Towards a framework for the integration of information security into undergraduate computing curricula

  • K-L. Thomson Nelson Mandela University
  • L.A. Futcher Nelson Mandela University PE
  • L. Gomana Nelsen Mandela University PT
DOI: https://doi.org/10.20853/33-3-3011

Abstract

With the rapid rise of the world’s reliance on technology, organisations are facing an increased demand for a security savvy workforce. It is, therefore, important that computing graduates possess the necessary information security skills, knowledge and understanding that can enable them to perform their organisational roles and responsibilities in a secure manner. The information security skills, knowledge and understanding can be acquired through a computing qualification that is offered at a higher education institution. The ACM/IEEE, as a key role player that provides educational guidelines for the development of computing curricula, recommends that information security should be pervasively integrated into the curriculum. However, its guidelines and recommendations do not provide sufficient guidance on “how” this can be done. This study therefore, proposes a framework to address the pervasive integration of information security into computing curricula. Various research methods were used in this study. Firstly, a literature review was undertaken to inform the various phases and elements of the proposed framework. The literature reviewed included relevant information security education standards and best practices, including key computing curricular guidelines. Secondly, a survey in the form of semi-structured interviews supported by a questionnaire were used to elicit computing educators’ perspectives on information security education in a South African context, including the perceived challenges and ideas on how to integrate information security into the curricula. Finally, elite interviews were conducted to validate the proposed framework. It is envisaged that the proposed framework can assist computing departments and undergraduate computing educators in the integration of information security into the curricula thereby helping to ensure that computing graduates exit higher education institutions possessing the necessary information security skills, knowledge and understanding to enable them to perform their roles and responsibilities securely.

Downloads

Download data is not yet available.

Author Biography

K-L. Thomson, Nelson Mandela University

Associate Professor in the School of Information and Communication Technology

Senior Instructor in the Nelson Mandela University Cisco Networking Academy

References

ACM/IEEE - CS. (2008). Computer Science Curriculum 2008 : An Interim Revision of CS 2001 Report from the Interim Review Task December 2008 Association for Computing Machinery IEEE Computer Society. Security. Retrieved from https://www.acm.org/binaries/content/assets/education/curricula-recommendations/computerscience2008.pdf

ACM/IEEE - CS. (2013). Computer Science Curricula 2013. Current Practice, 1–172. Retrieved from: https://www.acm.org/binaries/content/assets/education/cs2013_web_final.pdf

ACM/IEEE – IT (2008). Information Technology 2008 Curriculum Guidelines for Undergraduate Degree Programs in Information Technology. Current Practice, 1–139. Retrived from: https://www.acm.org/binaries/content/assets/education/curricula-recommendations/it2008-curriculum.pdf

ACM/IEEE - IT (2017) Information Technology Curricula 2017. Retrieved from: https://www.acm.org/binaries/content/assets/education/curricula-recommendations/it2017.pdf

Amankwa, E., Loock, M., & Kritzinger, E. (2014). A conceptual analysis of information security education, information security training and information security awareness definitions. In The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014) (pp. 248–252). https://doi.org/10.1109/ICITST.2014.7038814

Conti, G., Hill, J., Lathrop, S., Alford, K., & Ragsdale, D. (2003). A comprehensive undergraduate information assurance program. IFIP Advances in Information and Communication Technology, 125, 243–260. https://doi.org/10.1007/978-0-387-35694-5

Dodge, R. C. (2013). Information Assurance and Security in the ACM/IEEE CS2013. In D. J. Ronald C & L. A. Futcher (Eds.), IFIP World Conference on Information Security Education (pp. 48–57). Berlin, Heidelberg: Springer.

Futcher, L., Schroder, C., & Von Solms, R. (2010). Information security education in South Africa. Information Management & Computer Security, 18(5), 366–374. https://doi.org/10.1108/09685221011095272

Futcher, L. & Van Niekerk, J. (2011). Towards a Pervasive Information Assurance Security Educational Model for Information Technology Curricula. In D. J. Ronald C & L. A. Futcher (Eds.), Proceedings of the 8th World Information Security Education Conference (pp. 164–171). Springer Berlin Heidelberg.

Author1, Author2, Author3. (2015). Reference details removed.

Author1. Author2, Author3 (2016). Reference details removed.

