Content uploaded by Utku Köse
Author content
All content in this area was uploaded by Utku Köse on Apr 17, 2024
Content may be subject to copyright.
Paper ID #44588
Designing Effective Cybersecurity Curriculum: Bridging Disciplines for
Next Generation Workforce
Prakash NA Ranganathan, University of North Dakota
Jamison Jangula, University of North Dakota
Dr. Utku Kose, University of North Dakota
Dr. Utku Kose received the B.S. degree in 2008 from computer education of Gazi University, Turkey
as a faculty valedictorian. He received M.S. degree in 2010 from Afyon Kocatepe University, Turkey in
the field of computer and D.S. / Ph. D. degree in 2017 from Selcuk University, Turkey in the field of
computer engineering. Currently, he is a Research Associate at the University of North Dakota, USA and
Associate Professor in Suleyman Demirel University, Turkey. He also holds the Honorary Professor of
Artificial Intelligence title at ITM (SLS) Baroda University, India. Dr. Kose also gave lectures at other
higher education institutions such as Gazi University, Turkey and Istanbul Arel University, Turkey. He
has more than 300 publications including articles, authored and edited books, proceedings, and reports.
He is also in editorial boards of many scientific journals and serves as one of the editors of the Biomedical
and Robotics Healthcare (CRC Press) and Computational Modeling Applications for Existential Risks
(Elsevier) book series. His research interest includes artificial intelligence, machine ethics, artificial in-
telligence safety, biomedical applications, optimization, the chaos theory, distance education, e-learning,
computer education, and computer science.
Neena Goveas, University of North Dakota
Mr. Shree Ram Abayankar Balaji, University of North Dakota
©American Society for Engineering Education, 2024
1
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Designing Effective Cybersecurity Curriculum: Bridging Disciplines for
Next Generation Workforce
Prakash Ranganathan, Jamison Jangula, Utku Kose, Neena Goveas,
Shree Ram Abayankar Balaji
School of Electrical Engineering & Computer Science (SEECS)
University of North Dakota
Grand Forks, North Dakota 58202
Email: {prakash.ranganathan, jamison.jangula, utku.kose, neena.goveas, shree.balaji}@und.edu
Abstract
Digital transformation leading to rapid automation is creating significant changes in all aspects of
our lives. Unfortunately, today's interconnected digital networks have increased vulnerabilities and
cyber threats. The frequency of cyber threats in critical infrastructures and across all application
sectors has risen. Moreover, Artificial Intelligence (AI) has expanded the threat landscape to a new
level by integrating sophisticated mechanisms (e.g., automated coding, deepfakes, social
engineering) capable of manipulating and exploiting humans, systems, or networks. There is an
urgent need to train the next generation of the cybersecurity workforce, equipping them with all
the necessary skills to face growing attack vectors.
Universities and colleges need to consider adding new cybersecurity undergraduate programs, but
questions remain about what constitutes a robust cyber curriculum? Factors such as the availability
of qualified instructors, diverse faculty expertise or backgrounds, the lack of resources in
laboratory infrastructure, local economy or industry needs, budgetary challenges, targeted student
types, delivery modes (on-campus versus online), and the size of the department determine the
type of curriculum offered. Most cyber programs reside in computer science (CS), computer
engineering, or electrical engineering (EE) departments. This paper focuses on designing a
cybersecurity undergraduate curriculum that attracts both EE and CS students through specialized
tracks and leverages existing courses in departments where both EE and CS majors are housed
within one School of Electrical Engineering and Computer Sciences (SEECS). The proposed
cybersecurity curriculum is approved internally by the department and the College of Engineering
and Mines (CEM). UND is currently working towards seeking ABET accreditation and received
NSA’s CAE-R designation. The paper discusses course mapping to EAC and CSAB cybersecurity
criteria for two programs: Cybersecurity Engineering (CSE), and Cybersecurity Science (CSS).
Such a curriculum plan can also be suitable for other schools if programs can be leveraged.
Keywords: cybersecurity, engineering, curriculum, ABET, EAC, CSAB
1. Introduction
In our rapidly changing digital world, cyber security education needs to have an evolving
characteristic sensitive to societal changing demands. These demands seek strategies to equip
people with desired knowledge, abilities and awareness to enroll in a broader workforce domain
(agriculture, energy, aviation etc.). Thus, educational institutions require careful planning when
designing and developing new cyber programs. It is evident that well-structured curriculums
enable all actors to take effective steps towards achieving the targeted learning outcomes.
