Document Type

Article

Publication Date

3-2015

Publication Source

Communications of the Association for Information Systems

Abstract

Due to several recent highly publicized information breaches, information security has gained a higher profile. Hence, it is reasonable to expect that information security would receive an equally significant emphasis in the education of future systems professionals. A variety of security standards that various entities (e.g., NIST, COSO, ISACA-COBIT, ISO) have put forth emphasize the importance of information security from the very beginning of the system development lifecycle (SDLC) to avoid significant redesign in later phases. To determine the emphasis on security in typical systems analysis and design (SA&D) courses, we examine (1) to what extent security is emphasized in the core SA&D courses and (2) at what phase in the SDLC do most SA&D courses begin to emphasize security. In order to address these questions, we reviewed SA&D textbooks currently on the market to identify how extensively they cover security-related issues. Given the fairly high awareness of information security in practice, we expected to see an equally high emphasis on such matters in the textbooks. However, our review suggests that this is not the case, which suggests a gap in our preparation. To address this gap, we offer a proposal for modifying a portion of the SA&D curricula.

Inclusive pages

337-356

ISBN/ISSN

1529-3181

Document Version

Published Version

Comments

The document available for download is provided in compliance with the publisher's policy on self-archiving. Permission documentation is on file.

Publisher

Association for Information Systems

Volume

36

Issue

18

Peer Reviewed

yes