Michael E. Whitman, Ph.D., CISSP

1
Proposal for Bachelor of Science inInformation
Security and Assurance

• Michael E. Whitman, Ph.D., CISSP
• Herbert J. Mattord, CISSP

2
Information Security Assurance

• Information security is the protection of the
  confidentiality, integrity and availability of
  information while in transmission, storage or
  processing, through the application of policy,
  technology, and education and awareness.
• Information assurance concerns information
  operations that protect and defend information
  and information systems by ensuring availability,
  integrity, authentication, confidentiality, and
  nonrepudiation.

3
BS-ISA

• The purpose of this program is to create
  technologically proficient, business-savvy
  information security professionals capable of
  applying policy, education training and
  technology solutions to protect information
  assets from all aspects of threats, and to manage
  the risks associated with modern information
  usage.

4
BS-ISA

• The BS-ISA will capitalize upon the strengths of
  existing CS and IS faculty, staff, classroom and
  laboratory resources to create a unique cadre of
  information security professionals.
• While some coursework will be adopted or adapted
  from existing programs, the emphasis is on a new
  and different program.

5
The Need for Curricula

• National Strategy to Secure Cyberspace (FEB 2003)
• Presidential Decision Directive PDD-63 (MAY 98)
• National Security Telecommunications Information
  Systems Security Directive 500 (FEB 93)
• National Security Telecommunications Information
  Systems Security Directive 501 (NOV 92)
• National Security Directive (NSD)-42 (JUL 90)

6
BS-ISA Industry Demand Support

• The department has received a number of requests
  for Information Security recruits.
• The department is currently compiling letters of
  support for the program from 40-50 Metro area
  businesses including
• Coca-Cola, Home Depot, Delta, AirTran, ATT,
  Georgia Pacific, Georgia Power, Georgia
  Technology Authority, City of Atlanta, Georgia
  Bureau of Investigation, plus other prominent
  Atlanta-based companies.

7
BS-ISA Student Demand

• Currently the undergraduate ISA Certificate
  program has over 15 graduates, with 50-60
  students currently enrolled.
• Surveys of student interest are planned for
  freshman level courses to gauge student interest.
  Approximately ten students have already directly
  contacted the department asking when the new
  BS-ISA program goes online.
• While there will inevitably be some bleed-off
  from current degree programs (BS-IS, BS-CS) in
  the BS-ISA, the goal is to actively recruit from
  outside the College and University.

8
BS-ISA Draft Model

• General Education Requirements 45 hours
• Follows the current BS-IS standard
• Science 1101 1102
• Math 1101 1106

9
BS-ISA Draft Model

• Lower Division Major Requirements 18 hrs.
• Combines the BS-IS and Business Area-Fs, to
  maximize students transferring in from other
  computing (IS, MIS, IT) preparation programs.
• Financial Managerial Accounting
• Business Law
• Intro to Computing
• Intro to Data Communications
• Programming Principles 1
• Should students transfer in with an additional
  business course it can be counted as either a
  major or free elective.

10
BS-ISA Draft Model

• Upper Division Major Requirements 42 hrs.
• Heavily defined upper division requirements.
  Combines pieces of BS-IS, IT Certificate, ISA
  Certificate and new ISA curriculum
• Professional Writing, Computer Statistics Intro
  to Management
• Project Management Database Technologies

11
BS-ISA

• New ISA Course Requirements
• Intro to InfoSec (ISA 3100)
• InfoSec Technologies (ISA 3200)
• Management of InfoSec (ISA 3300)
• Computer Forensics (ISA 3350)
• Operating Systems Security for Clients Servers
  (ISA 4210 4220)
• Incident Response and Contingency Planning (ISA
  4330)
• Security Script Programming (ISA 4550)
• Programs Strategies (ISA 4820 Capstone)

12
BS-ISA

• ISA Major Electives - 9 hrs
• Criminal Justice
• Foundations, Technology Apps Tech Cybercrime
  (CJ 1101, 3305, 4305)
• Business
• Accounting IS (ACCT 3300), Macroeconomics (ECON
  2200)
• CSIS
• Linux Administration Security (CSIS 3550)
• Local Area Networks (CSIS 4420)
• Computer Law (CSIS 4510)
• Computer Ethics (CSIS 4515)
• E-business Systems (CSIS 4555)
• Technology Commercialization(CSIS 4575)

13
BS-ISA

• ISA Electives
• ISA Electives
• Coops/Internships (ISA 3396, 3398)
• Special Topics/Directed Studies (ISA 4400, 4490)
• Emerging Issues (ISA 4700)
• IT Certificate Electives
• Web Technologies (IT 3300)
• IT Management (IT 3700)
• E-commerce (IT 4525)
• Free electives 9 hours.

