CAAC Meeting Minutes | Webster University

CAAC Meeting Minutes

Cybersecurity Academic Advisory Council
Meeting: January 31, 2019

ATTENDEES:
Brenda Boyce: Associate Professor, Math/Computer Science Department
Jerry Cronin: Chief Information Security Officer, United States Transportation Command
Simone Cummings: Dean, George Herbert Walker School of Business and Technology
Jim Curtis: CAAC Administrator, Assistant Professor, Math/Computer Science Department
Paul Frazier: Cybersecurity Program Director, Math/Computer Science Department
Gary Harbison: Chief Information Security Officer, Bayer US
Dan Henke: Vice President, Chief Information Security Officer, Mercy Technology Services
Matt Modica: Vice President and Chief Information Security Officer for BJC HealthCare
Shrikant Ramachandran: Vice President & CIO Mallinckrodt Pharmaceuticals
Martha Smith: Chair, Math/Computer Science Department

ABSENT:
Jeff Horton: Senior Manager Application Security, Treasury Technology Services, Federal Reserve Bank of St. Louis
Doug Kelly: Assistant Professor, Math/Computer Science Department

DISCUSSION/ACTIVITIES:
• The team shared an Italian themed lunch before commencing business.
• The meeting started with introductions and expectations from each member.
• Dean Cummings thanked everyone for attending and shared her perspective of the CAAC's importance to the university and the impact on students as the CAAC members bring perspectives and recommendations for enhancing the curriculum, programs, and other student-focused opportunities.
• Jim Curtis led a review of the CAAC charter, clarified roles and meeting expectations, and answered questions.
• The team spent considerable time reviewing the history, enrollments, and evolution of the graduate and undergraduate cybersecurity programs at the university. Academic year 2019-2020 improvements discussed include: THREAT DETECTION CERTIFICATE

Added three courses to the curriculum:
CSSS 5130 Intelligence / Counterintelligence
CSSS 5160 Encryption Methods
CSSS 5230 Forensics
Note: All three of these courses currently exist as electives for the MS in Cybersecurity degree

Retained three existing courses:
CSSS 5120 Critical Infrastructure
CSSS 5210 Law and Policy
CSSS 5220 Threat Detection

Eliminated one course:
CSSS 5000 Introduction to Cybersecurity

Total credit hours changes from existing 12 to new 18.

INFORMATION ASSURANCE CERTIFICATE

We are adding a new certificate called Information Assurance that will have a different focus and curriculum than the more specialized Threat Detection certificate. The primary goal of this certificate program is to support IT/CS professionals seeking to expand their understanding of the cybersecurity discipline and to apply that knowledge to their profession. A certificate in cybersecurity can be a powerful and useful tool for IT professionals already working in the field but who do not wish to pursue a graduate degree. However, because the existing Threat Detection certificate lacks an in-depth and fully developed curriculum which would provide current students information and knowledge on the rapidly changing and evolving science of cybersecurity, few students are opting for the certificate program unto itself (note: many graduate students do obtain the certificate because all of the courses are either mandatory or can be applied as an elective so they only pay the administrative fee to obtain the certificate).

This certificate program will include five existing, and one new course:
CSSS 5110 Communications (3)
CSSS 5120 Critical Infrastructure (3)
CSSS 5140 Strategic Operations (3)
CSSS 5160 Encryption Methods (3)
CSSS 5270 Cloud Computing and Security (3)
CSSS 5290 Risk Management Framework (3) (new course)

CYBERSECURITY RISK MANAGEMENT FRAMEWORK COURSE (3 hrs)

This course provides a detailed review and analysis of the six-step Risk Management Framework (RMF) process utilizing the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Security and Privacy Controls for Federal Information Systems and Organizations. The course includes the process for risk analysis and categorizing cyber risks for information systems, and the application of controls to minimize cyber risks for managing information. It also presents an in-depth overview of each step RMF along the framework path as well as the methodology for monitoring IT systems.

• After the curriculum update, the discussion turned to industry and government expectations and needs required for a cybersecurity graduate, as well as how do we 'blend' the functional disciplines (i.e., health, finance, supply chain) expertise with cybersecurity expertise in order to provide the best capabilities to our systems and customers. The discussion was robust, dynamic, and thought provoking.
• We completed the lunch/discussion portion of the meeting with a summary by Jim Curtis to include final approval of the charter, integration and support by the CAAC and their organizations (internships, job fairs, class visits, etc.), and tentative timeline for the next meeting.

The next meeting is tentatively planned for the first week of June 2019.

Meeting adjourned at 1:15PM.

VISIT TO CYBERSECURITY CENTER OF EXCELLENCE:
• The attendees visited the East Academic Building (room 204) Cybersecurity Center of Excellence. During the visit, the faculty outlined the plans for the center, the challenges of being both a physical lab for local students as well as a virtual lab for international and national students. We discussed the technologies to include hardware, software, applications, and video teleconferencing capabilities.

SUBMITTED BY:

James Curtis, Ph.D.
Math/Computer Science Department
Webster University