Graduate and Undergraduate Programs in Cybersecurity ...
Interim Report to the
Middle States Commission on Higher Education
from
SANS Technology Institute
8120 Woodmont Ave. Ste. 205
Bethesda, MD 20814
Mr. Stephen Northcutt, President
Dr. Debbie Svoboda, Dean of Admissions and Student Services
Accreditation Liaison Officer
September 1, 2010
Subject of the Interim Report:
The Assessment Team provided STI with recommendations and suggestions following their visit on November 24, 2009. The team noted that STI was in compliance with the following standards: 1, 4, 6, 8, 9, 10, 11, 12, 13 and demonstrated potential to meet the following standards: 2, 3, 5, 7, 14. This report addresses actions taken by STI to meet those standards, as well as addresses recommendations and suggestions given by the team.
Date of the Evaluation/Follow-Up Team’s Visit: November 22-24, 2009
Contents
Introduction 4
Chapter 1 - Standard 1: Mission and Goals 5
Chapter 2 - Standard 2: Planning, Resource Allocation, and Institutional Renewal 8
Chapter 3 - Standard 3: Institutional Resources 14
Chapter 4 - Standard 4: Leadership and Governance 18
Chapter 5 - Standard 5: Administration 20
Chapter 6 – Standard 6: Integrity 24
Chapter 7 - Standard 7: Institutional Assessment 25
Chapter 8 - Standard 8: Student Admissions and Retention 28
Chapter 9 – Standard 9: Student Support Services 31
Chapter 10 – Standard 10: Faculty 33
Chapter 11 - Standard 11: Educational Offerings 41
Chapter 12 – Standard 12: General Education 43
Chapter 13 - Standard 13: Related Educational Activities 44
Chapter 14: Standard 14- Assessment of Student Learning 46
Conclusion 59
Appendix 61
Assessment Team’s Report 61
Appendix 1.1 – Leadership Definition 80
Appendix 1.2 – Admissions Leadership Essay Instructions 83
Appendix 1.3 – Strategic Plan 84
Appendix 2.1 – Persons Involved in Strategic Plan Document 102
Appendix 2.2 – Draft Institutional Assessment Plan 103
Appendix 4.1 – Individual Board Director Eval Form 123
Appendix 4.2 – STI Board Self Eval Summary Report 125
Appendix 5.1 – Faculty List 130
Appendix 5.2 – Description of Faculty Duties; Dean & Dept. Chair 149
Appendix 5.3 – Goals of President; First Half 2010 151
Appendix 5.4 – Charters for STI Committees 155
Appendix 7.1 – Employment Records for Grads 163
Appendix 7.2 – Graduate Exit Interview Summary Report 164
Appendix 7.3 – Policy for Grads desiring mentoring/ guidance 166
Appendix 7.4 – Grading Rubrics 167
Appendix 8.1 – Summary of Diversity Report 181
Appendix 10.1 – Qualifications for Instructors teaching Mgt. courses 184
Appendix 10.2 - Excerpts from 2010 annual board meeting 185
Appendix 10.3 - Draft of STI Teaching Approval Policy 187
Appendix 11.1 – Updated STI Brief 189
Appendix 13.1 - Curriculum Committee Update 200
Appendix 13.2 – Curriculum Update Report 203
Appendix 14.1 – Learning Objectives for LEG 523 212
Appendix 14.2 – Learning Objectives for DEV Courses 215
Appendix 14.3 – GSE Learning Objectives 221
Appendix 15 – STI Financials and Budget Projection 223
Introduction
SANS Technology Institute (STI) was awarded the status of Candidate for Accreditation in March 2010. This is the first Interim Report by STI to the Middle States Commission on Higher Education (“MSCHE”) which is due on or before September 1, 2010.
This Interim Report includes a Chapter related to each of the fourteen Standards. At the top of each Chapter, the Standard is briefly described. Then we note if the Middle States Assessment Team’s Report (“Team’s Report”) provided to STI at the end of 2009 found that STI met the standard or demonstrated potential to meet the standard. Next we note each of the Team’s Recommendations and our Response to those Recommendations. Then we list the Suggestions and our Responses to the Suggestions. At the end of each chapter, we note Relevant Developments if there have been any. The Report ends with a Conclusion section. Our supporting documents are included in an Appendix.
For ease of reference the Team’s Report is included in the beginning of the Appendix titled Assessment Team Report.
We look forward to our visit with Dr. Joyce Elliott, the Consultant appointed by MSCHE for STI, and with Dr. Mary Ellen Petrisko, Middle States Liaison, that is scheduled for September 8, 2010 in Bethesda, MD. If Dr. Joyce Elliott or Dr. Petrisko has any questions about this Interim Report, we would be happy to address those questions either before or at the meeting.
Chapter 1 - Standard 1: Mission and Goals
Standard 1: Mission and Goals. The institution’s mission clearly defines its purpose within the context of
higher education and indicates who the institution serves and what it intends to accomplish. The institution’s stated goals, consistent with the aspirations and expectations of higher education, clearly specify how the institution will fulfill its mission. The mission and goals are developed and recognized by the institution with the participation of its members and its governing body and are used to develop and shape its programs and practices and to evaluate its effectiveness.
The Team’s Report stated that the Institution meets the Standard.
Recommendation 1.1:
The Institution needs to clearly define leadership as articulated in the mission in order to better measure or assess graduate’s roles within the security technology industry.
Response 1.1:
STI updated its website with a definition of leadership. The definition is located in Appendix 1.1. It is posted on our website at , and is inserted as a link under our Mission Statement on page one of our website at sans.edu. It also is a link on our admissions procedure web page and on the application so that applicants can easily refer to it before they start writing their leadership essay which is an admission prerequisite. (The instructions for the leadership essay that applicants submit with the application is in Appendix 1.2.). When the definition was implemented, STI notified students and graduates and asked them to feel free to provide suggestions or comments. New students must acknowledge in writing that they have read the essay. Chapter 14 describes our assessment methods for the leadership goal.
Recommendation 1.2:
Institutional goals need to be defined in terms of an outcome with a broader end-point.
Response 1.2:
STI’s past Strategic Plans focused mainly on a one year projection with a few exceptions which looked at five year projections such as enrollment and budget. The Strategic Plan we recently implemented contains a five year projection where reasonably possible. Regarding the timelines, many items are at the beginning of the 5-year period. As discussed with our Consultant that was appointed to STI by Middle States, this is to be expected given the desire to address many of them as part of preparing for accreditation, which is central to this particular strategic planning cycle. But we also made sure that we were building and staffing for the future today. The Strategic Plan for 2010-2015 that was issued in June 2010 is in Appendix 1.3.
Recommendation 1.3:
Institutional goals are also best expressed in observable terms to ensure that they are capable of being evaluated through institutional assessment.
Response 1.3:
We are expressing our institutional goals in observable terms as evidenced by STI’s Strategic Plan for 2010 – 2015 that is in Appendix 1.3. Goals outlined in the Strategic Plan generally are listed with strategies to assist in measurement and evaluation.
Relevant Developments re Chap 1:
Mission Statement. The Board voted to remove the last six words (“that contribute to the learning process”) in the Mission Statement. The reason those words were deleted is because there may be times when faculty or a student may wish to engage in a service that is for the benefit of the community or for other good cause that does not necessarily “contribute to the learning process.” The following is the revised mission statement: The mission of SANS Technology Institute (STI) is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. STI seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. STI's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs.
Chapter 2 - Standard 2: Planning, Resource Allocation, and Institutional Renewal
Standard 2: Planning, Resource Allocation and Institutional Renewal. An institution conducts ongoing planning and resource allocation based on its mission and uses the results of its assessment activities for Institutional renewal. Implementation and subsequent evaluation of the success of the strategic plan and resource allocation support the development and change necessary to improve and to maintain Institutional quality.
The Team’s Report stated that the Institution demonstrates potential to meet the standard.
Recommendation 2.1:
STI should consider opportunities for greater cross-institutional dialog as part of its strategic planning process.
Response 2.1:
We always have encouraged persons throughout our institutional community (members of committees, faculty, authors, staff, related entities, the Board, etc.) to provide input and recommendations in our strategic planning process; but this year we encouraged them more strongly, and we also broadened the pool of persons. The following is a general summary of the process we used. Staff researched general strategic planning sources of information and tools on the Middle States website. An early working draft was prepared by the President and Dean of Admissions and Student Services and submitted to the Department Chair, Dean of Faculty, and some of the members of the STI Board for comments and suggestion. The President worked on planning materials based on Core Competencies, PEST Analysis, SWOT, Porter’s Five Forces, and consulted with external constituencies and internal constituencies including the Faculty Committee and Curriculum Committee. A Strategic Planning Advisory Committee was formed which consisted of persons from the GIAC Advisory Board, faculty and others (and they will continue to be involved in future strategic planning). Drafts were discussed with a SANS executive advisor who had past experience in strategic planning. A draft was sent to all members of STI Committees for review and comment. It was then sent to the Informal Student Mentor who is a student, and then to all the individual Directors on the STI Board for their review and comments. By that time, the draft was developed to the point where we felt it would be valuable to ask the Consultant, who had been appointed by Middle States for STI, if she would be willing to provide us with her general thoughts on the draft. The Consultant provided suggestions in the nature of improving the document which were incorporated. The STI Board, which is the final locus for approval of the Strategic Plan, approved the document at its annual Board meeting in June 2010. We posted the final STI Strategic Plan to the sans.edu website at , and notified faculty,
staff, committee members, students, graduates, and other appropriate parties to make them
aware that it is posted there. We encourage them to make comments and suggestions to
help us to continue to improve as we review this plan on at least an annual basis.
Appendix 2.1 lists the people who contributed to this planning process and document.
Recommendation 2.2: STI should establish delineation and relationship between long-term strategic goals and shorter-term tactical goals and objectives.
Response 2.2:
When we were developing our current Strategic Plan, we kept in mind that we needed to establish delineation and relationship between long-term strategic goals and shorter-term tactical goals and objectives. Regarding the timelines, as stated in Chapter 1, many items are at the beginning of the 5-year period. As discussed with our Consultant who had been appointed to STI by Middle States, this is to be expected given the desire to address many of them as part of preparing for accreditation, which is central to this particular strategic planning cycle. But we made sure that we also were building and staffing for the future today. We expect the next strategic planning process (in 2011) will move largely past tactical issues related to becoming accredited, and allow us to focus on prioritizing the rest of our vision for the future. The Strategic Plan for 2010-2015 that was issued in June 2010 is in Appendix 1.3.
Recommendation 2.3: The Institution needs to establish a longer (three-to-five year) time horizon for the strategic plan that includes the development of clearly articulated key institutional goals, expressed in observable terms.
Response 2.3:
Please see our Response to Recommendation 2.2.
Recommendation 2.4:
The Institution needs to include an effective institutional assessment plan (Standard 7) that includes a thorough review of relevant quantitative and qualitative information drawn from all segments of the institutional community. This process will allow the Institution to effectively “close the loop” that leads to either confirmation of current goals, plans, and programs and services, or appropriate modification of them to reflect the changing needs of the Institution and its community.
Response 2.4:
Utilizing key institutional goals, as outlined in the strategic plan, STI created a draft assessment plan that focuses on two areas: institutional effectiveness and student learning. Appendix 2.2 contains the draft Assessment Plan. Assessing institutional effectiveness is important in helping the STI community understand its strengths and recognize areas that can be improved upon. STI’s institutional assessment plan outlines methods in assessing all functioning areas such as curriculum development, student satisfaction, admissions and finance. Assessing the overall effectiveness of our institution will help us move closer to the goals set forth in our strategic plan.
STI’s institutional assessment plan also outlines how we will assess student learning at our institution. STI has established student learning outcomes for courses, the MSISE program, the MSISM program, and the Community Project Requirements based on institutional goals. As we assess the learning that takes place we will be able to utilize results from the assessments to make improvements in the educational activities that our students engage in.
Relevant Developments re Chap. 2:
Vision for 2015. When we met with the Team at the end of 2009, it was suggested that a good way to approach the Strategic Planning process was to look several years down the road and envision what we want STI to look like at that time. With that in mind, we included our “Vision for 2015” in our Strategic Plan as follows:
In 2015, STI will be accredited. Our general policies, procedures and processes affecting students and applicants will be transparent, organized and posted on our web page for anyone to review. STI will be thought of as the primary source of high quality information security leadership training. As evidence of this, our web site will be highly ranked for Google and other searches for a large number of terms related to who we are and what we do. The overwhelming majority of our students will be in information technology/information security leadership positions as leadership is defined in our leadership essay. A few of our graduates will be in senior leadership positions as defined in our leadership essay. Our goal is 150 students concurrently enrolled by year end 2015. (While we will be short in 2015 of our longer range goal of 200 current students completing an average of two to three courses per year, we will have the processes in place to get there and be making measureable progress). We fully understand that hope is not a strategy; the remainder of this document is focused on defining the path from where we are today, to where we can be in 2015.
Main Goals in Strategic Plan. The following are the main goals in our current Strategic Plan that covers 2010-2015. The complete Strategic Plan is in Appendix 1.3. Many of the goals have already been completed.
1. Information Security Leadership
Goal 1.A: Within the first 3 years after graduation, 85% of graduates will be in leadership positions as defined by the leadership essay.
Goal 1.B: Define leadership and related competencies and disseminate STI’s definition to key constituencies.
2. Teaching, Research and Education
Goal 2.A: Periodically asses and review the quality of primary research Gold papers.
Goal 2.B: Strengthen the quality of the Gold papers through Gold paper improvement project.
Goal 2.C: Increase involvement in research that benefits the students and the community
Goal 2.D: Complete learning objectives for all courses.
Goal 2.E: Establish presentation course.
Goal 2.F: Review Course Implementation Process
Goal 2.G: Focus on teaching and instructor quality.
3. Student Life and Experience
Goal 3.A: Expand faculty adviser department.
Goal 3.B: Improve methods of communication among students/faculty/staff.
Goal 3.C: Improve student presentation skills.
Goal 3.D: Improve student writing quality
Goal 3.E: Clarify Work Study educational goal.
Goal 3.F: Monitor exam results for students who take the GSE and review its effectiveness in the MSISE program.
Goal 3.G: Compare performance of students admitted after the change in admission prerequisite to students admitted prior to the change to determine what effects, if any, the change in policy made to student success and retention.
4. Alumni Relations
Goal 4.A: Improve Alumni Services
5. Quality and Assessment
Goal 5.A: Increase Transparency of Faculty Structure.
Goal 5.B: Support Strategic Plan. Broader-end point; increased focus on longer range planning.
Goal 5.C: Enhance Strategic Plan through increased input in the strategic planning process.
Goal 5.D. Enhance governance.
Goal 5.E. [numbering inadvertently moved from D to F, so there was not a 5E]
Goal 5.F: Articulate Program-level Goals/Objectives more clearly. The proposal will be presented to the Board for discussion.
Goal 5.G: Clarify assessment methods for the Community Project Requirements.
Goal 5.H: Implement grading rubrics.
Goal 5.I: Develop a comprehensive formal institutional assessment plan for student learning objectives at the course and program levels.
Goal 5 J. Develop methods of assessing the public service elements.
6. Financial Growth
Goal 6.A: Increase enrollment to 150 concurrent students, each taking an average of two to three courses per year by 2015.
Goal 6.B: Grant at least 80 degrees by the end of 2015.
Goal 6.C: Achieve Accreditation by the Middle States Commission on Higher Education.
Enrollment Projection. By each year end, we estimate enrollment as follows:
2010 - 40
2011 - 50
2012 - 75
2013 - 100
2014 - 125
2015 - 150
Graduates. 15 persons have graduated from STI as of the date of this document.
Financials and Budget Projection. See Appendix 15.
Staffing Additions. As we were preparing our Strategic Plan, we gave significant thought to what additional staffing was needed. Please see Response 3.3 for a discussion about our staffing additions.
Middle States Assessment Workshops. STI’s President, Dean of Admissions and Student Services, and accreditation officers attended two assessment workshops in August, 2010 hosted by Middle States. These workshops proved to be beneficial in understanding different methods of assessment and how to incorporate them at the institutional level. We included many of the ideas covered in the workshop in our assessment plan.
Chapter 3 - Standard 3: Institutional Resources
Standard 3: Institutional Resources. The human, financial, technical, facilities, and other resources necessary to achieve an institution’s missions and goals are available and accessible. In the context of the institution’s mission, the effective and efficient uses of the institution’s resources are analyzed as part of ongoing outcomes assessment.
The Team’s Report stated that the Institution demonstrates potential to meet the standard.
Recommendation 3.1:
The Institution needs to re-assess the current financial model, which assumes accreditation will be obtained by 2011, as the visiting team believes that assumption to be unrealistic.
Response 3.1:
In its 2010 planning, STI converted to using mid 2012 as the estimated date for obtaining accreditation in preparing its projections for the budget, enrollment, strategic planning, etc. Of course, we still hope it will be obtained sooner. Consultation with the Middle States Consultant and Liaison at our September 2010 meeting should give us a more accurate estimate of when accreditation can be achieved.
Recommendation 3.2:
A delay in accreditation will negatively impact both enrollment growth assumptions and the amount of direct student aid/scholarship provided by the Institution. The assessment issue will be whether the decline in revenues will negatively impact institutional support resources and the financial resources needed to carry out its mission and execute its plan.
Response 3.2:
As provided in the Memo of Understanding (MOU) among the related entities described below, the parent company will continue to support STI as needed during the start-up period. As some examples, the parent company will continue to pay STI for managing the Internet Storm Center in the amount of $ 252,000 per year, and STI continues to have $250,000 available in a money market account as described in the MOU.
Memo of Understanding Regarding STI, SANS, GIAC:
This memo of understanding is among Escal Institute of Advanced Technologies, a Delaware corporation, more commonly referred to as SANS; SANS Technology Institute, a Delaware LLC (STI); and GIAC, a Delaware LLC (GIAC).
SANS is the parent of STI and of GIAC. STI and GIAC are wholly owned subsidiaries of SANS. STI and GIAC are “sister” organizations.
STI operates a postgraduate computer security college that awards Master of Science Degrees in Information Security.
Section I below describes the general relationship between STI and SANS; and Section II describes the general relationship between STI and GIAC.
I. STI – SANS:
(a) STI makes use of SANS training Courses (instructors, courseware, course authors, conference facilities, etc.) for STI’s master’s students.
STI receives the tuition that the STI student pays for the course. A percentage of the instructor’s teaching cost is charged to STI based on the number of STI students who attend that course vs. the persons who are attending it in other capacities. All the costs are prorated based upon the percentage of STI students to the overall attendees in the course.
(b) SANS pays STI an annual fee of $ 252,000 to manage the SANS Internet Storm Center (ISC).
Johannes Ullrich, who is the Dean of Faculty of STI, is the manager of the ISC.
(c) STI uses the services of the webmaster.
These charges are prorated based upon the percentage of revenue for the month – prorated to all business units.STI pays an allocated charge to SANS.
(d) STI uses the services of a member of the accounting department to assemble application package and maintain the STI application log.
STI pays an allocated charge to STI. Any time of any employee allocated to STI is charged to STI.
(e) STI uses SANS services for registration and general accounting.
These charges are prorated based upon the percentage of revenue for the month – prorated to all business units.
(f) When a STI student acts as a Teaching Assistant (TA) as a Community Project Requirement, SANS pays STI a fee.
The amount depends on what is “earned” based upon the number of days of the class, etc. It is not a set fee – it is what the student would have been paid by SANS if student were performing regular TA duty (rather than TA duty as a Community Project Requirement).
(g) The institution earlier was required to have a restricted deposit account in the amount of $250.000 as required by the Maryland Higher Education Commission (MHEC). It was in the nature of a good faith showing that the institution was supportive of the college’s students as the college was new and growing. MHEC no longer requires that restricted deposit. However, the institution has elected to maintain a money market account in the amount of $250,000 and will continue it during STI’s start-up period. SANS has the ability and desire to provide this continued support until STI’s revenue from increased enrollment and/or other sources increases to a level where support is no longer needed.
II. STI – GIAC:
(a) STI uses the testing services of GIAC.
STI receives 25% of the GIAC cert attempt fee that is charged to the STI student, and GIAC receives 75% of that fee.
(b) STI uses the GIAC Gold paper services.
STI receives 25% of the GIAC Gold paper fee that is charged to the STI student (presently the gold fee is $299). GIAC receives the balance and most of that is paid to the particular GIAC gold adviser who graded the paper.
Additionally, discussions are underway regarding the provision of scholarship funds by SANS for some STI students. It is expected that the scholarship guidelines and requirements will be developed by end of 2010.
Recommendation 3.3:
The Institution and its parent will need to assess, as enrollments grow, the current allocation approach of resources to ensure that adequate faculty, staff and administration are available to support the Institution’s mission and outcomes expectations.
Response 3.3:
The Institution and its parent gave careful consideration to assuring that the Institution has adequate staff, administration, and faculty available to support the Institution’s mission, goals and outcome expectations. In fact, we have been gearing up over the past several months, especially after we were awarded Candidate for Accreditation status, so that we will be well prepared in the future. For example, the Institution hired an additional person in mid April 2010 to assist the President and accreditation liaison officer with the accreditation efforts; that person also is assisting in Admissions/Student Services. Also, beginning in April 2010, we acquired part-time assistance from a highly qualified SANS marketing executive who is very effective in this role. We willevaluate whether we need to hire an additional person either full-time or part-time to assist with marketing and recruiting depending on how much time that marketing executive expects to have available in coming months. He is looking at adjusting his work load to make extra time for STI’s marketing and recruiting. As enrollment increases, consideration will be given to hiring an additional assistant to work in the Departments of Admissions and Student Services when it is determined that assistance is needed.
These issues will be part and parcel of the strategic planning process each year, and will be addressed more frequently if needed. Please note that representatives of the parent participate in STI’s annual strategic planning processes.
Additional information about administration and faculty is in Chapter 5 and 10.
Chapter 4 - Standard 4: Leadership and Governance
Standard 4: Leadership and Governance. The institution’s system of governance clearly defines the roles of institutional constituencies in policy development and decision-making. The governance structure includes an active governing body with sufficient autonomy to assure institutional integrity and to fulfill its responsibilities of policy and resources development, consistent with the mission of the institution.
The Team’s Report stated that the Institution meets the standard.
Recommendation 4.1:
While the Board recently completed a survey to self-assess and evaluate the performance of the President, it is recommended that the Board engage in a more formal process of periodic assessment of the governing body and the effectiveness of institutional leadership based on the strategic goals and operating performance of the Institution.
Response 4.1:
During the spring of 2010 an individual board director evaluation form was created to evaluate the performance of the governing body. The form asked directors to self-assess their own performance based on the following four factors: input in policy development and decision-making, supporting/guiding the mission of the college, committee participation, and community outreach. The evaluation form also covered functional areas of the board such as board size, composition, meetings and new board member orientation. Appendix 4.1 contains a sample of the Board Self Evaluation form.
In June 2010 the Board of Directors held its annual meeting at the SANSFire 2010 Residential Institute in Baltimore, Maryland. During that meeting, or shortly thereafter, they completed the self evaluation form. STI received responses from every board member and overall the results were positive. Appendix 4.2 contains the Board Self Evaluation Report. As a result of the evaluation the following has occurred: an increase in directors asking to increase their participation in STI committees, discussions are underway to create an additional director in training position, and the secretary of the board is looking into making improvements in the director orientation materials. Soon we will be evaluating which committees would benefit from extra support. STI continues to encourage directors to contact the Chair if they have concerns about the President’s performance, or any other officer’s performance..
Chapter 5 - Standard 5: Administration
Standard 5: Administration. The institution’s administrative structure and services facilitate learning and research/scholarship, foster quality improvement, and support the institution’s organization and governance.
The Team’s Report stated that the Institution demonstrates potential to meet the standard.
Recommendation 5.1:
While the assignment of multiple functions to one individual or the assignment of administrative work (with or without compensation) to faculty members may be appropriate this practice needs to be reviewed on a periodic basis and a human resource plan developed to insure that qualified and dedicated staffing is available to the Institution as enrollments grow and the level of complexity increases.
Response 5.1:
This Response 5.1 is similar to our Response 10.2. In light of the Team’s recommendation, one of our strategic planning goals was to make the administration/faculty roles more transparent. Most persons who serve in faculty roles are compensated on a 1099 basis except for the President and Dean of Faculty. Faculty members who hold key governance roles in STI, such as serving on the STI Curriculum Committee and/or the STI Faculty Administration Committee, are paid an annual honorarium of $750 by STI if they are an independent contractor. The description of the honorarium is in Response 10.2.
STI clarified its faculty list to more clearly define the title/role; it more clearly shows if faculty members also serve in administrative roles for STI. For ease of reference, the following is a sample of how we now describe the title/role of the Department Chair who also is a faculty member: “STI Department Chair, SANS Faculty Fellow, SANS Course Author, STI Faculty Adviser Chair, STI Committee Member.” The full faculty list is in Appendix 5.1, and it is posted on the STI website.
SANS allocates to STI a charge for faculty fees which is described in the Memo of Understanding Regarding Related Entities as follows: “STI makes use of SANS training courses (instructors, courseware, course authors, conference facilities, etc.) for STI’s master’s students. STI receives the tuition that the STI student pays for the course. A percentage of the instructor’s teaching cost is charged to STI based on the number of STI students who attend that course vs. the persons who are attending it in other capacities. All the costs are prorated based upon the percentage of STI students to the overall attendees in the course.”
