Risk
10/24/2012
03:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

RIT Creates New Computing Security Department

RIT’s faculty seeks to define computing security as a new discipline rather than a specialization within another field

A cyber threat is one of the most serious economic and national security challenges we face as a nation, and according to President Barack Obama, "America's economic prosperity in the 21st century will depend on cyber security." Recognizing the importance of these issues, employers are seeking qualified graduates to help secure their computing systems and associated data.

To address this need, Rochester Institute of Technology has created a Department of Computing Security that will house RIT's information security and forensics undergraduate and graduate programs and associated faculty. The unit provides a focal point for cyber security research at RIT, bringing faculty, staff and students from across RIT together to address security-related issues.

"By establishing this department, we are freeing computing security from any constraints that may exist due to preconceived notions that come along with more established disciplines," says Andrew Sears, dean of RIT's B. Thomas Golisano College of Computing and Information Sciences. "We are also designing this unit and the corresponding degrees to leverage expertise from across the university."

RIT's faculty seeks to define computing security as a new discipline rather than a specialization within another field. As part of this process, the faculty has redesigned RIT's security-oriented degrees to address the evolving needs of employers.

"The new department integrates faculty from the computer science, software engineering and information sciences and technologies departments through secondary appointments," says Sylvia Perez-Hardy, chair of the Department of Computing Security. "The interdisciplinary members of the faculty enrich the curriculum by addressing security-related issues that exist within their disciplines in order to offer the strongest, most diverse security degree in the country."

Rajendra Raj, professor of computer science, and Andy Meneely, assistant professor of software engineering, both agree with the need to address security from alternative angles.

"A computer science perspective in secure data management is needed to anticipate and prevent data breaches from occurring in the first place," says Raj, who teaches traditional and cloud data security as a secondary faculty member.

"A lot of security students will end up working closely with software development teams," says Meneely, who will teach secure software development to security students. "Understanding how the software development lifecycle works and how to correctly fix a vulnerability so that it doesn't break the system's design or introduce other bugs is a tough skill that requires software engineering knowledge in addition to security knowledge."

Numerous advanced courses have been added to the program, addressing a variety of topics including secure software development, database and Web security, security auditing, risk assessment and business continuity, forensics from the enterprise level to mobile devices, securing computing devices, and securing an organization's infrastructure. The department plans to continue diversifying its secondary faculty by collaborating with disciplines such as computer engineering, criminal justice and public policy.

"The department has already received a gift from McAfee, helping to establish the McAfee Interlock Lab for information security teaching, learning and research," Sears says. "RIT is emerging as a leader in computing security education."

The Golisano College has led the fields of computing and information sciences by introducing the first bachelor's degrees in the United States in software engineering, information technology and networking and systems administration, as well as one of the first undergraduate and graduate programs in game design and development. This department provides the college with yet another opportunity to lead by defining emerging disciplines within the broader field of computing and information sciences.

###

Rochester Institute of Technology is internationally recognized for academic leadership in business, computing, engineering, imaging science, liberal arts, sustainability, and fine and applied arts. In addition, the university offers unparalleled support services for deaf and hard-of-hearing students. RIT enrolls nearly 18,000 full- and part-time students in more than 200 career-oriented and professional programs, and its cooperative education program is one of the oldest and largest in the nation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web