Incorporating Information Assurance in Systems Analysis and Design Curricula

The importance of teaching information assurance (IA) is now widely recognized. Universities teach the technology and tactics for detecting and preventing attacks on our systems. Hardware and software engineers are moving deliberately to increase capabilities in secure systems. Ultimately, however, these groups implement design specifications that began as an analysis of a business need or opportunity. Separate surveys of IS faculty and students reveal a recognition by both groups that IA design is critical and will be important to future employers. This paper discusses the dichotomy between existing systems analysis and design (SA&D) principles as depicted in many popular textbooks with the emerging need for secure information systems design. A review of 16 SA&D textbooks illustrates that although they provide a good foundation for the design process, they rarely include more than a page or two on IA considerations. Incorporating IA in systems analysis and design is no longer an option for our students. IS faculty must provide the formal curriculum for proper application of IA technologies in final systems implementation. We propose embedding IA in all sections of SA&D curricula, and provide a description of our approach to testing a methodology we are developing for secure SA&D courses.