Cyber Forensics and Security as an ABET-CAC Accreditable ...program. An innovative bachelor’s degree program incorporating cyber forensics and information security is presented which

Volume 8, Number 60 http://isedj.org/8/60/ July 28, 2010

In this issue:

Cyber Forensics and Security as an ABET-CAC Accreditable Program

David F. Wood Frederick G. KohunRobert Morris University Robert Morris University

Moon Township, PA 15108 USA Moon Township, PA 15108 USA

Azad AliIndiana University of Pennsylvania

Indiana, PA 15705 USA

Karen Paullet Gary A. DavisRobert Morris University Robert Morris University

Moon Township, PA 15108 USA Moon Township, PA 15108 USA

Abstract: This paper frames the recent ABET accreditation model with respect to the balancebetween IS programs and innovation. With the current relaxation of the content of the informationsystems requirement by ABET, it is possible to include innovation into the accreditation umbrella.To this extent this paper provides a curricular model that provides programmatic flexibility withinthe information systems environment that allows for innovation in the context of an accreditedprogram. An innovative bachelor’s degree program incorporating cyber forensics and informationsecurity is presented which can fit the ABET-CAC model for accreditation as an Information Systemsdegree. The paper argues for the usefulness of a cyber forensics security degree, and its positioningwithin the ABET accreditation framework.

Keywords: ABET, forensics, security, accreditation

Recommended Citation: Wood, Kohun, et al (2010). Cyber Forensics and Security as anABET-CAC Accreditable Program. Information Systems Education Journal, 8 (60).http://isedj.org/8/60/. ISSN: 1545-679X. (A preliminary version appears in The Proceedings ofISECON 2009: §2355. ISSN: 1542-7382.)

This issue is on the Internet at http://isedj.org/8/60/

ISEDJ 8 (60) Information Systems Education Journal 2

The Information Systems Education Journal (ISEDJ) is a peer-reviewed academic journalpublished by the Education Special Interest Group (EDSIG) of the Association of InformationTechnology Professionals (AITP, Chicago, Illinois). • ISSN: 1545-679X. • First issue: 8 Sep 2003.• Title: Information Systems Education Journal. Variants: IS Education Journal; ISEDJ. • Phys-ical format: online. • Publishing frequency: irregular; as each article is approved, it is publishedimmediately and constitutes a complete separate issue of the current volume. • Single issue price:free. • Subscription address: [email protected]. • Subscription price: free. • Electronic access:http://isedj.org/ • Contact person: Don Colton ([email protected])

2010 AITP Education Special Interest Group Board of Directors

Don ColtonBrigham Young Univ HawaiiEDSIG President 2007-2008

Thomas N. JanickiUniv NC Wilmington

EDSIG President 2009-2010

Alan R. PeslakPenn State

Vice President 2010

Scott HunsingerAppalachian StateMembership 2010

Michael A. SmithHigh Point UnivSecretary 2010

Brenda McAleerU Maine AugustaTreasurer 2010

George S. NezlekGrand Valley StateDirector 2009-2010

Patricia SendallMerrimack CollegeDirector 2009-2010

Li-Jen ShannonSam Houston StateDirector 2009-2010

Michael BattigSt Michael’s CollegeDirector 2010-2011

Mary LindNorth Carolina A&TDirector 2010-2011

Albert L. HarrisAppalachian StJISE Editor ret.

S. E. KruckJames Madison U

JISE Editor

Wendy CeccucciQuinnipiac University

Conferences Chair 2010

Kevin JettonTexas State

FITE Liaison 2010

Information Systems Education Journal Editors

Don ColtonProfessor

BYU HawaiiEditor

Thomas N. JanickiAssociate Professor

Univ NC WilmingtonAssociate Editor

Alan R. PeslakAssociate ProfessorPenn State UnivAssociate Editor

Scott HunsingerAssistant ProfessorAppalachian StateAssociate Editor

Information Systems Education Journal 2009-2010 Editorial and Review Board

Samuel Abraham, Siena HeightsAlan Abrahams, Virginia TechRonald Babin, Ryerson UnivMichael Battig, St Michael’s CEric Breimer, Siena CollegeGerald DeHondt II, Grand ValleyJanet Helwig, Dominican UnivMark Jones, Lock Haven UnivTerri Lenox, Westminster CollMary Lind, NC A&T UniversityCynthia Martincic, St Vincent C

