Curriculum

About This Presentation

Title:

Curriculum

Description:

Blackhawk Technical College's Needs Assessment Process. Institutional ... Blackhawk Technical College IT Employer Advisory Committee (Rock & Green County ... – PowerPoint PPT presentation

Number of Views:57

Avg rating:3.0/5.0

Slides: 65

Provided by: BTC86

Category:

more less

Transcript and Presenter's Notes

Title: Curriculum

1
Curriculum Workforce Development in
Cyber-Security

Hal Zenisek
Blackhawk Technical College
Janesville, Wisconsin USA

2
If it works, try not to be surprised.by Ron
Fischer, WCTC
3
Introduction The Power of 2

Three purposes of this session
Share lessons learned developing a 2-year degree
for information security
Share ideas for workforce development
Learn from others attending this session
Introductions
Hal Zenisek
Dean
Business Information Technology
Blackhawk Technical College
Janesville, Wisconsin USA
hzenisek_at_blackhawk.edu

4
Our Agenda

What I plan to talk about!
Our Thesis Information is the asset
Industry-driven program design
Share resources skill standards
Course Curriculum development
Faculty development
Delivery methodologies ideas for workforce
development
Sharing ideas questions

5
(No Transcript)
6
www.blackhawk.edu
7
Blackhawk Technical College www.blackhawk.edu

Mission - Career Technical Education including
workforce economic development
Business Information Technology
2-year programs, diplomas, certificates
Accounting, Marketing, Management
Office Careers
IT Cluster
Networking Specialist
Micro Programmer Specialist
Help Desk Assistant
Information Systems Security Specialist

8
The WTCS Associate in Applied Science Degree

Applied Associate degree programs as defined by
Wisconsin Statute are two-year, post-high school
programs in an area designated and approved by
the State Board for which the course requirements
are established by the State Board. Applied
associate degree programs adhere to the following
principles
provide the education and training in
occupational areas required by the state's
economy
shall prepare students to be productive employees
and to succeed in occupations requiring advanced
education and training
specific degree requirements shall have a
demonstrated relevance to the needs of employers
and students as employees
all courses shall be of the highest quality as
demonstrated by national and regional
accreditation and perceptions of graduates and
employers
shall be designed to impart identified
competencies and program graduates shall achieve
those competencies.

9
ADDIE

The ADDIE Instructional Design Model
Analysis --gt Design --gt Development --gt
Implementation --gt Evaluation

10
Analysis needs identification

Its about Information Security

11
Our thesis its all about Information Security!

Computers ( even networks) can be replaced,
information is the asset which has value
therefore the critical resource.
Information security includes assurance,
confidentiality, availability, integrity, threats
vulnerabilities.
What KSAs go with protecting/security
information information systems?
Which competencies fit within our mission
purpose as a 2-year technical college?
Which are the highest priority? Prepare for
future program outcomes and documenting the
need.
KSA technical skills beyond networking, and
include security management, policy development,
ethical behavior, and more. Breadth of field
versus depth of field. Issues inside the
firewall as well as outside of it.

12
More on Information Security

Information needs to be available and
Information needs to be private.
Information needs to be trusted.
Information systems need to be reliable.
Networks make information available.
Secure networks help insure privacy protection.
However, we felt there is more.

13
Types of information systems

Accounting information systems
Financial systems (banking others)
Business systems (e-Commerce)
Health information systems (medical)
Community information systems (Emergency
Response)
Governmental, education, telecommunications
others

14
Blackhawk Technical Colleges Multi-Disciplinary
Approach

Network Security (4 courses)
Programming e-Commerce for information systems
security (3 courses)
Security Management (5)
Business Continuity Planning
Cyber Law Ethics
Security Measures/Countermeasures (intrusion
detection defending an internetworked system
against attacks) would be our capstone lab
experience.

15
Program Design A Multi-Disciplinary Approach

AAS limited to 68 credits- 12 core courses.
Advanced technical certificates36 credits.
Target trained incumbent IT professionals and
technical staff.
Elective courses for IT students in other majors
such as networking programming.
Big picture approach cross section of the
continuum of information systems.
From operating systems, buffer overruns, policies
procedures, to intrusion detection
appropriate countermeasures.

16
Blackhawk Technical College found

One Wisconsin employer (without a significant Web
presence) shared their recent experience with a
spam firewall.
Based on 900 users
Over 5000 e-mail per hour
2974 were spam (60)
33 had viruses
SOP for their IT personnel business was
transacted without incident with a firewall
spam filter (plus trained personnel).

17
Recent Job Advertisement Madison, Wisconsin

Enterprise Security Specialist
Set overall security strategy, conducts security
technology research, consults on best practices,
and coordinates in-house security operations.
Bachelors degree, Computer Science
5 years recent experience networks
Cisco experience
CSSIP and/or Cisco certification.