We are in the process of revising the descriptions of duties of the Dean of Faculty and Department Chair. We established descriptions a few years ago which are in the process of being updated. The drafts are in Appendix 5.2. Target date for completion: End of 2010.
Recommendation 5.2:
While the Institution and its parent company have executed the appropriate Related Party Certification, the Institution needs to review the existing sharing of duties between the organizational entities to determine at what level (students and/or maturation of the Institution) of dedicated staff and faculty, for that matter, is appropriate. Ultimately, the chief executive’s primary responsibility, under the standard, is to lead the Institution toward the achievement of its goals (emphasis added).
Response 5.2:
As stated in Chapter 3 Response 3.2, the related entities entered into a Memo of Understanding regarding STI, SANS, and GIAC. It clarifies in writing what the relationships and roles are among the related entities. This document was approved by the STI Board of Directors and is included in Response 3.2.
Based on the present status of STI, the President has sufficient time to dedicate to STI. It will be carefully analyzed, as STI grows, to assure that the President continues to have sufficient time to remain as involved as needed. He is involved in all major committees and is on the Board as an ex-officio and non-voting director. The President is involved in the operations of STI, and has regular meetings, usually weekly, with the Dean of Admissions and Student Services, the STI Coordinator and the accreditation coordinators. He reviews their detailed weekly status reports and comments when appropriate. The President established semi-annual goals/objectives, as stated in 5.D.2 of the Strategic Plan, which focus on advancing STI. He provides those goals, and the assessment results of those goals, to the Board for their comment and suggestions. Each Director is welcome to provide input about what the President’s objectives should be for the next six months. Appendix 5.3 contains the goals and assessment results that pertain to first half of 2010.
We instituted charters for the committees to more clearly delineate their roles according to our Strategic Plan. We also determined that the following additional committees should be formed: Strategic Planning Advisory Committee and a Student Experience Evaluation Committee (sometimes called Event Evaluation Committee). These two committees are additional to the six previously existing committees. The committee charters are posted on the website, and are in Appendix 5.4. Each year we will evaluate if our committees are performing well and whether or not we need additional committees or restructuring. As earlier mentioned, soon we will be evaluating which committees would benefit from having an additional board member serve on that committee.
As stated in Chapter 3, the need for establishing a Provost position was discussed with the Board. The advice from experienced higher education administrators is to establish the Provost position to be filled at a later date. As we move closer to needing a Provost, a detailed job description will be created.
For more information about additional staffing see Chapter 3.
Chapter 6 – Standard 6: Integrity
Standard 6: Integrity. In the conduct of its programs and activities involving the public and the constituencies it serves, the institution demonstrates adherence to ethical standards and its own stated policies, providing support for academic and intellectual freedom.
The Team’s Report stated that the Institution meets this standard.
There were no recommendations or suggestions in the Team’s Report.
Chapter 7 - Standard 7: Institutional Assessment
Standard 7: The institution has developed and implemented an assessment process that
evaluates its overall effectiveness in achieving its mission and goals and its
compliance with accreditation standards.
The Team’s Report stated that the Institution demonstrates potential to meet the standard.
Recommendation 7.1:
STI’s vision is to create the next generation of information security leaders. It is recommended that a working definition of leadership be developed to clarify the intended use of this term in order for STI to be able to measure its success per its definition of leadership. This should be considered an imperative since any number of its student might be considered to be in positions of leadership at their current levels of employment.
Response 7.1:
(A) Definition of Leadership. The following was stated in Response 1.1 and is pasted below for ease of reference: STI updated its website with a definition of leadership as described in Appendix 1.1. It is posted on our website at , and inserted as a link under the Mission Statement on page one of our website at sans.edu. It also is a link on our admissions procedure web page, and on the application so that applicants can easily refer to it before they start writing their leadership essay which is an admission prerequisite. (The instructions for the leadership essay that applicants submit with the application is in Appendix 1.2). When the definition was implemented, we notified students and graduates and asked them to feel free to provide suggestions or comments. New students must acknowledge in writing that they have read the essay.
(B) Leadership Positions / Change in Positions. Regarding the six graduates who graduated in September 2009, the committee determined that at least eight of the nine were in leadership positions (and possibly the ninth). Subsequently, with the graduating class of 2010, STI began tracking whether or not a student’s position changed from when they entered the program to the time the student graduated. That information is described in Appendix 7.1 and will be discussed at the committee meeting in mid September 2010. We will engage in that type of review after each graduation. Below is a quote from one of our six June 2010 graduates:
“After starting the program, I was promoted to Information Security Officer. I believe my involvement in the program was a contributing factor in that happening. I also believe that I have challenged myself, learned a lot about security, and improved my people and presentation skills. Finally, I believe that as a graduate of the program I am in a better positioned to differentiate myself from others in the security field.” -John Brozycki, Information Security Officer, Hudson Valley FCU
A summary of the Graduate Exit Interviews is attached as Appendix 7.2.
(C) Procedures for Providing Mentoring/Guidance to STI Graduates who Desire Support in Achieving Leadership Positions. At the end of 2009, the faculty committee approved procedures for those graduates who would like support in achieving leadership positions. The procedures are in Appendix 7.3 and we distributed this information to graduates and to students. We have not yet had any requests for assistance but expect we will in the future.
(D) Chapter 14 describes our assessment methods for the leadership goal.
Recommendation 7.2:
The institution needs to develop assessment processes for assessment of institutional level and program level objectives. These processes need to be further formalized and a written assessment plan should be developed.
Response 7.2:
Learning objectives and assessment methods for the MSISM and MSISE program were created in the spring of 2010 and approved by the board of directors in the summer of 2010. Program learning objectives outline what students can expect to learn in both programs. STI included specific course objectives that students can expect to demonstrate as well as other skills such as oral and written communication and leadership/management competencies. As a method of assessing non-course related learning objectives, STI will utilize VALUES rubrics in evaluating student portfolio work. All student papers/presentations/projects are published on our website for the public to view. We will create a portfolio tab on our resources section where student names and links to their work will be available. Response 14.2 contains program learning objectives and methods of assessment.
Assessment methods for the learning objectives include multiple layers. STI utilizes course writing assignments, Gold papers, as well as certification scores to determine the level and quality of learning. Institutional learning objectives utilize a formative approach to assess learning objectives by reviewing reflection assignments as well as grading rubrics for student projects. Appendix 7.4 contains grading rubrics. Learning objectives and assessment methods for both program and institutional level are included in the assessment plan. Appendix 2.2 contains the draft Assessment Plan. Chapter 14 - Standard 14 - Assessment of Student Learning contains additional information regarding course, program and institutional learning objectives.
Utilizing key institutional goals, as outlined in the Strategic Plan, STI has created a draft assessment plan that focuses on two areas: institutional effectiveness and student learning. Assessing institutional effectiveness is important in helping the STI community understand its strengths and recognize areas that can be improved upon. STI’s institutional assessment plan outlines plans in assessing all functioning areas such as curriculum development, administration and finance. Assessing the overall effectiveness of our institution will help us move closer to the goals set forth in our Strategic Plan. The assessment plan also outlines how assessment results will be distributed to administration, committees, faculty and students.
Please see Response 14.2 for the program level goals.
Chapter 8 - Standard 8: Student Admissions and Retention
Standard 8: Student Admissions and Retention. The Institution seeks to admit students whose interests, goals, and abilities are congruent with its mission.
The Team’s Report stated that the Institution meets this standard.
Suggestion 8.1:
The Institution should continue its efforts to attract a higher proportion of female faculty and students.
Response 8.1:
During the summer of 2010 the department of Admissions and Student Services created a survey which asked respondents seven open ended questions regarding women in information technology. STI would like to increase involvement in the number of qualified females in our Master’s program as well as in our faculty. We realize that recruitment efforts for students and faculty will be different, and each group will come with separate issues.
The survey was submitted to 9 people affiliated with STI either as course instructors, course attendees, as well as staff from SANS Mentor program, Community SANS and the faculty coordinator. Overall we received 7 responses to the survey and a report that summarized those responses was generated and submitted to senior level leadership as well as administrative units that oversee aspects of faculty and course development. Through the survey it became apparent to STI the importance potential female students place on the immediate cost benefits for continuing their education as well as balancing the financial obligations with their family and job requirements. For potential instructors, responses on the survey indicated that potential female instructors have to consider a reduction in salary to start the process of becoming an instructor (because most are already employed full time with demanding jobs) as well as evaluating the impact instructing could have on their personal and family lives. Appendix 8.1 contains the diversity survey summary report. After the report was distributed, a conference call between the department of Admissions and Student Services and staff members from the SANS Mentor program, Community SANS, and the faculty coordinator was held to discuss how to move forward in our efforts.
As a result of the conversation it was decided to move forward in re-energizing the women in technology ‘birds of a feather’ group discussion during the September 2010 Network Security Residential Institute. When this focus group meets in September we hope to gain further insight into other issues affecting women in technology such as continuing education, salary, promotion and managing.
Suggestion 8.2:
A further breakdown of tuition charges by course or credit hours should be provided to assist the prospective student in evaluating costs.
Response 8.2:
In summer of 2010 STI began drafting a sample timeline which demonstrates how students can complete the Master’s degree in Information Security Management or Information Security Engineering in 2 years. STI will continue to inform students that they have 5 years to complete degree requirements, but some wish to move through it faster. There were two reasons for the new marketing plan. The first reason was to create a structure that allowed potential students to compare our program to similar programs in information security. Although we operate on a rolling basis, and allow up to five years, we believe that creating a way for students to plan their education based on a two year plan, somewhat akin to four semesters, will be beneficial in attracting qualified students. The second reason was to make financial planning for the student easier since many employers conduct tuition reimbursement on a semester type basis.
As a result of these changes STI created a tuition breakdown that covers the expected costs of the courses over a two year time frame. Students will now be able to see how much they can expect to pay for a semester’s worth of courses as well as for a year and the overall cost to complete degree requirements. Once the draft is approved, the tuition breakdown will be posted on our website for potential students to access. Our tuition samples are provided only as estimates to the student. We will continue to encourage students to register for courses early (since there are discounts for early registration).
Relevant Developments re Chap. 8:
Admissions. In the summer of 2010 STI enrolled its first female student. She comes to STI with multiple years of work experience in a higher education setting, proven leadership abilities and exceptional academic successes; she has earned GIAC certifications and GIAC Gold certifications. STI is aware that at least two other women are putting together their application packages to apply to STI and we are optimistic that other qualified women will follow and enroll at STI.
The Admissions Department is noticing that more people are becoming aware of the program because of the increased marketing initiatives which started in April 2010. As a result of increased marketing efforts reaching out to potential students, we are interacting with more people and we are reaching more women.
The Admissions Department is starting to keep track of information about people who indicate interest in enrolling in STI. Through this process we hope to have a better understanding of our target audience. That report will be provided to the President on a periodic basis.
Chapter 9 – Standard 9: Student Support Services
Standard 9: Student Support Services. The Institution provides student support services reasonably necessary to enable each student to achieve the Institution’s goals for students.
The Team’s Report stated that the Institution meets the standard.
Suggestion 9.1:
While students do not appear to use the library resources extensively, the offerings are limited and should be reviewed to determine whether expansion would be beneficial.
Response 9.1:
We believe that our students have adequate library and research resources (the resources in the Reading Room at ; books that can be borrowed from our library or the on-site bookstore at residential institutes; significant weekly newsletters on current and emerging trends in information security; cutting edge live webcasts that also are archived; our continuing offer to purchase books for their use on the Gold papers; Google search; and all the other resources listed at ). Please note that we still have not had complaints about a lack of library/research resources and only two students have borrowed books from the library, and only one has borrowed from the on-site bookstore. As stated in the Self-Assessment document, we asked students why it is rare for a student to borrow one of our books. The general response was that they did not need to borrow since they have their own library, or they prefer to buy their own books, or they have their employer buy them. Almost all of our students are working professionally in the information security field, so they want to have or place books in their own library, and also their employers generally are very supportive of them since security information benefits both the student and the employer.
Yet we need to remain vigilant to make sure our students have what they need. Before year-end 2010, we will recommend that each student contact his/her respective state university library, since most states permit a state resident access to the resident’s state university library services; and by contacting the state university librarian, this also opens up the entire nation’s interlibrary loan system. Also, we will provide information to students about Google Scholar as a good resource in case they are not already using it. Additionally, in 2011, we will engage in a formal review of our library and research resources to determine if additional library and research resources are needed.
Chapter 10 – Standard 10: Faculty
Standard 10: The institution’s instructional, research, and service programs are devised, developed, monitored, and supported by qualified professionals.
The Team’s Report stated that the Institution meets this standard.
Recommendation 10.1:
As enrollment builds, STI should seek doctoral-level credentials for a significant proportion of the instructors responsible for the leadership/management components of the curriculum, or clearly articulate an individual’s alternative qualifications in the event a doctoral degree is not present.
Response 10.1:
In summer 2010 STI finalized changes to faculty bios for instructors in our management courses who do not have doctoral-level credentials. Qualifications of the instructors have been more clearly articulated to reflect, in relation to the courses they teach, the quality and quantity of professional experience in the field, involvement in STI, research, publishing, and teaching ability. Appendix 10.1 contains updated faculty bios. They also are listed on our website at sans.edu/faculty. Instructors who teach in the management program have exceptional qualifications with years of professional experience in the information security field. Currently our Academic and Faculty committees are satisfied with the qualifications of all instructors who teach in both the Management and Engineering program.
Jeff Frisk brings more than 15 years of IT project management experience with computer systems, high tech consumer products, and business development initiatives. His bio has been updated to reflect the quantity and quality of his professional experience. Our most recent data shows that Jeff Frisk, author and instructor of MGT 525, Project Management and Effective Communications for Security Professionals & Managers, continues to receive high scores. Instructors are rated on a 1-10 scale (1 being the lowest and 10 being the highest). Jeff Frisk received an average teaching skills score of 9.26, with 13 out of 18 paid attendees responding, during the SANSFire 2010 Residential Institute which occurred in June 2010. The overall course score average was 9.05 and the course content average was 9.08. Here are some comments that students provided:
- “The value of this course in large part was realized by the exceptional teaching ability of the instructor.”
- “Dynamically and well taught.”
- “This course conveyed the importance that every effective program or project manager must place on communication and interpersonal skills.”
David Hoelzer continues to be a high scoring SANS instructor. Having served in most major roles in the IT and Security industries, David Hoelzer’s bio highlights his expertise in a variety of Information Security fields over the past twenty five years. Our most recent data from the SANSFire 2010 Residential Institute, which occurred in June 2010, shows that David Hoelzer scored an average score of 9.47 in teaching skills. Out of 42 paid attendees, 31 students provided course feedback. Below is a sample of some of the comments that students provided:
- “I found the instructor to be very engaging and enjoyable. Did not have trouble staying awake – even after lunch.”
- “The instructor’s depth of knowledge and real world experience allowed him to relate stories that emphasize the points made in the lecture.”
- “The use of analogy and real life correlation made the material understandable and entertaining. Dave is very knowledgeable and enthusiastic.”
While leadership and management competencies are important in the Information Security Management program, they are not the only components. STI’s Information Security Management program teaches students how to manage security. We estimate that about 10% of the information covered in the program relates to management theories while the remaining 90% focuses on information security. As a result, STI still needs to maintain faculty in management courses with strong technical information security skills as well as experienced practitioners with years of experience. STI is committed to recruiting highly qualified instructors to teach courses in our Master’s program. While it is common at most institutions for faculty to have a terminal degree in their field we find that currently most information security practitioners do not have a doctoral degree. STI has found that focusing on teaching ability, knowledge of information security practices, technical skills and professional experience provides students a quality education. Instructors that teach management courses focusing on security in STI’s curriculum are high scoring, have the specific knowledge to teach the courses and have multiple years of professional experience in the field.
Recommendation 10.2:
The responsibilities and compensation of those fulfilling various elements of the faculty role should be more clearly defined and transparent. Where administrators are engaged extensively in faculty roles, or where contractual faculty have administrative responsibilities, the scope and responsibilities, percentage of effort and compensation for the administrative functions should be more clearly defined and transparent.
Response 10.2:
Response 10.2 is similar to our Response 5.1. In light of the Team’s recommendation, one of our goals in the Strategic Plan was to make the faculty/administration roles more transparent.
As stated in Response 5.1, most persons who serve in faculty roles are compensated on a 1099 basis except for the President and Dean of Faculty. Faculty members who hold key governance roles in STI, such as serving on the STI Curriculum Committee and/or the STI Faculty Administration Committee, are paid an annual honorarium of $750 by STI if they are a 1099. The general conditions of the honorarium are that those committee members will attend in-person the committee meetings that occur at the major residential institutes (usually there are 4 a year) if they are scheduled to teach/work at such residential institute. If they are not scheduled to teach/work at that residential institute, then they will dial in to the meeting. Committee members also will take part in email and phone conference meetings. The committee members have the committee charter(s) that apply to them. The honorarium is explained below.
To: STI Curriculum Committee & STI Faculty Administration Committee, August 13, 2010:
STI greatly appreciates the services that you provide on behalf of STI. We especially want to thank you for your work on the following committees: STI Curriculum Committee and/or STI Faculty Administration Committee. We couldn’t do this important work without you.
* If you are compensated on a 1099 basis and are a member of the STI Curriculum and/or STI Faculty Administration Committee, we will be providing an annual honorarium of $750 as a token of our appreciation to be paid toward the end of each calendar year (or shortly thereafter) starting this calendar year, provided that the general conditions outlined below are satisfied. If you are a 1099 and serve on both committees, the annual honorarium will be $1500.
Thank you for all that you do for STI, the students, and the information security community!
* This paragraph applies to Eric Cole, Ed Skoudis, and David Hoelzer.
General Conditions: It is expected that the committee members will attend in person the committee meetings that occur at the major training events (usually there are 4 a year) if they are scheduled to teach/work at such training event. If they are not scheduled to teach/work at that event, then they will dial in to the meeting. Committee members also will take part in email and phone conference meetings. See the attached Committee Charter(s) that applies to you.
Note: If you also serve on the STI Board of Directors and are a 1099, please note that the honorarium described above is in addition to the honorarium that applies for your services on the STI Board.
STI clarified its faculty list to more clearly define the title/role; it more clearly shows if faculty members also serve in administrative roles for STI. For ease of reference, the following is a sample of how we describe the title/role of the Department Chair who also is a faculty member: “STI Department Chair, SANS Faculty Fellow, SANS Course Author, STI Faculty Adviser Chair, STI Committee Member.” The full faculty list is in Appendix 5.1, and it is posted on the STI website.
SANS allocates to STI a charge for faculty fees which is described in the Memo of Understanding Regarding Related Entities as follows:
“STI makes use of SANS training courses (instructors, courseware, course authors, conference facilities, etc.) for STI’s master’s students. STI receives the tuition that the STI student pays for the course. A percentage of the instructor’s teaching cost is charged to STI based on the number of STI students who attend that course vs. the persons who are attending it in other capacities. All the costs are prorated based upon the percentage of STI students to the overall attendees in the course.”
We are in the process of revising the descriptions of duties of the Dean of Faculty and Department Chair which were created a few years ago. A draft of the descriptions is in Appendix 5.2. Target date for completion: End of 2010.
Recommendation 10.3
The locus of responsibility for defining program-level goals and learning outcomes for degree requirements beyond the course level needs to be clearly established.
Response 10.3:
Final approval for approving the Program Goals lies with the STI Board. The final approval for the learning outcomes for degree requirements beyond the course level (such as the Community Project Requirements) rests with the following committees: Curriculum Committee/STI Faculty Committee and the Academic & Student Affairs Committee. The STI Board is given a report at least annually of the state of STI.
The Department of Admissions and Student Services provides the majority of the day-to-day administrative functions of the college, in consultation with the President on important matters. Often the original drafting of a document starts with the Department of Admissions and Student Services in consultation with the President who also is a faculty member and member of the significant committees. Then additional input on the draft is obtained from persons on those committees, most of whom are faculty/course authors. The appropriate committees vote on it and, where the issue is very important, the next step is to ask the Board to review and vote on it. For example, the Program Goals required Board approval.
The Board is given a report at each annual meeting of significant matters. Appendix 10.2 contains an excerpt from the June 2010 board minutes of matters concerning curriculum (which includes courses and community project requirements), program goals, and mission. Many other matters were part of the agenda, but those excerpts pertain to the Team’s recommendation.
The Program Learning Objectives and Assessment Methods are in Response 14.2.
The draft Learning Objectives and Assessment Methods for the Community Project Requirements are in Response 14.3.
Recommendation 10.4:
As a matter of transparency and fairness, STI should establish explicit criteria for hiring and reviewing those with responsibility for the educational program, and also clearly establish the locus of supervision for those carrying out various elements of the faculty role.
Response 10.4:
The STI Faculty Administration Committee has oversight of the faculty that teaches the courses in the STI master's curriculum. One of the Faculty Committee's functions is to regularly review the quality of instructors. The authority for hiring and firing faculty for courses that are part of the STI master's curriculum belongs to the President after consultation with the STI Faculty Committee. Persons on the STI Faculty Committee include the President, Department Chair, Dean of Faculty (who also manages the GIAC Gold paper program and Internet Storm Center), and another member; all of them are course authors and Fellow Faculty. The institution is in the process of further refining its procedures for approving instructors who teach courses in the STI curriculum. The draft is in Appendix 10.3.
Suggestion 10.5:
STI might seek to target recruitment of female instructors for the SANS on Demand and vLive! (and local face-to face) delivery modes, which offer more scheduling flexibility than large face-to-face Residential Institutes.
Response 10.5:
As reported earlier in Chapter 8 - Standard 8, STI developed a survey to solicit input by a variety of STI constituents and departments. The survey had two functions: (1) to understand some challenges that women face in the information security field and how they apply to continuing education and (2) challenges associated with becoming an instructor. For potential instructors, responses on the survey indicated that potential female instructors have to consider a reduction in salary to start the process of becoming an instructor (because most are already employed full time with demanding jobs) as well as evaluating the impact teaching could have on their personal and family lives. Appendix 8.1 contains the report from the diversity survey.
After the report was distributed, a conference call between the Department of Admissions and Student Services and staff members from the SANS Mentor program, Community SANS and the faculty coordinator was held to discuss how to move forward in our efforts. We focused attention on the Team Report’s suggestion about how potential female instructors might find more flexibility in instructing courses through OnDemand and vLive!. Top scoring instructors are recorded during a large live training Residential Institute and that material is utilized in the OnDemand delivery method. Because of the practice of recording more experienced instructors, STI came to the conclusion that this method of delivery is not best suited for newer instructors.
The conference call determined that vLive! is a more flexible option for potential instructors because they can instruct from home; however, currently SANS utilizes high scoring experienced instructors to conduct the course, just like OnDemand. This limits newer instructors from teaching through vLive!. The conference call discussed two additional delivery methods: SANS Mentor and Community SANS. Challenges with both delivery methods exist in terms of time commitment and frequency of teaching options. If a current instructor wishes to become a Mentor, they are limited in how many times they can run a course in a particular city. The demand in most cities can only sustain the class for one run per year. Community SANS is another option; however, in most instances the days are very long and potentially require being away from home, family and their jobs for a period of time. The Mentor program and the Faculty Coordinator are both committed to working at assisting interested instructors through the process of becoming an instructor.
As a result of the conversation, it was decided to move forward in re-energizing the Women in Technology ‘birds of a feather’ discussion group during the September 2010 Network Security Residential Institute. When this focus group meets in September we hope to gain further insight into other issues affecting women in technology such as continuing education, salary, promotion, leadership and methods for alleviating some of the concerns. STI hopes to utilize this event in recruiting more students and potential faculty. We will continue our efforts in recruiting highly qualified instructors. We will work to find an appropriate balance and invest the appropriate resources as necessary to increase the diversity of both our faculty and students.
Chapter 11 - Standard 11: Educational Offerings
Standard 11: Educational Offerings. The Institution’s educational offerings display academic content, rigor, and coherence that are appropriate to its higher education mission. The Institution identifies student learning goals and objectives, including knowledge and skills, for its educational offerings.
The Team’s Report stated that the Institution meets the standard.
Recommendation 11.1:
STI needs to present the master’s degree curricula and additional degree requirements in a coherent, transparent way on its own website, which serves as its catalog.
Response 11.1:
In response to this recommendation, STI added to its website a description of those courses rather than just a link to the description. Please note that the STI Community Project Requirements have always been posted on STI’s website in a coherent and transparent manner.
Recommendation 11.2:
In relation to the extensive available literature in management and leadership, which goes beyond the security field, STI should re-establish electronic library resources such as those described in the self-assessment document.
Response 11.2:
(Our response concerning library and research resources in general is in Response 9.1).
This Response 11.2 relates to the Team’s specific recommendation for an electronic library of management and leadership resources. Our concern is that the electronic library includes mainly general management and general leadership books; whereas STI’s focus is on management in information security and leadership in information security. As stated in Response 10.1, we estimate that about 10% of the information covered in the program relates to management theories while the remaining 90% focuses on information security. We believe the security focused management/leadership books that we have, combined with our continuing offer to purchase material the student would like use for his/her research and writing on management/leadership, is a good means of obtaining the material that the student needs for STI’s security focused management/leadership courses. Also, as stated in Response 9.1, the student can contact the student’s respective state university library since most states permit a state resident access to the resident’s state university library services, and by contacting the state university librarian, this also opens up the entire nation’s interlibrary loan system.