Achieving learning outcomes is accepted as an indicator for the efficiency and quality of applied
2
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
programs and the host institutions [1-3]. Lately, many engineering programs are continuously for
a well-rounded “inter-disciplinary” program. Due to this inclusion, the concept of a “department
offering an inter-disciplinary program” has become challenging due to constraints on balancing
teaching core cyber vs. non-cyber courses (psychology, sociology, law), resources, course
offerings, availability of faculty. In programs such as engineering or CS, digital transformation
force planners and policy makers to update and adapt existing programs to attract learners
according to rapidly changing demands and the required workforce. Especially in engineering
fields, the synergy between theoretical and laboratory components needs to be rethought with the
possibilities of inter-disciplinary flavors. There is also a demand from the industries, for more
experiential learning focused courses.
Digital transformation is happening in many sectors leading to transformations in the workforce
[4]. The transformed workforce now needs to be aware of digital tools and possible risk factors
while using them. Moreover, more digital devices and workflows have unfortunately resulted in
technological drawbacks, and cyber-attacks [5, 6]. The actual number of cyber-attacks may be
larger as many industries do not report attacks or may successfully deal with them. The actual
types of cyber threat types also cannot be enumerated easily as there are a wide variety of risk
factors which are still expanding. There is an increased frequency of cyber threats in critical
infrastructures (e.g., power grid, water utilities, and oil and gas industry) and across all application
sectors. Further, Generative Artificial Intelligence (GenAI) expands this threat landscape to
another new level by integrating sophisticated ways (e.g., automated coding, deep fakes, social
engineering) of manipulating or exploiting humans, systems or networks. Therefore, there is an
urgent need to train the next generation cybersecurity workforce by building a curriculum to
address this skill gap in cybersecurity. A cybersecurity professional needs training in courses from
fields as diverse as engineering, computer science, psychology, mathematics, sociology, and
management.
Most cyber programs reside in computer science (CS), computer engineering or electrical
engineering (EE) departments. In this paper, we focus on designing a cybersecurity undergraduate
curriculum that attracts both EE and CS students by leveraging existing courses in departments
where both EE and CS majors are housed as one School of Electrical Engineering and Computer
Sciences (SEECS). The proposed curriculum can be also suitable for schools that have EE and
CS departments housed separately with provisions for common coursework.
Specific factors challenging for universities in designing a robust cybersecurity curriculum are:
1. Rapidly Evolving Threat Landscape
2. Interdisciplinary Collaboration Requirements
3. Limited Resources and Budget Constraints
4. Availability of Qualified Instructors
5. Accreditation and Compliance Standards
6. Integration with Existing Programs and Courses
7. Balancing Theory with Hands-On Practical Training
8. Access to Relevant Tools and Technologies
9. Industry Partnerships and Engagement
10. Addressing Diverse Student Backgrounds and Learning Styles
3
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
2. ABET Criteria and Influential Factors
Accreditation Board for Engineering and Technology (ABET) is an ISO 9001 certificate holding,
non-profit organization, which works on evaluating the quality of college and university programs
in the context of science, technology, engineering, and mathematics (STEM) disciplines [7, 8].
Today, ABET has been known as a professional accreditation body that can accredit 550+ in 30+
countries around the world [9]. Some schools decide not to pursue ABET due to expensive
accreditation costs, and some promote their programs in NSA’s CAE designation (CAE-CD,
CAE-CO, CAE-R). ABET has EAC criteria for cyber engineering and CSAB criteria for CS based
cyber security science [10] (See Figure 1).
Figure 1. ABET CAC and EAC curriculum criteria [31].
Institutions should check their detailed requirements to see how to map and leverage the existing
courses. They are listed under: (1) EE Related Criteria Under the Criteria for Accrediting
Engineering Programs, 2022-2023: Program Criteria for Associate Cybersecurity and Similarly
Named Programs [Co-Lead Societies: CSAB, and International Council on Systems Engineering
(INCOSE)], and (2) CS Related Criteria Under the Criteria for Accrediting Computing
Programs, 2022-2023: Program Criteria for Associate Cybersecurity and Similarly Named
Programs (Lead Society: CSAB). Both criteria provide requirements under curriculum design,
faculty members, and student outcomes. Details regarding can be reached at [11] and [12].
