Security education

Preparing information assurance graduates for tomorrow's challenges


Information Assurance cannot be taken lightly given today's global economy. Individual countries need to secure network and data infrastructures - it is not only necessary but also vital.

New technologies are constantly being developed to protect information and new ways to break through the protective barriers are developing just as fast; therefore, weakening existing protections of system and network perimeters. The requirement for computer security knowledge is and will continue to advance to control the ever-changing technology.

By conducting thorough research, colleges and universities have been developing programs to evaluate and determine the necessary training needed that will create skilled employees. These constantly-built-on programs cover a wide range of computer security concentrations, including cyber forensics, cyber terrorism, risk management, corporate computer network security, information assurance, and auditing information security, to name a few.

Creating an education program for a field that is rapidly changing is an extremely difficult task due to a number of changing variables. Universities must ensure that their graduates are equipped to deal with cloud computing, which, in itself, has a number of current and future security challenges. Cloud computing is the action of outsourcing data centers and services to a third-party organization. Through this method, organizations are spending less on information technologists by allowing third parties to provide technical service. This is most often seen in customer service.

Cloud computing has obvious benefits from the cost perspective; however, from the security perspective, it is something that could keep CISO (Chief Information Security Officers) on edge knowing that a large part of their company is in the hands of another organization.

As companies and organizations continue to expand outside U.S. soil, another challenge for computer security is unearthed. As universities create information security programs, they must build a curriculum that teaches students the necessary information in applying government mandates such as Health Insurance Portability and Accountability Act (HIPAA) or Safe Harbor Principles while continuing to ensure that their students understand issues surrounding topics like "data anywhere."

Data anywhere is simply the data that can be stored on laptops and wireless devices - data that can literally go anywhere. Because of this freedom, this data becomes extremely vulnerable and a simple password or encryption device is no longer enough.

Which method is better - outsourcing to save money or keeping everything in-house? There is no one method that organizations must implement to guarantee total security. Each process will have its advantages and disadvantages, and either way, security vulnerability is possible. Although this seems like a downbeat view on computer security, it is what keeps those in the field ahead of the game. University programs that stress security vulnerability as a permanent and genuine threat are the first step in taking a proactive measure towards protection.

Now that students know that vulnerability is always viable, the next step is minimizing it by teaching students various strategies to outwit security threats. Taking "data anywhere" as an example, graduates must be able to take what they learned in the classroom to determine a suitable program to protect his/her company's data, which could be cloud computing. University programs should not only teach how to weigh the pros and cons of different methodologies, but teach the students how to run test scenarios safely to test the strength of their system's protection.

This content continues onto the next page...