18
Blackhawk Technical Colleges Needs Assessment
Process

Institutional Advancement survey
51 response rate from 74 employers
53 have problems finding qualified cyber
security workers
56 indicated the demand would increase over the
next four years
16 new full-time and 7 new part-time openings
over next 4 yrs. projected

19
Blackhawk Technical Colleges Needs Assessment
Data

82 would encourage current employees to
participate in an educational program
89 would hire a graduate for a cyber security
program
average hourly wage 20.20 (42,000)
sent to the WTCS office approved as a new
emerging occupation
approval to proceed with program development

20
Program Curriculum Design

Program Design
Course curriculum development

21
Industry-Driven Design

NSA Information Assurance Directorate Skill
Standard (www.nsa.gov)
Relevant industry-based competencies such as the
Systems Security Certified Practitioner
(www.isaca.org)
Global Information Assurance Certification
(www.giac.org)
Local Chapter of the ISSA (Information Systems
Security Association - see www.issa.org).
Alignment with 10 domains of the CISSP or not?
Blackhawk Technical College IT Employer Advisory
Committee (Rock Green County Wisconsin)
everyone is impacted by this.

22
www.aacc.nche.edu
23
Blackhawk Technical CollegeProgram Design Process

Articulate our thesis correlate it to an
identified need. Its about Information
Security!
Draft exit skills statements design program
outcomes from those. Align refine as we go.
Select tentative courses as building blocks to
program outcomes.
Aligned with industry skill standards.
Prioritize program course outcomes.
Prepare for course level curriculum development.
Focused on the learner?

24
Proposed Exit Skills

From the learners point of view
From an employers point of view
These will evolve into future program outcomes

25
Proposed Exit Skills

A very good understanding of what information
security is, as currently defined by both
industry and government.
A detailed understanding of the man-made and
natural threats to information systems, and how
to effectively deal with them.
An extensive knowledge of the information assets
that need protection.
A detailed knowledge of the various methods for
countering/preventing internal and external
threats.
A detailed knowledge of how to deal with threats.
An understanding that InfoSec is not a single
thing, nor is it an absolute science or a purely
technical subject.

26
Proposed Exit Skills

A detailed methodology for creating and
maintaining a consistently proven means for
countering threats in an organizational InfoSec
Program.
An understanding that a successful approach to
security planning, policies, and procedures are
as much about business process improvement as it
is about technology.
An understanding of the need to maintain the
interoperability of the organizational InfoSec
Program with external systems.
What makes Information Assurance (IA) different
than InfoSec and the need for IA across the
enterprise.
The knowledge base necessary to obtain common
InfoSec/IA industry certifications.

27
What are Program Outcomes in Career Technical
Education?

Occupational specific knowledge, skills and
attitudes that learners demonstrate upon
completion.
Pertain to the holistic program and go beyond
courses.
Derived from overall tasks performed on the job
or in life roles.
Are not program evaluation the learner is the
focus not the program.

28
Program Outcomes Purpose

Provides the reader with an overview of what the
learner will be able to do as a result of the
learning process.
Highest level of achievement that is part of the
learning process.
Are supported by student outcomes assessment
plans.

29
Program Outcomes Guidelines

Use lead-in phrase upon completion of the
Infosec program, the learner will be able to do.
Use only one action verb per outcome and
preferably the application level or above.
Consider the nature of the skills and the
environment in which the learner will perform on
the job.
Write concise clear phrases.
Limit of 8 to 10 outcomes validated by advisory
committee members both for content and for
understanding.

30
BTC Infosec Program Outcomes

Identify resources, assess threats, analyze
losses, and understand vulnerabilities of
information systems.
Establish safeguards for automated information
systems.
Install, configure, and use specialized security
software, hardware, and firmware components.
Troubleshoot potential IT security issues.
Implement preventative measures.
Respond to threats from viruses, worms, and other
unauthorized access.

31
Program Design Model Adds Flexibility

No specific hardware or software specifics
through the use of more generic titles (Operating
Systems Security).
A variety of hardware, firmware, and software
vendors are covered in courses and found in the
lab.
Statewide model for other WTCS colleges.
Current Issues Trends seminar changes based on
employer input, technology, and trends.

32
Program Outcomes Resources

DACUM facilitated process
Advisory Committee
Job Postings
Employee Input
Industry standards
Graduate follow-up studies
Internships
Other colleges

33
Program Design Resources

NSA
www.nsa.gov
Centers for Academic Excellence
Skill Standards such as 4011, 12, etc.
Protecting Information The Role of Community
Colleges in Cybersecurity Education
www.aacc.nche.edu.

