Author: csed

The Data Security knowledge area focuses on the protection of data at rest, during processing, and in transit. This knowledge area requires the application of mathematical and analytical algorithms to fully implement.

Topic Areas

• Cryptography
• Access Control
• Data Security

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge area. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Knowledge Areas

• Data Security
• Network Security
• System Security
• Software Security
• Organizational Security
• Societal Security

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this discipline. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Foundational IS competencies are typically first introduced as part of an “Introductory Course,” sometimes also referred to as an “MIS Course” or “Foundations Course.” Competencies in this area will improve as more courses are taken. As a competency area, it represents the IS discipline as a whole: What are the knowledge areas and how are they being applied? Why is this subject significant? What specializations exist? What is the work like? Do I want to study IS? What kind of career would I like to have? The foundational IS competency realm comprises one required area (IS Foundations).

Competency Areas

• FOIS – Information Systems Foundation (required)

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Scope:

1. The emerging challenges in a computing-based discipline
   involving technology, people, information, and processes to
   enable assured operations and to support the growing need for
   forensic activities in a contest, adversarial environment.
2. Security considerations of cloud computing
3. Digital forensics including the recovery and investigation of
   material found in digital devices, often in relation to computer
   crime.
4. Security implications for information technologies enabled and
   controlled by software and influenced by the supply chain.

Competencies:

1. Perform malware analysis on a computer system and conduct a
   forensic analysis on a local network, on stored data within a
   system as well as mobile devices for an enterprise environment.
   (Malware and forensic analysis)
2. Apply standards, procedures, and applications used to protect
   the confidentiality, integrity and availability of information and
   information system within a cloud computing setting. (System
   integrity)
3. Analyze human facets that enable the exploitation of
   computing-based systems. (Human dynamics)
4. Design security procedures, based on cybersecurity principles,
   regarding privacy issues for a computing-based system that
   address security challenges within a computing environment
   (e.g. internet of things). (Security procedures)

Subdomains and Core Hour allocation

Subdomain	Level
ITS-CEC-01 Case studies and lessons learned	1
ITS-CEC-02 Network forensics	2
ITS-CEC-03 Stored data forensics	2
ITS-CEC-04 Mobile forensics	1
ITS-CEC-05 Cloud security	1
ITS-CEC-06 Security metrics	1
ITS-CEC-07 Malware analysis	1
ITS-CEC-08 Supply chain and software assurance	1
ITS-CEC-09 Personnel and human security	1
ITS-CEC-10 Social dimensions	1
ITS-CEC-11 Security implementations	1
ITS-CEC-12 Cyber-physical systems and the IoT	1

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Scope:

1. A computing-based discipline involving technology, people, information, and processes to enable assured operations.
2. A focus on implementation, operation, analysis, and testing of the security of computing technologies
3. Recognition of the interdisciplinary nature of the application of cybersecurity including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries.
4. The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
5. Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.

Competencies:

1. Evaluate the purpose and function of cybersecurity technology
   identifying the tools and systems that reduce the risk of data
   breaches while enabling vital organization practices.
   (Cybersecurity functions)
2. Implement systems, apply tools, and use concepts to minimize
   the risk to an organization’s cyberspace to address cybersecurity
   threats. (Tools and threats)
3. Use a risk management approach for responding to and
   recovering from a cyber-attack on system that contains high
   value information and assets such as an email system. (Response
   and risks)
4. Develop policies and procedures needed to respond and
   remediate a cyber-attack on a credit card system and describe
   plan to restore functionality to the infrastructure. (Policies and
   procedures)

Subdomains and Skill Levels

Subdomain	Level
ITE-CSP-01 Perspectives and impact	1
ITE-CSP-02 Policy goals and mechanisms	1
ITE-CSP-03 Security services, mechanisms, and countermeasures	2
ITE-CSP-04 Cyber-attacks and detection	2
ITE-CSP-05 High assurance systems	2
ITE-CSP-06 Vulnerabilities, threats, and risk	2
ITE-CSP-07 Anonymity systems	1
ITE-CSP-08 Usable security	1
ITE-CSP-09 Cryptography overview	1
ITE-CSP-10 Malware fundamentals	1
ITE-CSP-11 Mitigation and recovery	1
ITE-CSP-11 Mitigation and recovery	1
ITE-CSP-12 Personal information	1
ITE-CSP-13 Operational issues	2
ITE-CSP-14 Reporting requirements	1

