Academic journal article Journal of Information Systems Education

An Undergraduate Information Security Program: More Than a Curriculum

Academic journal article Journal of Information Systems Education

An Undergraduate Information Security Program: More Than a Curriculum

Article excerpt


Now more than ever, information security professionals are in demand in both government and private enterprise, and the trend is not expected to change any time soon (Frost & Sullivan, 2013, p. 565; Nakashima, 2013). As the education market exists today, the U.S. may not be in a position to quickly and adequately train the sizeable security workforce needed to secure critical infrastructure and key resources (Locasto et al., 2011). In order to meet this increasing need, more information security degree programs, especially at the undergraduate level, are needed to increase educational capacity. Currently, only a small number of academic programs are funded and equipped to formally train information security professionals and those few programs cannot train a workforce of thousands in a relatively short period of time (Locasto et al., 2011).

Given any number of constraints, however, it is possible for more institutions to rise to the occasion and develop security programs. This paper updates the endeavors of one university that has built a successful program over the course of several years. Relying upon the theoretical foundation of collaborative and active or hands-on learning, the authors of this paper had the opportunity to develop a new security curriculum beginning in 2006. Their work shifted the focus from one course in network security and two courses in networking that relied largely on abstract conceptualization and reflective observation to a more complete program fully equipped to train today's security professionals with an emphasis on hands-on experience (Woodward & Young, 2007).

A great deal of work has been accomplished besides the initial curriculum development. Through a comprehensive approach, and by working with industry partners, many other activities have been undertaken that have positively impacted the security program and the university. For example, hands-on labs were built; a Center for Information Assurance and Security Education was established; opportunities for student research, internships, and jobs were created; and ultimately the university received the federal government's designation as a National Center of Academic Excellence in Information Assurance Education (CAE/IAE) in 2010.

The following sections provide a brief summary of the building process and an examination of program success measures. Next, current activities and future plans that continue to grow the program are discussed. Finally, a summary of lessons learned is provided for others seeking to develop security programs.


In the early 2000's, many educators and institutions were implementing a variety of approaches to provide information security training (e.g. Surendran, Kim, & Harris, 2002; Whitman & Mattord, 2004). These approaches ranged from adding security content in other information technology (IT) related undergraduate and graduate courses or programs to full information security curricula.

During that time at the authors' large regional Midwestern university, a new course in security was added to the existing course lineup of two courses in networking to create the foundation of the security program. The courses were part of a degree program in information systems technologies and housed within a college of applied science.

Faculty further developed those three courses into an information security program consisting of 10 courses. Two development criteria for the new program were deemed most important: 1) use learning theory to guide program and course development which would ensure the inclusion of higher order and soft skill growth through hands-on, collaborative work, and 2) provide real-world experience by training students from a proactive as well as reactive viewpoint using real industry situations, scenarios, and exercises. Most of the details of the original program development are summarized in Woodward and Young (2007). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.