Suggestion 11.3:
The opportunity to use prior GIAC certifications to meet graduate program requirements – and the limits to doing so – could be more clearly articulated for the benefit of students.
Response 11.3:
In response to the above suggestion, we revised our website at “Transfer of Credit, Previous SANS/GIAC Work” to make that clarification. We also reference that tab on our Admissions Procedure web page. Additionally, we revised the STI Brief that is given to interested persons (see Appendix 11.1).
Commendation:
We appreciate that the Team’s Report noted the following commendation: “STI is to be commended for devising a model adult-learner-friendly program.”
Chapter 12 – Standard 12: General Education
Standard 12: General Education. The Institution’s curricula are designed so that students acquire and demonstrate college-level proficiency in general education and essential skills, including at least oral and written communication, scientific and quantitative reasoning, critical analysis and reasoning, and technological competency.
The Team’s Report stated that the Institution meets the standard.
The Report stated that the Institution has established admission requirements that provide sufficient assurance of the student’s general education skills upon entry to the graduate degree programs.
Chapter 13 - Standard 13: Related Educational Activities
Standard 13: The institution’s programs or activities that are characterized by particular content, focus, location, mode of delivery, or sponsorship meet appropriate standards.
The Team’s Report stated that the Institution meets the standard.
The Report stated that three elements of this standard apply to STI, and the others are not applicable. The ones that apply are distance or distributed learning; branch campuses, additional locations and other instructional sites; and contractual relationships and affiliated providers
Recommendation 13.1:
The Institution needs to ensure that contractual relationships are established with affiliated providers in order to protect the Institution’s integrity and assure that the Institution has appropriate oversight of and responsibility for all activities carried out in the Institution’s name or on its behalf.
Response 13.1:
In response to this recommendation, the related entities entered into a Memo of Understanding regarding STI, SANS, and GIAC. It clarifies in writing what the relationships and roles are among the related entities. This document was approved by the STI Board of Directors and is included in Response 3.2.
Suggestion 13.2:
STI should systematically organize and review data on student performance on certification exams and papers by learning mode, as well as by instructor.
Response 13.2:
STI has a process of systematically organizing and reviewing date on student performance on exams by learning mode, instructor and learning objective. The Dean of Admissions and Student Services obtains and analyzes a quarterly report that contains data on student’s performance on exams by learning objective; it also is sorted by instructor and the learning mode. Additionally, the Course adviser provides a quarterly report on whether students have reported any problems related to the exam. Committee members review that information to determine if students had problems with specific learning objectives in a course, or if there are discrepancies between different learning modes/instructors. Committee members utilize the data to make recommendations to improve exam questions or specific portions of the course, and if there were any apparent differences between instructor/delivery mode, they would address those issues as well. At present we are not seeing any significant differences in scores when comparing different learning modes or different instructors.
That report does not break out performance on the gold papers. We do not anticipate seeing a difference in effect in scores on the gold paper when comparing different learning modes or different instructors, but we plan to do a sampling of the gold papers in the near future to see if they are impacted by different learning modes or different instructors.
A sample of committee action is in Appendix 13.1. Appendix 13.2 contains the curriculum update report.
Chapter 14: Standard 14- Assessment of Student Learning
Standard 14: Assessment of student learning demonstrates that, at graduation, or other appropriate points, the institution’s students have knowledge, skills, and competencies consistent with institutional and appropriate higher education goals.
The Team’s Report stated that the Institution demonstrates potential to meet the standard.
Recommendation 14.1:
The Institution needs to clearly articulate learning objectives and methods of assessment need to be established at the institutional level.
Response 14.1:
As stated in Response 10.3, in July of 2010, STI’s Board of Directors approved learning objectives and methods of assessment for both the MSISE Program, as well as the MSISM Program. For further information regarding Program learning objectives please see Response 14.2 below. Aside from learning objectives associated with the programs, we expect students who graduate from STI to take away certain skills that go beyond course material. Learning objectives and methods for assessment for learning that occurs at the institutional level have also been developed.
At the core of STI, we expect students to graduate with leadership skills that will allow them to shape the way cyber security is managed. We have created multiple layers of assessment to ensure we are producing leaders. We will collectively look at the student’s grades in our management and leadership competency related courses, we will look at responses to the graduate exit survey to determine if the students believe they are learning necessary leadership skills to use in the field, we also review the student’s outcome statement (and the list of leadership competencies in their leadership essay that the student said they wanted to improve) and ask the student to indicate to what extent they believe they have achieved the goals they set for themselves. We are also utilizing projects completed for the Community Project Requirement to assess whether students are achieving the necessary leadership skills to be successful in their current and future positions. Response 14.3 contains additional information regarding Community Project Requirement learning objectives and assessment methods.
To be a successful leader and manager, key communication skills must be established. We expect our students to demonstrate effective written and oral communication skills. Aside from coursework, we are utilizing a variety of educational activities that are part of our Community Project Requirements to determine whether students are able to write quality papers as well as deliver quality oral presentations. We utilize Gold research papers (and Written Assignments when Gold is not available), Joint Written Project, Group Discussion and Written Project, and Presentations as methods for assessing whether students are demonstrating both written and oral communication skills. In addition, STI posts student presentations/projects on the STI website to benefit the community. These papers are made available to any website visitor for free. STI will be creating a new section on our webpage called Student Portfolios. Here we will have a cumulative sample of all available assignments submitted by each student. STI is planning on utilizing the American Association of Colleges and Universities (AAC&U) VALUE rubrics to assess the student’s work in their portfolio. Currently, STI utilizes rubrics to grade student projects and assignments; however we believe utilizing the VALUE rubrics will be an additional benefit in assessing student learning collectively in the Student Portfolio and not on an individual basis.
Upon graduating from STI we expect students to have displayed effective critical thinking and information literacy skills. STI students spend a great deal of time writing comprehensive research reports where they must find appropriate sources and information for their assignments. In order to pass the assignments, students must demonstrate the proper critical thinking skills in completing these assignments. In addition, we require our students to complete assignments that provide new and insightful information to the community. Our grading rubrics indicate to what extent the student provided new and beneficial information to the community. Because information security changes so rapidly, STI’s research initiatives are always evolving and we expect our students to contribute to that process. As stated above, STI expects to use AAC&U’s VALUE rubrics to assess these competencies.
Recommendation 14.2:
STI needs to strengthen its statement of both the overall program goals and learning outcome. Ideally, these intended outcomes will be transparent to students and the intended learning outcomes of each of the program requirements that go beyond specific courses (e.g., oral presentations). Ideally, these intended outcomes will be transparent to students. Since leadership outcomes are central to the mission, STI should articulate its definition of or framework for leadership. Once these goals are clear, STI needs to periodically evaluate the effectiveness of program components in meeting them, and use the results for improvements and for students to see their own progress.
Response 14.2:
In July of 2010, the Board of Directors approved the following two sets of learning objectives and assessment methods -- one for the MSISE Program and one for the MSISM Program. These learning objectives will be posted to STI’s website to increase transparency:
Program Goals / Learning Objectives for MSISE & Methods for Assessment
06/22/2010 – V1.0
Overview: The MSISE (Engineering) program will prepare students to head teams of technologists who are responsible for information security assessments, architectures, operations, monitoring, auditing, and lead information security programs. Graduates will be qualified to seek positions such as technical director for information security, senior security analyst, senior security administrator, information systems security manager, information systems security officer, information security manager, and chief information security officer. The program focuses primarily on the technical and problem-solving skills associated with security implementation, but adds instruction on project management and effective communications to help graduates prepare to take responsibility for the work of other technologists. Almost all of the courses below except the electives include writing assignments called GIAC Gold or Written Assignment. More information about GIAC Gold can be found at the GIAC site.
Upon graduating from this program, students will be able to:
1. Demonstrate mastery of communication skills, in both written assignments as well as oral presentations.
a. Method for Assessing: We will assess this objective by reviewing student performance on written assignments and presentations at Residential Institutes. We will utilize our grading rubrics to accomplish this review.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form to determine if students are graduating the program with improved communication skills. The Exit Interview form includes a question asking students to indicate if/how their communication skills have improved.
2. Graduates will demonstrate an ability to conduct research, synthesize results and produce insightful and beneficial written projects and presentations.
a. Method for Assessing: We will assess this objective by utilizing grading rubrics designed to indicate the depth of knowledge of a written report and presentation.
b. Method for Assessing: We will assess this objective by reviewing student performance on Gold papers.
3. Demonstrate an understanding of leadership development and skills as it relates to information security.
a. Method for Assessing: We will assess this objective by periodically reviewing student leadership/student outcome statement essays. Students are required to submit leadership essays for admittance into the program. As a Community Project Requirement, students must write an essay regarding their Work Study experience specifically indicating what they learned about leadership.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form. There is a question that requires graduates to reflect on their program experience to determine if they believe they have learned leadership skills that can be incorporated into their current position help them achieve a higher position.
c. Method for Assessing: We will assess this objective by reviewing assignments completed for MGT 421: SANS Leadership and Management Competencies.
4. Apply theoretical ideas in information security to real world situations. Student will demonstrate “hands on” practical skills in applying theory to real world situations.
a. Method for Assessing: We will assess this objective by reviewing the results of the Group Discussion and Written Project assignment which requires students to apply current knowledge to a real world problem that needs to be addressed.
b. Method for Assessing: We will assess this objective by reviewing results of written assignments to determine if the student is effectively integrating what they learned in order to solve real world problems.
c. Method for Assessing: We will assess this learning objective by reviewing student performance on the GSE.
d. Method for Assessing: We will assess this objective by reviewing exam results
5. Demonstrate effective project management skills (time management, organization, accountability, effective listening, conflict resolution, etc.).
a. Method for Assessing: We will assess this objective by reviewing assignments completed for the Project Management and Effective Communications course (MGT 525)
b. Method for Assessing: We will assess this objective by reviewing student performance on the Group Discussion and Written Project.
c. Method for Assessing: We will assess this objective by reviewing student performance on the Joint Written Project.
6. Demonstrate an understanding of the components needed to design, implement and manage an effective security awareness program.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 438: How to Establish a Security Awareness Program.
b. Method for Assessing: We will assess this objective by reviewing the evaluation form results that the audience provides in response to student’s Awareness Talk that student gives to the community at no cost/low cost. (Evaluation forms will be required for talks planned after June 2010).
7. Demonstrate an understanding of IT Security knowledge skills and abilities such as incident handling, hacker techniques and exploits and intrusion incident handling.
a. Method for Assessing: We will assess this objective by reviewing student performance in SEC 401: SANS Security Essentials
b. Method for Assessing: We will assess this objective by reviewing student performance in SEC 504: Hacker Techniques, Exploits, and Incident Handling
c. Method for Assessing: We will assess this objective by reviewing student performance of the GSE.
8. Demonstrate an understanding of IT security knowledge, skills and abilities in software security. (Applies to students admitted after May 22, 2008)
a. Method for Assessing: We will assess this objective by reviewing student performance in completing the Software Security requirement.
9. Understand the role of policy development in mitigating risks.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 404: Fundamentals of Info Sec Policy.
10. Demonstrate a broad based understanding of IT Security knowledge skills and abilities such as Host and Network Based Intrusion Detection, Honeypots, Firewalls and Perimeter Protection, Password Management, Information Warfare, Web Security, Network Fundamentals and IP Concepts and Behavior, Cisco Router Filters, Four Primary Threats for Perimeter Protection, PGP, Steganography, Anti-Viral Tools, Windows (2003, Vista, 2008 and Windows 7) Security Administration and Auditing, IIS Security, Unix Security Fundamentals
a. Method for Assessing: We will assess this objective by reviewing student performance in SEC 401: SANS Security Essentials
b. Method for Assessing: We will assess this objective by reviewing student performance on the GSE.
11. Demonstrate hands-on skills through the GIAC GSE lab exam (Applies to MSISE students admitted after September 15, 2008).
a. Method for Assessing: We will assess this learning objective by reviewing student performance on the GSE.
Program Goals / Learning Objectives for MSISM & Methods for Assessment
6/22/2010 – V1.0
Overview: The MSISM (Management) Program is designed to help a candidate become the highest-ranking management employee with IT Security responsibilities in an organization. In the government, this is often called the Designated Approving Authority, or Information Assurance Manager (IAM). In the industry, titles such as Chief Security Officer or Chief Information Security Officer are often used. In addition to the strong writing skills the program produces through the GIAC Gold program or the Writing Assignments for almost all courses, the community project requirements training includes teamwork and oral presentation practice. More information about GIAC Gold can be found at the GIAC site.
Upon graduating from this program, students will be able to:
1. Demonstrate mastery of communication skills, in both written assignments as well as oral presentations.
a. Method for Assessing: We will assess this objective by reviewing student performance on written assignments and presentations at Residential Institutes. We will utilize our grading rubrics to accomplish this review.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form to determine if students are graduating from the program with improved communication skills. The Exit Interview form includes a question asking students to indicate if they believe their communication skills have improved.
2. Graduates will demonstrate an ability to conduct research, synthesize results and produce insightful and beneficial written projects and presentations.
a. Method for Assessing: We will assess this objective by utilizing grading rubrics designed to indicate the depth of knowledge of a written report and presentation.
b. Method for Assessing: We will assess this objective by reviewing student performance on Gold papers.
3. Demonstrate an understanding of leadership development and skills as it relates to information security.
a. Method for Assessing: We will assess this objective by periodically reviewing student leadership/student outcome statement essays. Students are required to submit leadership/outcome statement essays for admittance into the program. As a Community Project Requirement, students must write an essay regarding their Work Study experience specifically indicating what they learned about leadership.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form. There is a question that requires graduates to reflect on their program experience to determine if they believe they have learned leadership skills that can be incorporated into their current position to help them achieve a higher position.
c. Method for Assessing: We will assess this objective by reviewing assignments completed for MGT 421: SANS Leadership and Management Competencies.
4. Apply theoretical ideas in information security to real world situations.
a. Method for Assessing: We will assess this objective by reviewing the results of the Group Discussion and Written Project assignment which requires students to apply current knowledge to a real world problem that needs to be addressed.
b. Method for Assessing: We will assess this objective by reviewing results of written assignments to determine if the student is effectively integrating what they learned in order to solve real world problems.
c. Method for Assessing: We will asses this objective by reviewing results of student performance during their teaching assistantship.
d. Method for Assessing: We will assess this objective by reviewing exam results
5. Demonstrate effective project management skills (time management, organization, accountability, effective listening, conflict resolution, etc.).
a. Method for Assessing: We will assess this objective by reviewing assignments completed for the Project Management and Effective Communications course (MGT 525)
b. Method for Assessing: We will assess this objective by reviewing student performance on the Group Discussion and Written Project.
c. Method for Assessing: We will assess this objective by reviewing student performance on the Joint Written Project.
6. Demonstrate an understanding of the components needed to design, implement and manage an effective security awareness program.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 438: How to Establish a Security Awareness Program.
b. Method for Assessing: We will assess this objective by reviewing the evaluation form results that the audience provides in response to student’s Awareness Talk that student gives to the community at no cost/low cost. (Evaluation forms will be required for talks planned after June 2010).
7. Demonstrate an understanding of IT Security knowledge skills and abilities such as incident handling, hacker techniques and exploits.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers.
b. Method for Assessing: We will assess this objective by reviewing student performance in SEC 504: Hacker Techniques, Exploits, and Incident Handling
9. Demonstrate an understanding of IT security knowledge, skills and abilities in software security. (Applies to students admitted after May 22, 2008).
b. Method for Assessing: We will assess this objective by reviewing student performance in completing the Software Security requirement.
10. Understand the role of policy development in mitigating risks.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 404: Fundamentals of Info Sec Policy.
11. Demonstrate an understanding of the skills needed to manage others in the information security field. Graduates will develop a general understanding of the technical components of information assurance in order to provide better supervision to technologists.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers
b. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 421: SANS Leadership and Management Competencies.
12. Demonstrate a broad based understanding of security essentials such as Network Fundamentals and Applications, Power, Cooling and Safety, Architectural Approaches to Defense in Depth, Cyber Attacks, Vulnerability Assessment and Management, Contingency and Continuity Planning, Awareness Management, Web Application Security, Offensive and Defensive Information Warfare and Audit.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers
13. Demonstrate an understanding of how multiple functions such as business, management, policy and law interact in a highly technical information security environment.
a. Method for assessing: We will assess this learning objective by reviewing student performance in LEG 523: Legal Issues in Information Technology & Information Security
14. Utilize a risk driven method for designing and auditing an enterprise security validation program.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in Audit 507: Auditing Networks, Perimeters, & Systems
15. Demonstrate an understanding of why security controls and framework are important.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 411: SANS 27002 Implementation & Management
16. Demonstrate an understanding of how to build ongoing compliance monitoring systems and how to automatically validate defenses through instrumentation and automation of audit checklists.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in Audit 507: Auditing Networks, Perimeters, & System
Leadership Definition:
As stated in Chapter 1 – Standard 1 - STI articulated its definition of leadership through the publication of a Leadership Essay which all students must read before applying to the institution and they must reference it in their application essay. To ensure that current students continue to remain attentive to the competencies addressed in this essay, STI requires that students reference at least three leadership qualities from this essay in reflection essays for the Community Project Requirements, discussed below in Response 14.3 - Chapter 14 - Standard 14. The leadership essay can be found at the following link: and a hard copy can be found in Appendix 1.1.
Recommendation 14.3:
Having made a solid beginning, STI needs to complete its articulation of course-level learning goals for all graduate courses. In addition, learning objectives and methods of assessment need to be established for the Community Project Requirements.
Response 14.3:
The courses that had incomplete learning objectives at that time have been completed. Specifically, the course author and instructor of LEG 523 completed the incomplete learning objectives. The LEG 523 objectives are attached in Appendix 14.1. We are also including learning objectives for our DEV courses which are part of the MSISM (Management) program in Appendix 14.2.
In addition to articulating institutional, program and course level learning objectives, STI created learning objectives and methods for assessment for each individual Community Project Requirement. These learning objectives help close the loop in assessing the learning that takes place at STI. The following Community Project Requirement learning objectives and assessment methods were recently approved by committee and are in the process of being posted to our website.
Work Study
1. Through participating in the Work Study Program students will be able to:
a. Apply (and reflect on) previously understood knowledge regarding leadership to the Work Study experience. After reading the STI leadership essay (located at ) and performing Work Study, students will write a one and a half page essay about what they learned about leadership as a result of performing Work Study.
i. Method for Assessing: We will assess this objective by reviewing the Leadership Essay written by the student utilizing the checklist/rubric established.
b. Work productively in a team setting to achieve common goals.
i. Method for Assessing: We will assess this objective by reviewing the results of the student’s evaluation of performance by the Work Study Coordinator and by Instructor, including Question 2 which rates the quality of participation.
ii. Method for Assessing: We will assess this objective by reviewing the Leadership Essay utilizing the checklist/rubric established.
c. Demonstrate effective interpersonal skills; developing new (or further develop existing) networks of peers, faculty and/or staff.
i. Method for Assessing: We will assess this objective by reviewing the Leadership Essay written by the student utilizing the checklist/rubric established.
Presentations
1. Through preparing for and conducting two (2) Presentations in front of an audience, students will be able to:
a. Synthesize previous research information into a technically strong yet succinct (15 slides with Notes, 30 minutes, plus 7-10 minutes for questions) presentation that educates the audience and provides value for the audience’s time.
i. Method for Assessing: We will assess this objective by reviewing student performance on the Slides with Notes and Hand-Outs section of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the students overall grade on the presentation
b. Use a presentation style that is audience appropriate while delivering the message in a clear and organized format.
i. Method for Assessing: We will assess this objective by reviewing student performance on the Oral presentation component of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
c. Display ‘Basic Presentation Skills’ as outlined in the presentation scoring rubric.
i. Method for Assessing: We will assess this objective by reviewing performance on the Basic Presentation Skills component of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
d. Demonstrate effective question handling skills as outlined in the presentation scoring rubric.
i. Method for Assessing: We will assess this objective by reviewing student performance on the question handling section of the grading rubric.
e. Demonstrate the ability to brief information security professionals.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
Group Discussion & Written Project
1. Through participating in the Group Discussion and Written Project (GDWP), students will be able to:
a. Work productively in a team setting to achieve common goals.
i. Method for Assessing: We will assess this objective by reviewing the overall presentation (oral presentation, slides, paper) grade according to the requirements of the grading rubrics which is posted to the website.
ii. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student's use of leadership skills, as well as the performance and use of leadership skills of the other member(s).
b. Demonstrate characteristics associated with STI’s definition of leadership as outlined in the Leadership Essay at https:sans.edu/resources/leadershiplab/.
i. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student’s use of leadership skills as well as the performance and use of leadership skills of the other member(s). As we review the essay we will pay particular attention to the student’s communication skills utilized during the project.
c. Analyze, evaluate and synthesize research and apply theoretical ideas to practical settings while formulating new or creative approaches to solving a particular problem.
i. Method for Assessing: We will assess this objective by reviewing the student’s performance on the written component which includes the executive summary.
d. Demonstrate effective project management skills (time management, organization, accountability, effective listening, including group ideas etc.) for an assignment that has a short turnaround time.
i. Method for Assessing: We will assess this objective by reviewing the students overall project grade.
ii. Method for Assessing: We will assess this objective by reviewing the reflection essays completed by the students. We will focus on what kind of project management methodology the students used during the project.
e. Create a written report that demonstrates command of the English language, utilizing proper grammar and proper sentence syntax.
i. Method for Assessing: We will assess this objective by reviewing student performance on written component which includes the following: executive summary, body, and research shown in the written component.
f. Create a presentation that effectively highlights the major components of the written report.
i. Method for Assessing: We will assess this objective by reviewing student performance on the oral presentation and slides components
g. Demonstrate an ability to deliver technically based material that a CIO can fully understand.
i. Method for Assessing: We will assess this objective by reviewing student performance on oral presentation with slides component.
Joint Written Project
1. By preparing and completing a Joint Written Project with a partner, the student will be able to:
a. Analyze, evaluate and synthesize research and apply ideas to practical settings while formulating new or creative approaches to solving a particular problem.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project using the Joint Written Project grading rubric.
b. Create a written report that demonstrates command of the English language, utilizing proper grammar and proper sentence syntax.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the paper portion of the grading rubric.
c. Work productively in a virtual team setting to achieve common goals.
i. Method for Assessing: We will assess this objective by reviewing the student’s (and the student’s partner’s) reflective essays.
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
d. Demonstrate effective project management skills (time management, organization, accountability, effective listening, including group ideas, etc.) for a complex assignment.
i. Method for Assessing: We will assess this objective by reviewing the student’s (and student’s partner’s) reflective essays focusing on project management methodologies used.
ii. Method for Assessing: We will assess this objective by reviewing student performance on the project plan section of the scoring rubric.
iii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
e. Since this assignment will be completed mostly through virtual interaction between partners (e-mail, phone, discussion boards, etc.) – simulating common real world interactions - students must demonstrate strong communication skills, both oral and written.
i. Method for Assessing: We will assess this objective by reviewing the student’s response (and partner’s response) to the communication component of the reflective essay.
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
f. Create a presentation of Slides with Notes that effectively highlights the major components of the written report.
i. Method for Assessing: We will assess this objective by reviewing the score on the presentation component of the project.
g. Demonstrate characteristics associated with STI’s definition of leadership as outlined in the Leadership Essay at https:sans.edu/resources/leadershiplab/.
i. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student’s use of leadership skills as well as the performance and use of leadership skills of the other member(s).
Teaching Assistantship
1. Through completing a Teaching Assistantship the student will be able to:
a. Effectively utilize technical troubleshooting techniques to assist in the learning process for others.
i. Method for Assessing: We will assess this objective by reviewing the overall Instructor/ TA Coordinator evaluation on TA performance.
b. Develop skills in managing a classroom of learners; such as being able to understand the needs of the group/students and address them proactively, serving multiple students simultaneously, remaining patient and friendly when responding to questions and issues, etc.
i. Method for Assessing: We will assess this objective by reviewing the overall Instructor/ TA Coordinator evaluation on TA performance.
Security Awareness Talk
1. Security Awareness Talk- Through conducting a Security Awareness Talk to members of the community at no cost or low cost, student will be able to:
a. Increase awareness of civic responsibility in sharing information security knowledge with the community in advancing the mission of STI.
i. Method for Assessing: We will assess this objective by reviewing feedback given by co-worker/ supervisor of the talk. Additionally, the student will assess their own performance using the feedback form.
ii. Method for Assessing: The students will request the audience members to complete the feedback form, depending on the number of responses we will use this feedback as another method for assessing how the student did. The student will submit the completed feedback forms to the address designated by STI.
b. Effectively communicate with members of the community to address an information security related issue.
i. Method for Assessing: We will assess this objective by reviewing feedback given by co-worker/ supervisor of the talk. Additionally, the student will assess their own performance using the feedback form.
ii. Method for Assessing: The students will request the audience members to complete the feedback form, depending on the number of responses we will use this feedback as another method for assessing how the student did. The student will submit the completed feedback forms to the address designated by STI.
c. Demonstrate project management skills by making arrangements for a place, time, audience, and other details described on the plan outline for the presentation.
i. Method for Assessing: We will assess this objective by reviewing the Awareness Talk plan the student submits before the presentation.