Brenda McAleer, U Maine AugustaFortune Mhlanga, Abilene ChristianGeorge Nezlek, Grand Valley St UAnene L. Nnolim, Lawrence TechMonica Parzinger, St Mary’s UnivDon Petkov, E Conn State Univ

Steve Reames, American Univ BIHJack Russell, Northwestern St U

Sam Sambasivam, Azusa Pacific UBruce M. Saulnier, Quinnipiac

Mark Segall, Metropolitan S DenverPatricia Sendall, Merrimack CollLi-Jen Shannon, Sam Houston StMichael Smith, High Point UnivRobert Sweeney, South Alabama

Karthikeyan Umapathy, U N FloridaStuart Varden, Pace University

Laurie Werner, Miami UniversityBruce A. White, Quinnipiac Univ

Charles Woratschek, Robert MorrisPeter Y. Wu, Robert Morris Univ

This paper was in the 2009 cohort from which the top 45% were accepted for journal publication.Acceptance is competitive based on at least three double-blind peer reviews plus additional single-blind reviews by the review board and editors to assess final manuscript quality including theimportance of what was said and the clarity of presentation.

c© Copyright 2010 EDSIG. In the spirit of academic freedom, permission is granted to make anddistribute unlimited copies of this issue in its PDF or printed form, so long as the entire documentis presented, and it is not modified in any substantial way.

c© 2010 EDSIG http://isedj.org/8/60/ July 28, 2010

ISEDJ 8 (60) Wood, Kohun, et al 3

Cyber Forensics and Information Security as an ABET-CAC Accreditable Program

David Wood, [email protected]

Frederick Kohun, [email protected]

Computer and Information Systems Robert Morris University

Moon Township, Pennsylvania 15108, USA

Azad Ali, [email protected]

Technology Support and Training Indiana University of Pennsylvania

Indiana, Pennsylvania 15705, USA

Karen Paullet, [email protected]

Gary Davis, [email protected]

Computer and Information Systems

Robert Morris University

Moon Township, Pennsylvania 15108, USA

Abstract

This paper frames the recent ABET accreditation model with respect to the balance between IS programs and innovation. With the current relaxation of the content of the information sys-tems requirement by ABET, it is possible to include innovation into the accreditation umbrella. To this extent, this paper provides a curricular model that provides programmatic flexibility within the information systems environment that allows for innovation in the context of an accredited program. An innovative bachelor’s degree program incorporating cyber forensics and information security is presented which can fit the ABET-CAC model for accreditation as

an Information Systems degree. The paper argues for the usefulness of a cyber forensics and information security degree, and its positioning within the ABET accreditation framework.

Keywords: ABET, forensics, security, accreditation

1. INTRODUCTION

In the past eight years, the total number of Information Systems (IS) programs attain-

ing ABET-CAC accreditation has grown to 29. As the number of IS programs seeking ac-creditation is likely to increase, there is a need to assess not only the gains associated with the accreditation process, but also the

potential unplanned negatives. This paper frames the recent ABET accreditation model with respect to the balance between IS pro-

grams and innovation. It can be argued that the ABET model focuses on Hardware, Soft-ware, and Data, with a lesser degree of at-tention to people and procedures. For in-stance, while business courses had been a required part of the ABET accreditation and,



since IS courses are not permitted to be counted as an IS Environment, there were no explicit requirements for IS related busi-ness courses in the information system envi-

ronment (DeLorenzo, Kohun, & Wood, 2006). While the IS business related courses are not specified by ABET, most accredited programs use essentially the same mix of business core courses. This has resulted in a degree of de facto standardization in ac-credited programs. However, with the cur-

rent relaxation of the content of the informa-tion systems requirement by ABET, it is possible to include innovation into the accre-ditation umbrella. To this extent, this paper provides a curricular model that provides programmatic flexibility within the informa-

tion systems environment that allows for innovation in the context of an accredited program.