2.1. Specific Course Distinction and Common Courses
Before discussing what could be the common courses for EE and CS, it is important to make some
distinctions among cyber security flavors among EE and CS. If designing cybersecurity courses
for common engineering students, the focus would be on foundational concepts applicable across
various engineering disciplines (Table 1). Colleges should also review pre-requisites for these
courses carefully for both new and incoming transfer students. From the educational perspective,
the pre-requisite is defined as the knowledge and skills, which are necessary to become successful
[13]. Some considerations on pre-req and transfer credits may include: (1) topics in a course can
require considering diverse knowledge and skills, requiring pre-requisite relations covered in
broader or narrower scope of other courses; (2) A student might have already gained the pre-
requisite from other curriculums (business side cyber, psychology related human factors courses,
4
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
social or criminal justice courses) in the past, those courses can be considered as electives. So,
the current curriculum should give free pathways for such students; (3) Some minor programs or
short certificates in cyber security could be developed for other engineering majors such as
mechanical, civil or petroleum engineers; (4) As a result of newly opened interdisciplinary
programs, pre-requisites should be carefully organized to minimize the duration required to
complete them.
Table 1: Key cybersecurity courses across disciplines.
Electrical Engineering (EE):
Computer Science (CS):
Common Courses
Embedded Systems Security
Advanced Cryptography
Introduction to Cybersecurity
Hardware Security
Penetration Testing and Ethical Hacking
Network Security
Fundamentals
Industrial Control Systems Security
Malware Analysis and Reverse
Engineering
Secure Software Development
Practices
Electromagnetic Interference (EMI)
and Electromagnetic Compatibility
(EMC) in Cybersecurity
Cybersecurity Analytics and Machine
Learning
Cryptography Basics
2.2. Industry Perspectives and Need for Engineering Based Cybersecurity
Table 2 summarizes some key feedback obtained from companies surveyed. For example,
hardware and system security is important to teach from Operational Technology perspective for
engineering focused cyber security programs, and software, network and cloud security is key for
CS flavored cyber security programs.
2.2.1. Industry needs on cyber skills
In designing the curricula, it was evident that industry needs for EE and CS differ slightly on cyber
security needs, but yet have common requirements (Table 2).
Table 2: Industry needs on cyber skills across disciplines.
For Electrical Engineering
(EE) Companies:
For Computer Science
(CS) Companies:
Common requirements across various
applications:
Emphasis on embedded
systems security for IoT
devices.
Strong emphasis on software
security including secure
coding practices and
vulnerability assessment.
Incident Response and Management: The ability
to detect, analyze, and respond to cybersecurity
incidents efficiently to minimize damage and
restore normal operations.
Focus on hardware-level
security protocols and
implementations.
Focus on network security
and protocols, including
intrusion detection and
prevention systems (IDPS).
Security Operations Center (SOC) Monitoring:
Monitoring and analyzing security events to
identify and mitigate potential security threats in
real-time.
Demand for expertise in
securing critical infrastructure
like power grids and
transportation systems.
Demand for expertise in
cryptography for data
protection and encryption
algorithms.
Vulnerability Assessment and Penetration
Testing: Identifying weaknesses in systems,
networks, and applications through proactive
testing and providing recommendations for
remediation.
Requirement for
understanding electromagnetic
interference (EMI) and
electromagnetic compatibility
(EMC) concerns in
cybersecurity.
Requirement for proficiency
in threat modeling and risk
assessment methodologies.
Security Architecture and Engineering:
Designing, implementing, and maintaining
secure systems, networks, and applications with
a focus on defense-in-depth and security best
practices.
5
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
2.2.2. Cyber Informed Engineering (CIE) Department of Homeland security (DHS)
identified 16 (Figure 2) critical sectors,
where cybersecurity requirements should be
reviewed to address growing threats [14].
Thus, warranting engineering students to be
taught common sector-specific cyber
challenges. To do this, Dr. Ranganathan
recommend universities consider CIE into
their curriculum. CIE is an “engineering-
out” cyber risk throughout the design and
operations stages, instead of being an
afterthought. From an industry perspective,
it takes multiple years (2-3 years) to change
an existing workforce culture to adopt more
of a cyber-security culture. For a relatively
small organizations, focusing on changing
the security culture such that staff knows that
it is everyone's responsibility is sufficient
enough. Universities should consider
incorporating this CIE philosophy into its
programs. INL has worked with the industry to help with culture change. INL also worked with
universities to help incorporate Cyber-Informed Engineering into their curriculum [15]. There is
no cost for this, so academic leaders or program directors can contact Idaho National Lab (INL)
and set up a meeting, ask some questions to seek feedback on CIE. There is a strong need for cyber
security engineering curricula with CIE/OT components (Figure 3).
