Risk
10/24/2012
03:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RIT Creates New Computing Security Department

RIT’s faculty seeks to define computing security as a new discipline rather than a specialization within another field

A cyber threat is one of the most serious economic and national security challenges we face as a nation, and according to President Barack Obama, "America's economic prosperity in the 21st century will depend on cyber security." Recognizing the importance of these issues, employers are seeking qualified graduates to help secure their computing systems and associated data.

To address this need, Rochester Institute of Technology has created a Department of Computing Security that will house RIT's information security and forensics undergraduate and graduate programs and associated faculty. The unit provides a focal point for cyber security research at RIT, bringing faculty, staff and students from across RIT together to address security-related issues.

"By establishing this department, we are freeing computing security from any constraints that may exist due to preconceived notions that come along with more established disciplines," says Andrew Sears, dean of RIT's B. Thomas Golisano College of Computing and Information Sciences. "We are also designing this unit and the corresponding degrees to leverage expertise from across the university."

RIT's faculty seeks to define computing security as a new discipline rather than a specialization within another field. As part of this process, the faculty has redesigned RIT's security-oriented degrees to address the evolving needs of employers.

"The new department integrates faculty from the computer science, software engineering and information sciences and technologies departments through secondary appointments," says Sylvia Perez-Hardy, chair of the Department of Computing Security. "The interdisciplinary members of the faculty enrich the curriculum by addressing security-related issues that exist within their disciplines in order to offer the strongest, most diverse security degree in the country."

Rajendra Raj, professor of computer science, and Andy Meneely, assistant professor of software engineering, both agree with the need to address security from alternative angles.

"A computer science perspective in secure data management is needed to anticipate and prevent data breaches from occurring in the first place," says Raj, who teaches traditional and cloud data security as a secondary faculty member.

"A lot of security students will end up working closely with software development teams," says Meneely, who will teach secure software development to security students. "Understanding how the software development lifecycle works and how to correctly fix a vulnerability so that it doesn't break the system's design or introduce other bugs is a tough skill that requires software engineering knowledge in addition to security knowledge."

Numerous advanced courses have been added to the program, addressing a variety of topics including secure software development, database and Web security, security auditing, risk assessment and business continuity, forensics from the enterprise level to mobile devices, securing computing devices, and securing an organization's infrastructure. The department plans to continue diversifying its secondary faculty by collaborating with disciplines such as computer engineering, criminal justice and public policy.

"The department has already received a gift from McAfee, helping to establish the McAfee Interlock Lab for information security teaching, learning and research," Sears says. "RIT is emerging as a leader in computing security education."

The Golisano College has led the fields of computing and information sciences by introducing the first bachelor's degrees in the United States in software engineering, information technology and networking and systems administration, as well as one of the first undergraduate and graduate programs in game design and development. This department provides the college with yet another opportunity to lead by defining emerging disciplines within the broader field of computing and information sciences.

###

Rochester Institute of Technology is internationally recognized for academic leadership in business, computing, engineering, imaging science, liberal arts, sustainability, and fine and applied arts. In addition, the university offers unparalleled support services for deaf and hard-of-hearing students. RIT enrolls nearly 18,000 full- and part-time students in more than 200 career-oriented and professional programs, and its cooperative education program is one of the oldest and largest in the nation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.