2. INFORMATION SECURITY –

BRIEF HISTORY

“Information security” is not new; it has been used at different forums and intro-duced from different perspectives. Leeuw (2007) noted that the origin of information security dates back to when the scientific information became widely acknowledged and the need rose to safeguard this know-

ledge from being acquired or used by others without having the prior authorization. In-nella (2008), in contrast, explained that the introduction of the Internet provided the spark which led to increasing the use of In-formation Security. The same author dis-

cussed the Defense Advanced Research Project Agency’s (DARPA) initiatives in 1969 to design a network through which data could be passed and received. Some of these data were sensitive and this led to es-tablishing procedures for sharing sensitive information on the network and devices to

protect the information from being stolen.

Although the Internet led to increase the sharing of information, which increased the use of information security, the swell of in-formation security programs at academic institutions was not witnessed until the turn of the century. The wide spread use of busi-

ness transactions electronically placed more urgency on delivering this information accu-rately. This added to the importance of find-ing people who can protect this information. Academic programs realized this need and

started different programs and courses to train people in such skills.

3. INFORMATION SECURITY IN

ACADEMIA

According to Innella (2008), securing com-puter networks had its roots in the 1960s when computers were connected through dumb terminals via networks and informa-tion was exchanged through the network.

Computer academic programs started initial-ly teaching computer security in small dos-es; in a chapter or a few chapters in a book or by covering computer security with other topics in the same course. Later, develop-ment increased the volume at which infor-

mation security is taught at academic pro-grams. Currently, nearly all computer pro-grams have at least one course or topic that is devoted to teaching computer or informa-tion security in one form or another. Often, an entire degree is devoted to teaching in-formation security.

Governmental support for academic pro-grams in information security has increased greatly in recent years. This support is ex-emplified in the establishment of the Nation-al Centers of Academic Excellence in IA Edu-cation (CAEIAE) by the National Security Agency (NSA) and the Department of Ho-

meland Security (DHS). In 1999, the goal of these centers was “ . . . to reduce vulnera-bility in our national information infrastruc-ture by promoting higher education and re-search in IA and [by] producing a growing number of professionals with IA expertise in

various disciplines (National Security Agen-cy, 1999).” In the first year of the center, seven universities were designated with this status of excellence. The number of universi-ties with this status has steadily increased since 1999, due to the increased demand for graduates trained in information security.

According to Frost & Sullivan (2008), tech-nology by itself does not solve security prob-lems; people must be trained on the use of technology in order to properly use it to solve anticipated problems. In a survey of 7,548 information security professionals conducted by Frost & Sullivan to study the

status of jobs available in information securi-ty, the authors estimated the number of in-formation security professionals employed worldwide to be approximately 1.66 million in 2007. The number of available positions is



expected to increase to almost 2.7 million professionals by 2012. This increase from 1.6 million to 2.7 million represents a 10% increase each year from 2007 to 2012.

Such increase in demand for information security professionals adds more pressure on academic programs to meet the increas-ing demand for such personnel. Information systems and information technology pro-grams made consistent modifications to their programs to include information security in

an effort to keep pace with the demand for such professionals. The continuing modifica-tions are more apparent in the representa-tion of information security in IT model cur-riculum. The earlier version of these model curricula hardly suggested the inclusion of

information security in their suggested top-ics. However, later versions suggested the inclusion of courses as well as specific pro-grams in information security.

4. INFORMATION SECURITY IN THE

MODEL CURRICULA

Many organizations work to model curricula for various technology fields, such as: The Association for Computing Machinery (ACM), Institute of Electrical and Electronics Engi-neers (IEEE), the Association of Information Systems (AIS) and the Association of Infor-

mation Technology Professionals (AITP). These organizations have worked at many levels to develop model curricula for differ-ent computer disciplines. These organiza-tions have developed a number of docu-ments in this regard and indicated that they

will continue to do so as the need arises. The initial focus of these efforts was to develop a model curriculum for computer science pro-grams. This focus evolved into a larger number of model curricula to cover a wider range of computer related programs.

The documents that are developed by these

organizations are labeled as computing cur-ricula. Though not officially considered “standards,” these documents have been widely used in curriculum development and accreditation. In fact, due to their wide use in higher education, these documents are considered as the de facto standard or the

“pseudo standard” curricula in the compu-ting technology fields.

The latest incarnation of these model curri-cula include IS2002, CC2005, IT2005 and IT2008.

