Academic journal article Communications of the IIMA

A Framework for Improving Information Assurance Education

Academic journal article Communications of the IIMA

A Framework for Improving Information Assurance Education

Article excerpt


The National Security Agency defines information assurance (IA) as "The protection of information systems against unauthorized access to, or modification of, information, whether in storage, processing or transit, and protection against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats" (National Security Agency, 2009a). Recent congressional hearings have emphasized the importance of cyber security, going so far as to propose the creation of an Office of the National Cyber-security Advisor (Condon, 2009). Obviously, the need for graduates with extensive knowledge in IA has never been greater. In response to this need, a growing number of academic programs have emerged with specializations in information assurance. These programs now include 94 schools designated as Centers of Academic Excellence in Information Assurance Education (CAE) by the National Security Agency and Department of Homeland Security.

Government Standards

While the need to teach information assurance as a separate body of knowledge is clearly important, the task of deciding what to include in the curriculum remains. Curricula have been found to vary greatly from one academic program to another. To qualify as a Center of Academic Excellence, CAE schools must map their curricula to government standards developed by the Committee on National Security Systems (CNSS) for Information Security personnel (INFOSEC). Regulations are issued in the form of numbered directives or instructions such as CNSS Instruction 4012 (standard for senior systems managers) or a National Security Telecommunications and Information Systems Security Instruction (NSTISSI). These standards include the following:

* Information Systems Security (INFOSEC) Professionals, NSTISSI 4011,

* Senior Systems Managers, CNSSI 4012,

* System Administrators (SA), CNSSI 4013,

* Information Systems Security Officers, CNSSI 4014,

* System Certifiers, NSTISSI 4015, and

* Risk Analyst, CNSSI 4016.

The source for these standards were from NSA Information Assurance Courseware Evaluation Program (NSA, 2009b).

As a prerequisite for applying to CAE status, schools must map to NSTISSI 4011 and at least one other IA courseware evaluation standard in the CNSS for the NSTISSI 4011 through 4016 series. The NSTISSI 4011 standard includes seven topic areas, which are listed below:

* Automated Information Systems (AIS) Basics,

* Security Basics,

* Communications Basics,

* NSTISSI Basics,

* NSTISSI Planning and Management,

* NSTISSI Policies and Procedures, and

* System Operating Environment.

The source for this information is from National Training Standard for Information Security (Infosec) Professionals (NSTISSI, 1994).

Industry Standards

For industry professionals, the information assurance certification of choice is the Certified Information Systems Security Professional (CISSP) designation. To become a CISSP, a candidate must have five years of experience in the information security field or four years plus a college degree, pass an examination covering the 10 domains of the CISSP Common Body of Knowledge (CBK), and be endorsed by a current CISSP holder. The ten CBK domains are as follows:

* Access Control,

* Application Security,

* Business Continuity and Disaster Recovery Planning,

* Cryptography,

* Information Security and Risk Management,

* Legal, Regulations, Compliance and Investigations,

* Operations Security,

* Physical (Environmental) Security,

* Security Architecture and Design, and

* Telecommunications and Network Security.

The information is from ISC(2) Education and Certification (ISC(2), 2009).

In October 2007, the Department of Homeland Security (DHS) released its own IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.