Abstract – Information Systems Security (ISS) has become increasingly an integral part of our lives. Accordingly, there is the need of increasing awareness of this issue in the society, increasing the workforce capable of meeting the corresponding challenges, and increasing the diversity of such workforce. Academic institutions are in the forefront of this challenge and are best equipped to fulfill the aforementioned goals. Understanding this need, Polytechnic University of Puerto Rico (PUPR) has taken various steps to address this problem. In this paper, we share the advances of ISS education at PUPR and the steps taken to be recognized as a national center of Academic Excellence in Information Assurance Education (CAE/IAE).

Abstract – This article provides an overview of an actual application for the National Center of Academic Excellence in Information Assurance Education (CAEIAE) program designation, by one university. Each institution is unique and the experiences provided here are illustrative only. The key to success is providing evidence for each major area of submission. The use of electronic resources, Uniform Resource Locators (URLs) /addresses are emphasized. Applicants can best serve their efforts by assisting NSA evaluators and reviewers with artifacts and verification. The authors have noticed at previous CISSE annual meetings this subject is not well addressed.

Abstract – This paper discusses the need to develop a common understanding of a curriculum which prepares students to practice in the field of Information Assurance (IA). A study of public documents, congressional hearings, published papers and conference presentations regarding the state of cyber security in America was conducted to discover commonality regarding cyber security education and training. The document review discovered, within academia, information assurance education is not consistently approached; there is a lack of definition and corresponding need for specificity regarding information assurance curriculum. Furthermore, a nearly decade long government call to action for academia to produce increasing numbers of information assurance professionals may not have come to full fruition.

Abstract – The US National Security Agency (NSA) established a program in Information Assurance education in 1999 that established Centers for Academic Excellence in Information Assurance Education (CAEIAE). While designated a success by the government, the program has been criticized over the years by program participants as less than optimal. In this paper, we review the program and identify the most serious problems. We then suggest possible solutions to these problems in order to improve the program so that it represents true excellence in IA education.

Abstract –This paper provided an example for the development of an interdisciplinary Information Technology (IT) Auditing curriculum by mapping the CNSSI /NSTISSI standards with the prevailing ISACA IT Auditing Model Curriculum. IT Auditing involves assisting public or private organizations in ensuring that their information technologies and business systems are adequately protected and controlled. Consequently, IT Auditing professionals need to have a solid grounding in information technology, information assurance, auditing process, as well as regulatory and compliance frameworks. Through our standard mapping processes, we were able to discover the discrepancies between IA and Auditing and proceeded to redesign our current IA curriculum.

Abstract – We argue that information security can and should be covered in the majority of core computer science courses, both at the undergraduate and the graduate level. One benefit of taking this approach is to strengthen our student's understanding of the various security problems in computing, as well as eliminating many of the security-critical computing habits that are often reported to be had by many IT professionals (especially the production of vulnerable software) early by educating our computer science students, from the very beginning, on the need to keep security in mind when using, designing, developing, and maintaining computing resources.

Abstract – The Maryland Alliance for Information Security Assurance (MAISA) is a consortium of 15 community colleges, colleges, and universities led by Towson University. By working collaboratively, we have been able to strengthen our information assurance education programs. We present our consortium, and describe some of our current projects and the effects that they have had on our information assurance education programs.

Abstract-In this paper, the Information Assurance Exercise that has recently been developed at Auburn University will be discussed. This educational exercise provides Auburn University with a means to foster student interest as a potential area of study in information assurance as well as Computer Science. This sort ofhigh speed, low drag exercise is designed to be a student’s first exposure to real information assurance practices and demonstrates the stark differences between setting up a virus scanner on a home computer and the level of effort required in securing anenterprise level system. Optional courses in information assurance and computer forensics continue to grow at most universities.

Abstract –Information is a critical business asset, which depends on protection by competent system administrators experienced in real-world environments and threats. With the cyber threat increasing, we need a meaningful way to train, and certify, the level of cyber competency. A cyber-defense curriculum and live-fire trainers that quantify a student’s performance are essential to the survival of our “Information Age” critical assets.

Abstract – United States (U.S.) government agencies and defense contractors are the target of extremely complex foreign state-sponsored cyber attacks referred to as the “advanced persistent threat.” These attacks are intended to steal sensitive information, such as national defense, research and development, and personal information. While the techniques for information gathering to determine targets (both information assets and people) may be complex, a common method used for infiltrating networks is simple social engineering. Technical controls may be used to tighten access controls but are not the total solution. Changing employee behavior through security awareness is required.