IS2002

IS2002 (Gorgone et al., 2002) included a table titled “Representative Capabilities and Knowledge Expected for IS Program Gra-duates.” This table included four areas, in-cluding technology. Under the technology heading, the table lists Database Design and

Administration. Beneath the table, the topic of “Administration, security, safety, backup, repairs, and replicating” are suggested as topic coverage areas.

In addition to the representative capabilities figure, IS2002 included 12 learning units.

Each of these units can serve as courses in traditional IS programs. Security was men-tioned as a topic of coverage under two learning units: IS 2002.1 – Fundamentals of Information Systems and IS 2002.2 – Elec-tronic Business Strategy, Architecture and Design.

CC2005

The development of Computing Curriculum 2005 (CC2005) served two purposes: First, it identified the fields or the academic pro-grams that encompass computer related programs. Second, it listed specific fields

that are included under each domain.

CC2005 identified five computer related pro-grams: Computer Science (CS), Information Systems (IS), Information Technology (IT), Computer Engineering (CE) and Software Engineering (SE). Along with the five tech-

nology fields, CC2005 provided a scoring mechanism for the coverage (or domain) area for these five technology fields. Al-though there is some overlap in the cover-age area among these five fields, CC2005 provided ample descriptions of each of the coverage areas.

One of the tables included in CC2005 pro-vides Comparative weights of computing topics across the five kinds of degree pro-grams mentioned above. Two topics were mentioned in the table regarding security: Security Issues and Principles, and Security Implementation and Management. Both of

these categories were present in computer engineering, computer science, information systems, information technology, and soft-ware engineering.



IT2005, IT2008

Both the IT2005 and IT2008 standard curri-cula have been developed regarding the lat-

est emerging field of information technology. Information Assurance and Security are listed as one of 12 knowledge areas included in the body of knowledge for this field. In addition, Information Assurance and Securi-ty is included as one of the “Pervasive Themes” that are prominent in all of the

knowledge areas.

5. ABET-CAC INFORMATION

SYSTEMS ACCREDITATION

Previous research was analyzed by examin-ing ABET IS accreditation. Areas analyzed

included the value in receiving accreditation, the value in positioning the program in the school of business, and ABET IS’s relation-ship to AACSB accreditation. The review included an analysis of the prior work on ABET IS accreditation by Gorgone, Hilton,

Jones, Lidtke, and MacKinnon. (DeLorenzo et al., 2006).

As noted by Hilton (2003), MIS programs in a business school “ . . . [provide] business graduates with [adequate] education in a major change lever” and “ . . . ensure that a large number of technology professionals are

adequately educated in basic business con-cepts.” ABET accreditation of an MIS de-partment housed within a college of business would only increase the credibility and quali-ty of both the department and the college. However, as noted by Jones (2004), ABET IS accreditation presents curriculum challenges

on the balance of business and IS courses for those programs seeking AACSB accredi-tation. Given the recent national decline in IS majors and the inclusion of typical IS cur-riculum into mainstream business majors (i.e., database, data mining, systems analy-

sis, web design), IS curricular innovation is needed in order to attract students, includ-ing women. One proposed strategy is to in-clude an information systems environment that is an area of interest to the current con-temporary population of young adults.

One area of interest that has attracted na-

tional attention is forensics. What follows is a curriculum offered at a mid-Atlantic uni-versity that combines the core requirements and focus of an ABET-CAC IS accreditable

curriculum with a focus on cyber forensics and (its counterpart) information security.

Cyber Forensics

Cyber Forensics is an emerging discipline offering significant career opportunities. Professionals in this discipline combat identi-ty theft, corporate theft, cyber terrorism, and the exploitation of minors. To meet the current and growing need of these profes-sionals, a hybrid program was created incor-

porating the needs of cyber forensics, and those of information security. The proposed degree is a Bachelor of Science in Cyber Fo-rensics and Information Security. Possible careers include private industry, government (including law enforcement), and the legal

profession.

As new technological innovations continue to proliferate in our society, so do the oppor-tunities for technology exploitation. Once the purview of a few “geeks” and “hackers,” cyber and computer crime has evolved to include a large following of increasingly so-

phisticated and organized criminals. As cy-ber crime continues to expand, the need for highly-skilled professionals in cyber and computer forensics also increases.

