NSF Grant 0837574: Information Security Audit: Case Study and Service Learning

While much of the focus in security education has focused on technology, such as encryption, malware, intrusion detection, and authentication, an important aspect that is often ignored is the procedural, physical, and requirements side of IS security, including policy development, risk management, application design and control, and fraud avoidance. Such knowledge is useful for security analysts, auditors, and security-oriented systems analysts. This Information Systems Security course involves students working with authentic projects, including small for-profit or not-for-profit organizations. Students working with a small organization get to see a broad picture of how security can be implemented for a constrained problem.

To prepare students for such work, a case study has been developed where students work with an ongoing scenario in class through the semester. The case study includes sufficient structure, including PowerPoint slides, an organizational description, skeleton security documents, and lab scenarios. The case study enables students to discuss solutions and implement one of them. They work with skeleton documents, which can then help them to apply security concepts to a real-world environment.

This work is interdisciplinary, bringing together faculty from computer science, accounting and management information systems, to ensure real business cases are considered, and to learn from each others expertise to expand our understanding of the problem.

The development of this work was funded by the National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author and/or source(s) and do not necessarily reflect the views of the NSF.