Implementing an Information Assurance Curriculum

If the academic community is to raise to the challenge in the near term, it is essential that we re examine the granularity that we use to approach the Information Security curriculum. In the United States many academics are tied to the fifty-minute lecture and 15 contact hours per credit. Many individuals in the Information Security profession have no problem producing a strong course in this format; however, new faculty or individuals learning the pedagogic material for the field may find it impossible to assemble enough material for a one unit course much less a three unit course.

Instead of each faculty building his own course with his own materials, why not share materials at the smaller level of the lecture or lecture unit. By changing the granularity the profession may be able to increase the Information Security content of more courses.

To implement this curriculum, a series of eight modules dealing with Information Security was created. Each of the modules is designed to be an addition to existing courses in a business, liberal arts or information systems curriculum. In addition, segments of the modules may be combined to create specialized courses on Information Security. The Figure 3 Curriculum Model shows the relationship of the modules within the series. Level one courses are intended for the lower division students while Level two and three are for Juniors and Seniors respectively. There is a capstone course element, Corporate Security Management that summarizes many components of all other courses. For Accounting students, the module Introduction to Accounting Controls and EDP Auditing many function as a capstone course element.

The reader should be aware that there is planned redundancy among the modules since one cannot plan for the actual implementation of these modules within a curriculum.