Security education

April 28, 2010
Preparing information assurance graduates for tomorrow's challenges

Information Assurance cannot be taken lightly given today's global economy. Individual countries need to secure network and data infrastructures - it is not only necessary but also vital.

New technologies are constantly being developed to protect information and new ways to break through the protective barriers are developing just as fast; therefore, weakening existing protections of system and network perimeters. The requirement for computer security knowledge is and will continue to advance to control the ever-changing technology.

By conducting thorough research, colleges and universities have been developing programs to evaluate and determine the necessary training needed that will create skilled employees. These constantly-built-on programs cover a wide range of computer security concentrations, including cyber forensics, cyber terrorism, risk management, corporate computer network security, information assurance, and auditing information security, to name a few.

Creating an education program for a field that is rapidly changing is an extremely difficult task due to a number of changing variables. Universities must ensure that their graduates are equipped to deal with cloud computing, which, in itself, has a number of current and future security challenges. Cloud computing is the action of outsourcing data centers and services to a third-party organization. Through this method, organizations are spending less on information technologists by allowing third parties to provide technical service. This is most often seen in customer service.

Cloud computing has obvious benefits from the cost perspective; however, from the security perspective, it is something that could keep CISO (Chief Information Security Officers) on edge knowing that a large part of their company is in the hands of another organization.

As companies and organizations continue to expand outside U.S. soil, another challenge for computer security is unearthed. As universities create information security programs, they must build a curriculum that teaches students the necessary information in applying government mandates such as Health Insurance Portability and Accountability Act (HIPAA) or Safe Harbor Principles while continuing to ensure that their students understand issues surrounding topics like "data anywhere."

Data anywhere is simply the data that can be stored on laptops and wireless devices - data that can literally go anywhere. Because of this freedom, this data becomes extremely vulnerable and a simple password or encryption device is no longer enough.

Which method is better - outsourcing to save money or keeping everything in-house? There is no one method that organizations must implement to guarantee total security. Each process will have its advantages and disadvantages, and either way, security vulnerability is possible. Although this seems like a downbeat view on computer security, it is what keeps those in the field ahead of the game. University programs that stress security vulnerability as a permanent and genuine threat are the first step in taking a proactive measure towards protection.

Now that students know that vulnerability is always viable, the next step is minimizing it by teaching students various strategies to outwit security threats. Taking "data anywhere" as an example, graduates must be able to take what they learned in the classroom to determine a suitable program to protect his/her company's data, which could be cloud computing. University programs should not only teach how to weigh the pros and cons of different methodologies, but teach the students how to run test scenarios safely to test the strength of their system's protection.

Because of the vast specializations of security and the constant threat of a system being compromised, universities must provide a wide range of security programs, thoroughly covering the various areas of security. Programs should allow students to engage in real-world, practical situations through both research and hands-on practice. A well-prepared graduate of a computer security program will be able to apply his/her coursework to their respective organization, leading to smart security decisions, such as participating in cloud computing. Furthermore, programs must prepare students for future, more sophisticated attacks and critical thinking for after a security breach has occurred. A student prepared in these areas will be able to make smart decisions in managing cyber terrorism and forensic investigation, which are both unpredictable and challenging, but extremely crucial.

For university security programs, it is a necessity to be constantly adjusting the curriculum to meet the needs of the frequently changing security requirements, given the fact that the security of today will not necessarily mean the security of tomorrow. One must always have a security strategy in mind; preparation and quick thinking are key in thwarting a security breach.

Therefore, a graduate who is taught with a foundation of principles is prepared to take the necessary steps to protect their organizations system, always knowing that the hackers got a head-start.

Efosa Osayamwen, PhD, serves as lead faculty for Northcentral University's CIS courses and was instrumental in bringing Northcentral's curriculum for review and certification by Committee for National Security (CNSS).

About the Author

Efrosa Osayamwen | Dr. Efosa Osayamwen

Efosa Osayamwen, PhD, serves as lead faculty for Northcentral University's CIS courses and was instrumental in bringing Northcentral's curriculum for review and certification by Committee for National Security (CNSS).