GSE
Learning objectives for the GSE are posted at and are in Appendix 14.3.
Conclusion
As described above, STI is working diligently to improve not only the quality of education for our students but also the quality of our policies and procedures. As a result of the recommendations made to STI by the Assessment Team after their November 2009 visit, we are focusing our attention on transparency in our institution. Not only are we focused on making improvements, but we are also striving to ensure that the institutional community, which includes students, faculty, administration, and staff, are aware of the changes we are making. We are utilizing our website to publish improvements such as STI’s leadership essay, committee charters, STI’s strategic plan, faculty listings and student learning objectives, just to mention a few.
After attending two assessment workshops hosted by Middle States in August of 2010, STI began the process of implementing better procedures for ensuring that we are assessing the overall effectiveness of our institution and the learning that is taking place. As documented above we created learning objectives and assessment methods for the MSISE and MSISM programs as well as the Community Project Requirements. We drafted a formal assessment plan which focuses on institutional effectiveness and student learning. As data is obtained regarding these two areas, the results will be used in the institutional strategic planning process.
Additional Relevant Developments
➢ We are expressing our institutional goals in observable terms, focusing on 3-5 years out where reasonable, as evidenced by our Strategic Plan for 2010 – 2015. We also increased institutional participation in the strategic planning process.
➢ Utilizing key institutional goals, as outlined in the strategic plan, STI created a draft assessment plan that focuses on two areas: institutional effectiveness and student learning. STI created learning objectives and assessment methods for the MSISE and MSISM programs as well as the Community Project Requirements
➢ Staffing additions. We added a full-time staff member in mid April 2010 who is assisting the President and accreditation officer with the important work involved in the accreditation process. He also is learning about the Admissions and Student Services roles so he can assist the Dean of Admissions and Student Services. Also, beginning in April 2010, we acquired part-time assistance from a highly qualified SANS marketing executive who is very effective in this role.
➢ STI Board of Directors now engages in a more formal self assessment process, as evidenced in the 2010 board self evaluation.
➢ STI created initiatives to increase faculty and staff transparency, as well as to better articulate relationships and roles among related entities.
➢ STI articulated its definition of leadership
➢ We recently enrolled our first female student and are expecting additional applications from others.
➢ STI is organizing a “women in technology” focus group for the SANS Network Security Residential Institute to be held in September 2010. [Standards 8 & 10]
Planned Improvements
➢ We will post the tuition breakdown sample by mid September
➢ We will do a sampling of the gold papers to see if the papers are impacted by different learning modes or different instructors by mid 2011.
➢ Final job descriptions for Department Chair and Dean of Faculty are scheduled to be completed by the end of 2010.
➢ We expect the review for our Institutional Assessment Plan draft will occur within the next couple of months, and necessary changes will be completed by the end of 2010.
➢ Student portfolio tab will contain all active student work by the end of 2010.
➢ By mid 2011 we hope to have a good sampling of student work to utilize the VALUE rubrics to assess student learning.
➢ By the end of 2010 we plan on having a curriculum map for the MSISE (Engineering) and MSISM (Management) program.
STI would like to thank the visiting team for reading this interim report. We look forward to the team’s visit with the college community on September 8, 2010.
Appendix
Assessment Team’s Report
Applicant Assessment Visitors’ Report to
SANS Technology Institute (STI)
by
An Assessment Team representing the
Middle States Commission on Higher Education
Prepared after study of the Institution’s self-assessment report
and a visit to the Institution on November 22-24, 2009
The members of the Team:
Mr. John J. Staschak, Chair President & CEO, Bryant & Stratton College
2350 North Forest Rd.
Getzville, NY 14068
Dr. Joyce C. Elliott Provost/Vice President for Academic Affairs
State University of New York Empire State College
One Union Avenue
Saratoga Springs, NY 12866
Mr. Russell Kulp Chair of Bachelor Degree Program
Central Pennsylvania College
College Hill & Valley Roads
Summerdale, PA 17093
Accompanying the team:
Dr. Mary Ellen Petrisko Vice President, MSCHE
I. Introduction
The team conducted an applicant assessment visit to SANS Technology Institute in Bethesda, MD on November 22-24, 2009.
The SANS Technology Institute (STI) is a private for profit institution of higher education. The Institution was authorized by the State of Maryland in 2005 to offer two Master of Science Programs: the Master of Science Degree in Information Security Engineering (MSISE) and the Master of Science Degree in Information Security Management (MSISM). STI is not the typical brick and mortar institution but rather courses are held at various “residential institutes” in various hotel locations. The Institution also delivers courses over a variety of alternative delivery modes. The Institution’s parent company is Escal Institute of Advance Technology (dba SANS) and has two shareholders. SANS was established in 1989 and provides cyber security training to more than 14,000 individuals on an annual basis. STI makes use of the SANS educational materials and also utilizes the services of an additional affiliated company (GIAC) to assist in assessing mastery of the educational material through exams and papers. SANS provides a research component through the Internet Storm Center website which is managed by STI. The Institution’s mission underscores its focus on information security technology leaders.
II. Compliance with Requirements of Affiliation and Standards for Accreditation
SANS Technology Institute appears to be in compliance with all Requirements of Affiliation.
Standard 1: Mission, Goals, and Objectives
The Institution’s mission clearly defines its purpose within the context of higher education and explains whom the Institution serves and what it intends to accomplish. The Institution’s stated goals and objectives, consistent with the aspirations and expectations of higher education, clearly specify how the Institution will fulfill its mission. The mission, goals, and objectives are developed and recognized by the institution with its members and its governing body and are utilized to develop and shape its programs and practices and to evaluate its effectiveness.
The Institution meets the standard
The Institution has a very specific role in higher education, a laser-like focus, and its mission reflects that role and defines the Institution, delineates the scope of the Institution, explains the Institution’s character and individuality and articulates the values of the Institution. The Institution places a high premium or importance on developing leaders in the security technology field. The use of word “leadership” is a definitional component of the mission but lacks a clear understanding of what defines it amongst the various constituencies of the Institution. The mission is widely known by all the constituencies within the Institution and is used to guide planning, resource allocation, program and curriculum development and helps define program outcomes. The mission statement is also used to support scholarly and creative activity.
The Institution has established a number of goals but tends to preface goals with language such as “will review”, “continue to” and “improving”.
Recommendations:
The Institution needs to clearly define leadership as articulated in the mission in order to better measure or assess graduate’s roles within the security technology industry.
Institutional goals need to be defined in terms of an outcome with a broader end-point. Institutional goals are also best expressed in observable terms to ensure that they are capable of being evaluated through institutional assessment.
Standard 2: Planning, Resource Allocation, and Institutional Renewal
An institution conducts ongoing planning and resource allocation based on its mission and uses the results of its assessment activities for Institutional renewal. Implementation and subsequent evaluation of the success of the strategic plan and resource allocation support the development and change necessary to improve and to maintain Institutional quality.
The Institution demonstrates potential to meet the standard
The Vision of the Institution “is to create the next generation of leaders in the field of information security and risk management”. The Institution currently works with an annual strategic planning process, although a five-year enrollment projection and profit and loss statement is prepared. The planning process is a function of two senior level managers reaching out to various constituencies within the Institution. At this point in the Institution’s evolution there appears to be limited feedback coming from periodic institutional assessment. As noted in Standard 1 above goals tend to be stated in non-observable outcomes.
Recommendations:
STI should consider opportunities for greater cross-institutional dialog as part of its strategic planning process.
STI should establish delineation and relationship between long-term strategic goals and shorter-term tactical goals and objectives.
The Institution needs to establish a longer (three-to-five year) time horizon for the strategic plan that includes the development of clearly articulated key institutional goals, expressed in observable terms.
The Institution needs to include an effective institutional assessment plan (Standard 7) that includes a thorough review of relevant quantitative and qualitative information drawn from all segments of the institutional community. This process will allow the Institution to effectively “close the loop” that leads to either confirmation of current goals, plans, and programs and services, or appropriate modification of them to reflect the changing needs of the Institution and its community.
Standard 3: Institutional Resources
The human, financial, technical, physical facilities and other resources necessary to achieve an institution’s mission and goals are available and accessible. In the context of the institution’s mission, the effective and efficient uses of the institution’s resources are analyzed as part of ongoing outcomes assessment.
The Institution demonstrates potential to meet the standard
The Institution has provided three years of audited financial statements confirming financial responsibility and five years of projected financial performance.
The Institution’s ownership structure is proprietary and is 100% owned by its corporate parent, SANS (The Escal Institute of Advance Technologies, Inc.). There are no minority shareholders. Current enrollment at the Institution is small with approximately 30 students enrolled in the two master degree programs. The Institution’s audited 2008 calendar year financial statements do show that the Institution operated at a profit (9.5% of revenues) in 2008. That level of profitability, however, is highly dependent on a significant level of subsidy from the parent in the form of revenue from managing the organization’s Internet Storm Center website. Five-year projections do show a constant level of subsidy; and projected enrollment growth does indicate that the Institution will be able to generate sufficient revenues in the future. The financial statements of the parent demonstrate capacity to provide continued support during the start-up period for the Institution. Enrollment projections do assume accreditation is obtained during this timeframe. Currently, the lack of accreditation inhibits the Institution’s students’ ability to gain access to employer tuition reimbursement funds resulting in the Institution providing a high level of direct student aid to partially offset tuition.
For the most part staff and faculty are employees of the parent company with a charge being allocated to the Institution based on the number of students (degree) taking a course in conjunction with the non-credit training participants.
Recommendations:
The Institution needs to re-assess the current financial model, which assumes accreditation will be obtained by 2011, as the visit team believes that assumption to be unrealistic. A delay in accreditation will negatively impact both enrollment growth assumptions and the amount of direct student aid/scholarship provided by the Institution. The assessment issue will be whether the decline in revenues will negatively impact institutional support resources and the financial resources needed to carry out its mission and execute its plan.
The Institution and its parent will need to assess, as enrollments grow, the current allocation approach of resources to ensure that adequate faculty, staff and administration are available to support the Institution’s mission and outcomes expectations.
Standard 4: Leadership and Governance
The Institution’s system of governance clearly defines the roles of institutional constituencies in policy development and decision-making. The governance structure includes an active governing body with sufficient autonomy to assure institutional integrity and to fulfill its responsibilities of policy and resource development, consistent with the mission of the Institution.
The Institution meets the standard
The Institution maintains a separate and distinct Board of Directors from the parent and affiliated companies. The Institution has provided the Related Entities certification as required by MSCHE.
The Board consists of nine (seven voting) members with expertise in the information security industry, current faculty and higher education, including several public members. A unique attribute of the governance structure is a “director in training” who is a current student in the Masters program and holds a non-voting seat. The Board has the appropriate written governance documents including by-laws, committee structure/charters and a conflict of interest policy. Directors serve a three-year term except for the initial Chair who has no term limit.
The chief executive officer of the Institution is the President and he serves as an ex-officio and non-voting member of the Board. The Board appointed the President.
Recommendation:
While the Board recently completed a survey to self-assess and evaluate the performance of the President, it is recommended that the Board engage in a more formal process of periodic assessment of the governing body and the effectiveness of institutional leadership based on the strategic goals and operating performance of the Institution.
Standard 5: Administration
The Institution’s administrative structure and services facilitate learning and research/scholarship, foster quality improvement, and support the Institution’s organization and governance.
The Institution demonstrates potential to meet the standard
The President is the Institution’s chief executive officer. The President is also a member of the faculty and is in contact with students on a regular basis. The President’s academic background, professional training and knowledge in the field are appropriate to this institution of higher education and the Institution’s mission. The Institution’s organization chart contains an appropriate number and level of administrative leaders in the areas of academics, administration, business office and research.
Similar to the President, a number of the administrative staff wear multi-hats and have duties and responsibilities in several areas, which may involve other administrative duties or a teaching load. The administration of the Institution (degree granting) is shared with the parent company’s non-degree granting training business. Expenses are then allocated back to the Institution.
Recommendations:
While the assignment of multiple functions to one individual or the assignment of administrative work (with or without compensation) to faculty members may be appropriate this practice needs to be reviewed on a periodic basis and a human resource plan developed to insure that qualified and dedicated staffing is available to the Institution as enrollments grow and the level of complexity increases.
While the Institution and its parent company have executed the appropriate Related Party Certification, the Institution needs to review the existing sharing of duties between the organizational entities to determine at what level (students and/or maturation of the Institution) of dedicated staff and faculty, for that matter, is appropriate. Ultimately, the chief executive’s primary responsibility, under the standard, is to lead the Institution toward the achievement of its goals (emphasis added).
Standard 6: Integrity
In the conduct of its programs and activities involving the public and the constituencies it serves, the Institution demonstrates adherence to ethical standards and its own stated policies, providing support to academic and intellectual freedom.
The Institution meets the standard
STI’s commitment to academic integrity is evidenced by published student grievance policies and appeal processes, a code of student conduct and its academic integrity policy on STI’s website. Students interviewed believe the policies are fair and consistently applied. Student testimonials attesting to the freedom to explore flexible approaches of problem solution supports evidence of academic freedom.
In furtherance of its concern for academic integrity, SANS engaged a subject matter expert to review proposed courses for possible copyright infringement.
The Institution utilizes an electronic catalog with a directory or index on its website. Retention and graduation rates are also published on the website.
Standard 7: Institutional Assessment
The Institution has developed and implemented an assessment plan and process that evaluates its overall effectiveness in: achieving its mission and goals; implementing planning, resource allocation, and institutional renewal processes; using institutional resources efficiently; providing leadership and governance; providing administrative structures and services; demonstrating institutional integrity; and assuring that institutional processes and resources support appropriate learning and other outcomes for its students and graduates.
The Institution demonstrates potential to meet the standard
STI is fulfilling its mission in conformity to its mission statement. The board of directors reviews the mission statement at least annually. The mission statement is published and distributed to students. The most recent Graduate Exit Interview surveys (December 2008) indicate that graduates believe that STI is achieving its mission. Achievement of institutional and program-level goals is somewhat less clear.
As indicated through the Institution’s self-assessment document and interviews with faculty and staff members, STI is employing a variety of formal and informal assessment approaches to improve student-learning outcomes and improve its programs.
It is believed that the twelve questions developed by STI for review and assessment of its strategic goals will come into greater focus if those goals are quantified in order to afford objectively measurable outcomes.
Recommendations:
STI’s vision is to create the next generation of information security leaders. It is recommended that a working definition of leadership be developed to clarify the intended use of this term in order for STI to be able to measure its success per its definition of leadership. This should be considered an imperative since any number of its student might be considered to be in positions of leadership at their current levels of employment.
The institution needs to develop assessment processes for assessment of institutional level and program level objectives. These processes need to be further formalized and a written assessment plan should be developed.
Standard 8: Student Admissions and Retention
The Institution seeks to admit students whose interests, goals, and abilities are congruent with its mission.
The Institution meets the standard
Admissions policies are clearly posted on STI’s website, and are in conformity with its mission to develop and train information security leaders. Academic prerequisites, work experience requirements, higher than average score requirements on GIAC certifications, employer letter of recommendation, outcomes statement and leadership essay are all designed to admit only those students who would be a good fit for the program and are equipped to succeed. Prospective students are informed of retention and graduation rates via the website. When changes are made to admissions policies, procedures or fees, the superseded information is archived on the website.
Information regarding tuition assistance through employer–provided tuition assistance and work-study programs is posted on the website under the title Tuition Assistance. STI does not offer financial aid. A detailed refund policy is posted on the website as well. Tuition charges and fees are also posted on the website.
Due to the highly specialized nature of the training, transfer credits from outside institutions are not accepted. Only SANS Institute courses and GIAC certifications are accepted.
Learning goals for each degree program are posted in the website.
Enrollment goals are detailed and include a five-year projection. Results are reviewed and assessed annually. If goals are not met, the reasons are analyzed and used to formulate future enrollment strategy.
A policy to deal with at-risk students was implemented mid-year 2008. Efforts are made to contact inactive students and determine the cause. Student progress is tracked and monitored for retention purposes. Withdrawals are assessed. In one instance assessment of two withdrawals resulted in the implementation of the GIAC Certification prerequisite.
Suggestions:
The Institution should continue its efforts to attract a higher proportion of female faculty and students.
A further breakdown of tuition charges by course or credit hours should be provided to assist the prospective student in evaluating costs.
Standard 9: Student Support Services
The Institution provides student support services reasonably necessary to enable each student to achieve the Institution’s goals for students.
The Institution meets the standard
Interviews with students indicate that they are very satisfied with the learning support and access to STI faculty and personnel when they require assistance. They were especially complimentary of the response time. Students were satisfied with the fairness and manner in which issues or complaints were addressed and resolved. Procedures for appeals and grievances are clearly posted on the Institute’s website. A privacy policy listing FERPA rights is also listed on the website.
Library resources are limited, but assessments indicate that this body of students seldom uses books in the Institute’s library. Because of the constantly ongoing volume of new data peculiar to this field students primarily used internet sources. As a result of this assessment, the Institute now requires at least three hard copy book references to be included in student Gold Paper submissions.
STI supports access to courses for its adult working part time students through multiple delivery platforms that include residency programs, intensive face-to-face courses offered in week-long formats in multiple locations, and both synchronous and asynchronous online formats.
STI considers its website to be the student handbook and catalog and a directory is provided on the website for that purpose.
Students have access to the Dean of Admissions & Student Services for general questions. Additional support is provided through the assignment of a faculty advisor, student mentor and a course advisor. Each new student is provided with a Student Progress and Curriculum Plan to be used in guiding students through the program. Student progress is reviewed twice a year. A course advisor contacts a student after the student has completed the residential institute or self study course to see if the student has questions, understands the subject matter and is preparing to take the exam. A survey assessment in July 2008 indicates that this service is primarily utilized by newer students in the program.
STI does not provide career counseling as most of its students are already employed in the field. Those requesting career counseling are referred to a faculty advisor or the President. STI’s disabilities policy is posted on its website.
As part of the ongoing assessment of student services, a student services survey will be conducted annually and be used in the annual review process of the strategic plan.
Suggestion:
While students do not appear to use the library resources extensively, the offerings are limited and should be reviewed to determine whether expansion would be beneficial.
Standard 10: Faculty
The Institution’s instructional, research, and service programs are devised, developed, monitored, and supported by qualified professionals.
The Institution meets the standard
STI un-bundles elements of the faculty role and assigns them to multiple individuals, largely on a contractual basis. Elements include:
▪ Course development – Course authors create courses and materials (books) and are generally compensated via an author’s fee, which is a percentage of the course revenue every time the course is offered. The course author is compensated on an on-gong basis so long as s/he continues to revise the course as requested.
▪ Instruction – This is essentially “outsourced” to SANS. Course instructors deliver a course in one or more of the delivery modes.
▪ Evaluation of Student Learning – This function is essentially “outsourced” to GIAC. For graduate credit, students must achieve Silver certification for most courses (based on 4-5 hour multiple-choice exam) at the 80% level. For most courses, they must also achieve Gold certification (based on submission of an acceptable technical report or white paper) at the 70% level using the Gold paper rubric.
▪ Assignment of Course Outcomes/Grade – Credit is awarded based entirely on GIAC silver and Gold paper (or alternative assignment) scores.
▪ Rubric creation for Gold papers.
▪ Gold paper advisors (N = about 60 Gold paper advisers at this time) – Compensation is $100/paper, which generally involves 20-40 hours of work, regardless of student persistence or outcome.
▪ Gold Paper Approvers – primary advisor plus two other individuals must approve the student’s paper for gold certification. This is somewhat comparable to a master’s committee in more traditional programs.
▪ Graduate students functioning as Work Study program facilitators or course “proctors/teaching assistants” – Participation as facilitators and course proctors/teaching assistants are graduation requirements for MSISM students, usually carried out at the first and third Residential Institutes, respectively. In a course for which the student has already earned at least Silver certification, the student functions as a teaching assistant for the course instructor, assisting students with hands-on exercises and questions regarding the course material. MSISE students also are required to participate as facilitators.
In relation to the expectation that faculty and other professionals are prepared and qualified for their roles, STI, SANS and GIAC employees evidence strong professional qualifications. The self-assessment document emphasizes security curricular content and instructor experience and credentials over those in leadership. In security areas, the master’s degree is an expected terminal degree. Even in such a highly specialized field, the bachelor’s degree is not generally acceptable for graduate-level instruction. STI needs to clearly articulate an individual’s alternative qualifications in the event the master’s degree is not present. For master’s level education, faculty are generally expected to have doctoral level credentials. As enrollment builds, STI should seek doctoral-level credentials for instructors responsible for the leadership/management components of the curriculum, or clearly articulate an individual’s alternative qualifications in the event a doctoral degree is not present.
In relation to the expectation that roles and responsibilities of faculty and other professionals are well defined, the responsibilities and compensation of those fulfilling various elements of the faculty role should be more clearly defined and transparent. Where administrators are engaged extensively in faculty roles, or where contractual instructors have administrative responsibilities, the scope and responsibilities, percentage of effort and compensation for the administrative functions should be more clearly defined and transparent.
Once the above element is more clearly defined, it will be more possible to determine whether STI meets the expectation that the number of faculty and other professionals is sufficient to fulfill roles appropriately.
As noted above, STI un-bundles key elements of the faculty role. Typical faculty responsibilities for designing, maintaining and updating the curriculum are distributed across STI and SANS with respect to course offerings. Course effectiveness is monitored closely in relationship to student performance on GIAC certification exams. Courses are updated as often as three times per year, in response to certification results, new developments in the security field and related job task analyses by practitioners.
At the course level, faculty and other professionals appear to have an appropriate role in overseeing the curricular components that are highly specialized and rapidly changing. As noted under Standard 14, STI needs to strengthen its articulation of both the overall program goals and learning outcomes and the intended learning outcomes of each of the program requirements that go beyond specific courses (e.g., oral presentations). The role of faculty in defining these higher-level goals and outcomes needs to be clearly established.
There is evidence that faculty and other professionals demonstrate excellence in teaching, research and service and continued professional growth. STI and SANS have established a very systematic program for assessing and developing faculty teaching effectiveness. As described, the instructor development program appears to emphasize presentation skills over other elements of effective teaching. Course instructors appear deeply committed to maintaining currency in the field as well as to research and service that advances the field and serves the public good. Further, the self-assessment document evidences institutional recognition of appropriate linkages among scholarship, teaching, student learning, research, and service.
STI does not have a standard appointment, tenure and promotion system. Most instruction is provided by part-time, “adjunct” faculty employed on a contractual basis or by full-time administrators with substantial teaching responsibilities. Course instructors deliver highly structured training, and are not necessarily involved in course design or revision. The faculty handbook contains important information about the mission of STI, its relationship with SANS and GIAC, the master’s degree programs, faculty levels (or “ranks”) that are uniquely tailored to SANS/STI model, etc., and also outlines provisions regarding academic freedom, academic integrity, professional standards, due process, etc. As noted above, more transparency regarding position responsibilities of those fulfilling distinct elements of the faculty role, and related compensation, is needed. It is not clear whether an individual is working for and paid by SANS or STI when performing some functions.
STI representatives expressed concern over the number of women in high-level roles in the field as well as in the graduate student body and on the instructional staff.
Suggestion:
STI might seek to target recruitment of female instructors for the SANS on Demand and vLive! (and local face-to face) delivery modes, which offer more scheduling flexibility than large face-to-face conferences.
Recommendations:
As enrollment builds, STI should seek doctoral-level credentials for a significant proportion of the instructors responsible for the leadership/management components of the curriculum, or clearly articulate an individual’s alternative qualifications in the event a doctoral degree is not present.
The responsibilities and compensation of those fulfilling various elements of the faculty role should be more clearly defined and transparent. Where administrators are engaged extensively in faculty roles, or where contractual faculty have administrative responsibilities, the scope and responsibilities, percentage of effort and compensation for the administrative functions should be more clearly defined and transparent.
The locus of responsibility for defining program-level goals and learning outcomes for degree requirements beyond the course level needs to be clearly established.
As a matter of transparency and fairness, STI should establish explicit criteria for hiring and reviewing those with responsibility for the educational program, and also clearly establish the locus of supervision for those carrying out various elements of the faculty role.
Standard 11: Educational Offerings
The Institution’s educational offerings display academic content, rigor, and coherence that are appropriate to its higher education mission. The Institution identifies student learning goals and objectives, including knowledge and skills, for its educational offerings.
The Institution meets the standard
Degree offerings and requirements are congruent with STI’s mission as a highly specialized graduate institution, in terms of content, breadth, length and rigor. Credit hours per course are established based on hours of class time as generally accepted in higher education, or on equivalent expectations for distance learning modes.
It appears that the master’s programs foster a coherent student learning experience and synthesis of learning; such outcomes might be articulated as part of the program goals. Other possible outcomes might include research and independent thinking skills expected at the advanced level.
STI’s practices and policies are ideally suited to meeting the needs of adult learners who are accomplished, busy professionals.
Student learning modes at STI include face-to-face training at conferences or other venues, self-paced online study via SANS onDemand and synchronous study via vLive. Students may also choose a self-study option using STI course materials, which are the same as materials used by students in the other modes. As well, students may combine modes of learning – for example, by adding SANS onDemand to a face-to-face course. Finally, students may challenge the GIAC certification without using STI study modes and materials. Graduate students are allowed to use the self-study document and/or challenge options while they are in the master's programs for no more than two of their certifications/courses.