6. CYBER CRIME

Corporate/Business Theft

A recent survey of 494 U.S.-based compa-nies found that the average annual loss per company due to cyber crime jumped to $550,424 during 2006. This increase in cor-porate loss more than doubled from the 2005 estimate of $168,000 (Kelly, 2007).

There are several trends within corporate cyber crime that contribute to this increase in losses. First, the very nature of the cyber criminal has changed. Early attacks against corporate networks and databases were more of a nuisance, causing temporary loss

of business and minor financial conse-quences. The cyber thief of the mid to late 2000s, however, has designed extremely organized attacks that yield larger monetary payoffs for the criminal. Also, the attacks are far more insidious than those of the past, making the attacks extremely difficult

to detect and also making the resulting fi-nancial loss more substantial (Sherstobitoff & Bustamante, 2007).



Due to the increasing risk to cyber theft, corporations are under an increasing bevy of regulatory requirements from government and quasi-government agencies. Federal

mandates such as Sarbanes-Oxley have re-quired U.S. corporations to address cyber security and tighten all potential exploits. Specifically, the central role of the Informa-tion Technology (IT) department has shifted “. . . from technology to corporate gover-nance. Government mandates and com-

pliance issues continue to be a hot topic within the IT department” (D'Amico, 2007, p. 29).

Since cyber crime in corporate America di-rectly affects profits, “. . . cyber security is becoming more of a boardroom issue.”

(D'Amico, 2007, p. 29). To help fight the growing liability of cyber crime, business organizations need to employ people who have both business acumen and the neces-sary technology skills for mitigating cyber attacks.

Personal Property/Identity Theft

Advances in technology have dramatically increased the storage capacity and availabili-ty of personal information. Our networked-lives have made socializing, purchasing, banking, and healthcare convenient; howev-er, this interconnectivity has also exposed

private citizens to identity theft and other vulnerabilities. In 2007, the theft or loss of personal information in the United States alone, such as credit card data and Social Security data, climbed to record levels. A 2007 study found that 79 million personal

records were reported as compromised; a statistic that is nearly four times the volume reported for 2006 (Associated Press, 2007).

A recent incident involving TJX Cos. (the parent company of T.J. Maxx and Marshalls department stores) shows the vulnerability of private consumers’ data. During the

“hack” of its network and associated data-bases, TJX acknowledges that up to 46 mil-lion private records (i.e., credit card num-bers) were compromised. Third-party con-sumer groups have estimated this number to be much higher; as much as 94 million (As-sociated Press, 2007).

Consumer advocacy groups, as well as law firms representing both private and class-action suites need skilled individuals who understand the technical intricacies involved

in identity theft cases. In addition, local, state, and federal laws and regulations need to be updated to combat cyber crime and prosecute offenders. Again, highly-skilled

individuals must be hired to aid in this effort.

Cyber Terrorism

Cyber terrorism takes cyber crime to a whole new level. Unlike traditional cyber crime, the motives of cyber terrorism are social, political, or religious. Cyber terrorism

can be financially motivated, however, most attacks are designed to deny service or compromise key infrastructure systems.

Since virtually all infrastructure systems are computer-controlled or linked via networks, any type of system could be at risk. In an

attack, cyber terrorists could sabotage or cripple mundane systems such as electricity, telephone, and automated banking. Howev-er, cyber terrorists could also target more critical systems, such as public water sup-plies, air traffic control systems, and military defense systems (Wagner, 2007).

The U.S. Department of Defense considers the Internet and cyberspace as the “fifth operating domain for war fighting” and adds that cyber terrorism attacks could range from “. . . simple disruption of communica-tions systems to loss of combat capability” (Wagner, 2007, p. 35).

As the United States and allies work to tigh-ten physical security, terrorists may favor cyber attacks that bypass physical security measures. Although, a full-scale “cyber ji-had” has not yet been launched, there have been sporadic attempts by extremists in the

Middle-East and China to infiltrate U.S. sys-tems. As expected, terrorist cells in differ-ent geographic locations use the Internet to communicate and to distribute plans and information.

