Home | About Me | Favorite Links | Contact Me | Family Photo Album | My Resume | IEM Graduate Project
John Giordano's Personal Site
Problem Definition

Information Security Course for IEM

EE616 Graduate Project

 

John Giordano

Problem:

The IEM program has been in a state of transition as it has moved from being under the umbrella of the Electrical Engineering Department to being under the auspices of the Engineering Department.  While this is a positive situation as the IEM program can now better realize the goals established by the steering committee.  This transition has caused some confusion and frustration on both the instructors and students as constraints imposed by the EE department on course content could not immediately be altered to align with the current direction of IEM.  One course that was particularly affected was the Information Security course (formerly EE613).

To understand why the negative impact one has to understand the purpose of the IEM program.  Their goal is to train the future CIO’s, CTO’s and CSO’s of the Alabama business community.  To do so, it needs to provide the students with a technical curriculum.  However, in doing so, it does not need to get into the gritty details that would typically be left to lower level staff.  The IEM program needs to teach the strategy behind why the topics are needed and how to align them with the organizational business goals.

This is where the issue with the current format of the EE613 comes about.  While all the topics of the course are relevant, they are handled in a very technical manner.  For example with encryption, algorithmic details are covered as opposed to strategic deployment, business impact, client issues, etc.

In addition to this, there is an expectation issue with the current students.  Their perception is that information security is about “hacking” and breaking into systems.  When more mundane issues such as encryption where covered they felt it was irrelevant.  They could not see the relationship between what was being covered and issues they may have to deal with in their future leadership roles.

Proposed Solution:

To resolve these issues, the Information Security class needs to be restructured.  The core constructs of the ten domains of the Common Base of Knowledge will be covered.  However, each of the areas will be covered only to medium to high levels of detail.  After that information is covered, the business aspects of the area and how it can be used to enhance the business objectives and strategies.

Methodology:

To achieve the objective, the following methodology is recommended:

1.       Construct a survey to be given to the current second year students that will determine their expectations coming in to the class and areas they felt needed to be covered.

2.       Issue that survey to the second year students.

3.       Construct a survey to be given to first year students to determine their expectations.

4.       Issue that survey to the first year students

5.       Determine a pool of local security experts that can be interviewed to determine the security categories that management executives need to be versed in.

6.       Determine a pool of local executives that can be interviewed to determine the security categories that management executives need to be versed in.

7.       Analyze the above data to determine a priority of areas to be covered and construct a course outline.

8.       Utilizing the prioritized areas, create a set of scenarios and exercises that the students can work on individually and as teams.

Team:

Team Members: John Giordano

Advisor: Don Applebee