JIS  Vol.11 No.4 , October 2020
Empirical Evidence for a Descriptive Model of Principles of Information Security Course
Abstract: The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing discipline, for the past decade. More specifically, it is to provide an impetus for the design of standardized principles of Information/Cybersecurity course. To achieve this, a survey of colleges and universities that offer the course was conducted. Several schools of engineering and business, in universities and colleges across several countries were surveyed to generate necessary data. Effort was made to direct the questionnaire only to Computer Information System (CIS), Computer Science (CS), Management Information System (MIS), Information System (IS) and other computer-related departments. The study instrument consisted of two main parts: one part addressed the institutional demographic information, while the other focused on the relevant elements of the course. There are sixty-two (62) questionnaire items covering areas such as demographics, perception of the course, course content and coverage, teaching preferences, method of delivery and course technology deployed, assigned textbooks and associated resources, learner support, course assessments, as well as the licensure-based certifications. Several themes emerged from the data analysis: (a) the principles course is an integral part of most cybersecurity programs; (b) majority of the courses examined, stress both strong technical and hands-on skills; (c) encourage vendor-neutral certifications as a course exit characteristic; and (d) an end-of-course class project, remains a standard requirement for successful course completion. Overall, the study makes it clear that cybersecurity is a multilateral discipline, and refuses to be confined by context and content. It is envisaged that the results of this study would turn out to be instructive for all practical purposes. We expect it to be one of the most definitive descriptive models of such a cardinal course, and help to guide and actually, shape the decisions of universities and academic programs focusing on information/cyber security in the updating and upgrading their curricula, most especially, the foundational principles course in light of new findings that are herein articulated.
Cite this paper: Adekoya, A. , Donald, A. , Akkaladevi, S. and Akinola, A. (2020) Empirical Evidence for a Descriptive Model of Principles of Information Security Course. Journal of Information Security, 11, 177-188. doi: 10.4236/jis.2020.114012.

[1]   Adekoya, A.A. (2017) Carnegie African Diaspora Fellowship Program (CADFP): Final Report and Recommended Curriculum for the Master of Information Technology (MIT) Degree Program in Cybersecurity. Computer Sciences Department, University of Lagos, Lagos, Project ID: 00241602.

[2]   Schneider, F.B. (2013) Cybersecurity Education in Universities. IEEE Security & Privacy, 11, 3-4.

[3]   Santos, H., Pereira, T. and Mendes, I. (2017) Challenges and Reflections in Designing Cyber Security Curriculum. 2017 IEEE World Engineering Education Conference, Santos, 47-51.

[4]   Fischer, E.A. (2009) Creating a National Framework for Cybersecurity: An Analysis of Issues and Options. Nova Science Publishers, New York.

[5]   Alli, A. and Faraq, W. (2009) Introducing a Concentration in Information Assurance into a Computer Science Program. Issues in Information Systems, 10, 185-193.

[6]   Ayoub, R. (2011) The 2011 (ISC) 2 Global Information Security Workforce Study. ISC2, 2-27.

[7]   Shoemaker, D. and Conklin, W.A. (2011) Cybersecurity: The Essential Body of Knowledge. Cengage Learning, Boston.

[8]   ACM Computing Curricula Task Force (2013) Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science. ACM, Inc., New York.

[9]   Bogolea, B. and Wijekumar, K. (2004) Information Security Curriculum Creation: A Case Study. Proceedings of the 1st Annual Conference on Information Security Curriculum Development, Kennesaw, 59.

[10]   Whitman, M.E. and Mattord, H.J. (2004) Designing and Teaching Information Security Curriculum. Proceedings of the 1st Annual Conference on Information Security Curriculum Development, Kennesaw, 1.

[11]   Theoharidou, M. and Gritazalis, D. (2007) Common Body of Knowledge for Information Security. IEEE Security and Privacy Magazine, 5, 64-67.

[12]   Chin, S.K., Irvine, C.E. and Frincke, D. (1997) An Information Security Education Initiative for Engineering and Computer Science. Naval Postgraduate School Technical Report, NPSCS-97-003. Naval Postgraduate School, Monterey, CA. 12/1997, 59-65.

[13]   Anderson, J.E. and Schwager, P.H. (2002) Security in the Information Systems Curriculum: Identification & Status of Relevant Issues. Journal of Computer Information Systems, 42, 16-24.

[14]   Crowley, E. (2003) Information System Security Curricula Development. Proceeding of the 4th Conference on Information Technology Education, Lafayette, 249.

[15]   Smith, T., Koohang, A. and Behling, R. (2010) Formulating an Effective Cybersecurity Curriculum. Issues in Information Systems, 11, 410-416.

[16]   Luallen, M.E. and Labruyere, J.-P. (2013) Developing a Critical Infrastructure and Control Systems Cybersecurity Curriculum. 2013 46th Hawaii International Conference on System Sciences, Wailea, 1782-1791.

[17]   Kim, D. and Solomon, M. (2018) Fundamentals of Information Systems Security. Third Edition, Jones & Bartlett Learning, Burlington.

[18]   Anon (n.d.) How America Is Closing the Cybersecurity Skills Gap. Knowledge@Wharton.

[19]   Newhouse, W., Keith, S., Scribner, B. and Witte, G. (2017) National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. National Institute of Standards and Technology, Gaithersburg, NIST SP 800-181.

[20]   Burley, D.L., et al. (2017) The Joint Task Force on Cybersecurity Education. Twenty Second Americas Conference on Information Systems, San Diego, CA, 31 December 2017, 23-24.