Program of Study

The Informatics Research Institute coordinates the federally designated Center of Academic Excellence in Computer Security Education. The Center of Academic Excellence includes formal concentrations in Information Assurance at the undergraduate and graduate level in cooperation with NIATEC and CITI-MSSSL.

In addition, the Informatics Research Institute offers formal concentrations in Information Assurance for Baccalaureate, Masters, and Doctoral Programs. These concentrations may be above the regular degree requirements documented by the DHS/CNSS approved Certificates offered through Idaho State University. http://www.isu.edu/cob/informaticscomputerscience.shtml.

Certificates for Concentrations:

  • CNSS 4011-- National Training Standard for Information Systems Security (INFOSEC) Professionals
  • CNSS 4012 -- National Information Assurance Training Standard for Senior Systems Managers
  • CNSS 4013 -- National Information Assurance Training Standard For System Administrators
  • CNSS 4014 -- Information Assurance Training Standard for Information Systems Security Officers
  • CNSS 4015 -- National Training Standard for Systems Certifiers

Program of Studies

Students with appropriate pre-requisites may take courses within the information assurance program as part of a formal information assurance concentration in their degree program. With approval of their advisor and the faculty they may pursue certificates in specialty areas. In addition to courses that support specialized certifications the program offers courses in Computer Forensics and Risk analysis. All courses require preparation of research papers in information assurance topic related to their major field.

Undergraduate:

CNSS 4011 -- Students in the Computer Information System major may take INFO 4411, a minimum of 6 hours of 4419 (Informatics Practicum) or 4493 (Internship) and two additional courses in Information Assurance. Students in the INFO minor may take the same series of courses. Students in other majors may have to take additional courses.

All students seeking additional certifications must complete the requirements for CNSS 4011 and the following

  • CNSS 4012 – Students certifying for 4012 must complete INFO 4411, INFO 4412, INFO 4413, INFO 4414, INFO 4415
  • CNSS 4013 – Students certifying for 4013 must complete INFO 4411, INFO 4413, and INFO 4485
  • CNSS 4014 – Students Certifying for 4014 must complete INFO 4411, INFO 4414 and INFO 4413
  • CNSS 4015 – Students Certifying for 4015 must complete INFO 4411, INFO 4415 and INFO 4414

Graduate:

CNSS 4011 – Students in the INFO emphasis in the MBA program may take INFO 5511, a minimum of 6 hours of 5519 (Informatics Practicum) or 5593 (Internship) and two additional courses in Information Assurance. Graduate courses increase focus on theory, history, software assurance, assured systems design, and networks. Students in other majors may have to take additional remedial courses or demonstrate appropriate experience.

All students seeking additional certifications must complete the requirements for CNSS 4011 and the following

  • CNSS 4012 – Students certifying for 4012 must complete INFO 511, INFO 5512, INFO 5513, INFO 5514, INFO 5515
  • CNSS 4013 – Students certifying for 4013 must complete INFO 5511, INFO 5513, and INFO 5585
  • CNSS 4014 – Students Certifying for 4014 must complete INFO 5511, INFO 5513, and INFO 5514
  • CNSS 4015 – Students Certifying for 4015 must complete INFO 5511, INFO 5514 and INFO 5515

Doctoral students wishing to build a concentration in Information Assurance should contact the director to discuss research and coursework opportunities customized to meet their academic program.

Program for Scholarship for Service Students

  • Students admitted to the National Science Foundation Scholarship for Service (SFS) program at Idaho State University are required to complete coursework for all CNSS standards above. They will complete their degree program in either the undergraduate degree in computer information systems with concentration in Information assurance or the MBA with a concentration in INFO/Information Assurance.
  • In addition to regular coursework, after admission to the program students will be required to take a minimum of four semesters of internship in the NIATEC laboratory on campus. These internships are under close supervision and may be in INFO 4493 (Internship) or INFO 4419 (Informatics Practicum). These internships may also require attendance at lectures outside normal class requirements.
  • In addition, SFS students must sign up for internship when they serve there required internship in the federal government. Satisfactory performance all courses and internships is required.

Certificates In Information Assurance

Idaho State University offers professional certificates in the following areas

CNSS 4011

Certificate National Training Standard for Information Systems Security (INFOSEC) Professionals

To receive the CNSS 4011 certificate students must complete INFO 4411 and all pre-requisites with a B or better. In addition they must complete at least two of the other certificate courses (4412, 4413, 4414, 4415), 6 hours of Practicum (INFO 4419) and at least one additional 4000 level course in Informatics.