34
Program Design Resources

Cybersecurity Education in Community Colleges.pdf
4011.pdf
www.nsa.gov/ia/index.cfm
CISSP www.isc2.org

35
Infosec Core Courses Blackhawk Technical
College

INet/WWW
Information Security Principles
Network Security
Internetwork Security I
Internetwork Security II
Designing Secure Websites

Operating Systems Security
Security Policies Procedures
Information Security Documentation
Client/Server Systems Security
Security Meaures Countermesaures
Business Continuity Planning

36
Curriculum Development

Our plan for getting students to those exit
skills and program outcomes.

37
www.samsa.com
38
Curriculum Development

Its About Information Security
Course-level outcomes (blueprint)
Competencies
Major skills, attitude, or ability needed to
perform a task effectively
Learning Objectives
Performance Standards
Learning Plans with learning activities
Performance Assessment Plans
Student Outcomes Assessment Plans

39
Curriculum Development

Competency-based software - WIDS
Each course has several competencies that support
program outcomes.
Each competency has learning objectives,
performance standards, learning plans, and
assessment.
WIDS generated reports include syllabi, Course
Outcome Summary, and addresses

40
Worldwide Instructional Design System (WIDS)
www.wids.org
41
4011 Alignment

ISSC4011Matrix.xls

42
Alignment efforts

ISSCPCrsAreas 2005.xls

43
Alignment Efforts Curriculum

ISSCPWIDS.xls

44
WIDS Course Examples

Information Security Principles
ITSEC-114.doc
Network Security
ITSEC-124.doc
Perimeter Security
ITSEC-145.doc

45
Implementation (Delivery)
46
Instructional delivery vision

Face-to-face traditional learning
On-line (distance learning)
On-site employee development
Technical assistance
Seminars, awareness workshops lifelong learning
for IT and non-IT employees

47
Real Life Student 1

Age, 40 Female
Main Frame Programmer Web Site Administrator
for a number of years
Laid off job hunting ready to leave IT for a
more viable occupation
Last time in school was mid 1980s
I love this program and am so glad you talked me
into it. Its the first time Ive ever taken
time to look at the big picture. I cant wait to
get a job in this field.

48
Real Life Student 2

Age, 30, Male learned everything he knows
about IT on-the-job.
Local ISP Administrator for a number of years.
Last time in school was high school didnt like
it that much.
Strong technical skills a quick study but
often sees the answer as adding more technology.
Doesnt see the need for policies and procedures.
A classic practitioner in approach to problem
solving.

49
Serving distance education learners with limited
resources

Blackboard?
WebCT?
Others?
IT infrastructure support?
College firewalls security?

50
www.etechcollege.com
51
Distance Learning via the Web

Powered by BlackBoard, Inc.
Hosted by Milwaukee Area Technical College.
www.matc.edu
Information Security Principles
154-151
Disaster Recovery Planning
154-155

52
Workforce Development

Short-course seminars (modules from credit
courses)
Week-long boot camps
Awareness seminars for all employees password
protocols, basics on viruses, ethics, inside the
firewall
New hire training for your IT staff?
Specific Courses?
12-course, 36-credit certificate?
2-year AAS degree?

53
Evaluation

Program evaluation 3 years
Crucial Conversations
Lessons Learned
The Reflective Practitioner

54
Next Steps?

Plan
Do
Check
Act

55
Crucial BTC Conversations

Is the time right for expanding IT educational
programs?
So tell me again why do you want to bring viruses
on the Colleges computers?
Arent you teaching hackers to be better hackers?
Will there be jobs at the end?
Its a great idea for the 4-year college

56
Key Points the Power of 2

We are one dean and one faculty member at a small
school in central Wisconsin do not
underestimate the power of 2.
It is more than simply computer security. Its
more than network security. Its all about
information security.
Technical competencies and security management
oriented competencies are both part of our
approach. Both in the computer lab make for
terrific conversations! Integrating this is
powerful.

57
Future Vision The Power of 2

AAS degree approved for next fall.
22 partnerships for Baccalaureate degrees will
better serve students the workforce.
Distance learning courses support an employed IT
workforce.
Supporting the colleges IT infrastructure with
advising and technical assistance. Our campus is
more secure!
Better aligning our occupational outcomes with
related certification programs getting students
into testing such as the CISSP.
Center for Information Assurance?

58
Transitioning to an AAS

21 credits of General Education
6 credits of Elective courses
42 credits of Program Requirements
18 credits support
34 credits of core
Work-based learning component
68 total credits

59
Academic Partnerships

Milwaukee Area Technical Colleges AAS degree
(www.matc.edu)
University of Illinois, Center for Academic
Excellence, Champaign
National Colloquium for Information Systems
Security Education or CISSE (http//www.ncisse.org
).
Wisconsin Technical College System office,
Madison, Wisconsin (www.wtcsystem.org).
Worldwide Instructional Design Software
(www.wids.org).
Franklin University (www.franklin.edu) pending a
22 agreement for an online Bachelors degree.

60
Faculty Development