Regardless of the learning mode the student uses to prepare, the student must ultimately achieve the required performance level on the relevant GIAC exam for Silver certification (almost always), as well as (almost always) the required performance level for Gold certification, in order to earn graduate credit. GIAC certification exams meet psychometric standards and several of them are accredited by the American National Standards Institute (ANSI).
Where available, course-level objectives are appropriately developed. Course level objectives drive both the design of the course or training experience and the GIAC certification exams and papers that are used to evaluate student learning.
STI and its affiliates provide (indeed, produce) rich, current research materials especially in relation to the more technical elements of the curriculum. Student work as evidenced in published Gold papers is of high quality. Electronic library services with graduate-level resources are most appropriate to STI’s student body and mode of delivery; a physical library is not indicated for this institution. STI is not currently providing the electronic library services described in the self-study. Especially in relation to the extensive available literature in management and leadership, which goes beyond the security field, STI should re-establish such resources. Further, STI courses, gold papers and alternative written assignments, and additional degree requirements, should “drive” students to such resources as well as to more technical materials.
STI has a policy regarding transfer credit that is appropriate to its mission.
Commendation:
STI is to be commended for devising a model adult-learner-friendly program.
Suggestion:
The opportunity to use prior GIAC certifications to meet graduate program requirements – and the limits to doing so – could be more clearly articulated for the benefit of students.
Recommendations:
STI needs to present the master’s degree curricula and additional degree requirements in a coherent, transparent way on its own website, which serves as its catalog.
In relation to the extensive available literature in management and leadership, which goes beyond the security field, STI should re-establish electronic library resources such as those described in the self-assessment document.
Standard 12: General Education
The Institution’s curricula are designed so that students acquire and demonstrate college-level proficiency in general education and essential skills, including oral and written communication, scientific and quantitative reasoning, critical analysis and reasoning, technological competency, and information literacy.
The Institution meets the standard
The Institution has established admission requirements that provide sufficient assurance of the student’s general education skills upon entry to the graduate degree programs.
Standard 13: Related Educational Activities
Institutional programs or activities that are characterized by particular content, focus, location, mode of delivery, or sponsorship meet appropriate standards.
The Institution meets the standard
Three elements of this standard apply to STI. The others are not applicable.
The Institution meets this standard with respect to distance or distributed learning. In particular, STI has demonstrated the equivalency of the course objectives, design, materials, faculty training, instruction, student support and student evaluation across the learning modes described under Standard 11.
Regardless of the learning mode the student uses to prepare for the relevant GIAC certification, the student must ultimately achieve (almost always) the required performance level on the exam for Silver certification, as well as (almost always) the required performance level for Gold certification, in order to earn graduate credit. This common basis for award of credit – regardless of mode of learning – serves to verify the equivalency of the modes of learning.
STI has developed its own LMS platform to support its onDemand distance-learning format and uses Elluminate to support vLive!, its synchronous distance-learning format. The technical underpinnings of these forms of distance delivery are very appropriate.
The Higher Education Opportunity Act requires authentication of the identity and work of students enrolled at a distance. The Institution requires user ID and password sign-in for online learning experiences. However, in the STI model, these experiences are “low stakes” in that the key verification of student learning takes place through the relevant GIAC certification exams (almost always) and papers. GIAC Silver exams require in-person identification and are proctored through a KRYTERION testing center or through an alternative approved by STI. STI has established clear and appropriate guidelines for proctoring GIAC Silver exams. Faculty advisors closely supervise student work on papers for Gold certification and other written assignments. The Institution meets the requirements of the Higher Education Opportunity Act.
STI meets this standard with respect to branch campuses, additional locations and other instructional sites. STI delivers face-to-face training at hotels and conference centers as well as at employment and community locations. These are instructional sites, rather than “branch campuses” or “additional locations.” As described, the facilities appear appropriate for training courses and related learning and professional experiences.
STI meets this standard with respect to contractual relationships and affiliated providers
Suggestion:
STI should systematically organize and review data on student performance on certification exams and papers by learning mode, as well as by instructor.
Recommendation:
The Institution needs to ensure that contractual relationships are established with affiliated providers in order to protect the Institution’s integrity and assure that the Institution has appropriate oversight of and responsibility for all activities carried out in the Institution’s name or on its behalf.
Standard 14: Assessment of Student Learning
Assessment of student learning demonstrates that the institution’s students have knowledge, skills, and competencies consistent with institutional goals and that students at graduation have achieved appropriate higher education goals.
The Institution demonstrates potential to meet the standard
Adherence to this standard requires articulated statements of expected student learning outcomes at all levels—institutional, degree, and course, appropriately integrated with one another and a sustained assessment process to evaluate and improve student learning. While STI appears to have highly evolved sustained processes for assessing student learning at the course level, it is less clear that that there are clearly articulated objectives and assessments of learning outcomes at the program and institutional level.
Assessments of Community Project Requirements (CPR’s) seem to focus on process improvement. As they are part of the curriculum, assessment emphasis should also include assessment of learning outcomes for these activities.
The self-assessment document indicates that the Work Study activity has a focus (teamwork) approach, however, it does not indicate an educational goal and learning outcomes. The current assessment process places emphasis on logistics.
The Institution is completing the process of writing course objectives for the SANS courses utilized in the STI curriculum. In writing course learning outcomes it should address knowledge, skills and competencies as discussed in Standard 14.
The Institution has developed a method of assessing leadership development comprised of seven Outcomes Statements indicating the desired skill mastery to be acquired by the student as a result of completing a given project, the means of assessment, and the committees to whom it will be disseminated for review and recommendation.
Recommendations:
The Institution needs to clearly articulate learning objectives and methods of assessment need to be established at the institutional level.
STI needs to strengthen its statement of both the overall program goals and learning outcomes and the intended learning outcomes of each of the program requirements that go beyond specific courses (e.g., oral presentations). Since leadership outcomes are central to the mission, STI should articulate its definition of or framework for leadership. Ideally, these intended outcomes will be transparent to students. Once these goals are clear, STI needs to periodically evaluate the effectiveness of program components in meeting them, and use the results for improvements and for students to see their own progress.
Having made a solid beginning, STI needs to complete its articulation of course-level learning goals for all graduate courses. In addition, learning objectives and methods of assessment need to be established for the Community Project Requirements. The Work Study activity needs to have a clearly defined educational purpose and goal.
III Summary of Institutional Strengths, Areas of Concern and Recommendations
Standard 1:
Recommendations:
The Institution needs to clearly define leadership as articulated in the mission in order to better measure or assess graduate’s roles within the security technology industry.
Institutional goals need to be defined in terms of an outcome with a broader end-point. Institutional goals are also best expressed in observable terms to ensure that they are capable of being evaluated through institutional assessment.
Standard 2:
Recommendations:
STI needs to consider opportunities for greater cross-institutional dialog as part of its strategic planning process.
STI needs to establish delineation and relationship between long-term strategic goals and shorter-term tactical goals and objectives.
The Institution needs to establish a longer (three-to-five year) time horizon for the strategic plan that includes the development of clearly articulated key institutional goals, expressed in observable terms.
The Institution needs to include an effective institutional assessment plan (Standard 7) that includes a thorough review of relevant quantitative and qualitative information drawn from all segments of the institutional community. This process will allow the Institution to effectively “close the loop” that leads to either confirmation of current goals, plans, and programs and services, or appropriate modification of them to reflect the changing needs of the Institution and its community.
Standard 3:
Recommendations:
The Institution needs to re-assess the current financial model, which assumes accreditation will be obtained by 2011, as the visit team believes that assumption to be unrealistic. A delay in accreditation will negatively impact both enrollment growth assumptions and the amount of direct student aid/scholarship provided by the Institution. The assessment issue will be whether the decline in revenues will negatively impact institutional support resources and the financial resources needed to carry out its mission and execute its plan.
The Institution and its parent will need to assess, as enrollments grow, the current allocation approach of resources to ensure that adequate faculty, staff and administration are available to support the Institution’s mission and outcomes expectations
Standard 4:
Recommendation:
While the Board recently completed a survey to self-assess and evaluate the performance of the President, it is recommended that the Board engage in a more formal process of periodic assessment of the governing body and the effectiveness of institutional leadership based on the strategic goals and operating performance of the Institution.
Standard 5:
Recommendations:
While the assignment of multiple functions to one individual or the assignment of administrative work (with or without compensation) to faculty members may be appropriate this practice needs to be reviewed on a periodic basis and a human resource plan developed to insure that qualified and dedicated staffing is available to the Institution as enrollments grow and the level of complexity increases.
While the Institution and its parent company has executed the appropriate Related Party Certification, the Institution needs to review the existing sharing of duties between the organizational entities to determine at what level (students and/or maturation of the Institution) of dedicated staff and faculty, for that matter, is appropriate. Ultimately, the chief executive’s primary responsibility, under the standard, is to lead the Institution toward the achievement of its goals (emphasis added).
Standard 6:
None
Standard 7:
Recommendations:
STI’s vision is to create the next generation of information security leaders. It is recommended that a working definition of leadership be developed to clarify the intended use of this term in order for STI to be able to measure its success per its definition of leadership. This should be considered an imperative since any number of its student may be considered to be in positions of leadership at their current levels of employment.
The institution needs to develop assessment processes for assessment of institutional level and program level objectives. These processes need to be further formalized and a written assessment plan should be developed.
Standard 8:
Suggestions:
The Institution should continue its efforts to attract a higher proportion of female faculty and students.
A further breakdown of tuition charges by course or credit hours should be provided to assist the prospective student in evaluating costs.
Standard 9:
Suggestion:
While students do not appear to use the library resources extensively, the offerings are limited and should be reviewed to determine whether expansion would be beneficial.
Standard 10:
Suggestion:
STI might seek to target recruitment of female instructors for the SANS on Demand and vLive! (and local face-to face) delivery modes, which offer more scheduling flexibility than large face-to-face conferences.
Recommendations:
As enrollment builds, STI should seek doctoral-level credentials for a significant proportion of the instructors responsible for the leadership/management components of the curriculum, or clearly articulate an individual’s alternative qualifications in the event a doctoral degree is not present.
The responsibilities and compensation of those fulfilling various elements of the faculty role should be more clearly defined and transparent. Where administrators are engaged extensively in faculty roles, or where contractual faculty have administrative responsibilities, the scope and responsibilities, percentage of effort and compensation for the administrative functions should be more clearly defined and transparent.
The locus of responsibility for defining program-level goals and learning outcomes for degree requirements beyond the course level needs to be clearly established.
As a matter of transparency and fairness, STI should establish explicit criteria for hiring and reviewing those with responsibility for the educational program, and also clearly establish the locus of supervision for those carrying out various elements of the faculty role.
Standard 11:
Commendation:
STI is to be commended for devising a model adult-learner-friendly program.
Suggestion:
The opportunity to use prior GIAC certifications to meet graduate program requirements – and the limits to doing so – could be more clearly articulated for the benefit of students.
Recommendations:
STI needs to present the master’s degree curricula and additional degree requirements in a coherent, transparent way on its own website, which serves as its catalog.
In relation to the extensive available literature in management and leadership, which goes beyond the security field, STI should re-establish electronic library resources such as those described the self-assessment document.
Standard 12:
None
Standard 13:
Suggestion:
STI should systematically organize and review data on student performance on certification exams and papers by learning mode, as well as by instructor.
Recommendation:
The Institution needs to ensure that contractual relationships are established with affiliated providers in order to protect the Institution’s integrity and assure that the Institution has appropriate oversight of and responsibility for all activities carried out in the Institution’s name or on its behalf.
Standard 14:
Recommendations:
The Institution needs to clearly articulate learning objectives and methods of assessment need to be established at the institutional level.
STI needs to strengthen its statement of both the overall program goals and learning outcomes and the intended learning outcomes of each of the program requirements that go beyond specific courses (e.g., oral presentations). Since leadership outcomes are central to the mission, STI should articulate its definition of or framework for leadership. Ideally, these intended outcomes will be transparent to students. Once these goals are clear, STI needs to periodically evaluate the effectiveness of program components in meeting them, and use the results for improvements and for students to see their own progress.
Having made a solid beginning, STI needs to complete its articulation of course-level learning goals for all graduate courses. In addition, learning objectives and methods of assessment need to be established for the Community Project Requirements. The Work Study activity needs to have a clearly defined educational purpose and goal.
Appendix 1.1 – Leadership Definition
Leadership Essay
By Stephen Northcutt
April 6th, 2010
Version 1.6
Definition of Leadership
A leader is a person who guides or inspires others within an organization or community to achieve a goal. Leadership development begins with the simple realization that you want to be a leader. Life has many opportunities to press forward and take charge of a situation, or conversely, to shrink into the background. This is why we ask prospective students to write an essay about demonstrated leadership when they apply to our school.
Leadership and Competencies
What does leadership mean, how do you measure leadership? One approach is through management and leadership competencies. We define competencies as measurable skills, knowledge, and abilities that identify successful managers in the information security discipline. In your college career, you will be exposed to core competencies. They are covered in your required course, SANS Security 421. Some of the competencies that you will be taught are reinforced by specific course work and exercises:
• Team Development: This will occur during the first residential institute (work study), and both of your group projects.
• Relationship Building: This often happens during the first residential institute (work study).
• Importance of Communication: The presentation skills course will help you develop your oral and written communication skills.
• Self-Direction: We will be monitoring your progress throughout the program, but it will be up to you to sign up for classes and get the work done on time at a proper level of quality.
• Coaching and Training: MSISM students are required to serve as Teaching Assistants, and your final requirement will be to teach a Security Awareness course in your geographic area.
• Leadership Qualities: Many of the faculty you will be working with are leaders in information security field, they will consistently model leadership in the information security field.
• Vision Development: Gold papers cannot be a rehash of tired already published ideas that cannot add value. You will be required to produce original, creative work.
• Project Planning: You will learn about Project Management Planning in MGT 525 and you will be required to submit a project plan as part of your Joint Written Project.
Other competencies listed below will be taught in your required courses:
• Conflict Resolution
• Employee Involvement
• Change Management
• Motivation of Employees and Teammates
• Leadership Development
• Leading Tribes
• Brainstorming
• Leading Change
Two competencies are more important than all the others. How does a leader guide or inspire? They have to be great communicators. Therefore two of the most important skills you will work on are:
• Ability to communicate well orally
• Ability to communicate well in writing
The leaders in information assurance have different goals. That is the purpose of the outcome statement STI students prepare as part of their admission package. We invest a lot of time and money in each accepted student and we want to be sure that your goal is worthy of the investment. Some leadership roles in security are similar to other disciplines, others are unique. A few examples of security leadership roles are listed below:
• Manager, team leader or project manager
• The technical "go to" person
• Thought leader, often through writing and speaking
• Instructor, mentor
• Tribe leader, someone that can build a large following to accomplish a goal
• Change Agent, someone who uses their thought leadership position to alter the way we look at technology or process
• Technical tool author who creates or leads the team that develops a security tool whether open source or commercial
As a resource for you, we have posted a number of essays by faculty members and fellow students that either further define the core competencies or discuss additional competencies. What is the difference between a manager and a leader? A successful leader needs all of the same competencies as a manager, but some of the competencies must be more developed. For instance, vision. You can manage with a minimal capability for vision and that is even something Human Resources may look for in an industry that is based on repeatable tasks. However, you cannot lead without vision. The Security Thought Leaders interview series introduces a number of visionary leaders in the information assurance industry. In addition, you must have power beyond your positional power, the authority that comes with your role or job description. For many students in the MSISE program, this will be something called referential power, based on your knowledge of technical security. Our goal is for you to be able to work at the highest technical level in your organization. For many students in the MSISM program this will be something called personal power, people will want to work with you because they feel that you have both programmatic skills and a strong understanding of technical issues. They will look for you to be a bridge between management and technical groups in your organization.
Senior Leadership and Statesmanship
One reason to start focusing on your leadership skills today is that leadership is learned over years, not months. The best way to become a senior leader is by studying competencies and having the discipline to make them become habits and tools in your life. We can define a senior leader as someone who attains a highly respected rank, examples include:
• CEO, CTO, CSO, CISO
• Board member, Chairman of the Board
• President, Vice President
• Bishop, Cardinal
• Mayor, Senator, Representative
Perhaps the highest level of leadership is the statesman, a respected leader in national or international affairs, a person that devotes some or all of their energy to public service and to improve the common good. They have mastered the management, leadership and governance competencies and use the experience from a long and respected career to benefit others.
Appendix 1.2 – Admissions Leadership Essay Instructions
Admissions- Leadership Essay Instructions
Our mission is to attract applicants who have demonstrated leadership ability in the past and who will become the leaders in information security in the future. For that reason, one of our admission requirements is that an applicant must complete a leadership essay describing leadership qualities that the applicant has demonstrated in the past. We define leadership and leadership competencies in the article posted here. Please (a) list three competencies that you believe you have some strength in and provide examples, and (b) list three competencies that you want to work on. It is perfectly acceptable to refer to a competency that is not listed in that article. We are looking at the quality of the writing (content, grammar, spelling, etc.) since one of the characteristics of being a leader is being able to write well. If an applicant is accepted into our program, we may post the essay on our Leadership Lab web page. We understand that some information may be sensitive. For instance, applicants may want to be careful about naming a particular place, time, individual, or company. We have no objection to your use of a fictitious place, time, individual, or company name in your essay; however, your own name, as author, must appear on your essay.
Appendix 1.3 – Strategic Plan
STRATEGIC PLAN - SANS TECHNOLOGY INSTITUTE (STI)
Years: 2010 – 2015
Issued: June 2010
Final
Welcome!
The SANS Technology Institute (STI) Strategic Plan developed in 2010 will guide the college in six core focus areas: information security leadership; teaching, research and education; student life and experience; alumni relations; quality and assessment; and financial growth.
This plan is for all of us. Please contact President Stephen Northcutt at (808) 823-1375 or stephen@sans.edu with your thoughts and suggestions.
* * * * *
Table of Contents:
INTRODUCTION
MISSION
VISION
GOAL CATEGORIES:
1. Information Security Leadership
2. Teaching, Research and Education
3. Student Life and Experience
4. Alumni Relations
5. Quality and Assessment
6. Financial Growth
MONITORING AND EVALUATION
PROCESS USED IN DEVELOPING THIS PLAN
Introduction
SANS Technology Institute (STI) wishes to thank the many people who worked on this Strategic Plan for the Years of 2010-2015 (issued in June 2010). The general process that we used and the names of the people who contributed are provided at the end of this document.
Mission: The mission of SANS Technology Institute (STI) is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. STI seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. STI's primary functional emphasis is instruction, but STI's faculty and students will engage in research and public service programs.
Vision: Our goal is to create the next generation of leaders in the field of information security and risk management. We want to make strong efforts to attract applicants with leadership qualities, and provide them with training to enhance those leadership abilities.
Examples of leadership roles are provided in our leadership essay at sans.edu/resources/leadershiplab/leadership_essay.php.
Vision for STI in 2015:
In 2015, STI will be accredited. Our general policies, procedures and processes affecting students and applicants will be transparent, organized and posted on our web page for anyone to review. STI will be thought of as the primary source of high quality information security leadership training. As evidence of this, our web site will be highly ranked for Google and other searches for a large number of terms related to who we are and what we do. The overwhelming majority of our students will be in information technology/information security leadership positions as leadership is defined in our leadership essay. A few of our graduates will be in senior leadership positions as defined in our leadership essay. Our goal is 150 students concurrently enrolled by year end 2015. (While we will be short in 2015 of our longer range goal of 200 current students completing an average of two to three courses per year, we will have the processes in place to get there and be making measureable progress). We fully understand that hope is not a strategy; the remainder of this document is focused on defining the path from where we are today, to where we can be in 2015.
To achieve this vision, we need specific goals and targets which are described below.
Goals for 2010 - 2015 Strategic Plan:
1. Information Security Leadership
STI has a laser focus on both our subject area and our mission, to develop the leaders that are critically needed in our field. We grasp this reality and have responded with a successful program, but we need to do more. Over the next five years and beyond, we will continue research into security leadership and refine our processes to be as effective as possible.
Goal 1.A: Within the first 3 years after graduation, 85% of graduates will be in leadership positions as defined by the leadership essay.
Strategy 1.A.1: Increase mental focus on leadership among our students and graduates. As one example, we will be asking graduates if they are interested in providing input on the MGT 421 Leadership and Management Competencies course material in order to improve it. They will receive a small honorarium for reviewing it. Request will be sent by Q1 2010 with request for completion by mid 2010.
Strategy 1.A.2: Provide mentoring/guidance to those graduates who would like support in achieving leadership positions. Methods for implementing this goal have been implemented and distributed to graduates, with an information copy to students.
Strategy 1.A.3: Provide a list of the present positions of graduates to the appropriate committee by end of first quarter 2010 to determine if it appears that those persons have achieved leadership positions. Starting mid 2010, we also will compare their current position to the position they had upon entering the program to assess whether participating in the program has a result on student’s positions. This will be done shortly after each graduation.
Strategy 1.A.4: Survey alumni to obtain their perceptions about whether they have achieved leadership positions and their satisfaction level. Those graduates will be surveyed again every three years. Target Date: End of 2010 and every three years thereafter.
Strategy 1.A.5: Survey employers/experts to determine if they believe our graduates are performing in leadership positions. We will ask permission of a graduate before we survey an employer about a particular graduate. Target Date: Year after we become accredited on a test basis.
Strategy 1.A.6: Survey each year's graduates regarding their perceptions of STI’s effectiveness in developing their leadership competencies. For example, in the 2009 survey, we asked if they believed that STI was achieving its mission of developing leaders. All graduates replied yes (though one said it is too early to be sure since STI still is a young institution); and all said STI has been successful in creating a culture of leadership.
Strategy 1.A.7: Develop a marketing plan to market our students to industry. Target date for completion is six months after accreditation is obtained. One way this will be accomplished is by ensuring the student projects are high quality and cutting edge, and then posting the student projects and pointing the community to these projects.
Goal 1.B: Define leadership and related competencies and disseminate STI’s definition to key constituencies.
Strategy 1.B.1: Define the word leader and describe the related leadership competencies so that the meaning of our Mission Statement will be clearer.
Status: Completed March 2010.
Note: The definition is provided in the article on STI's website at . It also is noted as a link under our Mission Statement on the home page of the STI website. The article has been provided to the students and graduates with a request for their comments and suggestions. The application form points to the leadership article. A few examples of security leadership roles are as follows, and the list likely will be expanded over time:
Manager, team leader, or project manager
Mentor or instructor
The technical "go to" person
Thought leader, often through writing and speaking
Tribe leader, someone that can build a large following to accomplish a goal
Change Agent, someone who uses their thought leadership position to alter the way we look at technology or process
Technical tool author who creates or leads the team that develops a security tool whether open source or commercial
Strategy 1.B.2: All new students must acknowledge in the new student material that they are familiar with STI's definition of leader/leadership. Status: Completed March 1, 2010.
Strategy 1.B.3: Revise the leadership essay requirement that is part of the application process to require the applicant to refer to at least three leadership competencies the applicant believes they have some strength in and to provide examples and three competencies that the applicant believes they need to work on. As the accepted student progresses through the program, the student’s outcome statement and leadership essay will be reviewed at least yearly by senior faculty to determine if the student appears to be on track to meet those goals.
Status: Revision completed April 2010; Outcome statement and leadership essay review to be conducted yearly.
2. Teaching, Research and Education
Priorities for research directions at STI are driven by emerging threats, best practice and new tools and technology. To support these priorities, we create essentially all of our textbooks and instructional material. Thus research by faculty and student alike makes education possible in our rapidly changing field.
Goal 2.A: Periodically asses and review the quality of primary research Gold papers.
The primary research of students centers on the Gold papers. The Gold papers are published at . We believe students are doing well in contributing to the body of knowledge on information security. On an annual basis, commencing the end of 2010, the Curriculum Committee will take a general look at recently published Gold papers to determine if they appear to be of good quality. If the committee believes over-all improvements should be made to the Gold program, the committee will discuss them with the Gold paper manager to determine a resolution.
Goal 2.B: Strengthen the quality of the Gold papers through the Gold paper improvement project.
We continue to monitor the Gold paper improvement project. Much progress has been made as a result of publication of a template, checklist, changes to the grading form, use of a rubric, review by additional advisers, etc.
Strategy 2.B.1: Survey students as they exit the Gold program utilizing survey results to implement policy changes. For example, students surveyed indicated that there were some issues regarding response time of the Gold advisors. As a result of the feedback provided, some students were given deadline extensions if it appeared that the student was not at fault. This way the quality of the review was not jeopardized by asking the advisor to rush the review of a paper.
Strategy 2.B.2: Survey Gold advisors and collect feedback.
Strategy 2.B.3: Draft short one-page policy documents for the Gold advisers/ reviewers which will summarize different issues for later reference. The policies will be published and made accessible to the students.
Strategy 2.B.4: Utilize grading rubrics for the Gold papers and assess their effectiveness. The Gold advisors now are using a standardized rubric to grade all papers. This rubric has been working well and, at this point, no significant change to it is anticipated. The question about Gold applicants with English as a second language has been raised multiple times. These applicants are allowed to use outside help to consult for language related issues. This help has to be acknowledged in the paper. The rubric allows for a passing grade even if the language is not perfect as long as the technical content of the paper makes up for the deficiency. We are not planning to allow papers in any language other than English at this point.
