Integrating Information Security with Information System Architecture and Administration Curricula

While the cost and flexibility benefits resulting from distributed and cloud computing environments are clearly evident, this approach also has farreaching implications for the threat surface presented as well as general information security risks, particularly to availability. The design of cloud-based storage services also implies that data once stored with such services may very hard to recall. The ease with which these services can be used implies that system administrators may not only be called upon much more frequently to make decisions that would previously have been the prerogative of system architects, but that such decisions may be based more on momentary expediency than sound architecture unless the implications are understood clearly. As the impact is both technical and legal in nature and can easily have a temporal extent well exceeding the life-time of a given configuration, we argue that the professional education of system and network administrators must take these security aspects into consideration even at the undergraduate level. We therefore outline a curriculum integrating information security and security management topics into a 3-year (180 credit points in the European Credit Transfer System) Bachelor of Science degree in Computer Science with specializations in either Network and System Administration Operations or Information Security intended to enable students to create, operate, and maintain information systems not only fulfilling functional, efficiency, and robustness requirements, but also minimizing information security and liability risks.