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

	Domain	Essential Percent	Supplemental Percent
ITE-IMA	Information Management	6	0
ITE-IST	Integrated Systems Technology	3	0
ITE-PFT	Platform Technologies	1	0
ITE-SPA	System Paradigms	6	0
ITE-UXD	User Experience Design	3	0
ITE-CSP, ITS-CEC	Cybersecurity Principles / Cybersecurity Emerging Challenges	6	4
ITE-GPP, ITS-SRE	Global Professional Practice / Social Responsibility	3	2
ITE-NET, ITS-ANE	Networking / Applied Networks	5	4
ITE-SWF, ITS-SDM	Software Fundamentals / Software Development and Management	4	2
ITE-WMS, ITS-MAP	Web and Mobile Systems / Mobile Applications	3	3
ITS-CCO	Cloud Computing	0	4
ITS-DSA	Data Scalability and Analytics	0	4
ITS-IOT	Internet of Things	0	4
ITS-VSS	Virtual Systems and Services	0	4

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Information Systems Foundations refer to the ability of students to understand the fundamental concepts of IS (including hardware, software, and information acquisition) and the support that IS provides for transactional, decisional, and collaborative business processes.  They will also be able to understand the collection, processing, storage, distribution, and value of information and be able to make recommendations regarding IS that support and enable individuals in their daily lives as well as the management, customers, and suppliers of the enterprise.  This competency includes the ability to conduct an organizational business analysis, and assess processes, and systems.

While specific electives are not proposed in this competency realm, it is perhaps important to note that these foundational skills will be important in future IS researcher/teacher careers. At the undergraduate level, it may be premature to elaborate and extend in this area.

Competency Area Statement

Students who meet the competencies of IS Foundations can understand the fundamental concepts of IS (including hardware, software, and information acquisition) and the support that IS provides for transactional, decisional, and collaborative business processes.  They will also be able to understand the collection, processing, storage, distribution, and value of information and be able to make recommendations regarding IS that support and enable individuals in their daily lives as well as the management, customers, and suppliers of the enterprise.  This competency includes the ability to conduct an organizational business analysis, and assess processes, and systems.

Competencies: Graduates will be able to:

	Competency	Dispositions	Skill Level
FOUN.FOIS.1	Classify the components, elements, operations and impact of IS	Self-directed, Inventive, Purpose-driven	Apply
FOUN.FOIS.2	Interpret the dimensions, characteristics and value of quality information.	Purpose-driven, Self-directed, Responsive	Apply
FOUN.FOIS.3	Explain the roles, responsibilities, and characteristics of the IS professional	Self-directed, Inventive, Purpose-driven	Apply
FOUN.FOIS.4	Recommend techniques for using information and knowledge for business decision making and strategic value	Self-directed, Purpose-driven, Professional	Apply
FOUN.FOIS.5	Analyze a business case and critique appropriate IS solutions to common business problems, based on the different components, elements, types, and levels of IS	Self-directed, Purpose-driven, Professional	Apply
FOUN.FOIS.6	Critique and recommend Enterprise Systems for a given business problem and processes.	Purpose-driven, Professional, Self-directed	Apply
FOUN.FOIS.7	Identify techniques for transmitting and securing information in an organization.	Purpose-driven, Self-directed, Professional	Understand
FOUN.FOIS.8	Demonstrate an ability to solve basic computational and design problems using IS development with appropriate methodologies, software tools and innovative methods for improving processes and organizational change	Self-directed, Purpose-driven, Professional	Apply

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Competency 2: Design relational databases