Status: Completed 2010
Strategy 2.B.5: Improve “Paper of the Quarter” program by awarding this honor more regularly. Target Date: End of 2010
Strategy 2.B.6: A report will be given at the annual board meeting in June 2010 describing the status of the Gold paper improvement project and whether they appear to be improving the quality of the Gold papers. Every year at the annual board meeting a report will be given describing the status of the overall Gold program. Target Date: Yearly at annual board meeting.
Status: Gold paper improvement project report was given June 2010
Goal 2.C: Increase involvement in research that benefits the students and the community
Strategy 2.C.1: Encourage students to participate in the research initiatives of the ISC such as the distributed web application honeypot initiative that was established in 2009 and will continue in 2010. Students may use data collected by the honeypot for research papers, contribute code to analyze the data and experiment with methods to make the honeypot more effective.
Strategy 2.C.2: Increase opportunities for students to be involved in the ISC. The ISC currently recruits STI students as ISC handlers. Students who volunteer as ISC handlers will be asked to submit “guest diaries” on a volunteer basis to analyze intrusion detections and anomalies. The daily diary of the student’s analysis and thoughts will be posted on the ISC web site. The ISC manager is available to provide ideas and data for students’ Gold papers.
Strategy 2.C.3: Increase community awareness regarding the availability of resources which are available to the public free of cost, such as the SANS Reading Room, the Internet Storm Center, and newsletters. This information increases from year to year. Some examples are: a large collection of research documents on cyber security (presently more than 1800 white papers in over 74 categories in the Reading Room at which include Gold papers written by STI master’s students and other security professionals. Other free resources include the popular Internet Storm Center (the Internet’s early warning system) at , and newsletters such as the weekly news digest NewsBites, the weekly vulnerability digest @Risk, and other newsletters shown at . STI student projects, presentations, etc. are posted at , , . Students are pleased that their work is published and that it benefits the community. They receive input and feedback from people in the information security community at large. As discussed in a later section, we will be developing methods of assessing these public service elements. Target date for assessment: 2014.
Strategy 2.C.4: Utilize grading rubrics to ensure that future Gold papers provide new and insightful information to address community needs and provide beneficial information to the public. Status: Completed 2010
Strategy 2.C.5: Assess the Security Awareness Talk, which our students provide to the public at low or no cost, to monitor the impact our students have in informing the public about information security related issues. Target Date: End of 2010.
Goal 2.D: Complete learning objectives for all courses.
The description of the detailed learning objectives for almost all of the courses is complete. A few of the courses had some sections that needed to be detailed. They will be completed at least by September 2010.
Goal 2.E: Establish presentation course.
This is discussed in the Improving Student Presentation Skills goal under Student Life and Experience.
Goal 2.F: Review Course Implementation Process for courses in the STI curriculum on a yearly basis to determine if it still is working well or whether improvements are needed. Target Date: Initial review will occur by September 2010.
Status: Over the years, enhancements were made to the course development process including more documentation. The methods outlined in the Course Implementation Process document are working well.
Goal 2.G: Focus on teaching and instructor quality.
Strategy 2.G.1: Review periodically instructor development process to ensure future instructors are being prepared to teach.
Strategy 2.G.2: Review instructor and course feedback periodically to make future recommendations to instructors as well as course authors.
Strategy 2.G.3: Review data on student exam performance periodically, as well as how performance is impacted by learning mode or by particular instructor.
3. Student Life and Experience
STI is committed to excellence in student service and is open and responsive to student suggestions. Students appreciate the adult-learner-friendly program and the support that STI provides. For example, students report that they are very satisfied with their access to STI staff and faculty when the student needs assistance, and they are especially pleased with response time to their questions or concerns. The vast majority of students and graduates believe that STI is achieving the purposes of STI’s Mission, the Community Project Requirements, and the students’ goals. Significant improvements in broadening communication opportunities among STI students, staff, and faculty have been made which is beneficial since students are located in different geographic areas. STI continually seeks ways to improve the student experience.
Goal 3.A: Expand faculty adviser department.
We broadened our faculty adviser department in order to have more support persons available to assist students in case some advisers are on travel/teaching assignments. We now have four additional persons in the department who serve under the General Faculty Adviser.
Goal 3.B: Improve methods of communication among students/faculty/staff.
Strategy 3.B.1: Modify the method used for the Virtual Round Table Meetings.
Status: Completed January 2010. After using the Elluminate! method of holding Virtual Round Table Meetings, it was decided in January 2010 to try out a conference call method. Students report that this method works well, so we will continue with the conference call method for our virtual meetings.
Strategy 3.B.2: Record and distribute In-Person Round Table Meeting minutes.
Status: Completed Spring 2010. Meetings now are being recorded so that minutes can be distributed to ALL students (since only a few students at a time attend particular residential institutes).
Strategy 3.B.3: Improve Informal Student Mentor program.
[Note: The Informal Student Mentor, who is a STI student, has been helpful in organizing breakfasts/dinners for students at residential institutes who are interested in attending such gatherings. They are good forums for students to get to know each other, and to express concerns. If the Informal Student Mentor thinks an issue should be brought to the attention of STI, he discusses it with the Dean of Student Services. The Informal Student Mentor also tries to find a stand-in Informal Student Mentor for residential institutes that he/she cannot attend.
Goal 3.C: Improve student presentation skills.
Strategy 3.C.1: Implement a dry run requirement for students who have not given a public presentation. The student will be given feedback and notified if they are able to proceed with an audience presentation at a residential institute where it will be graded.
Status: Completed Spring 2010
Strategy 3.C.2: Establish new presentation course and evaluate its effectiveness as part of the STI curriculum.
Status: We expect to be implementing a new course on Technical and Communication Skills for Security Professionals for all new STI students which will be a valuable addition to the curriculum. It received good evaluation results on its first debut. A second debut will occur this year. Shortly after August 2010, we will determine if it should become a required course in the master's curriculum. We will measure its effectiveness through course/instructor evaluations, student surveys, and its impact on the quality of student Presentations.
Strategy 3.C.3: Establish and disseminate a grading rubric for Presentations that are given as a Community Project Requirement.
Status: Completed mid 2010.
Strategy 3.C.4: Implement a re-grade fee
In order to encourage students to submit quality assignments the first time around, STI determined that a $125 re-grade fee should be implemented in mid 2010 for re-dos for new and existing students. It will apply to Presentations, Written Assignments, Substitute Assignments given when there is no exam/STAR, Joint Written Project, Group Discussion & Written Project. This new policy emphasizes the importance of conducting graduate level work and will help our students realize the importance of strong communication skills. Target Date: In January 2010 we announced at the virtual round table with students that it would soon be implemented (target is mid 2010).
Goal 3.D: Improve student writing quality
Strategy 3.D.1: Enhance Writing Center and evaluate its effectiveness.
The Writing Center e-mail list was implemented in 2009 so that STI students can obtain general input about their writing. It is in keeping with our belief that leaders must be strong writers. If a STI student elects to join the Writing Center, they can use it as a resource for their GIAC Gold drafts and their Written Assignment drafts. The Writing Center does not function as a grader, but it is a means of obtaining input on a student’s writing before they need to submit it for grading. We believe it may be particularly effective for students who have difficulty with grammar or who have English as a second language. The Writing Center's effectiveness will be evaluated annually starting the end of 2010. The center is evaluated based on the number of students who are looking for help as well as via informal feedback from the students as to how helpful they found the advice and how they felt the advice helped them write better.
Strategy 3.D.2: Utilize Writing Center’s mailing list to create a program for peer review of writing.
Some students asked if STI would allow a student peer review/students-helping-students type of system whereby students can give other students input on writing. It was decided that, on a trial basis, STI will use the “Writing Center” Mailing List for that purpose. If a STI student wants input from a student volunteer who is part of the Writing Center, the student will note it in the request to the Writing Center when the student sends in the draft document. Please note that senior faculty and staff are part of the Writing Center so they will be aware when students are using it in this way. The peer review of writing through the email list commenced February 2010 and we will evaluate it annually as described above.
Goal 3.E: Clarify Work Study educational goal.
STI received a recommendation from the Middle States Assessment Team that STI needed to define an educational purpose for the Work Study Program. To help gain understanding and insight, STI conducted a survey asking current STI students to reflect upon their Work Study experience and report whether they found the requirement to be valuable. Students who returned the survey responded unanimously that they felt the activity had value. The results of the survey are posted at . STI will use survey results to more clearly articulate the educational goal and learning objectives.
Strategy 3.E.1: Implement a new written assignment asking the student which leadership competencies they did, or did not see exercised during their work study assignment. This will further focus the student on the importance of competencies as a method to develop leadership.
Status: Completed April 2010
Strategy 3.E.2: Develop clearer learning objectives for the Work Study program (a Community Project Requirement) and post them on the website for current and future students to reference. We will periodically assess the students to determine if the learning objectives are being met.
Target Date: End of 2010
Strategy 3.E.3: Develop clearer learning objectives for the other Community Project Requirements and post them on the website for current and future students to reference. We will periodically assess the students to determine if the learning objectives are being met.
Target Date: End of 2010
Goal 3.F: Monitor exam results for students who take the GSE and review its effectiveness in the MSISE program.
Target Date: End of 2010
Status: The GIAC GSE, as a Community Project Requirement, was implemented toward the end of 2008 as a requirement for students in the MSISE program in place of the Teaching Assistant requirement. It was implemented because it is a good assessment of the hands-on skills of MSISE students. To assist students in preparing to take the GSE, we asked one of our MSISE students, who also is a GSE holder, to write an article about how to prepare for the GSE. Students who have since taken the GSE have indicated that the overall experience was positive. Shortly after the GSE is given in fall 2010, we will review the GSE requirement again to see if it is being successfully integrated into the MSISE program.
Goal 3.G: Compare performance of students admitted after the change in admission prerequisite to students admitted prior to the change to determine what effects, if any, the change in policy made to student success and retention.
The nature of the change, which took effect June 6, 2010, is that applicants no longer are required to hold a GIAC Cert and Gold as an admission prerequisite. We will compare certification scores as well as scores on Gold papers and other written assignments. Target Date: End of 2011
4. Alumni Relations
From the outset, we have encouraged students to remain active with the college after they graduate. Continued involvement is a benefit to alumni, students, STI, and the state of the information security industry. We expect that many of our graduates eventually will become CISOs, CIOs, CTOs, etc., and they will want to send their best and brightest employees to STI for a quality education like they had. We plan to add additional services and experiences that will enhance the relationships of alumni with STI.
Goal 4.A: Improve Alumni Services
Alumni have many opportunities to interact with STI/SANS/GIAC. Some are speakers, mentors, instructors, serve on the Board/committees, participate as handlers with the Internet Storm Center, provide input on course material or exam questions, etc. When students graduate, we offer them an alumni email address. We plan to expand the benefits/services for alumni. Some examples are as follows:
Strategy 4.A.1: STI to consider establishing a once a year round table consisting of graduates to discuss leadership and the challenges they face as a way of fostering STI’s leadership development core competency. Target date: June 2011.
Strategy 4.A.2: Develop a Student and Graduate Contact List that students and graduates can use to communicate, make plans, etc. Target date: Mid 2010.
Strategy 4.A.3: By year end 2010, we will obtain input from graduates about what other services might be valuable. For example, the Contact List could be expanded to include name of graduate’s employer, title, is graduate willing to provide suggestions/guidance to interested persons; does a graduate want to take a lead in arranging periodic get-together breakfasts/events, etc.
Strategy 4.A.4: Implement an alumni newsletter. Target date: Mid 2011.
Strategy 4.A.5: Alumni Mentorship. We will encourage alumni to participate in a mentorship type of program involving alumni willing to help students with advice, etc. Target date: Mid 2011.
5. Quality and Assessment
Quality is a focal point for STI. We pride ourselves in having excellent information security professionals as instructors and course authors. Our students continue to produce work of high caliber while demonstrating senior management leadership qualities. Our staff members provide support and guidance to ensure that students are receiving a quality educational experience. As we move forward to 2015, we will place even more focus on quality as a high priority. For example, we are moving forward to develop methods for evaluating President and Board performance, increasing transparency for faculty roles and responsibilities, increasing participation from staff, faculty and students in the governance process, and expanding overall learning objectives for our programs. Our courses will continue to be evaluated regularly to ensure that the most up to date research and information is being shared with our students. Over the course of the next 5 years, STI will utilize a variety of additional assessment methods to reinforce our quality claim. Assessment will play a vital role in allowing us to reflect on our practices and find ways to build upon them. Further assessment of our institution and programs will provide us with useful information regarding the success of our students and the quality of their experience.
Goal 5.A: Increase Transparency of Faculty Structure.
During the 2010 strategic planning process, we realized the faculty structure could be better defined. We also realized that less than half of the names on the list of faculty members are actively involved with governance. We seek to develop a process to better define the faculty structure and allow STI to grow in an orderly manner.
Strategy 5.A.1: Define Curriculum Chairs. Several members of the faculty are actually curriculum chairs. By the end of 2010 we will refine and define our curriculum chair structure.
Strategy 5.A.2: Increase transparency in faculty compensation. By the end of 2010, define the tasks faculty engage in and document which ones are collateral duties, and which ones are paid.
Sub-strategy 5.A.2(a): Develop Memos of Understanding (MOUs) or contracts with the most important members of the faculty defining duties and compensation. Target Date: End of 2010.
Strategy 5.A.3: Increase transparency in faculty governance. We already have many faculty involved in governance and, beginning in 2010, we started to involve even more faculty in that role. Some members were asked to be part of the early strategic planning process. We are looking to involve at least three more faculty members in our governance process in 2011. Thereafter, yearly, we will review the number of faculty members involved in governance.
Strategy 5.A.4: Revise faculty list so that all members of faculty not involved in governance are noted in a special way.
Goal 5.B: Support Strategic Plan. "Broader-end point" and increased focus on longer range planning.
Strategy 5.B.1: Create goals for Strategic Plan that are based on five year planning when possible. Goals will be designed to be in measureable terms so we will be able to evaluate progress through assessment. Many of the processes we are putting in place repeat at least yearly.
Status: Completed June 2010
Strategy 5.B.2: Make greater use of the Long Range Planning Committee, the Strategic Planning Advisory Committee, the SANS senior executive advisor, to help us incorporate more long-range planning with our tactical short-range planning. Commencement: 2010 Strategic Plan.
Status: Completed June 2010
Strategy 5.B.3: Utilize current goals and strategies prepared in this document to build and staff for the future, today. Though the temptation is for 2010's strategic planning process to be largely devoted to implementing the majority of the Middle States site visit recommendations and suggestions, we need to make sure we are building and staffing for the future today. Further, the 2011 strategic planning and assessment should move largely past tactical issues related to becoming accredited, and allow us to prioritize the rest of vision 2015.
Goal 5.C: Enhance Strategic Plan through increased input in the strategic planning process.
Strategy 5.C.1: We always have encouraged persons throughout our institutional community (members of committees, faculty, authors, staff, related entities, the Board) to provide input and recommendations in our strategic planning process; but we will encourage them more strongly this year, and we will broaden the pool of people who review it to include additional persons.
Sub-strategy 5.C.1(a): In 2010 we created a new committee, the Strategic Planning Advisory Committee to review the strategic plan and related documents and provide feedback.
Sub-strategy 5.C.1(b): Beginning in 2010, we have added a new step in the review process. There are several executives in our affiliated company SANS with extensive industry strategic planning experience. One of them will take time to review the documents during the mid-point of the planning process and provide guidance and feedback.
Sub-strategy 5.C.1(c): In the past, students/graduates were involved in review since there are representatives on the Board. That will continue, and also this year we will ask the student who presently is serving as the Informal Student Mentor to review it during the planning process. Additionally, the final will be made available to all students and to all graduates.
Goal 5.D. Enhance governance.
Strategy 5.D.1: Improve process to assess the effectiveness of the Board and the effectiveness of institutional leadership based on the strategic goals and operating performance of the institution. Target Date: Mid 2010
Status: The Board completed a survey in December 2008 to self-assess and evaluate the performance of the President. While it was valuable, we believe the process can be improved so that the Board engages in a more formal process of periodic assessment of the Board and the effectiveness of institutional leadership based on the strategic goals and operating performance of the Institution.
Strategy 5.D.2: A set of semi-annual objectives will be established for the President.
Target Date: A draft of objectives for the President was sent to the Board mid February 2010. It is expected the review of the President will be mid 2010, and that it will occur on a semi-annual basis thereafter.
Strategy 5.D.3: Review the need for establishing a Provost position for succession planning.
Status: Discussions have occurred with the Board on the means of addressing the issue of replacement in the event of incapacitation. The advice from experienced higher education administrators is to establish the Provost position, which will be filled at a later date.
Strategy 5.E.4: Create charters for each STI Committee. In March 2010, we reviewed the role of all committees, created a charter for each committee that did not have a written charter, and posted them on the Governance section of the STI web page.
Status: Completed April 2010
Strategy 5.E.5: Document the role of committees in order to increase transparency in the operations of STI and to better define the work flow. Yearly, as part of our assessment process, we review the committees’ performance and evaluate the need for additional committees or for restructuring existing committees.
Goal 5.F: Articulate Program-level Goals/Objectives more clearly. The proposal will be presented to the Board for discussion.
Target Date: August 2010
Goal 5.G: Clarify assessment methods for the Community Project Requirements.
Target Date: August 2010.
Note: The vast majority of STI students believe that STI is achieving the purposes of the Community Project Requirements and the Outcome Statement according to the results of a survey sent to students in September 2009.
Goal 5.H: Implement grading rubrics.
To assure that grading of written documents and presentations is as objective as reasonably possible, we will be implementing grading rubrics. Also, grading rubrics will make standards clear from the outset of the assignment and will increase a student’s ability to assess the quality of their own work. The grading rubrics will be completed and posted on the STI website by August of 2010.
Goal 5.I: Develop a comprehensive formal institutional assessment plan for student learning objectives at the course and program levels.
Target Date: End of 2010
Goal 5 J. Develop methods of assessing the public service elements.
Public service elements are part of our Mission Statement and are generally described in Strategy 2.C.3. We will be developing more formal methods of assessing them. Target date: 2014.
6. Financial Growth
Goal 6.A: Increase enrollment to 150 concurrent students, each taking an average of two to three courses per year by 2015.
NOTE: As we refine this goal, we need to be in alignment with Vision 2015 and also make sure we have enough strategy and assessment in place to ensure we can accomplish this goal.
Strategy 6.A.1: Think in terms of 10. How do we find the next 10 students, who is going to take the lead on finding the next 10? We plan to hire someone to help with recruitment/marketing as described below.
Sub-strategy 6.A.1(a): Set "way points" so we can see how we are doing as we march to 2015. In March of 2010, we have about 30 concurrent students (about 5 of those 30 will graduate in June 2010), goal is to find the next 10 and be at 40 by end of 2010. Additional waypoints:
2011 - 50
2012 - 75
2013 - 100
2014 - 125
2015 - 150
Sub-strategy 6.A.1(b): Beginning in June 2010, add waypoints to President's objectives so the Board can see how we are doing towards this objective twice a year.
Sub-strategy 6.A.1(c): After filling a position for an Accreditation Coordinator, begin to search for a sales and marketing person to help us recruit future students.
Status: Accreditation Coordinator was hired April 2010, part-time assistance from SANS Marketing executive beginning April 2010.
Sub-strategy 6.A.1(d): Starting in April 2010, shift from a more passive approach to an active approach where we directly recruit. As an example, align student recruitment with existing SANS large events (SANS annual, SANSFIRE, SANS Network Security, SANS Cyber Defense Initiative) which are the primary Residential Institutes for our students. Work with Marketing at SANS to include material about STI.
Status: Started with SANSFIRE June 2010 Residential Institute and we will have additional material available for SANS Network Security September 2010 Residential Institute, etc.
Sub-strategy 6.A.1(e): Create an updated printed prospectus for STI by end of 2010.
Sub-strategy 6.A.1(f): Develop policy and procedure to allow transfer of credit from other institutions to STI. Target date: end of 2010.
Sub-strategy 6.A.1(g): Send a marketing email to all members on our mailing list that already have two GIAC certifications or more. Target date: mid 2010.
Sub-strategy 6.A.1(h): Use the bottom of NewsBites for a promotional piece commencing mid 2010.
Sub-strategy 6.A.1(i): Ensure the STI Brief is given at as many events as possible. Review the brief to make sure we are making our value proposition clear. Target Date: mid 2010.
Sub-strategy 6.A.1(j): As soon as resources become available, have someone focus on G.I. Bill Approval.
Status: We have started on this project and we hope it can be completed by end of 2010. We have been informed that accreditation is not a prerequisite; but if it turns out that it is a prerequisite, then the target would be shortly after accreditation is granted.
Goal 6.B: Grant at least 80 degrees by the end of 2015.
Strategy 6.B.1: Graduate the future leaders in Information Security to better establish our name and brand in the marketplace. This will make recruiting easier. Also, as some of our graduates become senior leaders as defined in the leadership essay, they will have the authority to approve training reimbursement for the people that work for them.
Strategy 6.B.2: Set a baseline. We can expect to have granted about 14 degrees by the end of 2010. If we reach our goal of 40 students by the end of 2010 and 50 concurrent students by the end of 2011, it is reasonable that most of these students, who are not dismissed, or withdrawn or transferred, will graduate by the end of 2015. This should be re-evaluated during the strategic planning process every year.
Sub-strategy 6.B.2(a): During the 2010 assessment phase, examine the recruiting pipeline and process so we can better project the number of graduates in any given year.
Sub-strategy 6.B.2(b): Retain at least 80% of the students and ensure they remain on track.
Sub-strategy 6.B.2(c): After the next set of graduations in June 2010, adjust the STI web page to better describe the number of degrees granted to keep our mental focus on this goal.
Strategy 6.B.3: We will begin advertising the college in the brochures that are distributed before every major conference after we are granted the Status of Candidate for Accreditation. (At that point, Middle States allows the institution to note its candidacy status in specific language authorized by MS and we will decide when that language will be added). If we are granted the status of candidate in March 2010, advertisement likely will begin in the Network Security fall 2010 brochure.
Status: Candidate for Accreditation Status was granted in March 2010. We started with some advertising at the SANSFIRE June 2010 Residential Institute and will have additional materials for Network Security fall 2010, etc.
Strategy 6.B.4: We will ask applicants to indicate on the application form how they heard about STI. Target Date: End of 2010. We will track the results to see if it is through advertisements, other students/graduates, etc.
Strategy 6.B.5: Establish scholarship funds from SANS. By end of 2010, it is expected that we will have an agreement with SANS to provide scholarship funds for at least 4 candidates based on excellence.
Strategy 6.B.6: Further develop Financial Aid programs. The financial aid available is through the WorkStudy Program. When students are in WorkStudy, they receive a substantial reduction in the tuition for the course. Also, full-time law enforcement officers in state and local government who are otherwise eligible for admission, may apply for financial aid of up to 50% discount. Once we are approved under the GI Bill, eligible students under that Bill will receive substantial benefits. When we become accredited, students can apply for federal student loans and possibly other types of loans.
Strategy 6.B.7: Assess student enrollment to determine if the change in admission prerequisite had a positive effect on enrollment figures. The nature of the change, which took effect June 6, 2010, is that applicants no longer are required to hold a GIAC Cert and Gold as an admission prerequisite. Target Date: End of 2011
Goal 6.C: Achieve Accreditation by the Middle States Commission on Higher Education.
STI was granted the Status of Candidate for Accreditation in March 2010. While this was a milestone event, obtaining Accreditation is the most important event. We estimate that Accreditation Status will be obtained by mid 2012. Toward the end of 2010, STI will have a clearer estimate for when Accreditation status will be awarded.
Strategy 6.C.1: We received the recommendations from the Middle States Assessment Team after the November 2009 Site Visit. We are in the process of addressing each of those recommendations, and several of them are being addressed in this Strategic Plan.
Target date: The majority of the recommendations will be implemented in 2010.
Strategy 6.C.2: Hire someone to move into the accreditation liaison officer role which will result in more time for the Dean of Admissions and Student Services to devote to those areas which will increase in size over time.
Status: The Accreditation Coordinator was hired in April 2010 and is in the process of learning about the accreditation liaison officer role for STI.
Strategy 6.C.3: The Consultant that Middle States appointed for us at the end of March 2010 should be able to help us to approximate when we can reasonably hope to achieve Accreditation after she meets with us in September 2010.
Strategy 6.C.5: Utilize the advice of the Middle States Consultant to help transition STI as soon as reasonably possible to the Self-Study phase of the process.
Strategy 6.C.6: We prepared a punch list on recommendations and suggestions that were given to us by the Middle States Assessment team and we continue to update it as progress is made.
Strategy 6.C.7: When we are invited to the Self-Study phase by Middle States, up to three representatives of STI can attend the Self-Study workshop. That workshop usually is in November of each year.
Monitoring and Evaluation of Strategic Plan:
The strategic planning document is important to evaluate and improve the total range of programs and services, achievement of institutional mission, goals, plans, and compliance with applicable accreditation standards that apply or will apply to SANS Technology Institute.
At least annually, the plan must be reviewed and evaluated. In the interest of keeping all the appropriate persons apprised of the over-all planning of STI, this information is distributed to members of the Committees, to the Board of Directors, and other appropriate parties. The planning process includes a thorough and continuous review of relevant qualitative and quantitative information drawn from all segments of the institutional community to ascertain if the goals of the institution are being met. Plans should be interrelated. Institution officials should consider the over-all plans in connection with their own planning for their respective areas and should feel free to ask questions or to provide comments. Please address comments/questions to President Stephen Northcutt at 808-823-1375, stephen@sans.edu.
