Risk
10/24/2012
03:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RIT Creates New Computing Security Department

RIT’s faculty seeks to define computing security as a new discipline rather than a specialization within another field

A cyber threat is one of the most serious economic and national security challenges we face as a nation, and according to President Barack Obama, "America's economic prosperity in the 21st century will depend on cyber security." Recognizing the importance of these issues, employers are seeking qualified graduates to help secure their computing systems and associated data.

To address this need, Rochester Institute of Technology has created a Department of Computing Security that will house RIT's information security and forensics undergraduate and graduate programs and associated faculty. The unit provides a focal point for cyber security research at RIT, bringing faculty, staff and students from across RIT together to address security-related issues.

"By establishing this department, we are freeing computing security from any constraints that may exist due to preconceived notions that come along with more established disciplines," says Andrew Sears, dean of RIT's B. Thomas Golisano College of Computing and Information Sciences. "We are also designing this unit and the corresponding degrees to leverage expertise from across the university."

RIT's faculty seeks to define computing security as a new discipline rather than a specialization within another field. As part of this process, the faculty has redesigned RIT's security-oriented degrees to address the evolving needs of employers.

"The new department integrates faculty from the computer science, software engineering and information sciences and technologies departments through secondary appointments," says Sylvia Perez-Hardy, chair of the Department of Computing Security. "The interdisciplinary members of the faculty enrich the curriculum by addressing security-related issues that exist within their disciplines in order to offer the strongest, most diverse security degree in the country."

Rajendra Raj, professor of computer science, and Andy Meneely, assistant professor of software engineering, both agree with the need to address security from alternative angles.

"A computer science perspective in secure data management is needed to anticipate and prevent data breaches from occurring in the first place," says Raj, who teaches traditional and cloud data security as a secondary faculty member.

"A lot of security students will end up working closely with software development teams," says Meneely, who will teach secure software development to security students. "Understanding how the software development lifecycle works and how to correctly fix a vulnerability so that it doesn't break the system's design or introduce other bugs is a tough skill that requires software engineering knowledge in addition to security knowledge."

Numerous advanced courses have been added to the program, addressing a variety of topics including secure software development, database and Web security, security auditing, risk assessment and business continuity, forensics from the enterprise level to mobile devices, securing computing devices, and securing an organization's infrastructure. The department plans to continue diversifying its secondary faculty by collaborating with disciplines such as computer engineering, criminal justice and public policy.

"The department has already received a gift from McAfee, helping to establish the McAfee Interlock Lab for information security teaching, learning and research," Sears says. "RIT is emerging as a leader in computing security education."

The Golisano College has led the fields of computing and information sciences by introducing the first bachelor's degrees in the United States in software engineering, information technology and networking and systems administration, as well as one of the first undergraduate and graduate programs in game design and development. This department provides the college with yet another opportunity to lead by defining emerging disciplines within the broader field of computing and information sciences.

###

Rochester Institute of Technology is internationally recognized for academic leadership in business, computing, engineering, imaging science, liberal arts, sustainability, and fine and applied arts. In addition, the university offers unparalleled support services for deaf and hard-of-hearing students. RIT enrolls nearly 18,000 full- and part-time students in more than 200 career-oriented and professional programs, and its cooperative education program is one of the oldest and largest in the nation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

CVE-2014-3991
Published: 2014-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu pa...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.