Education and Information Technologies

, Volume 15, Issue 4, pp 293–315 | Cite as

Designing and implementing an undergraduate program in information systems security



This paper describes development and delivery of the curriculum for a four-year undergraduate program in applied Information Sciences which comprises all the aspects of information systems security. After the first generation of students graduated in 2008, the program was evaluated by using multiple methods, including an exploration of the challenges and successes the program underwent in the process. By reflecting on the established need for such a program and how it evolved historically, the authors set up a baseline for comparing this program with other related programs in the field as well as with known information systems security curriculum models. While this curriculum continues to be modified in response to requirements from the job market and input from industry experts, some challenges for the program remain, such as scarcity of qualified instructors to ensure seamless program delivery, having students with varied educational backgrounds in the same class, and underrepresentation of females. Program curriculum details and useful experiential conclusions are also provided.


Information systems security Undergraduate program Curriculum models 


  1. Aycock, J., & Barker, K. (2004). Creating a secure computer virus laboratory (case study). In U. E. Gattiker (Ed.), EICAR 2004 Conference CD-ROM: Best Paper Proceedings. 13 pages. Copenhagen: EICAR e.V.Google Scholar
  2. Aycock, J., & Barker, K. (2005). Viruses 101, Department of Computer Science, University of Calgary, SIGCSE’05, February 23–27, 2005, St. Louis, Missouri, USA.Google Scholar
  3. Blahnik, J., McVey, B., & Pankratz, D. (2006). Adding concentrations to the CS major: Our Dean calls us ‘innovative’. SIGCSE’06, March 1–5, 2006, Houston, Texas, pp. 191–194.Google Scholar
  4. Bogolea, B., & Wijekumar, K. (2004). Information security curriculum creation: A case study. InfoSecCD Conference ’04, October 8, 2004, Kennesaw, GA, USA, 59–65.Google Scholar
  5. CC2001 Joint Task Force (2001). Computing Curricula 2001: Computer Science. Retrieved September 5, 2009 from
  6. Chen, L.-C., & Lin, C. (2007). Combining theory with practice in information security education. Proceedings of the 11th Colloquium for Information Systems Security Education, Boston University, Boston, MA June 4–7, 2007, 28–35.Google Scholar
  7. Du, W., Teng, Z., & Wang, R. (2007). SEED: A suite of instructional laboratories for computer SEcurity EDucation. SIGCSE’07, March 7–10, 2007, Covington, Kentucky, pp. 486–490.Google Scholar
  8. Frieze, C., Hazzan, O., Blum, L., & Dias, M. B. (2006). Culture and environment as determinants of women’s participation in computing: Revealing the “women-CS fit.” SIGCSE’06, March 1–5, 2006, Houston, Texas, pp. 22–26.Google Scholar
  9. Frost & Sullivan (2008). The 2008 (ISC)2 global information security workforce study. Retrieved September 1, 2009 from
  10. Furst, M., Isbell, C., & Guzdial, M. (2007). ThreadsTM: How to restructure a computer science curriculum for a flat world. SIGCSE’07, March 7–10, 2007, Covington, Kentucky, pp. 420–424.Google Scholar
  11. Ontario Jobs and Investment Board (1999). A roadmap to prosperity: An economic plan for jobs in the 21st Century, Ontario Government Documents Collection.Google Scholar
  12. Ontario Ministry of Training, Colleges and Universities (2000). “Increasing Degree Opportunities for Ontarians”, A Consultation Paper.Google Scholar
  13. Sheoran, P., Friesen, C., & de Belón, H. (2006). Developing and sustaining information assurance: The role of community colleges, part 2. IEEE Security and Privacy, 4, 60–65.Google Scholar
  14. Theoharidou, M., & Gritazalis, D. (2007). Common body of knowledge for information security. IEEE Security & Privacy, 5(2), 64–67.CrossRefGoogle Scholar
  15. Tipton, H. F., & Henry, K. (2006). Official (ISC)² guide to the CISSP CBK. New York: Auerbach Publications.Google Scholar
  16. Whitman, M. E., & Mattord, H. J. (2004a). Designing and teaching information security curriculum. InfoSecCD Conference ’04, October 8, 2004, Kennesaw, GA, USA, 1–7.Google Scholar
  17. Whitman, M., & Mattord, H. (2004b). A draft curriculum model for programs of study in information security and assurance. Retrieved March 30, 2009 from

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.BAISc (Information Systems Security)Sheridan Institute of Technology and Advanced LearningOakvilleCanada
  2. 2.Faculty of EducationUniversity of WindsorWindsorCanada

Personalised recommendations