Key Dispositions: Self-Directed,  Purpose-driven, Meticulous

Knowledge-Skill Pairs:

Knowledge Element	Skill Level (Bloom cognitive level)
Integrity, entity, referential and check constraints	3 – Apply
Anomalies, functional dependencies, normalization normal forms and convert to BCNF	5 – Evaluate
Conceptual, logical models, and physical models Transform a conceptual model to a logical model and a logical model to a physical model	6 – Create

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

Competency 1: Query the relational model

Key Dispositions: Meticulous, Self-Directed, Purpose-driven

Knowledge-Skill Pairs:

Knowledge Element	Skill Level (Bloom cognitive level)
Relations, tuples, and fields Model data using tables, rows, columns, keys	3- Apply
User stories and business requirements Translate user stories to SQL statements using (SELECT, FROM, WHERE, ORDER BY, DISTINCT, LIKE, BETWEEN, IN, JOIN, GROUP BY, HAVING, sub-queries, ANY, ALL, UNION)	6 – Create

 

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.

The Data and Information Management area comprises competencies related to tools and techniques for managing data with database systems. At the highest level, competencies within this area are related to two questions (a) how to use a database and (b) how to build a database. Most of this competency area will focus on the classic relational model.  In the past several years, driven by evolving functional and non-functional (quality) needs of an organization, alternatives to the classic relational model have emerged.  Illustrative samples will be examined of these popular alternatives known as non-relational or NoSQL models.

Electives: Following the trend towards big data and analytics, there is increasing need for professionals in this area and thus opportunities for specialization. While specialized programs exist that produce data scientists, this area has also emerged as an important area for graduates from IS programs. To support the design of this specialization to an undergraduate IS program, two specialization areas, Data and Business Analytics and Data and Information Visualization, are identified.

Competency Area Statement

We currently live in a data driven age. Data has emerged as the new oil that drives an organization: The successful operation of modern organizations relies on the effective use of their operational data. Database management systems (DBMS) are the engines of this data driven world.

Data collected and used by an organization is broadly divided into two types (i) line of business data and (ii) customer behavior data.  Traditionally data management has focused on online business data.  For example, when a ride request is made to a ride sourcing company (Uber, Lyft, etc.), what data is needed to meet that request? When a purchase is made in a grocery store what is the flow of data during that transaction?  Line of business data is used to support core business processes of the organization. Alternatively, based on the purchase patterns of a shopper or the volume or location of ride requests, how can a grocery store or a ride sourcing company make their operation more effective? The answer to this question is based on customer behavior data (who bought what, when etc.).  Whatever type of data it may be, many fundamental questions are the same: How do you gather, organize, curate, and process data to help run an organization or extract actionable information to increase effectiveness?

The use of data involves three aspects (i) management (ii) security and (iii) analytics.

We will study tools and techniques for managing data with database systems.  At the highest level we will study two questions (a) how to use a database and (b) how to build a database. For more than three decades, the relational model has been the predominant model of data management.  Most of this module will focus on the classic relational model.  In the past several years, driven by evolving functional and non-functional (quality) needs of an organization, alternatives to the classic relational model have emerged.  We will examine illustrative samples of these popular alternatives known as non-relational or NoSQL models.

Competencies: Graduates will be able to:

	Competency	Dispositions	Skill Level
DATA.MGMT.1	Query the relational model	Meticulous, Self-directed, Purpose-driven	Analyze
DATA.MGMT.2	Design relational databases	Self-directed, Purpose-driven, Meticulous	Create
DATA.MGMT.3	Programming database systems using functions and triggers	Meticulous, Self-directed, Purpose-driven	Apply
DATA.MGMT.4	Secure a database	Meticulous, Self-directed, Purpose-driven	Analyze
DATA.MGMT.5	Compare tradeoffs of different concurrency modes	Self-directed, Meticulous, Inventive	Apply
DATA.MGMT.6	Develop non-relational models	Meticulous, Self-directed, Purpose-driven	Create

Suggestions Accepted for consideration for the next Edition:

Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.