PSF 24 06/07
The Department of Computer Science at the UW-Parkside wishes to establish a certificate in Cyber Security.
With the growth of computer networking and the World Wide Web in particular, cyber security has become of increasing importance to all computer users. It is a broad field that includes securing desktop computers, server systems, and the networks that connect them together. Desktop computers must be protected from viruses, worms, phishing (fraudulent email) and SPAM. Industry faces problems with identity theft, web page defacement, internal spying and hacking. Privacy and fraud concerns have led the federal government to pass Sarbanes-Oxley, HIPAA (Health Insurance Portability and Accountability Act) and FISMA (Federal Information Security Management Act), which has driven the need to more cyber-security personnel throughout industry.
Following 9/11, the threat of cyber terrorism was raised in the public eye and the government has placed a high priority on cyber security training and infrastructure. It remains a major area of funding for the National Science Foundation (NSF). The CS Department has worked hard to help its instructors come up to speed in the area. We applied for and received a $188,000 NSF grant to train our instructors and our system administrator, who is also a regular adjunct for the department. The grant also supported the establishment of a dedicated cyber security lab on campus. This lab is isolated from the rest of the campus network allowing students to explore security issues without the risk of being hacked, or of having a virus or worm escape “into the wild.”
CS Departments around the world are playing catch up to put quality cyber security curricula in place. The Association for Computing Machinery (ACM) is working to integrate cyber security into its curricular guidelines, and the SANS Institute has very high quality professional courses, but there are currently no nationally recognized guidelines for undergraduate curricula. It is the responsibility of each department to design their own curriculum.
The curriculum below is for a 9 credit hour certificate, made up entirely of CS and MIS courses at the 400 level. Because cyber security depends on an in depth understanding of how computing systems work, all the courses in the certificate have prerequisites (not listed here).
CSCI 477 Computer Communication and Networks
MIS 424 Advanced Business Data Communications 3 credits
CSCI 478 Introduction to Network Security 3 credits
CSCI 490 Web Security
Another pre-approved CSCI 490 or MIS 490 course 3 credits
Total 9 credits
Examples of other CSCI 490 courses being considered are: Database Security, and Secure Code Development. An MIS course example could be: IS Security Policy and Implementation.
The CS Department plans to offer the courses in the certificate on a rotating (every third semester) basis.
Market for the Program
The cyber security certificate is designed to be attractive to CS and MIS majors, CS minors, and working IT professionals. All three CSCI courses in the certificate appear as electives in the CS major, but the CS major only requires 2 electives, so a CS student can only count 6 credit hours towards both. MIS students the Networking and Infrastructure track would also be able to leverage 6 credit hours. A CS minor would be able to count 3 credits from the certificate towards their minor.
Professor Baldwin, Chair of Business, has informed us that his department is in the early stages of discussing both a Security concentration in the MIS major and an MIS minor. The certificate courses would be valuable for students in either of these programs, too.
The certificate would most likely not be popular with students from other disciplines, as there are “hidden” prerequisites that must be taken before attempting CSCI 477 or MIS 424.
The certificate is also designed to be attractive to working IT professionals. There are many technology specific security certificates available, e.g. CISCO Security and MS .Net Security. There are very few certificates available that emphasize the theory and principles behind cyber security, however. The nature of the proposed certificate makes it an ideal candidate for the professional who wants an in depth understanding of what it means to secure a system/network, not just an understanding of the technical tools to carry it out. We intend to have half of all certificate course offerings in the evening, making it easier for working professionals to complete the certificate.
The CS Department is capable of offering this certificate with no additional resources.