Towards a framework for the integration of information security into undergraduate computing curricula

With the rapid rise of the world’s reliance on technology, organisations are facing an increased demand for a security savvy workforce. It is, therefore, important that computing graduates possess the necessary information security skills, knowledge and understanding that can enable them to perform their organisational roles and responsibilities in a secure manner. The information security skills, knowledge and understanding can be acquired through a computing qualification that is offered at a higher education institution. The ACM/IEEE, as a key role player that provides educational guidelines for the development of computing curricula, recommends that information security should be pervasively integrated into the curriculum. However, its guidelines and recommendations do not provide sufficient guidance on “how” this can be done. This study therefore, proposes a framework to address the pervasive integration of information security into computing curricula. Various research methods were used in this study. Firstly, a literature review was undertaken to inform the various phases and elements of the proposed framework. The literature reviewed included relevant information security education standards and best practices, including key computing curricular guidelines. Secondly, a survey in the form of semi-structured interviews supported by a questionnaire were used to elicit computing educators’ perspectives on information security education in a South African context, including the perceived challenges and ideas on how to integrate information security into the curricula. Finally, elite interviews were conducted to validate the proposed framework. It is envisaged that the proposed framework can assist computing departments and undergraduate computing educators in the integration of information security into the curricula thereby helping to ensure that computing graduates exit higher education institutions possessing the necessary information security skills, knowledge and understanding to enable them to perform their roles and responsibilities securely