in the 2010 SANS Top 25 list as the number one most dangerous software error [42, 43]. Given the intentional public placement of websites, great care must be exercised to ensure their security. Vulnerabilities are frequently found by security experts and reported to vendors who produce patches, or security hotfixes. This evolutionary cycle appears to be without end and any organization with a web- presence should have clearly defined policies regarding the adoption and implementation of manufacturer fixes. The web systems pillar of IT includes a strong security emphasis that discusses additional security topics such as the need for server hardening, firewalls and intrusion detection/prevention systems (IDS/IPS). 3.6 Summary of IT Fit As shown, the five pillars of IT are well suited to cyber-security education. There already exists a pervasive security element throughout each pillar, which provides students with subject knowledge that is both conceptually and technically applicable within a security context. Additionally these same pillars provide key knowledge cornerstones that are pre-requisite to cyber- security education. This is discussed further in the Section 4. We do not dispute that cyber-security education has elements residing in other disciplines . In fact this diversity is to be encouraged and wherever possible leveraged into cross- disciplinary collaborative opportunities. The unique perspectives of Computer Science, Computer Engineering, Electronic Engineering, Information Systems, Mathematics and many other fields which share an interest in cyber-security, are able to contribute to making our digital society a safer place. We do however assert that Information Technology presents a uniquely suited and ideal environment for cyber-security education that sets it apart from other disciplines. Indeed were 115
one to design a separate discipline specifically for cyber-security, we believe it would closely resemble an Information Technology program with a cyber-security emphasis. 4. A CYBER-SECURITY CURRICULUM We have presented some definitions of a cyber-security in varying contexts and suitability of IT programs as an appropriate location for this topic. This section now discusses our proposition for an educational curriculum in advanced cyber-security. Continuing from Section 2, we demonstrate that even among the differing opinions and interpretations of cyber-security, it is possible to build a structured curriculum that should be both encompassing and unbiased to these definitions. The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University has published several papers on security education within computing programs and suggests a layered approach  to IAS education as: (1) Prerequisite Knowledge, (2) Information Assurance Body of Knowledge, (3) Higher Order Skills and (4) Job/Professional Level.
You've reached the end of your free preview.
Want to read all 10 pages?