Cybersecurity Degree Guidelines

The Association for Computing Machinery (ACM) have released a draft "Cybersecurity Curricula 2017: Curriculum Guidelines for Undergraduate Degree Programs in Cybersecurity" for comment by 14 February 2017. The security areas focused on are: Data, Software, System, Human, Organizational and Societal. Discipline areas ares: Computer Science (CS); Computer Engineering (CE); Software Engineering (SE); Information Technology (IT); Information Systems (IS); and Mixed Disciplinary majors (MD). This draft has not got to the point of setting hours for knowledge areas, but is a good start.

I have submitted this comment:

"The Cybersecurity Curricula is well thought out. The only surprise for me was section 5.1 "The Academic Myth" (p. 33). This polemic against the value of baccalaureate degrees and assessment standards is not appropriate. If the authors believe that a first degree does not provide the skills required for Cybersecurity, then they should be preparing a curriculum which includes a mandatory graduate component. If the authors truly believe that "... having a degree is not sufficient to secure employment.", then they should set down the curriculum for the additional non-degree training and education required.

Setting out to specify a baccalaureate curricula which does not meet the required need seems a pointless activity. In my view a baccalaureate degree is a vocationally useful qualification. However, no single qualification will provide everything everyone needs. The authors of the Cybersecurity Curricula should not set themselves an impossible task. Such a curricula will be useful when designing educational programs, at the sub-degree, degree and also graduate levels. I suggest deleting section  5.1."