Penn State’s Security and Risk Analysis program receives NSA designation

Stephanie Koons
July 09, 2014

From allegations of Chinese hackers stealing American companies’ trade secrets to a security breach at Target that compromised the personal and financial data of millions of customers, the United States is dealing with increasingly sinister security and privacy threats. To combat the onslaught of cybercrime, the government is in dire need of robust cybersecurity tools and practices, as well as individuals who are qualified to develop and execute them.

The Security and Risk Analysis (SRA) degree program at Penn State’s College of Information Sciences and Technology (IST) is designed to prepare students to join the front lines of cybersecurity. In recognition of the program’s strengths and accomplishments, Penn State has been designated by the Committee on Networked Systems Security (CNSS) – a parent organization of the National Security Agency (NSA) and the Department of Homeland Security – as a National Center of Academic Excellence in Information Assurance/Cyber Defense Education for academic years 2014-21.

“This is the federal government’s way of trying to ensure that we are developing the needed cybersecurity workforce,” said Gerry Santoro, a senior lecturer at the College of IST who teaches in the SRA program.

Currently, Santoro said, the U.S. has less than 20 percent of the necessary workforce to effectively combat cybercrime. Each year, he added, more companies establish security groups and hire people for those roles. However, many of the security professionals that are hired come from information technology and law enforcement backgrounds, and lack the necessary training and expertise to deal with the vast array of new and evolving cyber threats that organizations face.

Penn State’s security and risk analysis program, which began around 2005, looks at how to design systems that are secure, how to measure risk and how to ensure that proper levels of privacy are maintained for individual technology users, businesses, government, and other organizations. The SRA major is based on an interdisciplinary curriculum that integrates areas of study in information assurance (both digital and physical security), intelligence analysis, law and policy and cyber forensics.

Santoro said that the high demand for cybersecurity professionals is prompting similar programs to be developed at other academic institutions. However, according to Santoro, Penn State’s security and risk analysis major stands above its competitors in a number of areas, including: a strong curriculum that provides a combination of theory, experience with cybersecurity tools and consideration of law and policy; a solid research component that includes areas such as cybersecurity, privacy and intrusion detection; and the availability of the program online through Penn State World Campus, in which many active military members across the world have enrolled.

The CNSS award is a recertification of the designation that was granted in 2007, Santoro said. The requirements for the recertification include outreach, collaboration and meeting a set of “knowledge units.” Official certificates were presented at the 18th Colloquium for Information Systems Security Education (CISSE) on June 16 in San Diego, which Santoro attended. The certificates were presented by Debora Plunkett, NSA Information Assurance Director.

The certification provides a number of advantages for Penn State students studying security and risk analysis and the program as a whole, Santoro said. Students who complete the 10 courses that satisfy the designated knowledge units will receive a certificate that states that they completed the specified knowledge units for the certification. All SRA students will receive a certificate stating that they received their degree from a certified University. The certificates will be accompanied by letters explaining what they mean and how a student should mention the certification on their resume and in job interviews. In addition, Santoro said, attending the colloquium in San Diego afforded him the opportunity to network with other top professionals in the security field.

“Those types of connections aid tremendously in building a program,” he said.

Last Updated July 09, 2014