ATIC logo

ATIC Cybersecurity Education: Requirements and Offerings
Program summary

On Monday November 18, 2002, I attended the Arizona Telecommunications & Information Council's program "Cybersecurity Education: Requirements and Offerings" hosted by Intel in Chandler. Following are notes and observations.

The program's speakers were: Robert Miksovsky, Associate Dean of Computer Information Systems at DeVry Institute; Dr. Pinny Sheoran, Director, Business & Industry Institute, Mesa Community College; Dr. Forouzan Golshani, Professor, Computer Science & Engineering, at Arizona State University; Kay Look, Director, Curriculum & Academic Affairs at Western International University; Jay Jacobson, President, Edgeos, Inc.; Lee Lane, Information Security Manager, State of Arizona Dept. of Administration.

The purpose of this program was "to provide an overview of what is available today in our community for educating employees and citizens in information assurance and cybersecurity." ATIC has defined cybersecurity as a principle mission for its membership and our region.

The first speaker, Robert Miksovsky, described the way DeVry is integrating security modules in its existing curriculum. DeVry includes coursework on information security in its certificate programs for information science, Web architecture, database administration, and various other certificate and graduate programs. As you would expect, they incorporated security issues in modules on operating systems, firewalls, authentication, user profiles, data recovery, data integrity, availability and privacy.

Dr. Forouzan Golshani from ASU's computer science department seems to be a leader in the area of information security in Arizona. He noted a need for developing a "new generation of Information Specialists" who will help us realize a balance between "information" and "technology." Among the major topics he addressed are: Information systems security; confidentiality and authentication, protection, detection and reaction capabilities; risk analysis, network, software, OS and hardware; pre-emptive strategies; physical and human security issues; security policies; non-repudiation methodologies to assure safe e-commerce; information assurance objectives that include analyses of information life cycles, quality, validation and authentication, information protection, privacy, confidentiality, legal aspects, and economic issues. Using a schematic, he described a scaled vision of teaching information literacy in high schools, providing training and education in community colleges to develop information specialists, higher level education at the college and university levels to develop information engineers and at the post graduate level, information scientists.

Dr. Pinny Sheoran discussed her initiatives at Mesa Community College where she has included the role of Mesa's librarians in promoting information literacy in her overall program. At Mesa, 49% of the student population already has at least a BA or BS and she sees this as indicative of a population seeking continuous learning. Through what she labels as the "information assurance pathway" Mesa is developing a focus less on networks and data security and more on an approach that assures educating practitioners. In addition she said Mesa favors vendor-based certification.

Kay Look from Western International University said that WIU offers five degree programs, including two at the masters level and its student population is mostly working adults. At this time, WIU is seeking information and input on how to structure information security modules within its program.

Jay Jacobson provided a vendors perspective on what the educators should be turning out. Edgeos is a vulnerability assessment firm and from his perspective, he needs to hire people who know theory of how and why security works, not just technologists who can follow a checklist. He asked that the graduates of these institutions have in-depth understanding of various tools, not just one particular tool and that they be familiar with open source tools. He also asked for technologists who can present a business case.

The final panelist is State's information security manager and he spoke of a need to have people working for him that can correlate information. He also asked for educators to emphasized ethical issues, not just technical issues, and spoke of the human security awareness needs he encounters daily at the State level. For example, an admin assistant answers the phone and is told it is someone who needs her to do a telephone test and inadvertently enables this caller to hack into their systems.

I think the main point to bring away from the program is that information security is a multi-faceted issue that touches on many of job responsibilities. Like so much of what we are doing, we must be aware that it is encompassing much more of our daily tasks and that old practices should be re-visited and reviewed for compliance and appropriateness. Finally, there was a call for instructors able to teach courses at Mesa CC, DeVry and Western. If you are interested in teaching such a course, you ought to contact any of these panelists.

program summary -- Stuart Glogoff, Learning Technologies Center; 111802