The Design of Complementary Information Security and Cybersecurity Courses
Arthur Ream III Bentley University
David Yates Bentley University
Abstract This talk describes the design of an information security and a cybersecurity course, both taught at the same business-focused four-year university. The focus of these courses is on the principles and practices of their respective realms. The scope of these courses is summarized by the Venn diagram that von Solms proposed more than ten years ago. This diagram illustrates that information security and cybersecurity have distinct and overlapping concerns. We argue that this model for information security (infosec) and cybersecurity (csec) still holds and helps students (and instructors) understand different areas of focus that are considered mostly infosec, mostly csec, or at the intersection of both. We illustrate the utility of this model from a theoretical perspective by presenting three comprehensive frameworks -- one for each area of focus -- and from a practical perspective by considering the CISSP domains and ACM/IEEE/AIS/IFIP CSEC knowledge areas. In both courses, we motivate the need to augment security models with overarching principles, e.g., privacy, risk management, defense in depth, and zero trust. Finally, we argue that lifelong learning in security-related disciplines is supported by many of the infosec and csec certifications.