Hinson, G. (2005). The Value of Information Security Awareness. Noticebored-Creative Help for Your Information Security Awareness Program, (June), 1–20. Retrieved from http://www.noticebored.com/The_value_of_security_awareness.pdf

Institute of Progressive Education and Learning (2018). Curriculum Development Cycle. Retrieved from http://institute-of-progressive-education-and-learning.org/k-12-education-part-ii/k-12-curriculum/curriculum-development-cycle/

Irvine, C. E., Chin, S. K., & Frincke, D. (1998). Integrating security into the curriculum. Computer, 31(12), 25–30. https://doi.org/10.1109/2.735847

ISO/IEC 7498-2. (1989). Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture (1st ed.). Switzerland: ISO/IEC.

King, M. (2009). King Code of Governance for South Africa 2009. Institute of Directors in Southern Africa.

McCumber, J. (2005). Assessing and Managing Security Risk in IT Systems: A structured methodology. Auerbach Publications.

Perrone, L. F., Aburdene, M., & Meng, X. (2005). Approaches to undergraduate instruction in computer security. 2005 ASEE Annual Conference and Exposition: The Changing Landscape of Engineering and Technology Education in a Global World, 651–663.

Rajasekar, S., Philominathan, P., & Chinnathambi, V. (2006). Research Methodology. Methods, 68(1), 23. https://doi.org/10.1097/AAP.0b013e3182208cea

SIGITE Curriculum Committee. (2005). Computing Curriculum Information Technology Volume.

Smith, E., Von Solms, S., Oosthuizen, H., & Kritzinger, E. (2005). Information Security education: Bridging the gap between academic institutions and industry, (1998), 1–14. Retrieved from http://umkn-dsp01.unisa.ac.za/handle/10500/4005

Talib, M. A., Khelifi, A., & Ugurlu, T. (2012). Using ISO 27001 in teaching information security. IECON Proceedings (Industrial Electronics Conference), 3149–3153. https://doi.org/10.1109/IECON.2012.6389395

Tomhave, B. L. (2005). Alphabet soup: Making sense of models, frameworks, and methodologies, 1–57. Retrieved from http://egov.ufsc.br/portal/sites/default/files/alphabet_soup.pdf%5Cnwww.secureconsulting.net/Papers/Alphabet_Soup.pdf%5Cnhttp://secureconsulting.net/papers-publications.html

Von Solms R., & Von Solms B. Information security governance: A model based on the Direct-Control cycle. Computers & Security, Vol 25, 2006;6 : 408 – 412.

Von Solms, S., & Von Solms, R. (2009). Information Security Governance. Springer.

Whitman, M. E. (2003). Information Security. Communications of the ACM, 46(8), 91–95. https://doi.org/10.1145/859670.859675

Whitman, M. E., & Mattord, H. J. (2004). A Draft Model Curriculum for Programs of Study in Information Security and Assurance. Information Systems Security Education, 30114(770). Retrieved from http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1015&context=sais2004

Whitman, M. E., & Mattord, H. J. (2014). Management of Information Security (4th ed.). Course Technology, Cengage Learning.

Published
2019-08-25
How to Cite
Thomson, K-L., L.A. Futcher, and L. Gomana. 2019. “Towards a Framework for the Integration of Information Security into Undergraduate Computing Curricula”. South African Journal of Higher Education 33 (3), 155-75. https://doi.org/10.20853/33-3-3011.
Issue
Vol. 33 No. 3 (2019)
Section
General Articles

Copyright (c) 2019 Kerry-Lynn Thomson

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

This journal is an open access journal, and the authors and journal should be properly acknowledged, when works are cited.

Authors, copyright holders, may use the publishers version for teaching purposes, in books, theses, dissertations, conferences and conference papers.

A copy of the authors' publishers version may also be hosted on the following websites:

  • Non-commercial personal homepage or blog.
  • Institutional webpage.
  • Authors Institutional Repository.

The following notice should accompany such a posting on the website: This is an electronic version of an article published in SAJHE, Volume XXX, number XXX, pages XXX “XXX", DOI.  Authors should also supply a hyperlink to the original paper or indicate where the original paper (http://www.journals.ac.za/index.php/SAJHE) may be found.

Authors publishers version, affiliated with the Stellenbosch University will be automatically deposited in the University Institutional Repository  SUNScholar.

Articles as a whole, may not be re-published with another journal.

The following license applies:

Attribution CC BY-NC-ND 4.0