Figure 3. Multiple factors influencing cybersecurity engineering curricula.
2.2.3. Artificial Intelligence (AI) influences
The influence of GenAI or development of new technologies like Blockchain, Quantum
Computing and Internet of Things (IoT) could be seen as promising and defensive methodologies
for effective cybersecurity management. Thus, such topics should be taught in both the programs,
as this was noted as a requirement for the growing digital economy that requires inter-disciplinary
effort [16, 17-22].
2.3. Current Programs in Cybersecurity EAC/CSAB
As of January 2024, there are 33 schools that are ABET accredited in cyber security, out of which
three are cyber security engineering (UAH [23], GMU [24], IaState [25]) and two are cyber
engineering (LaTech [26], Gannon [27]). In the ABET Web platform, the cyber engineering
programs appear under the keyword cyber security engineering. Gannon Univ. does not appear in
Figure 2. 16 identified critical sector by DHS in
CISA’s Feb 2024 report [14].
6
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
the ABET Web list yet. There are 28 U.S. universities offering undergraduate “cybersecurity” (CS
focused), while 5 focused on “cyber engineering” with ABET accreditation (Table 3).
Figure 4. Universities accredited under different cybersecurity disciplines (left), different
cybersecurity programs in various universities (right).
Table 3. U.S. universities offering undergraduate cybersecurity programs [28].
University Name
Website
Program Name
Anne Arundel Community College
www.aacc.edu
Information Assurance and Cybersecurity
Bowie State University
www.bowiestate.edu
Computer Technology
Brigham Young University
www.byu.edu
Cybersecurity
Capitol Technology University
captechu.edu
Cyber and Information Security
Cedarville University
www.cedarville.edu
Cyber Operations
The University of Central Arkansas
www.uca.edu
Cybersecurity
University of Central Missouri
www.ucmo.edu
Cybersecurity
Charleston Southern University
www.csuniv.edu
Cybersecurity
Embry-Riddle Aeronautical University - Prescott
prescott.erau.edu
Cyber Intelligence and Security
Ferris State University
www.ferris.edu
Information Security and Intelligence
Florida International University
www.fiu.edu
Cybersecurity
Fontbonne University
www.fontbonne.edu
Cybersecurity
Purdue University Global
www.purdueglobal.edu
Cybersecurity
Laurel Ridge Community College
www.laurelridge.edu
Cybersecurity
Portland Community College
www.pcc.edu
Cybersecurity
Radford University
www.radford.edu
Cybersecurity
Robert Morris University
www.rmu.edu
Cybersecurity & Digital Forensics
University of South Florida
www.usf.edu
Cybersecurity
Southeast Missouri State University
www.semo.edu
Cybersecurity
Southwest Baptist University
www.sbuniv.edu
Cybersecurity
St. John's University
www.stjohns.edu
Cyber Security Systems
Towson University
www.towson.edu
Computer Sci. Subplan: Cyber Operations
United States Air Force Academy
www.usafa.af.mil
Cyber Science
United States Coast Guard Academy
uscga.edu
Cyber Systems
United States Military Academy
www.usma.edu
Cyber Science
United States Naval Academy
www.usna.edu
Cyber Operations
University of West Florida
www.uwf.edu
Cybersecurity
West Virginia University
www.wvu.edu
Cybersecurity
The University of Alabama in Huntsville
www.uah.edu
Cybersecurity Engineering
George Mason University
www.gmu.edu
Cybersecurity Engineering
Iowa State University of Science and Tech.
www.iastate.edu
Cybersecurity Engineering
Louisiana Tech University
www.latech.edu
Cyber Engineering
Gannon University
www.gannon.edu
Cyber Engineering a
a Not appear in the ABET Web list yet.
7
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
3. Cyber Security Curriculum at University of North Dakota (UND)
At UND, the undergraduate cybersecurity program is offered in both on-campus and online format,
offering flexibility for EE and CS. UND also has NSA’s CAE-R designation and currently working
to prepare for ABET accreditation. UND’s cybersecurity program encourages students to
participate in conferences, hackathons, certifications, and competitions to network better and learn
state-of-the-art cybersecurity strategies and technologies (Figure 4). Previously, UND students
have participated in various state and national competition spaces such as DoE’s Cyber force
program [29] and demonstrated core competencies. The resources shown in Figure 5 could be
useful for students to gain experiential learning for institutions considering cybersecurity program.
Figure 5. Cybersecurity conferences, competitions and tools.
Students can complete 126 credits in 4-5 years. Table 2 lists a typical course offered in fall and
spring semesters. Continuous data collection for sustaining ABET accreditation is key, and we
recommend it on semester-basis. The efforts in designing the UND’s new cyber curriculum could
be summarized as follows: (1) There have been weekly committee meetings with EE, CS and cyber
faculty. (2) A careful consideration was given to the ABET criteria, pre-requisite, sequence of
courses, faculty load, and the available resources to offer the new curriculum. (3) The iterative
design of the curriculum was led by the first author and involved multiple rounds of discussions
with groups of faculty members. (4) The team took part in meetings with industry representatives.
Feedback from these representatives played a crucial role. (5) The team invited feedback from
students as well as chairs of some existing cybersecurity engineering programs around the U.S.
The curriculum design resulted to 2-track-based curriculum structure, with a few new courses
(shown in Table 4). Each track has been shaped to include EE and CS flavor and meet with ABET
criteria. Figures 6 and 7 show academic flowcharts for Track 1: Cybersecurity Engineering and
Track 2: Cybersecurity Science.
8
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Table 4. Fall and spring courses at undergraduate cybersecurity program of UND SEECS.
Fall Semester Courses
Spring Semester Courses
Course Code
Course Name
Course Code
Course Name
CYBER 2XX
Organizational Security (newly developed
course)
CSCI 389
Computer and Network Security
CSCI 289
Social Implications of Computer
Technology
CYBER 3XX
Social Engineering and Human Security
(new)
CJ 320
Cybersecurity Law and Investigations
CSCI 490/552
Cyber Physical Systems Security
CSCI 387
Secure Software Engineering
CYBER 4XX
Cyber Capstone II (new)
CSCI 388
Exploit Analysis and Development
CSCI 487
Penetration Testing
CSCI 242
Data Structures and Algorithms
CYBER 4XX
Cyber Capstone I
(newly developed course)
CSCI 265
Introduction to Programming Languages
CSCI 242
Data Structures and Algorithms
CSCI 266
Tools and Techniques of Computing
Practices
CSCI 242
Data Structures and Algorithms
CSCI 289
Social Implications of Computer Technology
CSCI 265
Introduction to Programming Languages
CSCI 290
Cyber-Security and Information Assurance
CSCI 290
Cyber-Security and Information Assurance
CSCI 330
Systems Programming
CSCI 327
Data Communications
CSCI 364
Concurrent and Distributed Programming
CSCI 330
Systems Programming
CSCI 365
Organization of Programming Languages
CSCI 365
Organization of Programming Languages
CSCI 370
Computer Architecture
CSCI 384
Artificial Intelligence
CSCI 455
Database Management Systems
CSCI 435
Formal Languages and Automata
CSCI 567
Secure Software Engineering
CSCI 451
Operating Systems I
EE 206/L
Circuit Analysis
CSCI 490
Cyber Physical Systems Security
EE 304
Computer Aided Measurement and Controls
CSCI 557
Computer Forensics
EE 313/L
Linear Electric Circuits
CSCI 585
Vulnerability Assessment
EE 452/L
Embedded Systems
EE 206/L
Circuit Analysis
EE 490
Electrical Engineering Problems
EE 304
Computer Aided Measurement and
Controls
EE 589
Application Layer Security
EE 313/L
Linear Electric Circuits
EE 601
Analytical Foundations of Cybersecurity
EE 321/L
Electronics I
EE 602
Computing Foundations of Cybersecurity
EE 451
Computer Hardware Organization
EE 740
Intrusion Detection Algorithms
EE 490
Electrical Engineering Problems
EE 750
Internet of Things Security
EE 526
Engineering Systems Reliability
EE 601
Analytical Foundations of Cybersecurity
EE 602
Computing Foundations of Cybersecurity
EE 611
Emerging Threats and Defenses
EE 614
Applied Cryptography
Table 5. Course Mapping for EAC criteria: Cyber Security Engineering Program.