A notice will be sent by the President or Dean of Admissions & Student Services to the appropriate persons in advance of the date that the strategic plan is due to be reviewed. The due date for completion is shortly after the annual Board meeting. Work must start in advance since drafts must be reviewed and commented upon. It is expected that these persons will review all proposed plans, specifically the areas for which they are responsible, recommend change, the reasons why, and how it will be accomplished and timetables, or to comment in writing if there is no recommended change. They should estimate the cost factors in making changes, and coordinate with other committees if needed to obtain appropriate input. As the plan progresses, it will be submitted to the Board for its review and comment. A final plan will be put into place by its due date. This type of cooperative effort and planning is necessary to assure the success of STI.
Process Used in Developing this Plan
When the Middle States Assessment Team met with us the end of 2009, the team recommended that our next Strategic Plan cover a longer period of time than our 2009 plan had covered; be expressed in more observable terms; and delineate more clearly the relationship between long-term goals and shorter-term tactical goals. The team also recommended that we obtain more feedback. We incorporated these recommendations along with many other important additions that STI wanted to make based on its experience since the date of its last Strategic Plan and based on recommendations from interested constituencies.
Regarding timelines, many of the goals and strategies are clustered in the first year rather than being spread evenly over the term of this Strategic Plan. This is to be expected given our desire to address many of them as part of preparing for accreditation, which is very important for this particular strategic planning cycle.
Below is a general summary of the process we used in developing our Strategic Plan.
Staff researched general strategic planning sources of information and tools on the Middle States website. An early working draft was prepared by the President and Dean of Admissions and Student Services and submitted to the Department Chair, Dean of Faculty, and some of the members of the STI Board for comments and suggestion. The President worked on planning materials based on Core Competencies, PEST Analysis, SWOT, Porter’s Five Forces, and consulted with external constituencies and internal constituencies including the Faculty Committee and Curriculum Committee. A Strategic Planning Advisory Committee was formed which consisted of persons from the GIAC Advisory Board and others (and they will continue to be involved in future strategic planning). Drafts were discussed with a SANS executive advisor who had past experience in strategic planning. A draft was sent to all members of STI Committees for review and comment. It was then sent to the Informal Student Mentor who is a student, and then to all the individual directors on the STI Board for their review and comments.
By that time, the draft was developed to the point where we felt it would be valuable to ask the Consultant, who had been appointed by Middle States for STI, if she would be willing to provide us with her general thoughts on the draft. The Consultant provided suggestions in the nature of improving the document which were incorporated. The STI Board, which is the final locus for approval of the Strategic Plan, approved the document at its annual Board meeting in June 2010.
We will post this final STI Strategic Plan to the sans.edu website. We will notify faculty, staff, committee members, students, graduates, and other appropriate parties to make them aware that it is posted there. We will encourage them to make comments and suggestions to help us to continue to improve as we review this plan on at least an annual basis.
We sincerely thank the following people who contributed to this important planning process and document. If we neglected to mention a name, please feel free to contact us at info@sans.edu.
Brown, Mason
Cabreira, Kimie
Calhoon, Katherine
Caudle, Rodney
Cole, Eric
Conrad, Eric
Davis, Mitchel
Elliott, Joyce
Estabrooks, Liz
Eubanks, Russell
Frisk, Jeff
Hammer, Richard
Hoelzer, David
Johnson, Tom
Key, Virginia
Logue, Peggy
Maguire, Shana
Northcutt, Stephen
Northcutt, Suzy
Paller, Alan
Paller, Marsha
Phipps, Ron
Scott, Matthew
Shackleford, Dave
Skoudis, Ed
Sturnick, Emily
Svoboda, Debbie
Taute, Danielle
Tomhave, Ben
Ullrich, Johannes
Wanner, Rick
Wright, Craig
Zeltser, Lenny
Appendix 2.1 – Persons Involved in Strategic Plan Document
We sincerely thank the following people who contributed to this important planning process and document. If we neglected to mention a name, please feel free to contact us at info@sans.edu.
Brown, Mason
Cabreira, Kimie
Calhoon, Katherine
Caudle, Rodney
Cole, Eric
Conrad, Eric
Davis, Mitchel
Elliott, Joyce
Estabrooks, Liz
Eubanks, Russell
Frisk, Jeff
Hammer, Richard
Hoelzer, David
Johnson, Tom
Key, Virginia
Logue, Peggy
Maguire, Shana
Northcutt, Stephen
Northcutt, Suzy
Paller, Alan
Paller, Marsha
Phipps, Ron
Scott, Matthew
Shackleford, Dave
Skoudis, Ed
Sturnick, Emily
Svoboda, Debbie
Taute, Danielle
Tomhave, Ben
Ullrich, Johannes
Wanner, Rick
Wright, Craig
Zeltser, Lenny
Appendix 2.2 – Draft Institutional Assessment Plan
SANS Technology Institute
Institutional Assessment Plan 2010- 2015
Rough Draft as of August 2010
Executive Overview:
For SANS Technology Institute to be fully successful, we need to measure the effectiveness of our institution. This document defines the philosophy and design of our institutional assessment approach. STI has established multiple layers of assessment that will provide a good snapshot of how our institution is performing.
Mission Statement:
The mission of the SANS Technology Institute (STI) is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. SANS Technology Institute seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. SANS Technology Institute's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs.
For the STI definition of leader / leadership, see Leadership Essay at .
Vision: Our goal is to create the next generation of leaders in the field of information security and risk management. We want to make strong efforts to attract applicants with leadership qualities, and provide them with training to enhance those leadership abilities.
Examples of leadership roles are provided in our leadership essay at sans.edu/resources/leadershiplab/leadership_essay.php.
In 2010 our Strategic Plan outlined six core focus areas: information security leadership, research and education, student life and experience, alumni relations, quality and assessment, and financial growth. These focus areas will guide our institutional assessment process.
Objectives of Assessment:
This assessment plan is guided by the following objectives:
Institutional Assessment Planning Structure:
Institutional Assessment Plan:
Utilizing key institution goals, as outlined in the strategic plan, STI has created an assessment plan that focuses on two priorities: institutional effectiveness and student learning. Assessing institutional effectiveness is important in helping the STI community understand its strengths and recognize areas that can be improved upon. We will be looking at all functioning areas such as curriculum development, administration and finance. Assessing the overall effectiveness of our institution will help us move closer to the goals set forth in our strategic plan.
We will assess student learning to better understand the learning that takes place for students going through our curriculum. STI has established student learning outcomes for courses, the MSISE program, the MSISM program, and the Community Project Requirements. As we assess the learning that takes place we will be able to utilize results from the assessments to make improvements in the educational activities that our students engage in.
Institutional Effectiveness:
Information Security Leadership
As a key institutional goal, a variety of STI’s practices, both institutional and student learning based, involve a focus on information security leadership. STI has a laser focus on both our subject area and our mission, to develop the leaders that are critically needed in our field. We grasp this reality and have responded with a successful program. Over the next five years and beyond, we will continue research into security leadership and refine our processes to be as effective as possible. As a way to ensure we are meeting our goal in information security leadership development we will use the following assessment methods:
- We will analyze graduate exit surveys completed before graduation. Responses from students on the survey are important in determining whether STI is meeting this goal. This assessment will take place yearly, with each annual graduation
- After each graduation, we will collect employment information on our graduates focusing on the following items: 1) If it appears that they have achieved a leadership position as perceived by the appropriate committee, and 2) If their positions changed during their time in the graduate program. Using this indirect assessment method will help us determine if our program has increased the capacity for our students to lead an organization, department or teams.
- After graduation we will survey alumni to obtain their perceptions about whether they have achieved leadership positions and their satisfaction level. Starting after the 2010 graduation, we will conduct this survey the first year after a student has graduated and every three years thereafter.
- Upon admittance into the masters program, students are required to submit an outcome statement that lists goals they hope achieve as a result of being in that they hope to gain out of the program. STI will review the outcome statement of the student as well as the exit survey to determine if the student met their objectives.
- On a trial basis, commencing a year after accreditation is obtained, we will survey employers/experts to determine if they believe our graduates are performing in leadership positions. We will ask permission of a graduate before we survey an employer about a particular graduate.
Teaching, Research and Education
Curriculum Development:
Success for a course is defined in the following course standards:
• Course has sufficient technical depth to be offered with our branding
• Course passes technical review to ensure the information is correct
• Course meets the needs of enough people that it succeeds in the marketplace
• Course is designed to allow not only the author, but also other persons, to teach it.
STI will review the above standards to ensure the process is successful in bringing valuable courses into the curriculum. The full curriculum development process is available upon request at info@sans.edu.
Courseware renewal:
Security training and certification is expensive because the half life of the information we teach is fairly short. Outdated information, theory and practice must be replaced with the current state of practice. SANS, STI and GIAC all depend on this renewal paradigm and there are several procedures, processes and assessments, summarized below, to ensure this outcome is regularly achieved.
SANS Courseware Maintenance Department:
SANS has an overall goal of updating all courses about three times per year. Often students will recommend areas where our course materials might be updated. This information is sent to the course authors to be evaluated and, if appropriate, included in the next update cycle. A report is created and submitted to the Curriculum Committee to review and monitor course changes. More on the STI Curriculum Committee is covered below.
STI Curriculum Committee:
The STI Curriculum Committee determines what courses should be in the curriculum, and reviews course updates about four times per year. They create a report on the status which is sent to the STI Academic and Student Affairs Committee for review.
Course Evaluation:
SANS courses are evaluated by our students on an ongoing basis. Whether a course is taught at a large staffed Residential Institute or a smaller local community SANS event, students fill out and return evaluation forms for each day of the course. They are asked to rate the course content, teaching skill of the instructor, and the overall Residential Institute on a scale of 1 – 10. They are also asked to recommend ways that we can make our courses more valuable to them.
Scores are tabulated 2-4 weeks after the training event. A summary of the comments collected from the evaluations is created for each course held at each event. These summaries are shared, along with the scores, with the STI Faculty Committee, Residential Institute manager, instructor, and others. The evaluation processor meets with the President of STI, 2 – 3 times a month, to review the evaluations that may have scored poorly.
Evaluations are kept on file for a 6 month period in our office on Kauai, HI. The results are also stored electronically and can be accessed by a restricted group of individuals in the dropbox.
Instructor Performance:
After each in-person course, students who attended the course evaluate the instructor’s performance. Responses from the evaluations are collected and a report is created which summarizes the scores and student responses. Currently, instructors must maintain an average rating of 8.7 to continue teaching the course. A detailed report is submitted to key institutional administrators including key persons on the STI Faculty Committee.
Instructor Development:
The SANS Mentor/Community SANS programs are used to develop future faculty members. These programs allow potential instructors the opportunity to gain teaching experience and refine their communication skills. The program undergoes a periodic review to determine its effectiveness in developing future instructors. Mentors/Community SANS instructors go through the same evaluation process from students as other faculty. The results from the evaluation are analyzed and recommendations are made whether the instructor should continue teaching the course or whether further development of the instructor is needed.
Advising and Program Progress:
As students progress through their program of study, the Dean of Admissions and Student Services periodically reviews student progress to determine if it appears that the student is on track. If it appears that the student is not progressing the Dean contacts the student to determine what the student’s plans are.
When students sign up for courses at a Residential Institute, they notify the Dean regarding which course they are signing up for. Once a student completes the course, the Course Adviser (an alumnus of STI) contacts the student to find out how the course was and if there are any areas the student needs help in before they attempt to take the certification exam. The Course Adviser prepares a report specifying how many students were contacted and how many responses from students they received, and whether any problems were reported by the student to the Course Adviser. The report is given to the Curriculum Committee to review on a quarterly basis.
As enrollment increases, the student progress procedure will be reviewed to ensure that STI is meeting the increased demand for advising and program review.
We recently added additional advisors to our faculty advising department. Students were notified of the increase in advisers and how to request a meeting with a faculty adviser. As enrollment increases, we expect more students will use this service and we will review whether additional advisors will be needed.
Student Life and Experience
STI is committed to excellence in student service and is open and responsive to student suggestions. Students appreciate the adult-learner-friendly program and the support that STI provides. For example, students report that they are very satisfied with their access to STI staff and faculty when the student needs assistance, and they are especially pleased with response time to their questions or concerns. The vast majority of students and graduates believe that STI is achieving the purposes of STI’s Mission, the Community Project Requirements, and the students’ goals. Significant improvements in broadening communication opportunities among STI students, staff, and faculty have been made which is beneficial since students are located in different geographic areas.
Admissions:
Upon entering STI, students are assessed based on previous undergraduate educational performance, quantity of work experience, quality of leadership skills and a demonstrated ability to succeed in the masters program. Admissions requirements are reviewed periodically to ensure that we are attracting a large number of highly qualified candidates. We will utilize the following assessment methods to ensure admissions requirements are yielding as many qualified applicants as possible:
- Collect data to determine if the change in admission prerequisite had a positive effect on enrollment figures. The nature of the change, which took effect June 6, 2010, is that applicants no longer are required to hold a GIAC Cert and Gold as an admission prerequisite. Target Date to review the preliminary effect of this change: End of 2011
- We will analyze statistical information reported on the application, beginning with applications submitted in September 2010, such as number of years of work experience in Information Security as well as their current sector of employment (i.e. corporate, government/military, etc.)
- We will maintain data on the number of students enrolled in our academic programs.
- Utilize the above information to find trends for future enrollment figures and to provide a snapshot of the types of students our institution serves.
- Utilize results from STI Brief surveys to determine current trends affecting our pool of potential students. The first STI Brief survey will be administered at Network Security 2010 in September.
Student Retention:
- We will compile data associated with student retention and attrition and periodically review the data to determine trends. We have set a goal to retain at least 80% of our students and ensure they remain on track.
- Compare performance of students admitted after the change in admission prerequisite to students admitted prior to the change to determine what effects, if any, the change in policy made to student success and retention. The nature of the change, which took effect June 6, 2010, is that applicants no longer are required to hold a GIAC Cert and Gold as an admission prerequisite. We will compare certification scores as well as scores on Gold papers and other written assignments. Target Date: End of 2011
Student Experience:
In 2010 the Student Experience Assessment Committee was created to review how students rated accommodations at live training events. To ensure that we are providing our students with an environment where students can succeed, we will conduct surveys asking students to indicate their level of satisfaction with the accommodations, food and the learning space. The survey has both closed and open ended questions to ensure our students can address strengths and areas for improvement in their experience. Data will be compiled after large training events (usually quarterly) and reviewed by the Student Experience Assessment Committee. The committee will submit a detailed report to upper management and to the STI Faculty Committee that summarizes venue scores as well as comments from the students.
GSE Requirement
The GIAC GSE certification, as a Community Project Requirement in the MSISE Program, was implemented toward the end of 2008 as a requirement for students in the MSISE program in place of the Teaching Assistant requirement. It was implemented because it is a good assessment of the hands-on skills of MSISE students. To assist students in preparing to take the GSE, we asked one of our MSISE students, who also is a GSE holder, to write an article about how to prepare for the GSE. Students who have since taken the GSE have indicated that the overall experience was positive. Shortly after the GSE is given in fall 2010, we will review the GSE requirement again to see if it is being successfully integrated into the MSISE program.
Student Presentation Skills
We recently introduced a variety of changes to help improve the presentation skills of our students. First, we instituted a ‘dry run’ policy where students, who have not given a presentation in front of a professional audience before, are required to do a run through of their presentation with a senior STI administrator/faculty member before their first presentation. Second, a Technical Communication and Presentation course will be introduced into the curriculum, before year end 2010, and third, a grading rubric has been created and will be utilized to grade oral presentations for students.
The preliminary plan is to require newly admitted students to take the presentation course within 6 months of enrolling. Once the course is complete the student can give their first oral presentation at an RI, pending completion of a ‘dry run’ of the presentation if they have not given a presentation before to an audience of SANS. We will utilize the presentation grading rubric to assess whether the presentation course helped improve the quality of the student’s first presentation as well as their first Gold paper.
Presentations given will be posted on STI’s website, as well as the student’s portfolio. We will periodically review how these new initiatives have affected the communication skills of our students by utilizing AAC&U’s VALUE rubric for oral communication.
Alumni Relations
From the outset, we have encouraged students to remain active with the college after they graduate. Continued involvement is a benefit to alumni, students, STI, and the state of the information security industry. We expect that many of our graduates eventually will become
CISOs, CIOs, CTOs, etc., and they will want to send their best and brightest employees to STI for a quality education. We plan to add additional services and experiences that will enhance the relationships of alumni with STI. By 2012 we will assess how the additional services have impacted alumni relations.
STI will conduct periodic assessments of our alumni to determine their level of satisfaction with their degree as well as ways in which the degree prepared them for taking on larger leadership roles or responsibilities.
Quality and Assessment
Quality is a focal point for STI. We pride ourselves in having excellent information security professionals as instructors and course authors. Our students continue to produce work of high caliber while demonstrating senior management leadership qualities. Our staff members provide support and guidance to ensure that students are receiving a quality educational experience. As we move forward, we will place even more focus on quality as a high priority. For example, we are moving forward to develop methods for evaluating President and Board performance, increasing transparency for faculty roles and responsibilities, increasing participation from staff, faculty and students in the governance process, and expanding overall learning objectives for our programs. Our courses will continue to be evaluated regularly to ensure that the most up to date research and information is being shared with our students.
Mission and Goals
Yearly at STI’s annual board meeting, Directors will review the mission statement and major goals of the institution making revisions as necessary. The appropriate committees will be involved early in the process to review STI’s mission and goals and make recommendations to the board.
Governance
In 2010 an evaluation form was created for the Board of Directors to engage in a self assessment of performance. Feedback was received from every board member and a summary of the results was created and submitted to the board. On a yearly basis we will analyze the feedback from the evaluation, making improvements to the board experience as necessary.
Yearly we will review the performance of our current committees and evaluate the need for additional committees or for restructuring existing committees.
Faculty Structure
In 2010 STI began initiatives to increase transparency in the faculty structure. We will solicit feedback from faculty and staff to determine the effectiveness of these initiatives by 2011.
Staffing
As enrollment increases there will be a need for additional staff to assist in the operations of STI. As a general benchmark, once STI has 150 enrolled students taking at least 2 - 3 courses per year, we anticipate requiring additional staff support.
STI staff and management participate in a semi-annual review process. At the beginning of the review period, staff members create goals/objectives for their position (usually 5 goals/objectives) for the next 6 months. After the 6 month period the staff member reflects on the following items: goals/objectives completed, strengths, areas for improvement, learning achieved. The staff member then creates new goals and meets with their supervisor to discuss their performance over the previous period and their goals for the upcoming period. As staffing increases this process will be reviewed to determine if the process continues to be effective.
Financial Growth
In order for STI to continue to provide a quality education, it is important that we are directing financial resources in an appropriate way. For STI to continue to advance, we set a target goal of enrolling 150 students by 2015. On an on-going basis we will review our marketing and recruitment efforts to determine if they are having a positive impact on increasing our enrollment numbers. We recently began tracking the number of interested potential students who have contacted the Admissions Department regarding more information; it will be useful in monitoring the success of our marketing efforts. We will analyze these figures to determine if specific trends exist.
To better understand our recruitment efforts, we will monitor how students heard about our program starting. By the end of 2010 we will revise our application to ask students how they heard about our program.
Student Learning:
SANS Technology Institute’s primary functional emphasis is instruction. As a result of quality instruction, our students will progress through our programs possessing the knowledge to be leaders in the field of information security. Assessing the learning that is taking place at STI will help us to better explain what a current practitioner in the field of information security will gain from enrolling in our programs. Students at STI can expect to learn the necessary skills through instruction, either in person or through online courses, and through co-curricular learning activities. Our co-curricular program, the Community Project Requirements, challenge students to put their knowledge to use in real world situations. We have established learning objectives that follow our goals as an institution at the course and program level.
Student Portfolios
STI has always maintained that posting student projects, papers and presentations on our website has been something that sets us apart from other institutions. STI has decided to create a tab on our webpage that provides a list of enrolled students and links to their work in one easy location. STI will utilize this portfolio to collectively assess the learning that our students have demonstrated. We will utilize AAC&U’s VALUE rubrics to assess critical thinking skills, communication skills, as well as information literacy skills.
Exam Scores
STI reviews student exam scores collectively and organizes the data to reflect student performance by delivery mode and instructor, and to indicate if there are problem areas with any specific learning objectives.
Information Security Leadership
The mission of the SANS Technology Institute (STI) is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. In keeping with STI’s mission, President Northcutt published a leadership essay that outlines competencies students can expect to learn and demonstrate while enrolled in STI through course work and co-curricular learning activities. Integrating advanced leadership skills into our program helps STI to produce quality leaders that are capable of handling the tough challenges in both management and information security.
Program Learning Objectives:
Master of Science in Information Security Engineering
Upon graduating from this program, students will be able to:
12. Demonstrate an understanding of leadership development and skills as it relates to information security.
a. Method for Assessing: We will assess this objective by periodically reviewing student leadership/student outcome statement essays. Students are required to submit leadership essays for admittance into the program. As a Community Project Requirement, students must write an essay regarding their Work Study experience specifically indicating what they learned about leadership.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form. There is a question that requires graduates to reflect on their program experience to determine if they believe they have learned leadership skills that can be incorporated into their current position help them achieve a higher position.
c. Method for Assessing: We will assess this objective by reviewing assignments completed for MGT 421: SANS Leadership and Management Competencies.
13. Demonstrate effective project management skills (time management, organization, accountability, effective listening, conflict resolution, etc.).
a. Method for Assessing: We will assess this objective by reviewing assignments completed for the Project Management and Effective Communications course (MGT 525)
b. Method for Assessing: We will assess this objective by reviewing student performance on the Group Discussion and Written Project.
c. Method for Assessing: We will assess this objective by reviewing student performance on the Joint Written Project.
Master of Science in Information Security Management
Upon graduating from this program, students will be able to:
1. Demonstrate an understanding of leadership development and skills as it relates to information security.
a. Method for Assessing: We will assess this objective by periodically reviewing student leadership/student outcome statement essays. Students are required to submit leadership essays for admittance into the program. As a Community Project Requirement, students must write an essay regarding their Work Study experience specifically indicating what they learned about leadership.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form. There is a question that requires graduates to reflect on their program experience to determine if they believe they have learned leadership skills that can be incorporated into their current position help them achieve a higher position.
c. Method for Assessing: We will assess this objective by reviewing assignments completed for MGT 421: SANS Leadership and Management Competencies.
2. Demonstrate effective project management skills (time management, organization, accountability, effective listening, conflict resolution, etc.).
a. Method for Assessing: We will assess this objective by reviewing assignments completed for the Project Management and Effective Communications course (MGT 525)
b. Method for Assessing: We will assess this objective by reviewing student performance on the Group Discussion and Written Project.
c. Method for Assessing: We will assess this objective by reviewing student performance on the Joint Written Project.
3. Demonstrate an understanding of the skills needed to manage others in the information security field. Graduates will develop a general understanding of the technical components of information assurance in order to provide better supervision to technologists.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers
b. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 421: SANS Leadership and Management Competencies.
Course Learning Objectives
STI will review student performance in the following courses to assess the learning that is taking place in regards to security leadership.
MGT 421: SANS Leadership and Management Competencies
MGT 512: SANS Security Leadership Essentials for Managers
MGT 525: Project Management and Effective Communications
Community Project Requirement Learning Objectives
STI has created the following learning objectives and assessment methods for the Community Project Requirements which are related to security leadership.
Work Study
Through participating in the Work Study Program students will be able to:
d. Apply (and reflect on) previously understood knowledge regarding leadership to the Work Study experience. After reading the STI leadership essay (located @ ) and performing Work Study, students will write a one and a half page essay about what they learned about leadership as a result of performing Work Study.
i. Method for Assessing: We will assess this objective by reviewing the Leadership Essay written by the student utilizing the checklist/rubric established.
e. Work productively in a team setting to achieve common goals.
i. Method for Assessing: We will assess this objective by reviewing the results of the student’s evaluation of performance by the Work Study Coordinator and by Instructor, including Question 2 which rates the quality of participation.
ii. Method for Assessing: We will assess this objective by reviewing the Leadership Essay utilizing the checklist/rubric established.
f. Demonstrate effective interpersonal skills; developing new (or further develop existing) networks of peers, faculty and/or staff.
i. Method for Assessing: We will assess this objective by reviewing the Leadership Essay written by the student utilizing the checklist/rubric established.
Group Discussion and Written Project
Through participating in the Group Discussion and Written Project (GDWP), students will be able to:
a. Work productively in a team setting to achieve common goals.
ii. Method for Assessing: We will assess this objective by reviewing the overall presentation (oral presentation, slides, paper) grade according to the requirements of the grading rubrics which is posted to the website.
iii. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student's use of leadership skills, as well as the performance and use of leadership skills of the other member(s).
b. Demonstrate characteristics associated with STI’s definition of leadership as outlined in the Leadership Essay at https:sans.edu/resources/leadershiplab/.
i. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student’s use of leadership skills as well as the performance and use of leadership skills of the other member(s). As we review the essay we will pay particular attention to the student’s communication skills utilized during the project.
c. Demonstrate effective project management skills (time management, organization, accountability, effective listening, including group ideas etc.) for an assignment that has a short turnaround time.
i. Method for Assessing: We will assess this objective by reviewing the students overall project grade.
ii. Method for Assessing: We will assess this objective by reviewing the reflection essays completed by the students. We will focus on what kind of project management methodology the students used during the project.
