preparing graduate students to lead and manage cyber security kevin a. barton asst prof, ciss...
TRANSCRIPT
Preparing Graduate Students to Lead and Manage Cyber
Security
Kevin A. Barton
Asst Prof, CISS
(210) 434-6711 ext 2213
Center for Information Assurance Management & Leadership (CIAML)
• Designated CAE-IAE in 2007; re-designated in 2012
• Key personnel:– Mr. Kevin Barton – Director– Mr. Ted Ahlberg – Asst Dean & CISS faculty– Dr. Carol Jeffries-Horner – CISS Dept Chair– Dr. Jesus Carmona – CISS faculty– Dr. Murad Moqbel – CISS faculty
Cyber Security Academic Programs
Undergraduate• Three degrees offered:
BBA, BS, and BAS– Two tracks: Security and
Web Info– Over 80 percent of
students in security track
• Enrollment:– San Antonio Campus: 75– Harlingen Campus: 17
Graduate• One degree offered: MS
– Program moved online in 2010
– A boot camp is offered for prospective students who do not have a related undergraduate degree
• Enrollment: – Prior to online: 7 – 15 – Online: 62
Events
Community• 2010 Cyber Security for
Business Leaders– Hosted with local industry
leaders
• 2010 Stop.Think.Connect Campaign– Hosted with DHS and FBI
• 2011 Protecting Information Systems in SMBs– Four one-day events
Academic• 2010 Mentor Holmes
High School in Cyber Patriot competition
• 2011 Linux Boot Camp for two local high schools
• 2011 Mentor Holmes High School in Cyber Patriot
• 2012 Cyber Patriot Boot Camp
Student Scholarship
Scholarships• IASP recipients every
year of CAE-IAE designation, two recipients in 2012/2013
• Submitted proposal for 32 NSF CyberCorps SFS scholarships for 2013-2019
Research• Survey of emerging cyber
security research (Grant: AOARD)
• Students participation in field research– Electronic voting security– Next Generation 911
security
• All graduate courses include a research component
Student Scholarship
Competitions• Panoply
– 2011: First cyber security competition – two teams
– 2012: Two teams, 1st & 7th
• 2012 DC3 Digital Forensic Challenge
• 2012 Collegiate Cyber Defense Competition
Graduate Curriculum
Traditional CIS Courses• Database Management
Systems• IS Development• Telecomm & Networking• IS H/W & S/W Platforms• IS Special Topics
Cyber Security Courses• IA & Security Principles• IA Planning & Management• IA Assessment• Internet Security
Architectures• ISS Special Topics
Program Purpose• Prepare students for CIO or CISO
positions• Graduates very successful at CISSP (or
equivalent) certification• Graduates assuming IA leadership roles
in finance, government, military, and healthcare
• However, mismatch between curriculum and program’s purpose
Significant Curriculum ChangesFace-to-Face Format
(Prior to Fall 2010)• CIS courses prepared
students as developers, system/network administrators
• IA courses prepared students to be security administrators
• Insufficient research work
Online Format
(Since Fall 2010)• Added two new courses
(one CIS, one security)• Integrated IA curriculum
into CIS courses• Expose students to
research literature
Significant Curriculum ChangesFace-to-Face Format
(Prior to Fall 2010)• IA curriculum more
Knowledge, Understanding, and Application levels of learning
Online Format
(Since Fall 2010)• Elevated curriculum to
Analysis, Evaluation, and Creation levels of learning
Analysis
• Understanding components
• Understanding how components relate to each other
• Understanding why components relate to each other
• Examining administrative, technical and physical controls used to mitigate risks
• Selecting controls to mitigate risk
• Understanding NIST, government and industry standards
Evaluate
• Critiquing and evaluating information, methods, and solutions
• Prioritizing solutions when confronted with limited resources
• Assessing performance
• Developing criteria to evaluate risk
• Prioritizing risk and evaluating controls to mitigate risk
• Measuring control effectiveness
Create
• Combining information to create ideas and new information
• Using existing knowledge to solve new problems
• Developing criteria to evaluate and assess
• Considering how controls and standards for designed for one purpose or environment can be used in other environments
• Anticipating risks with emerging technologies and considering solutions to mitigate those risks