Spotlight: Cybersecurity Program Accreditation

As programs in engineering, engineering technology, and computing change or expand, accreditation of new programs also evolves.  Examples are the increase in multidisciplinary engineering and the advent of nanotechnology and related degrees.  A recent trend is the accreditation of cybersecurity programs at both the undergraduate and graduate levels, which is increasing globally in the computing realm. As more and more universities offer these degrees, accrediting bodies have reacted by developing accreditation standards.

An example is ABET, based in the United States, which recently developed specific accreditation guidelines for cybersecurity programs.  These programs fall within the responsibility of ABET's Computing Accreditation Commission. In addition to cybersecurity, the CAC has program-specific criteria for the disciplines of computer science, information technology and information systems.

ABET accreditation is an 18 month process, and the cybersecurity program criteria apply to computing programs using cybersecurity, cyber operations, computer security, information assurance, information security, computer forensics, or similar terms in their titles. The curriculum requirements specify topics, but do not prescribe specific courses. Examples from the requirements include:

• At least 45 semester credit hours (or equivalent) of computing and cybersecurity course work.
• Course work including the application of the crosscutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking.
• Fundamental topics in Data Security, Software Security, Component Security, Connection Security, System Security, Human Security, Organizational Security, and Societal Security.
• Advanced cybersecurity topics that build on crosscutting concepts and fundamental topics to provide depth.
• At least 6 semester credit hours (or equivalent) of mathematics that must include discrete mathematics and statistics.

Other accrediting bodies around the globe will have varying criteria, but many are also now accrediting cybersecurity programs.