Risk
10/24/2012
03:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RIT Creates New Computing Security Department

RIT’s faculty seeks to define computing security as a new discipline rather than a specialization within another field

A cyber threat is one of the most serious economic and national security challenges we face as a nation, and according to President Barack Obama, "America's economic prosperity in the 21st century will depend on cyber security." Recognizing the importance of these issues, employers are seeking qualified graduates to help secure their computing systems and associated data.

To address this need, Rochester Institute of Technology has created a Department of Computing Security that will house RIT's information security and forensics undergraduate and graduate programs and associated faculty. The unit provides a focal point for cyber security research at RIT, bringing faculty, staff and students from across RIT together to address security-related issues.

"By establishing this department, we are freeing computing security from any constraints that may exist due to preconceived notions that come along with more established disciplines," says Andrew Sears, dean of RIT's B. Thomas Golisano College of Computing and Information Sciences. "We are also designing this unit and the corresponding degrees to leverage expertise from across the university."

RIT's faculty seeks to define computing security as a new discipline rather than a specialization within another field. As part of this process, the faculty has redesigned RIT's security-oriented degrees to address the evolving needs of employers.

"The new department integrates faculty from the computer science, software engineering and information sciences and technologies departments through secondary appointments," says Sylvia Perez-Hardy, chair of the Department of Computing Security. "The interdisciplinary members of the faculty enrich the curriculum by addressing security-related issues that exist within their disciplines in order to offer the strongest, most diverse security degree in the country."

Rajendra Raj, professor of computer science, and Andy Meneely, assistant professor of software engineering, both agree with the need to address security from alternative angles.

"A computer science perspective in secure data management is needed to anticipate and prevent data breaches from occurring in the first place," says Raj, who teaches traditional and cloud data security as a secondary faculty member.

"A lot of security students will end up working closely with software development teams," says Meneely, who will teach secure software development to security students. "Understanding how the software development lifecycle works and how to correctly fix a vulnerability so that it doesn't break the system's design or introduce other bugs is a tough skill that requires software engineering knowledge in addition to security knowledge."

Numerous advanced courses have been added to the program, addressing a variety of topics including secure software development, database and Web security, security auditing, risk assessment and business continuity, forensics from the enterprise level to mobile devices, securing computing devices, and securing an organization's infrastructure. The department plans to continue diversifying its secondary faculty by collaborating with disciplines such as computer engineering, criminal justice and public policy.

"The department has already received a gift from McAfee, helping to establish the McAfee Interlock Lab for information security teaching, learning and research," Sears says. "RIT is emerging as a leader in computing security education."

The Golisano College has led the fields of computing and information sciences by introducing the first bachelor's degrees in the United States in software engineering, information technology and networking and systems administration, as well as one of the first undergraduate and graduate programs in game design and development. This department provides the college with yet another opportunity to lead by defining emerging disciplines within the broader field of computing and information sciences.

###

Rochester Institute of Technology is internationally recognized for academic leadership in business, computing, engineering, imaging science, liberal arts, sustainability, and fine and applied arts. In addition, the university offers unparalleled support services for deaf and hard-of-hearing students. RIT enrolls nearly 18,000 full- and part-time students in more than 200 career-oriented and professional programs, and its cooperative education program is one of the oldest and largest in the nation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.