ABET Criteria - CSE Program 1
Probability, statistics, and cryptographic topics
including applications appropriate to the program
EE 318. Engineering Data Analysis
CSCI 389. Computer & Network Security - Discusses different
cryptographic algorithms
Discrete mathematics and specialized mathematics
appropriate to the program, such as, abstract algebra,
information theory, number theory, complexity
theory, and finite fields
MATH 207. Linear Algebra
MATH 208. Discrete Mathematics
CSCI 389. Computer & Network Security - Provides intro to finite
fields
Engineering topics necessary to determine
cybersecurity requirements and to analyze, design,
test, and protect complex systems that incorporate
hardware, software, and human components
CSCI 387. Secure Software Engineering
CSCI 388. Exploit Analysis and Design
CYBER 3XX. Social Engineering, Cyber Law, and Human Security
9
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Table 5 (continued). Course Mapping for EAC criteria: Cyber Security Engineering Program.
ABET Criteria - CSE Program 1
Application of protective technologies and forensic
techniques
CSCI 487. Penetration Testing
CSCI 490/552. Cyber Physical Systems Security
CSCI 250. Assembly Language
Analysis and evaluation of components and systems
with respect to security and maintaining operations in
the presence of risks and threats
CSCI 490/552. Cyber Physical Systems Security
EE 490/526. Engineering Systems Reliability
CYBER 3XX. Fundamentals of Operational Technology and Cyber
Informed Engineering
Consideration of legal, regulatory, privacy, ethics, and
human behavior topics as appropriate to the program
CYBER 3XX. Social Engineering, Cyber Law, and Human Security
Table 6. Course Mapping for CSAB criteria: Cyber Security Science Program.
ABET Criteria - CSS Program 2
Application of Techniques
CYBER 4XX. Cyber Capstone I
CYBER 4XX. Cyber Capstone II
Application of CIA concepts
CSCI 487. Penetration Testing
Data Security
CSCI 455. Database Management Systems
Software Security
CSCI 387. Secure Software Engineering (continuous data collection)
Component Security
EE 490/750. Internet of Things Security (continuous data collection)
Connection Security
CSCI 389. Computer and Network Security (continuous data collection)
System Security
CSCI 490/552. Cyber Physical Systems Security (continuous data collection)
CSCI 370. Computer Architecture
Human Security
CYBER 3XX. Social Engineering and Human Security (continuous data collection)
Organizational Security
CYBER 2XX. Organizational Security (continuous data collection)
Societal Security
CYBER 3XX. Social Engineering, Cyber Law, and Human Security
(continuous data collection)
Programming/Scripting Skills
CSCI 160. Computer Science 1 (continuous data collection)
CSCI 161. Computer Science 2 (continuous data collection)
Advanced Cyber Security Topics
CSCI 388. Exploit Analysis and Development
10
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Figure 6. Program 1 (cybersecurity engineering) flowchart.
11
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Figure 7. Program 2 (cybersecurity science) flowchart.
12
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
Both flowcharts represent the 4-year/8-semester with course groups in different colors and pre-
requisites (arrows) as well as credits (green rounded squares). See detail course descriptions in the
link [30]. The authors recommend institutions should design curricula based on targeted program
educational objectives (PEOs). See PEOs at University of Alabama at Huntsville (UAH) [23] and
Georgia College State University (GCSU) [31]. While there are several cyber programs that has
total number of credits as 120-credits, the authors strongly believe departments should not
compromise on the technical rigor required to sustain the quality of programs, and thus we
recommend anywhere from 124-130 credits. Moreover, the student with BSEE, BSCS may get
another cyber security degree by double majoring with ease, by adding 25-30 credits. Such
flexibility will help maximize their marketability and return on investment.
3.1. Cyber Security Degree Names and Distinct Factors for EAC ABET Criteria and CSAB
ABET Criteria on Cybersecurity
Dr. Ranganathan had discussion with ABET on how EAC and CSAB commissions may review,
if a university wants accreditation for both EE and CS cyber curricula. Should universities choose
singular name or have two separate names? ABET perspectives in considering a cyber security
program with two very different curricular tracks: a program that qualifies as a cyber engineering
program and one that is designed more for needs outside of engineering such as computer science.