Monitoring terrorist communications and securing critical private and governmental

systems from cyber attacks requires a grow-ing arsenal of professionals. Local law en-forcement and government, as well as state, and federal levels all require a growing number of individuals who have the technic-al expertise to guard our cyber-borders. As these monitors are given more power, it

may be necessary to also increase the need to monitor the monitors, protecting from abusing this power.



Exploitation of Minors

Finally, among the most heinous of cyber crimes involve the exploitation of children.

Criminals in this realm can be involved in crimes ranging from child pornography to abduction, molestation, and murder of child-ren.

Unfortunately, the connectivity of the Inter-net and the proliferation of social sites such as MySpace and Facebook have spawned a

whole new medium for child predators. Re-cent FBI crime statistics show that six out of ten children who are online have received an e-mail or instant message from a total stranger. Even more alarming, approx-imately one in every 33 children who are

online will be coaxed by a stranger to meet in person (Murphy, 2008).

Online websites, chat rooms, and Internet Service Providers (ISPs) must continue to work with legislators and all levels of law enforcement to fight against child predators and protect children while they are online. A

growing number of highly-trained and skilled individuals are needed in the private and public sectors to prosecute child predators and to make cyberspace safe for everyone.

7. B.S. IN CYBER FORENSICS AND

INFORMATION SECURITY

Program Outcomes

When a student successfully completes all requirements for the B.S. in Cyber Forensics and Information Security, he/she will be able to . . .

1. Demonstrate the proper use of cyber forensic tools and techniques.

2. Describe and be able to follow proper investigatory and legal procedures per-taining to cyber forensics.

3. Properly report the findings of a cyber

forensic investigation in both written form (using proper grammar, writing style, and citation) and in oral form (i.e., within the context of a trial, hearing, or deposition).

4. “ . . . understand, apply, and manage information assurance and security in

computing, communication, and organi-zational systems.” (Ekstrom et al., 2006, p. 355).

ABET-CAC provides curricula guidelines through its Criterion 1 Program Outcomes. As per the ten prescribed outcomes, an IS student successfully completing an ABET-

CAC-accredited curriculum will be able to: a) apply knowledge of computing and mathe-matics appropriate to the discipline; b) ana-lyze a problem, and identify and define the computing requirements appropriate to its solution; c) design, implement and evaluate a computer-based system, process, compo-

nent, or program to meet desired needs; d) function effectively on teams to accomplish a common goal; e) understand professional, ethical, legal, security, and social issues and responsibilities; f) communicate effectively with a range of audiences; g) analyze the

local and global impact of computing on in-dividuals, organizations and society; h) rec-ognize the need for, and an ability to engage in, continuing professional development; i) use current techniques, skills, and tools ne-cessary for computing practices; and j) un-derstand processes that support the delivery

and management of information systems within a specific application environment.

The individual course outcomes from the key courses in the Cyber Forensics and Informa-tion Security degree map to the four afore-mentioned Program Outcomes. Further, the four Program Outcomes map directly to the

ten prescribed ABET-CAC Program Outcomes for IS curricula. The mappings of course outcomes to program outcomes, and the mapping of program outcomes to ABET-CAC program outcomes are depicted in Appendix A: MAPPING OF COURSE OUTCOMES,

PROGRAM OUTCOMES, AND ABET-CAC PROGRAM OUTCOMES. The specific titles of all courses contained in the proposed pro-gram are found in Appendix B: CYBER FORENSICS AND INFORMATION SECURITY PROGRAM.

In summary, this paper has presented a way

to use the existing ABET accreditation stan-dards to present a program in Cyber Foren-sics and Information Security. This new and innovative program will enable graduates to meet the needs of industry while satisfying academic excellence standards.

8. REFERENCES

Associated Press. (2007, December 31). “Data security breaches reach a record in 2007”. The Wall Street Journal , p. B5.



D'Amico, E. (2007). “Cyber crimes continue to plague business and keep security software spending high.” Chemical Week , 169 (21), 29.

DeLorenzo, G., F. Kohun, & D. Wood (2006). “ABET-CAC IS Accreditation: Curricular Standards and Program Rankings.” Issues in Information Systems, VII (1).

Ekstrom, J., S. Gorka, R. Kamali, E. Lawson, B. Lunt, J. Miller, & H. Reichgelt (2006). “The Information Technology Model

Curriculum.” Journal of Information Technology Education, V5,

Frost and Sullivan (2009). Global UDC Industry Analysis March 2009.