CNSS 4012

Certificate National Information Assurance Training Standard for Senior Systems Managers

CNSS 4013

Certificate National Information Assurance Training Standard For System Administrators

CNSS 4014

Certificate Information Assurance Training Standard for Information Systems Security Officers

CNSS 4015

Certificate National Training Standard for Systems Certifiers

DoD 8570.1

Certification in the Department of Defense 8570.1 Standard

We Encourage IA Papers in Non IA Courses

The following courses have had Information Assurance topics or projects within the past 18 months. Syllabus material available in concomitant material section.

  • INFO 1101 Digital Informatics Literacy. Student assignments on privacy and an assignment on cyber terror.
  • INFO 2285 Computer Architecture. Students are expected to write about technical issues associated with poor systems, hardware and software design.
  • INFO 3001 Introduction to Informatics and Analytics. Various student papers on information security.
  • MBA 6625 has projects dealing with Information Assurance in terms of control systems.
  • INFO 3380 Networking and Virtualization. Required security paper on networks and privacy.
  • INFO 4430 Web Application Development. Two papers on Information Assurance related issues.
  • INFO 4482 Informatics Senior Project. All projects require security life-cycle analysis.

Certifications

Certifications are one way that the individual demonstrates qualifications in a specific knowledge area. All students in our program are offered an opportunity to obtain inferred professional certification. In addition, our students are offered an opportunity to develop credentials for conferred professional certifications.

Professionalization – inferred or conferred.

A simple approach to information security would be to declare that all that is needed for protection of critical information systems is personnel trained in the use of best practice protection technologies and policies. However, 1995 editorial on professionalization by David Bernstein published in Secure Computing pointed out three organizations (ISC2, ICCP, and ISACA) that provide certification. [SC, 1990] The problem is that these attempts were not derived from a uniform set of training standards; therefore, there is no inter-comparability – no standard. If, in fact any economy could point to a uniform set of training standards for information assurance professionals, and could identify personnel trained to those standards; there would be de-facto professionals.

Inferred Professionalization

This approach to professionalization is “inferred” professionalization. Inferred professionalization is precisely what we often confuse with “certification” (i.e., pass the course and get the patch). Industry and government do indeed need certified information assurance specialists to operate and maintain our critical information systems. Professional certification is not the needed end state in this arena.

Conferred Professionals

Conferred professionalization assures an individual is not just competent but actually fully equipped to practice in a discipline, the individual is judged “ready” by recognized practitioners in that field. This process of professionalization is typically structured in one of two fashions; stand-alone and integrated professionalization. There are merits to both approaches.

The stand-alone approach to professionalization is most often employed in producing generalists. An integrated professionalization program allows for professionalization within an established field, with a concentration in a related or sub discipline. Professionals of this type must have sufficient experience to ensure that they can apply the education and training associated with a defined set of KSAs. Knowledge of the KSAs may be determined through examination and testing. Furthermore, they must demonstrate intellectual rigor and discipline by maintaining currency in the discipline. Above all, they must accept and adhere to an ethical code and precedents

The integrated approach to professionalization is most often seen in programs producing personnel deeply rooted in the knowledge and practices of a specific aspect of a discipline (i.e. specialists). In the information assurance arena, the most common program to date using the integrated approach can be found in computer science and information systems professionalization programs with a concentration in information security (or information assurance).

Idaho State University's Information Assurance program has been recognized by (ISC)2 and is authorized to sponsor students for Associate status.

SSCP

SSCP Certification recognizes an international standard for practitioners of information security [IS] and understanding of a Common Body of Knowledge (CBK). It focuses on practices, roles and responsibilities as defined by experts from major IS industries. Certification can enhance an IS career and provide added credibility. The SSCP Certification examination consists of 125 multiple-choice questions. Candidates have up to 3 hours to complete the examination. Seven SSCP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

  • Access Controls
  • Administration
  • Audit and Monitoring
  • Risk, Response and Recovery
  • Cryptography
  • Data Communications
  • Malicious Code/Malware

CISSP

CISSP Certification recognizes mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK). Certification can enhance a professional’s career and provide added IS credibility. The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

  • Access Control Systems & Methodology
  • Applications & Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation & Ethics
  • Operations Security
  • Physical Security
  • Security Architecture & Models
  • Security Management Practices
  • Telecommunications
  • Network & Internet Security
NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service