadth) spans knowledge areas that cut across the people, process and technology triad. The vertical stroke of the “T” (representing depth) is provided by two aspects of the course design: first, learning the foundational principles of cybersecurity, including practical examples from cryptography and network security; and second, applying the principles of cybersecurity to a semester project, allowing students to expand the core “T” of the course to satisfy their own passions and interests. Our paper concludes with student and instructor reflections on the implementation of this cybersecurity course, as well as broader implications of the lessons learned after the initial offering of this course. Information Systems Education Journal (ISEDJ) 17 (6) ISSN: 1545-679X December 2019 ©2019 ISCAP (Information Systems and Computing Academic Professionals) Page 42 https://isedj.org/; http://iscap.info

[1]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[2]  Jay Peters Educating Designers to a T , 2012 .

[3]  R. Grover,et al.  From Embedded Knowledge to Embodied Knowledge: New Product Development as Knowledge Management , 1998 .

[4]  Rajnish Kumar Misra,et al.  Employability Skills among Information Technology Professionals: A Literature Review , 2017, ITQM.

[5]  Samuel C. Yang,et al.  Toward a cybersecurity curriculum model for undergraduate business schools: A survey of AACSB-accredited institutions in the United States , 2017 .

[6]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[7]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[8]  P. W. Singer,et al.  Cybersecurity and Cyberwar: What Everyone Needs to Know® , 2013 .

[9]  Herbert J. Mattord,et al.  Hands-On Information Security Lab Manual, 4th Edition , 2014 .

[10]  Ed Crowley Information system security curricula development , 2003, CITC4 '03.

[11]  Marco Iansiti,et al.  Technology integration: Managing technological evolution in a complex environment , 1995 .

[12]  W. Alec Cram,et al.  Teaching Information Security in Business Schools: Current Practices and a Proposed Direction for the Future , 2016, Commun. Assoc. Inf. Syst..

[13]  Bryan Reinicke,et al.  How secure is education in Information Technology? A method for evaluating security education in IT , 2016 .

[14]  James Michael Stewart,et al.  ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide , 2018 .

[15]  Tim Brown,et al.  Change by Design: How Design Thinking Transforms Organizations and Inspires Innovation , 2009 .

[16]  Alan T. Sherman,et al.  Identifying Core Concepts of Cybersecurity: Results of Two Delphi Processes , 2018, IEEE Transactions on Education.

[17]  Dawn Medlin,et al.  Ethical Hacking : Educating Future Cybersecurity Professionals , 2017 .

[18]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[19]  Anil Kumar Understanding Privacy , 2010 .

[20]  Manachai Toahchoodee,et al.  An aspect-oriented methodology for designing secure applications , 2009, Inf. Softw. Technol..

[21]  G. Fry Standards and technology. , 1979, Journal of the American Optometric Association.

[22]  Scott Hutchinson,et al.  Putting Creativity and Innovation to Work: Continuing Higher Education's Role in Shifting the Educational Paradigm. , 2010 .

[23]  Shari Lawrence Pfleeger,et al.  Analyzing Computer Security - A Threat / Vulnerability / Countermeasure Approach , 2012 .

[24]  Alan R. Dennis,et al.  Security on Autopilot: Why Current Security Theories Hijack our Thinking and Lead Us Astray , 2018, DATB.

[25]  Joint Task Force on Computing Curricula Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science , 2013 .