30 Sep 2009 | Information & Communica

Gorgone, J.T, G.B. Davis, J.S. Valacich, H.

Topi, D.L. Feinstein, & H.E. Longenecker (2002). “IS 2002: Model Curriculum and Guidelines for Undergraduate Degree Programs in Information Systems.” Association for Information Systems, Atlanta, GA.

Hilton, T. (2003). “MIS Program

Accreditation: Comparing AACSB and ABET.” Proceedings of ISECON 2003 §2211.

Hilton, T.S.E., D.A. Johnson, & G.M. Kasper (2004) “ABET Accreditation of MIS Programs in AACSB Schools.” Proceedings of ISECON 2004, 21, 1-16

Innella, P. (2008). “A Brief History of Net-work Security and the Need for Adherence to the Software Process Model.” Retrieved December 10, 2008 from http://www.tdisecurity.com/resources/assets/NetSec.pdf

Jones, C. (2004). “An Analysis of Programmatic Differences between dual ABET/AACSB and ABET-Only Accredited Information Systems Programs.” Issues in Information Systems. V(2).

Kelly, S. (2007). “Computer crime losses double.” Business Insurance , 41.

Kohun, F.G., & D.F. Wood (2003). “The ABET CAC Accreditation Experience –

Intent and Reality – the Information Systems Perspective.” Information Systems Education Journal, 1(43), 3-11

Kohun, F.G., & D.F. Wood, (2004). “The ABET CAC Accreditation – Is Accreditation Right for Information Systems?” Proceedings of IACIS 2004, V2, 579-583

Leeuw, K. D., & J. Bergstra (2007). The History of Information Security: A Comprehensive Handbook. New York, NY: Elsevier

Lidtke, D.K. & G.J. Yaverbaum, G.J. (2003). “Developing Accreditation for Information

Systems Education.” IT Professional. 41-45.

MacKinnon, R. J., & E.S. Butler (2005). “How Do IS Programs Compare With ABET Accredited Programs?” Proceedings of IACIS 2004, V1, 332-338

Murphy, M. (2008, May 9). “Facebook,

states set predator safeguards.” Tribune Business News .

National Security Agency (1999). National Centers of Academic Excellence. Retrieved July 27, 2009 from http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml.

Sherstobitoff, R., & P. Bustamante, (2007). “You installed Internet security on your network: is your company safe?” Information Systems Security , 188-194.

Wagner, B. (2007). “Electronic jihad: experts downplay imminent threat of

cyberterrorsim.” National Defense, 92 (644), 34-36.



APPENDIX A

MAPPING OF COURSE OUTCOMES, PROGRAM OUTCOMES,

AND ABET-CAC PROGRAM OUTCOMES

Key Course/Course Outcome(s)

Program Outcome(s) ABET-CAC Criterion 1 Program Outcomes

POLS2020 – Criminal Law & Evidence

Outcome(s):

Cite and apply the methods that the U.S. and local gov-ernments use to detect, in-

vestigate, apprehend, prose-cute, convict, and punish criminals

2. Describe and be able to follow proper investiga-tory and legal proce-dures pertaining to cy-ber forensics.

e. An understanding of pro-fessional, ethical, legal, security, and social is-sues and responsibilities.

j. An understanding of

processes that support the delivery and man-agement of information systems within a specific application environment.

CRIM 2000 – Criminology

Outcome(s):

Discuss and give examples of criminal law, major types of crime, and leading crimino-logical theories.

2. Describe and be able to

follow proper investiga-tory and legal proce-dures pertaining to cy-ber forensics.

e. An understanding of pro-

fessional, ethical, legal, security, and social is-sues and responsibilities.

j. An understanding of processes that support the delivery and man-

agement of information systems within a specific application environment.

INFS 3190 – Digital Evidence Analysis

Outcome(s):

Discuss applicable laws re-lated to the search and sei-zure of all types of evidence, including digital and multi-media.

Demonstrate the proper le-gal procedures for investi-gating cybercrime and other incidents involving the wrongful use of technology.

Discuss and demonstrate

proper courtroom, hearing, and deposition testimony.

2. Describe and be able to follow proper investiga-

tory and legal proce-dures pertaining to cy-ber forensics.

