Document Type





computer security, computer science programs, engineering programs, computer science curriculum, engineering curriculum, educational outcomes




Computer Engineering | Computer Sciences | Curriculum and Instruction


The number of skilled practitioners of computer security who are able to address the complexities of modern technology and are familiar with successful approaches to system security is very small. People want security but are faced with two difficulties. First, they do not know how to achieve it in the context of their enterprises. They may not even know of a way to translate organizational procedures into policies, much less implement a set of mechanisms to enforce those policies. Second, they have no way of knowing whether their chosen mechanisms are effective. The recent US Presidential Commission on Critical Infrastructure Protection recommends developing education on methods of “reducing vulnerabilities and responding to attacks on critical infrastructures.” The commission recognizes the need to make the “required skill set much broader and deeper in educational level [for] computer scientists, network engineers, electronics engineers, [and] business process engineers.”1 Broadly speaking, the engineering discipline is fundamentally designed to assure results using techniques based on scientific principles. In terms of information assurance and security, the goal of engineering is to build secure systems from the outset rather than to discover that what we have built is inadequate. By moving to an educational system that cultivates an appropriate knowledge of security, we can increase the likelihood that our next generation of IT workers will have the background needed to design and develop systems that are engineered to be reliable and secure.