Risk
10/24/2012
03:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RIT Creates New Computing Security Department

RIT’s faculty seeks to define computing security as a new discipline rather than a specialization within another field

A cyber threat is one of the most serious economic and national security challenges we face as a nation, and according to President Barack Obama, "America's economic prosperity in the 21st century will depend on cyber security." Recognizing the importance of these issues, employers are seeking qualified graduates to help secure their computing systems and associated data.

To address this need, Rochester Institute of Technology has created a Department of Computing Security that will house RIT's information security and forensics undergraduate and graduate programs and associated faculty. The unit provides a focal point for cyber security research at RIT, bringing faculty, staff and students from across RIT together to address security-related issues.

"By establishing this department, we are freeing computing security from any constraints that may exist due to preconceived notions that come along with more established disciplines," says Andrew Sears, dean of RIT's B. Thomas Golisano College of Computing and Information Sciences. "We are also designing this unit and the corresponding degrees to leverage expertise from across the university."

RIT's faculty seeks to define computing security as a new discipline rather than a specialization within another field. As part of this process, the faculty has redesigned RIT's security-oriented degrees to address the evolving needs of employers.

"The new department integrates faculty from the computer science, software engineering and information sciences and technologies departments through secondary appointments," says Sylvia Perez-Hardy, chair of the Department of Computing Security. "The interdisciplinary members of the faculty enrich the curriculum by addressing security-related issues that exist within their disciplines in order to offer the strongest, most diverse security degree in the country."

Rajendra Raj, professor of computer science, and Andy Meneely, assistant professor of software engineering, both agree with the need to address security from alternative angles.

"A computer science perspective in secure data management is needed to anticipate and prevent data breaches from occurring in the first place," says Raj, who teaches traditional and cloud data security as a secondary faculty member.

"A lot of security students will end up working closely with software development teams," says Meneely, who will teach secure software development to security students. "Understanding how the software development lifecycle works and how to correctly fix a vulnerability so that it doesn't break the system's design or introduce other bugs is a tough skill that requires software engineering knowledge in addition to security knowledge."

Numerous advanced courses have been added to the program, addressing a variety of topics including secure software development, database and Web security, security auditing, risk assessment and business continuity, forensics from the enterprise level to mobile devices, securing computing devices, and securing an organization's infrastructure. The department plans to continue diversifying its secondary faculty by collaborating with disciplines such as computer engineering, criminal justice and public policy.

"The department has already received a gift from McAfee, helping to establish the McAfee Interlock Lab for information security teaching, learning and research," Sears says. "RIT is emerging as a leader in computing security education."

The Golisano College has led the fields of computing and information sciences by introducing the first bachelor's degrees in the United States in software engineering, information technology and networking and systems administration, as well as one of the first undergraduate and graduate programs in game design and development. This department provides the college with yet another opportunity to lead by defining emerging disciplines within the broader field of computing and information sciences.

###

Rochester Institute of Technology is internationally recognized for academic leadership in business, computing, engineering, imaging science, liberal arts, sustainability, and fine and applied arts. In addition, the university offers unparalleled support services for deaf and hard-of-hearing students. RIT enrolls nearly 18,000 full- and part-time students in more than 200 career-oriented and professional programs, and its cooperative education program is one of the oldest and largest in the nation.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio