KENNESAW STATE UNIVERSITY GRADUATE PROGRAM/CONCENTRATION PROPOSAL FORM 02/25/04 PROGRAM OR CONCENTRATION NAME:_Graduate Certificate in Information Security & Assurance____ DEPARTMENT:__CSIS_______________________________________________________________ PROPOSED EFFECTIVE DATE: _Spring 2010__________________________________________ Check One or More of the Following and Complete the Appropriate Sections _____New Program Proposal** _X___Change in Program/Concentration/Degree Requirements _____New Concentration Proposal Sections to be Completed All III – VII, XII I – VII, XII **A new course proposal is required for each new course that is part of the new program Submitted by: _Michael E. Whitman, Ph.D. Faculty Member 4/15/09_____________________ Date ___ Approved ___ Not Approved ______________________________________________________ Department Curriculum Committee Date ___ Approved ___ Not Approved ______________________________________________________ Department Chair Date ___ Approved ___ Not Approved ______________________________________________________ College Curriculum Committee Date ___ Approved ___ Not Approved ______________________________________________________ College Dean Date ___ Approved ___ Not Approved ______________________________________________________ GPCC Chair Date ___ Approved ___ Not Approved ______________________________________________________ Dean, Graduate Collelge Date ___ Approved ___ Not Approved ______________________________________________________ Vice President for Academic Affairs Date ___ Approved ___ Not Approved ______________________________________________________ President Date UNIVERSITY SYSTEM OF GEORGIA NEW GRADUATE PROGRAM PROPOSAL Graduate Certificate in Information Security and Assurance Kennesaw State University 4/15/09 CSIS Department College of Science and Mathematics Proposed Start Date: Spring 2010 CIP:_11.1003_____ Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 2 of 8 I. Program Description Unique Aspects of Program Institutional Importance of the Program KSU's Strategic Plan System and State of Georgia Goals Staffing, Facilities and Enrollment II Objectives of the Program III Justification and Need for the Program The MSIS Program was recently overhauled, radically changing the structure, adding new courses and eliminating some existing courses. As such this Certificate – which uses MSIS courses, is not longer possible as several of the courses have been eliminated, changed or otherwise made unavailable. IV Procedures Used to Develop the Program The program was revised in consultation with industry information security experts. The faculty that teach in this program are also certified information security professionals & managers. Once the current courses were determined to be no longer available, replacement courses were selected based on their similarities to the previous courses. V Curriculum: Degree Program Requirements (Revised content) The graduate certificate program in information security and assurance designed for both technology and non-technology graduate students. It encompasses the following MSIS courses: Required for certificate: (12 hours) IS 8200 Legal & Ethical Issues in IS IS 8930 Information Security Administration IS 8300 Disaster Recovery/Business Continuity Planning And one course from: IS 8900 Special Topics in Information Systems IS 8910 Special Projects in Information Systems IS 8918 Internship Other course as approved by Certificate Coordinator Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 3 of 8 Frequency of Offering Twice Annually Annually Annually Occasionally As needed As needed TBD Program Admission Requirements: • Baccalaureate degree from an institution accredited in a manner acceptable by Kennesaw State University. Admission will only be granted to students showing high promise of success in the program. • Minimum cumulative undergraduate adjusted grade-point average of 2.75 on a 4.0 scale. • Successful completion of required undergraduate course work (or fulfillment of preparatory knowledge clusters through professional work experience). Prerequisite knowledge areas includes: o Basic knowledge of computer information systems, including proficiency in the use of common PC-based software environments o Quantitative skills including algebra, calculus, and statistics o Knowledge of the principles and common applications of data communications • Minimum score of 500 on the Graduate Management Admission Test (GMAT) with a minimum score of 30 in the verbal category, 30 in the quantitative category and 3.0 in the analytical writing category. OR • Minimum total score of 1425 on the General Test of the Graduate Record Examination (GRE) with a minimum score of 400 in the verbal and 400 quantitative categories and 3.0 in the analytical writing category. • Other criteria will be considered by the MSIS Admissions Committee for applicants, including: -performance on previous computer science, information systems, and management coursework; -GPA attained in other junior/senior level course work; certificates of attainment in computing-related training/self-study programs; -accomplishment in professional activities; -relevant work experience. • A current résumé. • Additional requirements for International Students as specified by the University. Course Offering Schedule and Plan-of-Study The following table is extracted from the MSIS Offering Schedule Course IS 8300 IS 8930 Total # of Courses Fall X Spring 1 0 Summer X X 2 Growth and Flexibility The Certificate is still in its infancy, and has a number of students indicating interest in the certificate. Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 4 of 8 Course Descriptions (from the MSIS) IS 8200 Legal & Ethical Issues in IS Prerequisite: Full admission to the MSIS program or permission of the graduate program director. This course is a survey of contemporary legal and ethical issues faced by IS professionals. Topics include a review of applicable statutes and regulations that impact the IS organization. Students will conduct on-line research and explore ethical issues at the leading edge of the organization's technology frontiers. IS 8300 Disaster Recovery/Business Continuity Planning Prerequisite: Full admission to the MSIS program or permission of the graduate program director. A detailed study of strategic and tactical planning for non-standard operations resulting from events beyond the organization’s control. Disaster Recovery and Business Continuity Planning prepares the student to develop and execute plans to enable the organization to recover operations and continue critical business functions in the event of a disaster. This course includes an overview of incident response planning as a possible precursor to Disaster Recovery and Business Continuity and also examines Crisis Management planning. IS 8900 Special Topics in Information Systems Prerequisite: Must be approved by graduate program director. Exploration of selected contemporary topics of interest to the student and sponsoring faculty. Can be repeated for credit. IS 8910 Special Projects in Information Systems Prerequisite: Must be approved by graduate program director. Special projects and/or thesis option for students who wish to pursue advanced work on a particular subject in a specialized area. Can be repeated for credit. IS 8918 Internship Prerequisite: Must be approved by graduate program director IS 8930 Information Security Administration Prerequisite: Full admission to the MSIS program or permission of the graduate program director. Examination of current standards of due care and best business practices in Information Security. Includes examination of security technologies, methodologies and practices. Focus is on evaluation and selection of optimal security posture. Topics include evaluation of security models, risk assessment, threat analysis, organizational technology evaluation, security implementation, disaster recovery planning and security policy formulation and implementation. Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 5 of 8 VI INVENTORY OF FACULTY DIRECTLY INVOLVED As the table below shows, we have multiple qualified faculty members to teach each course. These faculty members all currently hold graduate faculty status or are qualified to petition for graduate faculty status. Moreover, the courses offer significant opportunity to integrate the scholarship of teaching with classroom activities. Therefore, faculty members may teach effectively, and then publish based on classroom experience and interaction with graduate students. All instructors have research expertise in the area in which they will teach or in a closely related area. Thus, the instructors have currency of knowledge in the course they teach, and they should continue to develop their knowledge through research activities. Course IS 8200 IS 8300 IS 8930 Instructors Whitman, Woszczynski Mattord, Whitman Mattord, Whitman VII Outstanding programs of this nature at other institutions Survey and comparative analysis. Currently only Georgia Tech has a comparable program with their Masters of Information Security: “This degree is offered by the College of Computing. This interdisciplinary program is a cooperative effort of College of Computing and the Sam Nunn School of International Affairs. The Information Security Master of Science program provides students with background and insights into general and technical coverage of key elements of Information Security. The general knowledge touching on the issues surrounding the impact of information security holds on our lives, private citizen's concern for privacy, information security risks to business and government, and the impact of laws and public policy. Technically, examining the general dimension of providing security for information processing systems--secure operating systems and applications, network security, cryptography, security protocols, etc.” (from http://www.gtisc.gatech.edu/degree.html). Unique Features of KSU’s program: The KSU Certificate in Information Security and Assurance is geared toward managerial security concerns, as advanced information security areas are typically managerial challenges – in planning, personnel, security programs, and programs. The KSU program capitalizes on the strengths of its established MSIS program, which has recently been dramatically updated to reflect the needs of its constituencies. Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 6 of 8 VIII Inventory of pertinent library resources IX Facilities X Administration XI Assessment XII Accreditation Business Content Audit: Referencing the Business Content Worksheet, does this program or concentration, incorporating the information proposed herein, have “traditional business subject” content delivered by faculty or programs administered by the Coles College of Business? * _____ Yes If “yes,” complete a Business Content Worksheet and obtain necessary approvals as indicated. ___X_ No _____ Exempt Graduate programs administered by the Coles College are exempt. __________ * All graduate programs exceeding 50% business content are automatically required to meet AACSB International business accreditation standards. The purpose of the audit is to prevent the unintended, undesirable compulsory inclusion of programs subject to AACSB standards. XIII Affirmative Action Impact XIV Degree Inscription XV Fiscal and Enrollment Impact, and Estimated Budget 1. ENROLLMENT PROJECTIONS 2. COSTS A. Personnel -- reassigned or existing positions B. Personnel -- new positions Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 7 of 8 C. One-Time Startup costs D. Operating Costs 3. REVENUE SOURCES Graduate Certificate in Information Security and Assurance Program Update 4/15/09 Page 8 of 8