14
Prerequisite flow
15
New Course Requirements

• ISA 3396 Cooperative Studies in ISA
• ISA 3398 Internships in ISA
• ISA 4400 Special Topics in ISA
• ISA 4490 Directed Studies in ISA
• ISA 4210 Client Operating Systems Security
• ISA 4220 Server Operating Systems Security
• ISA 4330 Incident Response Contingency
  Planning
• ISA 4550 Security Script Programming
• ISA 4700 Emerging Issues
• ISA 4820 Programs Strategies Capstone

16
Resources Required

• Course offerings
• Every fall/spring semester
• ISA 3100, 3200, 3300,
• Every other semester
• ISA 3350, 4210, 4220, 4330, 4550, 4820
• Annually
• Electives

17
Resources Required

• Full-time faculty The following faculty could
  provide the corresponding number of sections
• Dr. Whitman 1-2 per semester
• Prof. Mattord 3-4 per semester
• Prof. Schlesinger 1-2 per semester
• Dr. Woszczynski 1 per semester
• Dr. Murray 1 per semester
• Dr. Myers 1 per semester
• Total 8-11 per semester
• Part-time faculty We have identified 2-3
  part-time instructors qualified to teach InfoSec
  Courses. If additional faculty are hired with
  InfoSec capabilities, the number of section that
  could be covered could be increased.

18
Resources Required

• Classrooms
• Based on the projected schedule of offerings, the
  department would need an additional 5-8 classroom
  slots / semester.
• Labs
• Currently the labs to support the BS-ISA could be
  provided through CL 2009, SC 363 and SC 367.

19
Learning Objectives - General

• GPLO1 The graduate is able to demonstrate a
  thorough understanding of the theoretical
  foundations and practical applications of
  information technology.
• GPLO2 The graduate is able to demonstrate a
  solid foundation in commonly accepted business
  principles and practices.
• GPLO3 The graduate is able to protect the
  confidentiality, integrity and availability of
  information while in transmission, storage or
  processing through the application of policy,
  education, training and awareness program, and
  technology.
• GPLO4 The graduate is able to demonstrate an
  awareness of and to articulate positive and
  socially responsible positions on the ethical and
  legal issues associated with the protection of
  information and privacy.
• GPLO5 The graduate is able to demonstrate an
  understanding of the relationship and
  inter-responsibilities between all three
  communities of interest in Information Security
  General Business, Information Technology, and
  Information Security.
• GPLO6 The graduate is able to effectively
  communicate orally, in writing and using
  symbolic methods and modeling with all
  communities of interest technical and
  non-technical managers and users.

20
Learning Objectives - Specific

• SPLO1 The graduate is able to demonstrate an
  understanding of the elements of information
  security management Policy, Strategic and
  Continuity Planning, Programs and Personnel.
• SPLO2 The graduate is able to analyze and
  design technical information security controls
  and safeguards including system specific
  policies, network and platform security
  countermeasures and access controls.
• SPLO3 The graduate is able to investigate and
  implement the principles and applications of risk
  management, including business impact and
  cost-benefit analyses and implementation methods.
• SPLO4 The graduate is able to demonstrate an
  understanding of and to implement an assessment
  of threats, vulnerabilities and assets of modern
  computing systems, including hardware, software,
  and networking components.
• SPL5O5 The graduate is able to demonstrate an
  understanding of the foundations of security
  programming and the use of security-related
  scripts.

21
Creating InfoSec Courses and Programs

• The curriculum was created in a way that
• Involved all critical stakeholders
• Created employable students or students who can
  advance academically
• Capitalized on available resources (faculty,
  classrooms, labs)
• Supported local / state / national program
  objectives like the National Strategy to Secure
  Cyberspace

22
Thank You For Your Time