National Centers of Academic Excellence in Information Assurance Education (CAEIAE) Program: OAsIS OAsIS Overview • National requirement for IA education and training • Systematic assessment • Formal certification • Duties and responsibilities of certified institutions: – – – – – Information assurance professional Designated approving authority System administration in information systems security Information systems security officer System certifier OAsIS History • Established: National Security Telecommunications and Information Systems Security Committee • May 1998: Presidential Decision Directive 63 on Critical Infrastructure Protections • Jan 2000, initiated the IACE Program to establish standards OAsIS Certified Institutions http://www.nsa.gov/ia/academia/iacmap.cfm?M enuID=10.2.1.4 OAsIS Criteria: Points System 1. 2. 3. 4. 5. Partnerships in IA Education (Max.15 pts) IA Treated as a Multidisciplinary Science (Max. 30 pts) University Encourages the Practice of IA (Max. 25 pts) Academic Program Encourages Research in IA (Max 35 pts) IA Curriculum Reaches Beyond Geographic Borders (Max 50 pts) 6. Faculty Active in IA Practice & Research & Contribute to IA Literature (Max 30 pts) 7. State–of-the-Art IA Resources (Max 30 pts) 8. Declared Concentrations (Max 30 pts) 9. Declared Center for IA Education or Research (Max 35 pts) 10. Full-time IA Faculty (Max 30 pts) OAsIS Criteria 1: Partnerships in IA Education • Provide evidence (memorandum of agreement) of partnerships in IA education with minor colleges and university • Shared curriculum • Shared faculty • Reciprocity of credits OAsIS Criteria 2: IA Treated as a Multidisciplinary Science • The academic program demonstrates that IA is a multidisciplinary science with the body of IA knowledge incorporated into various disciplines. • Evidence IA is taught as modules • IA concentration programs require nontechnical courses of study, i.e., ethics, policy, legal, human performance, math, business. OAsIS Criteria 3: University encourages the Practice of IA • The academic program demonstrates how the university encourages the practice of IA • Copy of university or departmental IA security plan. http://www.bsu.edu/web/security/ • Evidence of IA Awareness Program for faculty and students. http://www.bsu.edu/web/ucs/training/ • University appointed Information Systems Security Officer: Loren Malm OAsIS Criteria 4: Academic Program Encourages Reaches in IA • The academic program encourages research in IA. • Program with IA concentrations have thesis, dissertation, or project requirements. • Individual IA courses require research paper(s) or project(s). • Non-IA courses encourage papers in IA topics or projects. OAsIS Criteria 5: IA Curriculum Reaches Beyond Geographic Borders • The IA curriculum reaches beyond the normal geographic borders of the university Extended Education IA courses/workshops? • Use of distance education technology and techniques to deliver IA courses. • Sponsorship of regional or national IA curriculum workshops, colloquia, etc. Green is heading one up in March • Professional studies program leading to certificate in IA. OAsIS Criteria 6: Faculty Active in IA Practice & Research & Contribute to IA Literature • Faculty is active in current IA practice and research, and contributes to IA literature. • Papers on IA topics within refereed journals or peer reviewed conference proceedings. Here you go Sushil…show off! • Faculty awarded grants for IA education and/or research development. Provide synopsis of IA related grants and dates. • Faculty and/or student presentations on IA topics at regional or national conferences. • Provide biographies to substantiate depth and length of faculty expertise. Got to get everyone to participate…I haven’t had any luck. OAsIS Criteria 7: State-of-the-Art IA Resources • The university library and reference systems/materials and/or the IA Center maintain state-of-the-art IA resources. • Evidence of access to current INFOSEC educational text books, monographs, reports, and journals, including those in supporting areas such as Audit and Control. http://www.bsu.edu/library/ • Evidence of archive or access to historical IA documents. http://www.bsu.edu/library/ OAsIS Criteria 8: Declared Concentrations • Concentration on IA at the BS level. • Enrolled (current academic year) New program • Graduated (past 2 academic years) New program • Concentration on IA at the MS level. • Enrolled (current academic year) • Graduated (past 2 academic years)303. Concentration on IA at the Ph.D. level. • Enrolled (current academic year) • Graduated (past 2 academic years) OAsIS Criteria 9: Declared Center for IA Education or Research • A declared center for IA education or a center for IA research from which IA curriculum is emerging. – The center may be school or universitybased. • School Level • University Level Working on this OAsIS Criteria 10: Full-time IA Faculty • University IA faculty consists of more than one individual devoted full time to IA.. • Identify by name the full-time faculty member working full time in IA with overall responsibility for the IA Program. Sushil Sharma • Additional full-time faculty member working full time in IA • Shared faculty (e.g. intra or inter departmental, or other 4-year graduate university) Kitchens, Harris, Whitesel, Chen • Each adjunct/part-time faculty OAsIS The OAsIS Center Ball State University 2/25/05 OAsIS OAsIS Mission Statement To develop and promote organizational assurance and information security through leadership in research, education, training and application. OAsIS Need for the Center • Adapt teaching methods and techniques • Updating curriculum to meet today’s and future needs • Endorsed by the Dept. of Defense • Information assurance is imperative to today’s environment OAsIS OAsIS • • • • • • Provide students hands-on learning experience Provide outside organizations experts in the field of organizational assurance Incorporate integrity and ethics in the curriculum Incorporate the security assurance through multidisciplinary teachings Challenge students to seek excellence Challenge professors to look to the future for solutions OAsIS Funding • To date: – Internal grant of $XXX – Internal support • • • • Hardware Graduate assistant Desks and chairs Space – External support • Computer donations OAsIS Funding Requests • • • • • • • Standardized office equipment More space for lab(s) More graduate and student assistants Marketing Travel Studio for video conferencing Research grants OAsIS Conclusions • Established need • OAsIS abilities • Funding now and for the future OAsIS Conclusion • ISOM has the great beginnings to create a Academic Excellence in Information Assurance Education (CAEIAE) Program • Established need • OAsIS abilities • Funding now and for the future • University support – Computers – Desks • Community support – Computers OAsIS