According to ABET “the version with the singular name of Cyber Security cannot be considered
by ABET for accreditation as an engineering program”. The word “engineering” must be in the
program name for such accreditation. ABET’s quick review of the two different curricula and
consideration of the different needs of employers indicate that “departments should seriously
consider using the two tracks as curricula under two different program names such as Cyber
Security Engineering and Cyber Security Science”. These programs would be reviewable by
two different commissions within ABET and clearly stand as addressing the needs of two different
constituencies. Figure 8 shows summary of key topics for CSE and CSS tracks.
Figure 8. Key topics in CSE and CSS tracks offered in UND Bachelor’s in Cybersecurity
Program.
4. Conclusion
The paper discusses two cybersecurity programs by leveraging existing EE/CS/cyber courses. The
proposed curricula is a good example on how universities can leverage similar existing courses
within their own departments and satisfy ABET requirements. The lessons learned from this design
include: (1) Designing a curriculum is not an easy task and it requires evaluation of needs for
multiple actors. (2) Along design of curriculums it should be known that every parameter inside
13
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
an education program are dynamic components, which should be reevaluated every three to four
years (3) selection and mapping of pre-requisite courses is key and may have different knowledge
gains in different programs. So, placement of right courses requires additional effort as course
offering schedule/its frequency need to be accounted (4) Satisfying ABET criteria requires industry
advisory board for continuous improvement. (5) Current GenAI based solutions and technology
expose exponential growth in cybersecurity workforce and the conditions tend to change rapidly.
Thus, designing a cybersecurity curriculum is an immediate need and requires a well-rounded
mindset and leadership to execute.
Acknowledgement
The authors thank M Dayne Aldridge at ABET and internal Cybersecurity committee members:
Dr. Sicong Shao, Dr. Jielun Zhang, Dr. Thomas Stokke, and Dr. Ronald Marsh for their feedback
during the design of the curriculum.
Bibliography
[1] Hartikainen, S., Rintala, H., Pylväs, L., & Nokelainen, P. (2019). The concept of active learning and the
measurement of learning outcomes: A review of research in engineering higher education. Education Sciences, 9(4),
276.
[2] Maher, A. (2004). Learning outcomes in higher education: Implications for curriculum design and student
learning. Journal of Hospitality, Leisure, Sport and Tourism Education, 3(2), 46-54.
[3] Arum, R., Roksa, J., & Cook, A. (Eds.). (2016). Improving quality in American higher education: Learning
outcomes and assessments for the 21st century. John Wiley & Sons.
[4] Eden, R., Burton-Jones, A., Casey, V., & Draheim, M. (2019). Digital transformation requires workforce
transformation. MIS Quarterly Executive, 18(1), 1-17.
[5] Sandhu, K. (2021). Advancing Cybersecurity for Digital Transformation: Opportunities and
Challenges. Handbook of Research on Advancing Cybersecurity for Digital Transformation, 1-17.
[6] Pandey, A. B., Tripathi, A., & Vashist, P. C. (2022). A survey of cybersecurity trends, emerging technologies and
threats. Cybersecurity in Intelligent Computing and Communications, 19-33.
[7] ABET. (2023). ABET Web Site. Online: https://www.abet.org/ (Accessed 30 Nov. 2023).
[8] Arora, S., & Ahlawat, A. (2022). An Innovative Approach to Establish, Maintain and Review Quality Standards
in Higher Education through Quality Assurance Tool. In Proceedings of Data Analytics and Management: ICDAM
2021, Volume 2 (pp. 713-720). Springer Singapore.
[9] Bachnak, R., Marikunte, S. S., & Shafaye, A. B. (2019). Fundamentals of ABET accreditation with the newly
approved changes. In 2019 ASEE Annual Conference & Exposition.
[10] “Accreditation,” ABET. Accessed: Mar. 02, 2024. [Online]. Available: https://www.abet.org/accreditation/
[11] ABET. (2023). Criteria for Accrediting Engineering Programs, 2022 – 2023. ABET Web Site. Online:
https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2022-2023/
(Accessed 30 Nov. 2023).
[12] ABET. (2023). Criteria for Accrediting Computing Programs, 2022 – 2023. ABET Web Site. Online:
https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs-2022-2023/
(Accessed 30 Nov. 2023).