3. Properly report the find-ings of a cyber forensic investigation in both

written form (using proper grammar, writing style, and citation) and in oral form (i.e., within the context of a trial, hearing, or deposition).

e. An understanding of pro-fessional, ethical, legal,

security, and social is-sues and responsibilities.

d. An ability to function ef-fectively on teams to ac-complish a common goal.

f. An ability to communi-

cate effectively with a range of audiences.

g. An ability to analyze the local and global impact

of computing on individ-uals, organizations and society.



Key Course/Course Outcome(s)

Program Outcome(s) ABET-CAC Criterion 1 Program Outcomes

INFS 3120 – Computer Forensics

Outcome(s):

Demonstrate the use of vari-ous computer forensic soft-

ware tools as well as follow proper legal procedures for obtaining, analyzing, and reporting digital forensic evi-dence

1. Demonstrate the proper use of cyber forensic tools and techniques.

2. Describe and be able to

follow proper investiga-tory and legal proce-dures pertaining to cy-ber forensics.

3. Properly report the find-ings of a cyber forensic

investigation in both written form (using proper grammar, writing style, and citation) and in oral form (i.e., within the context of a trial, hearing, or deposition).

a. An ability to apply know-ledge of computing and mathematics appropriate to the discipline.


f. An ability to communi-cate effectively with a

range of audiences

i. An ability to use current techniques, skills, and tools necessary for com-puting practices.

INFS 3170 – Cyberlaw

Outcome(s):

Identify and analyze legal issues within technology, such as: on-line contracts,

computer crime, fraud, pri-vacy, defamation, hate speech, indecency, obsceni-ty, cyber- squatting, and intellectual property.

2. Describe and be able to follow proper investiga-tory and legal proce-dures pertaining to cy-ber forensics.


j. An understanding of processes that support the delivery and man-agement of information systems within a specific application environment.

INFS 4180 – Network

Forensics, Intrusion Detection, & Response

Outcome(s):

Demonstrate various tech-niques for preventing unau-thorized attacks to computer

networks and apply meas-ures for minimizing the damage caused by network intruders.

1. Demonstrate the proper

use of cyber forensic tools and techniques.

4. Understand, apply, and manage information as-surance and security in

computing, communica-tion, and organizational systems

b. An ability to analyze a

problem, and identify and define the compu-ting requirements ap-propriate to its solution.

c. An ability to design, im-plement and evaluate a

computer-based system, process, component, or program to meet desired needs.

e. An understanding of pro-fessional, ethical, legal, security, and social is-

sues and responsibilities. h. Recognition of the need

for, and an ability to en-gage in, continuing pro-fessional development.



APPENDIX B

CYBER FORENSICS AND INFORMATION SECURITY PROGRAM:

BS Information Sciences: Cyber Forensics and Information Security Checksheet

UNIVERSITY CORE 39 Credits Required Including

3 cr Fund of Info Systems

3 cr Statistics I

BS IS -- PROGRAM REQUIRED COURSES 36 Credits

3 cr -- one from Finite Math and Applied Calculus

Statistics II

3 cr Quan Analy For Inf Sys Prof

3 cr Glob, Econ, Soc, Eth Iss Comp

3 cr Visual Basic Programming

3 cr Adv Web Page Design/Ecomm

3 cr Operating Systems Concepts

3 cr Intro Web Dev & E-Comm Techn

3 cr Systems Analysis and Design

3 cr Advanced Sys Analysis/Design

3 cr Network Technology & Mgt (N+)

3 cr Database Management Systems

3 cr Project Management

TRACK CONCENTRATION 12 Credits Required

3 cr Info Tech Security, Control, and Assurance

3 cr IT Governance, Control, and Assurance

3 cr Network Security

3 cr Network Forensics, Intrusion Detection, and Response

IS ENVIRONMENT – 15 Credits Required

3 cr Criminal Law and Evidence

3 cr Criminology

3 cr Computer Forensics

3 cr Cyberlaw

3 cr Digital Evidence Analysis

OPEN ELECTIVES 24 Credits Required


Documents

Cyber Forensics and Security as an ABET-CAC Accreditable ...program. An innovative bachelor’s degree program incorporating cyber forensics and information security is presented which