Academic journal article Journal of Information Systems Education

Using Bloom's and Webb's Taxonomies to Integrate Emerging Cybersecurity Topics into a Computing Curriculum

Academic journal article Journal of Information Systems Education

Using Bloom's and Webb's Taxonomies to Integrate Emerging Cybersecurity Topics into a Computing Curriculum

Article excerpt

1. INTRODUCTION

As high profile hacking incidents increase (e.g., Target and Home Depot), protecting government and business data has become an increasingly critical and strategic priority. However, hiring cybersecurity professionals has proven difficult because of the lack of qualified applicants. Cisco estimates there is currently a shortage of one million qualified cybersecurity professionals worldwide (Cisco, 2014). A common call to solving the shortage problem is for universities to educate new cybersecurity professionals (Conklin, Cline, and Roosa, 2014; Janicki, Cummings, and Kline, 2013; Sauls and Gudigantala, 2014). But the problem goes beyond just educating new cybersecurity professionals. Every student heading into the workforce needs to be educated about cybersecurity to some degree. Research shows that the human element is still the weakest link (Caldwell, 2012; Thomason, 2013). This means all graduates from all disciplines need some form of cybersecurity education.

Many current computer science (CS), information systems (IS), and information technology (IT) programs are attempting to solve the cybersecurity professional shortage problem. Some, such as the Illinois Institute of Technology have developed new cybersecurity or cyber forensics graduate programs (Illinois Institute of Technology, 2015). Other computing programs are adding new courses or concentrations in cybersecurity. However, this push for new cybersecurity education is occurring at the same time some universities are eliminating existing courses and credits to meet other university goals, such as improving student graduation rates. Also, many computing programs are constrained by accreditation standards resulting in limited ability to modify their curricula The recognized accreditation body within the computing discipline is the Accreditation Board for Engineering and Technology (ABET). Within ABET, each of the five computing disciplines has its own curriculum criteria, although there is some overlap.

This paper discusses a case study on how one ABET-accredited undergraduate IT department created a strategy to address the need for all IT students to have increased cybersecurity knowledge and skills. At the same time, we ensured that ABET-required security-related topics continued to be taught, along with emerging cybersecurity topics, without increasing credit requirements. Within an ABET-accredited IT program, the comprehensive IT curriculum covers thirteen Knowledge Areas (KAs), including "information assurance and security (IAS)." Because of university undergraduate credit caps, adding new courses is difficult without dropping an existing course. Prior to this case study, most of the existing security-related IAS topics were taught in a catch-all advanced Security course. The IT faculty developed a strategy to teach required IAS core topics throughout the curriculum, integrating these topics into the lower and intermediate level courses, resulting in adding a new security component to several courses. This created room in the existing upper-level security course to add emerging cybersecurity topics. A few IAS core topics were included in several lower level courses, but were not covered in depth. Thus, students now learn security-related topics within each of the IT curriculum KAs rather than in one security course. The new curriculum not only teaches ABET-required IAS topics, but other important emerging cybersecurity topics not included in ABET guidelines. The approach used in this case study is also applicable to other computing disciples.

Considering ABET's broad IT education standards, our undergraduate ABET program emphasizes breadth of IT knowledge and skills, now including cybersecurity knowledge and skills, for the newly minted entry-level IT professionals. Our undergraduate IT program's intent is to maximize our graduate's knowledge of security within the given constraints, by providing them adequate knowledge and skills to succeed in the workforce when seeking entry level positions. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.