INFOSEC Made Easy-Incorporating Information Assurance Standards into Undergraduate Courses

Dwight A. Haworth1
Information Systems, University of Nebraska at Omaha
Omaha, NE  68182  USA

and

Leah R. Pietron2
Information Systems, University of Nebraska at Omaha
Omaha, NE, 68182, USA


Keywords:  Information security, information assurance, standards, and curriculum


The purpose of this workshop is to facilitate the inclusion of NSTISSIC (National Security Telecommunications and Information Systems Security) recommendations into the course content of undergraduate information security courses.  This particular workshop will illustrate the process of analyzing one course that will be primarily an INFOSEC course.  The standard that will be employed to assess the course content and design is NSTISSIC No. 4011-National Training Standard for Information Systems Security (INFOSEC) Professionals.  The participants will address the problems of translating a government-specific training standard into guidance for collegiate education.

Workshop participants will simulate the process of mapping the NSTISSIC behavioral outcomes to Bloom's Taxonomy.  The varied NSTISSIC behavioral outcomes will evaluated to establish a correspondence to Bloom's levels (knowledge, comprehension, application, analysis, synthesis, and evaluation) and the resulting list will be used for other activities in the workshop.

Other activities include evaluating textbook contents for coverage of checklist items, determining gaps in the coverage, and developing appropriate supplementary materials.  Included in the workshop presentation will be supplementary materials for the Comprehensive INFOSEC Model, OPSEC as related to private sector firms, and TEMPEST requirements.  Other topics, such as evaluation materials, references, and student activities, will be covered as time permits.






 

1 haworth@mail.unomaha.edu
2 lpietron@mail.unomaha.edu