6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Evolving an Information Security Curriculum: New<br />
Content, Innovative Pedagogy and Flexible Delivery<br />
Formats<br />
Tanya Zlateva, Virginia Greiman, Lou Chitkushev and Kip Becker<br />
Boston University, USA<br />
zlateva@bu.edu<br />
ggreiman@bu.edu<br />
ltc@bu.edu<br />
kbecker@bu.edu<br />
Abstract: In the last ten years information security has been recognized as a most relevant new trend by<br />
academia, government and industry. The need for educating information security professionals has increased<br />
dramatically and is not being met despite recent growth of cyber security programs. The challenge is to design<br />
and evolve multi-disciplinary curricula that provide theoretical as well as hands-on experience and are also<br />
available to a broad student audience is of strategic importance for the future of reliable and secure systems. We<br />
present our experience in designing and evolving information security programs that have grown to over 650<br />
students per year since their inception eight years ago and have graduated more than 250 students. We discuss<br />
three major directions in the evolution of the program: the increased focus of the core and growth of<br />
concentration electives, the design of cyber law curriculum and coordination with the business continuity<br />
programs, and the introduction of new educational technologies such as virtualization and video-collaboration<br />
and flexible online and blended delivery formats. The rapid growth of the program, the changes in the discipline<br />
and the great diversity of professional interests of our students required broadening of the curriculum with<br />
courses and modules on emerging technologies such as digital forensics, biometrics, security policies and<br />
procedures, privacy and security in health care, cyber law, as well as the coordination of the curriculum with<br />
existing programs in business continuity. Special efforts were expended to the introduction of more participatory<br />
pedagogy, more specifically by developing a series of virtual laboratories that brought real world situations into<br />
the class room and through video-collaboration tools that encourage team building. The accessibility of the<br />
programs was increased through the introduction of flexible delivery formats. After establishing the programs in<br />
the traditional classroom, we added an blended and online version that rapidly found a national audience.<br />
Keywords: information security education, digital forensics, cyber law, virtualization, business continuity, online<br />
and blended learning<br />
1. Introduction<br />
The strong and steadily increasing reliance on a globally distributed computational infrastructure in<br />
virtually all areas of human endeavor—business , industry, government, defense, health care, and<br />
even the individual’s social interactions—has made security and reliability of vital importance and has<br />
sharply increased the need for information security professionals. This need is not being met despite<br />
the recent growth of cyber security programs. The reasons lie in the complexity of the task that<br />
requires building an interdisciplinary curriculum that integrates knowledge domains as diverse<br />
cryptography, ethics, engineering, management and law. An additional challenge is the unusually<br />
large gap between theory, (e.g. cryptographic algorithms), and practical skills, (e.g. setting up a fire<br />
wall), that calls for an imaginative and effective way to bring real world experience into the classroom.<br />
This paper presents and discusses our experience in establishing and growing the information<br />
security concentrations in the Master’s programs in Computer Science, Computer Information<br />
Systems, and Telecommunication at Boston University that are offered through BU’s Metropolitan<br />
College. The programs are certified by the Committee on National Security Systems. Since the<br />
introduction of the security curriculum in 2002 enrollments in our security courses grew to over 650<br />
per year and more than 250 students have completed their Master’s degree with a concentration in<br />
security. We trace the evolution of the programs in three major directions: the broadening and<br />
diversification of the curriculum, developing a cyber law course and coordinating the curriculum with<br />
programs in business continuity , and introducing new educational technologies, (more specifically<br />
virtualization and video-collaboration), and flexible online and blended delivery formats.<br />
2. Design principles, structure, and initial curriculum<br />
We started introducing information security themes in the curriculum in the late 1990-ies and formally<br />
introduced an information security concentration in the Master’s programs of Computer Science,<br />
268