[13] Wang, Y. Z. (2005). A GA-based methodology to determine an optimal curriculum for schools. Expert Systems
with Applications, 28(1), 163-174.
[14] “PCAST Releases Report on Strategy for Cyber-Physical Resilience | PCAST,” The White House. Accessed:
Mar. 02, 2024. [Online]. Available: https://www.whitehouse.gov/pcast/briefing-room/2024/02/27/pcast-releases-
report-on-strategy-for-cyber-physical-resilience/
[15] “Cyber-informed Engineering (CIE),” Idaho National Laboratory. Accessed: Mar. 02, 2024. [Online]. Available:
https://inl.gov/cie/
[16] Vuong, A., Nixon, T., & Towle, B. (2011, July). A Method for Finding Prerequisites Within a Curriculum.
In EDM (pp. 211-216).
[17] Molontay, R., Horváth, N., Bergmann, J., Szekrényes, D., & Szabó, M. (2020). Characterizing curriculum
prerequisite networks by a student flow approach. IEEE Transactions on Learning Technologies, 13(3), 491-501.
14
Proceedings of the 2024 ASEE North Central Section Conference
Copyright © 2024, American Society for Engineering Education
[18] Teoh, C. S., & Mahmood, A. K. (2018). Cybersecurity workforce development for digital economy. The
Educational Review, USA, 2(1), 136-146.
[19] Schuster, D., & Wu, S. (2018). Toward cyber workforce development: An exploratory survey of information
security professionals. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 62, No.
1, pp. 1242-1246). Sage CA: Los Angeles, CA: SAGE Publications.
[20] Dawson, J., & Thomson, R. (2018). The future cybersecurity workforce: Going beyond technical skills for
successful cyber performance. Frontiers in Psychology, 9, 744.
[21] Catal, C., Ozcan, A., Donmez, E., & Kasif, A. (2023). Analysis of cybersecurity knowledge gaps based on
cybersecurity body of knowledge. Education and Information Technologies, 28(2), 1809-1831.
[22] Adetoye, B., & Fong, R. C. W. (2023). Building a resilient cybersecurity workforce: a multidisciplinary solution
to the problem of high turnover of cybersecurity analysts. In Cybersecurity in the Age of Smart Societies: Proceedings
of the 14th International Conference on Global Security, Safety and Sustainability, London, September 2022 (pp. 61-
87). Cham: Springer International Publishing.
[23] “Cybersecurity Engineering - The University of Alabama in Huntsville.” Accessed: Mar. 02, 2024. [Online].
Available: https://www.uah.edu/eng/departments/ece/programs/undergraduate/cybersecurity
[24] “Cyber Security Engineering, BS < George Mason University.” Accessed: Mar. 02, 2024. [Online]. Available:
https://catalog.gmu.edu/colleges-schools/engineering-computing/engineering/cyber-security-engineering/cyber-
security-engineering-bs/
[25] “Cyber Security Engineering, BS < Iowa State University of Science and Technology.” Accessed: Mar. 02, 2024.
[Online]. Available: https://catalog.iastate.edu/collegeofengineering/cybersecurityengineering/
[26] “Cyber Engineering, BS < Louisiana Tech University.” Accessed: Mar. 02, 2024. [Online]. Available:
https://coes.latech.edu/undergraduate-programs/cyber-engineering/
[27] “Cyber Engineering, BS < Gannon University.” Accessed: Mar. 02, 2024. [Online]. Available:
https://www.gannon.edu/academic-offerings/engineering-and-business/undergraduate/cyber-engineering/
[28] ABET. (2024). Search ABET-Accrediated Programs (Accessible on Homepage). ABET Web Site. Online:
https://www.abet.org/ (Accessed 5 Jan. 2024).
[29] J. Nguyen, “UND CyberHawks Soar in the National Cybersecurity Showdown,” College of Engineering &
Mines. Accessed: Mar. 02, 2024. [Online]. Available: https://blogs.und.edu/cem/2023/11/und-cyberhawks-soar-in-
the-national-cybersecurity-showdown/
[30] “Online & On Campus Cyber Security Degree: B.S. in Cyber Security.” Accessed: Mar. 02, 2024. [Online].
Available: https://und.edu/programs/cyber-security-bs/index.html
[31] “Department of Information Systems & Computer Science | Georgia College & State University.” Accessed:
Mar. 02, 2024. [Online]. Available: https://www.gcsu.edu/business/iscs