Joint Written Project
Joint Written Project- By preparing and completing a Joint Written Project with a partner, the student will be able to:
a. Work productively in a virtual team setting to achieve common goals.
i. Method for Assessing: We will assess this objective by reviewing the student’s (and the student’s partner’s) reflective essays.
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
b. Demonstrate effective project management skills (time management, organization, accountability, effective listening, including group ideas, etc.) for a complex assignment.
i. Method for Assessing: We will assess this objective by reviewing the student’s (and student’s partner’s) reflective essays focusing on project management methodologies used.
ii. Method for Assessing: We will assess this objective by reviewing student performance on the project plan section of the scoring rubric.
iii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
c. Since this assignment will be completed mostly through virtual interaction between partners (e-mail, phone, discussion boards, etc.) – simulating common real world interactions - students must demonstrate strong communication skills, both oral and written.
i. Method for Assessing: We will assess this objective by reviewing the student’s response (and partner’s response) to the communication component of the reflective essay.
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project.
d. Demonstrate characteristics associated with STI’s definition of leadership as outlined in the Leadership Essay at https:sans.edu/resources/leadershiplab/.
i. Method for Assessing: We will assess this objective by reviewing the reflection essay which asks students to reflect on their own performance and student’s use of leadership skills as well as the performance and use of leadership skills of the other member(s).
Teaching, Research and Education
Program Learning Objectives:
Master of Science in Information Security Engineering
Upon graduating from this program, students will be able to:
1. Demonstrate mastery of communication skills, in both written assignments as well as oral presentations.
a. Method for Assessing: We will assess this objective by reviewing student performance on written assignments and presentations at Residential Institutes. We will utilize our grading rubrics to accomplish this review.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form to determine if students are graduating the program with improved communication skills. The Exit Interview form includes a question asking students to indicate if/how their communication skills have improved.
2. Graduates will demonstrate an ability to conduct research, synthesize results and produce insightful and beneficial written projects and presentations.
a. Method for Assessing: We will assess this objective by utilizing grading rubrics designed to indicate the depth of knowledge of a written report and presentation.
b. Method for Assessing: We will assess this objective by reviewing student performance on Gold papers.
3. Apply theoretical ideas in information security to real world situations. Student will demonstrate “hands on” practical skills in applying theory to real world situations.
a. Method for Assessing: We will assess this objective by reviewing the results of the Group Discussion and Written Project assignment which requires students to apply current knowledge to a real world problem that needs to be addressed.
b. Method for Assessing: We will assess this objective by reviewing results of written assignments to determine if the student is effectively integrating what they learned in order to solve real world problems.
c. Method for Assessing: We will assess this learning objective by reviewing student performance on the GSE.
d. Method for Assessing: We will assess this objective by reviewing exam results
4. Demonstrate an understanding of the components needed to design, implement and manage an effective security awareness program.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 438: How to Establish a Security Awareness Program.
b. Method for Assessing: We will assess this objective by reviewing the evaluation form results that the audience provides in response to student’s Awareness Talk that student gives to the community at no cost/low cost. (Evaluation forms will be required for talks planned after June 2010).
5. Demonstrate an understanding of IT Security knowledge skills and abilities such as incident handling, hacker techniques and exploits and intrusion incident handling.
a. Method for Assessing: We will assess this objective by reviewing student performance in SEC 401: SANS Security Essentials
b. Method for Assessing: We will assess this objective by reviewing student performance in SEC 504: Hacker Techniques, Exploits, and Incident Handling
c. Method for Assessing: We will assess this objective by reviewing student performance of the GSE.
6. Demonstrate an understanding of IT security knowledge, skills and abilities in software security. (Applies to students admitted after May 22, 2008)
c. Method for Assessing: We will assess this objective by reviewing student performance in completing the Software Security requirement.
10. Understand the role of policy development in mitigating risks.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 404: Fundamentals of Info Sec Policy.
11. Demonstrate a broad based understanding of IT Security knowledge skills and abilities such as Host and Network Based Intrusion Detection, Honeypots, Firewalls and Perimeter Protection, Password Management, Information Warfare, Web Security, Network Fundamentals and IP Concepts and Behavior, Cisco Router Filters, Four Primary Threats for Perimeter Protection, PGP, Steganography, Anti-Viral Tools, Windows (2003, Vista, 2008 and Windows 7) Security Administration and Auditing, IIS Security, Unix Security Fundamentals
c. Method for Assessing: We will assess this objective by reviewing student performance in SEC 401: SANS Security Essentials
d. Method for Assessing: We will assess this objective by reviewing student performance on the GSE.
12. Demonstrate hands-on skills through the GIAC GSE lab exam (Applies to MSISE students admitted after September 15, 2008).
b. Method for Assessing: We will assess this learning objective by reviewing student performance on the GSE.
Master of Science in Information Security Management
Upon graduating from this program, students will be able to:
1. Demonstrate mastery of communication skills, in both written assignments as well as oral presentations.
a. Method for Assessing: We will assess this objective by reviewing student performance on written assignments and presentations at Residential Institutes. We will utilize our grading rubrics to accomplish this review.
b. Method for Assessing: We will assess this objective by reviewing responses from graduates on the Exit Interview form to determine if students are graduating from the program with improved communication skills. The Exit Interview form includes a question asking students to indicate if they believe their communication skills have improved.
2. Graduates will demonstrate an ability to conduct research, synthesize results and produce insightful and beneficial written projects and presentations.
a. Method for Assessing: We will assess this objective by utilizing grading rubrics designed to indicate the depth of knowledge of a written report and presentation.
b. Method for Assessing: We will assess this objective by reviewing student performance on Gold papers.
3. Apply theoretical ideas in information security to real world situations.
a. Method for Assessing: We will assess this objective by reviewing the results of the Group Discussion and Written Project assignment which requires students to apply current knowledge to a real world problem that needs to be addressed.
b. Method for Assessing: We will assess this objective by reviewing results of written assignments to determine if the student is effectively integrating what they learned in order to solve real world problems.
c. Method for Assessing: We will asses this objective by reviewing results of student performance during their teaching assistantship.
d. Method for Assessing: We will assess this objective by reviewing exam results
4. Demonstrate an understanding of the components needed to design, implement and manage an effective security awareness program.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 438: How to Establish a Security Awareness Program.
b. Method for Assessing: We will assess this objective by reviewing the evaluation form results that the audience provides in response to student’s Awareness Talk that student gives to the community at no cost/low cost. (Evaluation forms will be required for talks planned after June 2010).
5. Demonstrate an understanding of IT Security knowledge skills and abilities such as incident handling, hacker techniques and exploits.
a. Method for Assessing: We will assess this objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers.
b. Method for Assessing: We will assess this objective by reviewing student performance in SEC 504: Hacker Techniques, Exploits, and Incident Handling
6. Demonstrate an understanding of IT security knowledge, skills and abilities in software security. (Applies to students admitted after May 22, 2008).
a. Method for Assessing: We will assess this objective by reviewing student performance in completing the Software Security requirement.
7. Understand the role of policy development in mitigating risks.
b. Method for Assessing: We will assess this objective by reviewing student performance in MGT 404: Fundamentals of Info Sec Policy.
8. Demonstrate an understanding of the skills needed to manage others in the information security field. Graduates will develop a general understanding of the technical components of information assurance in order to provide better supervision to technologists.
b. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers
c. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 421: SANS Leadership and Management Competencies.
9. Demonstrate a broad based understanding of security essentials such as Network Fundamentals and Applications, Power, Cooling and Safety, Architectural Approaches to Defense in Depth, Cyber Attacks, Vulnerability Assessment and Management, Contingency and Continuity Planning, Awareness Management, Web Application Security, Offensive and Defensive Information Warfare and Audit.
a. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 512: SANS Security Leadership Essentials for Managers
10. Demonstrate an understanding of how multiple functions such as business, management, policy and law interact in a highly technical information security environment.
b. Method for assessing: We will assess this learning objective by reviewing student performance in LEG 523: Legal Issues in Information Technology & Information Security
11. Utilize a risk driven method for designing and auditing an enterprise security validation program.
b. Method for Assessing: We will assess this learning objective by reviewing student performance in Audit 507: Auditing Networks, Perimeters, & Systems
12. Demonstrate an understanding of why security controls and framework are important.
d. Method for Assessing: We will assess this learning objective by reviewing student performance in MGT 411: SANS 27002 Implementation & Management
13. Demonstrate an understanding of how to build ongoing compliance monitoring systems and how to automatically validate defenses through instrumentation and automation of audit checklists.
e. Method for Assessing: We will assess this learning objective by reviewing student performance in Audit 507: Auditing Networks, Perimeters, & System
Course Learning Objectives
All of our courses have corresponding learning objectives. Learning objectives are written in a way that highlights both the information that will be covered as well as the technical skills needed to successfully complete the certification associated with the course. Courses are updated about 3 times per year. Summaries of updates are provided to the Curriculum committee for review.
Community Project Requirement Learning Objectives
STI has created the following learning objectives and assessment methods for the Community Project Requirements which are related to teaching, research and education.
Group Discussion and Written Project
Through participating in the Group Discussion and Written Project (GDWP), students will be able to:
a. Analyze, evaluate and synthesize research and apply theoretical ideas to practical settings while formulating new or creative approaches to solving a particular problem.
i. Method for Assessing: We will assess this objective by reviewing the student’s performance on the written component which includes the executive summary.
b. Create a written report that demonstrates command of the English language, utilizing proper grammar and proper sentence syntax.
i. Method for Assessing: We will assess this objective by reviewing student performance on written component which includes the following: executive summary, body, and research shown in the written component.
c. Create a presentation that effectively highlights the major components of the written report.
i. Method for Assessing: We will assess this objective by reviewing student performance on the oral presentation and slides components
d. Demonstrate an ability to deliver technically based material that a CIO can fully understand.
i. Method for Assessing: We will assess this objective by reviewing student performance on oral presentation with slides component.
Joint Written Project
By preparing and completing a Joint Written Project with a partner, the student will be able to:
a. Analyze, evaluate and synthesize research and apply ideas to practical settings while formulating new or creative approaches to solving a particular problem.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the project using the Joint Written Project grading rubric.
b. Create a written report that demonstrates command of the English language, utilizing proper grammar and proper sentence syntax.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the paper portion of the grading rubric.
c. Create a presentation of Slides with Notes that effectively highlights the major components of the written report.
i. Method for Assessing: We will assess this objective by reviewing the score on the presentation component of the project.
Presentations
Through preparing for and conducting two (2) Presentations in front of an audience, students will be able to:
a. Synthesize previous research information into a technically strong yet succinct (15 slides with Notes, 30 minutes, plus 7-10 minutes for questions) presentation that educates the audience and provides value for the audience’s time.
i. Method for Assessing: We will assess this objective by reviewing student performance on the Slides with Notes and Hand-Outs section of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the students overall grade on the presentation
b. Use a presentation style that is audience appropriate while delivering the message in a clear and organized format.
i. Method for Assessing: We will assess this objective by reviewing student performance on the Oral presentation component of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
c. Display ‘Basic Presentation Skills’ as outlined in the presentation scoring rubric.
i. Method for Assessing: We will assess this objective by reviewing performance on the Basic Presentation Skills component of the presentation rubric
ii. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
d. Demonstrate effective question handling skills as outlined in the presentation scoring rubric.
i. Method for Assessing: We will assess this objective by reviewing student performance on the question handling section of the grading rubric.
e. Demonstrate the ability to brief information security professionals.
i. Method for Assessing: We will assess this objective by reviewing the student’s overall grade on the presentation
Teaching Assistantship
Through completing a Teaching Assistantship the student will be able to:
a. Effectively utilize technical troubleshooting techniques to assist in the learning process for others.
i. Method for Assessing: We will assess this objective by reviewing the overall Instructor/ TA Coordinator evaluation on TA performance.
b. Develop skills in managing a classroom of learners; such as being able to understand the needs of the group/students and address them proactively, serving multiple students simultaneously, remaining patient and friendly when responding to questions and issues, etc.
ii. Method for Assessing: We will assess this objective by reviewing the overall Instructor/ TA Coordinator evaluation on TA performance.
Security Awareness Talk
1. Security Awareness Talk- Through conducting a Security Awareness Talk to members of the community at no cost or low cost, student will be able to:
a. Increase awareness of civic responsibility in sharing information security knowledge with the community in advancing the mission of STI.
i. Method for Assessing: We will assess this objective by reviewing feedback given by co-worker/ supervisor of the talk. Additionally, the student will assess their own performance using the feedback form.
ii. Method for Assessing: The students will request the audience members to complete the feedback form, depending on the number of responses we will use this feedback as another method for assessing how the student did. The student will submit the completed feedback forms to the address designated by STI.
b. Effectively communicate with members of the community to address an information security related issue.
i. Method for Assessing: We will assess this objective by reviewing feedback given by co-worker/ supervisor of the talk. Additionally, the student will assess their own performance using the feedback form.
ii. Method for Assessing: The students will request the audience members to complete the feedback form, depending on the number of responses we will use this feedback as another method for assessing how the student did. The student will submit the completed feedback forms the address designated by STI.
c. Demonstrate project management skills by making arrangements for a place, time, audience, and other details described on the plan outline for the presentation.
i. Method for Assessing: We will assess this objective by reviewing the Awareness Talk plan the student submits before the presentation.
GSE
Objective Outcome - The GIAC promise is that holders of the GSE will have the following capabilities.
IDS and Traffic Analysis Domain
Capture Traffic
Demonstrate competence with common IDS tools a techniques for capturing traffic.
Analyze Traffic
Demonstrate the ability to decipher the contents of packet capture headers.
Interpret Traffic
Make correct judgments as to the nature of traffic to or from specific hosts in packet captures.
IDS Tools
Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Ethereal
Incident Handling Domain
IH Process
Demonstrate mastery of the Incident Handling process.
Common Attacks
Demonstrate a broad knowledge of computer and network attacks.
Malware
Demonstrate solid understanding of malware and how to handle infected computers.
Preserving Evidence
Demonstrate the ability preserve evidence relevant to an Incident investigation.
ITSEC Domain
Windows Security
Demonstrate general knowledge of Windows Security and proficiency in a Windows environment.
Unix Security
Demonstrate knowledge of Unix Security and proficiency in a Unix environment.
Secure Communications
Demonstrate an understanding of basic cryptography principles, techniques, and tools.
Protocols
Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols.
Security Principles
Consistently demonstrate and practice bedrock security principles.
Security Technologies Domain
Firewalls
Demonstrate competence with firewalls.
Vulnerability Scanners, and Port Scanners
Demonstrate competence with scanning tools including vulnerability and port scanners.
Sniffers and Analyzers
Demonstrate competence with Sniffers and Protocol Analyzers
Common Tools
Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc...
Soft Skills Domain
Security Policy and Business Issues
Demonstrate an understanding of the security policy and business issues including continuity planning.
Information Warfare and Social Engineering
Demonstrate an understanding of Information Warfare and Social Engineering.
Ability To Write
Demonstrate the ability to write quality technical reports or articles.
Ability to Analyze
Demonstrate the ability to analyze complex problems that involve multiple domains and skills.
Teamwork
Demonstrate the ability to work as a member of a team in a professional environment.
Appendix 4.1 – Individual Board Director Eval Form
Individual Board Director Evaluation Form - STI
Name: ________________ Date: _______________
Part A: Are you satisfied with your performance as a Director on the SANS Technology Institute (STI) Board in the following areas?
Please note “V” for Very Good, “A” for Adequate, or “N” for Needs Work.
• Input in policy development and decision-making - Each Director should attend scheduled board meetings, in person or via dial in, and respond to emails and calls for guidance. Directors are involved with the administration in setting important goals such as those set forth in the Strategic Plan.
RESPONSE: ______
• Supporting/guiding the mission of the college - (to produce the leaders in the field of information security). Directors are familiar with STI’s Mission Statement and strategic goals as set forth in the Strategic Plan. Each Director should be involved in activities that help achieve those goals.
RESPONSE: ______
• Committee participation - If each Director participates in at least one committee, this would help the Director become better aware of the issues and operations of the SANS Technology Institute.
RESPONSE: ______
• Community outreach - We need help from each Director to get the word out about SANS Technology Institute into the community.
RESPONSE: ______
Part B: Please respond to the following questions:
1. What factors contributed to your performance or lack of performance in the areas above:
2. Please indicate what you might need from the organization to maintain/increase your level of Board commitment:
3. Do you have any other comments or suggestions that will help the Board increase its effectiveness?
4. Do you have any comments or suggestions that will help college administrators increase their effectiveness?
[Note: The above was adapted from: ]
Part C: Supplemental Questions:
Please respond to the following statements indicating the degree to which you agree or disagree.
Please note “A” for Agree, “SA” for Somewhat Agree, or “D” for Disagree.
1. Board size is appropriate. ____
2. Composition of the Board is appropriate. ____
3. Board receives reasonable notice of when meetings are scheduled. ____
4. Board receives agendas that are sufficient for the Board to understand/prepare for the meetings. ____
5. Board meetings are run well, for example, they start and end timely, they allow members to participate. ____
6. New Directors on the Board are effectively oriented [Question not applicable if you are not a new Director.] ____
Part D: If you have any other comments you wish to share, please insert them below:
Note: If Directors have concerns about other Board Directors, the President, or any other officer’s performance on behalf of STI, they are encouraged to discuss it with Chair Alan Paller, apaller@.
-- Thank you for participating in this survey. – SANS Technology Institute
Appendix 4.2 – STI Board Self Eval Summary Report
STI Board Self Evaluation Summary Report June 2010
Part A: Are you satisfied with your performance as a Director on the SANS Technology Institute (STI) Board in the following areas?
Please note “V” for Very Good, “A” for Adequate, or “N” for Needs Work.
• Input in policy development and decision-making - Each Director should attend scheduled board meetings, in person or via dial in, and respond to emails and calls for guidance. Directors are involved with the administration in setting important goals such as those set forth in the Strategic Plan.
RESPONSE: ______
In response this category, overall Directors assessed their performance as very good. 8 out of 9 directors indicated very good while 1 director indicated adequate.
• Supporting/guiding the mission of the college - (to produce the leaders in the field of information security). Directors are familiar with STI’s Mission Statement and strategic goals as set forth in the Strategic Plan. Each Director should be involved in activities that help achieve those goals.
RESPONSE: ______
Six out of 9 Directors assessed their performance in this category as very good. Two out of 9 indicated adequate and 1 Director indicated their performance needs work in this category.
• Committee participation - If each Director participates in at least one committee, this would help the Director become better aware of the issues and operations of the SANS Technology Institute.
RESPONSE: ______
Two out of 9 Directors assessed their performance as very good in this category while 4 out of 9 directors indicated their performance was adequate. Three out of 9 Directors reported that their performance needs work in this category.
• Community outreach - We need help from each Director to get the word out about SANS Technology Institute into the community.
RESPONSE: ______
Five out of 9 Directors assessed their performance as very good in meeting the specifications of this category. Four out of 9 Directors indicated their performance was adequate.
Part B: Please respond to the following questions:
5. What factors contributed to your performance or lack of performance in the areas above:
AP: The nation’s intense need for the talented people that STI graduates motivates the Vs and time pressure motivates the As.
ES: Holding meetings just before or after each residential institute made it very convenient for me to participate. Also, Debbie Svoboda’s organized notes and action items, as well as her diligent reminders of upcoming meetings and actions were immensely helpful.
RP: Steve Northcutt’s weekly reports have been helpful. I enjoyed my visit to the conference held in Baltimore.
RH: It is not clear to me how the committees are selected and have never been asked to serve on any.
RW: I am quick to respond to all requests for feedback requested of the board.
SN: While my time is limited and I am involved in other things, I do not think I failed in any of the above.
LZ: I have provided feedback when such feedback was solicited by STI staff, both in my capacity as a Director and as a member of the Long Range Planning Committee. I participated in in-person and phone calls when they were scheduled. I read the necessary background documents in preparation to the meetings. I talked with my students and other security community members about STI. When opportunities arose, I volunteered my thoughts and feedback even without being explicitly asked for it.
DS: I would like to participate in more Committee activities, but I’m not sure how best to get involved. I discuss STI with all students in my SANS classes, and also in the community when consulting and speaking, but can always do more.
TJ: The Dean consistently provides Board Members with the opportunities to add Board perspective on a variety of issues, and I have been contacted many times to offer my views on a number of subjects. It should also be stated that our Dean has provided exceptional leadership and skills in directing the licensure and accreditation effort. She has provided great counsel to all Board members and continues to work with outside organizations with the greatest skill.
6. Please indicate what you might need from the organization to maintain/increase your level of Board commitment:
AP: Nothing more.
ES: Nothing additional required at this time.
RP: Nothing
RH: Willing to increase my participation.
RW: I am willing to participate in a committee as appropriate in order to increase my level of commitment.
SN: I am very excited about STI, count on me to be committed.
LZ: Nothing comes to mind.
DS: I would like some guidance on how best to help STI by participating in various Committee activities. I am willing and available to help.
TJ: An invitation for Board Members to attend periodic training sessions, and a mid-year Board meeting as this will provide more opportunity to become more fully engaged and helpful to both the Chairman; the President and the Dean.
7. Do you have any other comments or suggestions that will help the Board increase its effectiveness?
ES: I find the board to be quite effective, and have no additional suggestions.
RP: Communication can always be improved; this comment is appropriate for virtually all organizations. In short, the administration should always be cognizant of communication.
RH: I would like more updates on committee activities.
SN: Yes, but I made that in a separate note.
LZ: No, I think we are doing good.
DS: Perhaps slightly more frequent communication would be beneficial. Having some interaction quarterly would be useful, even if just via email or some other method.
8. Do you have any comments or suggestions that will help college administrators increase their effectiveness?
ES: Continued communication is crucial, especially regarding accreditation status.
SN: I think having an experienced business operator like Eric Bassel will be a major help.
LZ: No, I think we are doing good.
DS: Not at this time.
TJ: The Dean and her colleagues are doing an excellent job, and we need to provide more tangible encouragement so they will sustain their efforts.
[Note: The above was adapted from: ]
Part C: Supplemental Questions:
Please respond to the following statements indicating the degree to which you agree or disagree.
Please note “A” for Agree, “SA” for Somewhat Agree, or “D” for Disagree.
7. Board size is appropriate. ____
Seven out of 9 Directors indicated that they agree that the board size is appropriate while 2 out of 9 responded that they somewhat agree that the board size is appropriate.
8. Composition of the Board is appropriate. ____
Eight out of 9 Directors reported that they agree that the composition of the board is appropriate while 1 Director indicated that they somewhat agree that the composition of the Board is appropriate.
9. Board receives reasonable notice of when meetings are scheduled. ____
Nine out of 9 Directors agreed that they receive reasonable notice of when meetings are scheduled.
10. Board receives agendas that are sufficient for the Board to understand/prepare for the meetings. ____
Nine out of 9 Directors indicated that they agree that the board received agendas that are sufficient for the Board to understand/prepare for meetings.
11. Board meetings are run well, for example, they start and end timely, they allow members to participate. ____
Nine out of 9 Directors reported that they agree that Board meetings are run well.
12. New Directors on the Board are effectively oriented [Question not applicable if you are not a new Director.] ____
SN: I am not a new director, but I do think we should consider an additional director in training position.
Part D: If you have any other comments you wish to share, please insert them below:
TJ: The outstanding work of Chairman Alan Paller has been and continues to be exceptional. His expertise in the field, and the thoughtful and sensitive manner in which his leadership is exercised is most praiseworthy. He provides the Board with full opportunities to become engaged on any issue.
Regarding the performance of our President, one can only summarize his abilities and leadership as exceptional. The numerous decisions that he makes, the manner in which he interacts with students, board members, and professional colleagues is simply outstanding. Having been a University faculty member and administrator for more than 30 years, I can honestly attest to his unique and outstanding qualities, and state he is one of the best Presidents I have ever observed.
Note: If Directors have concerns about other Board Directors, the President, or any other officer’s performance on behalf of STI, they are encouraged to discuss it with Chair Alan Paller, apaller@.
-- Thank you for participating in this survey. – SANS Technology Institute
Appendix 5.1 – Faculty List
FACULTY - SANS Technology Institute
Name: Dr. Johannes Ullrich
Title/Role: STI Dean of Faculty, SANS Certified Instructor, STI Committee Member, STI & SANS Chief Research Officer, Manager of GIAC Gold Program, Manager of the Internet Storm Center
Most Advanced Degree: Ph.D. Physics, SUNY Albany
Field of Experience: Information Security Research Expert. See details below.
Discipline: Security
Dr. Johannes Ullrich is Dean of Faculty, Chief Research Officer and a faculty member. Johannes also serves on the following SANS Technology Institute committees: Faculty and Administration, Curriculum and Long Range Planning. As chief research officer, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.
[pic]
Name: Dr. Eric Cole
Title/Role: STI Department Chair, SANS Faculty Fellow, Course Lead, Course Author, STI Faculty Advisor Chair, STI Committee Member
Most Advanced Degree: Ph.D., Computer Science, Pace University
Field of Experience: Information Security Expert. See details below.
Discipline: Security and Management
Dr. Eric Cole is the Department Chair of SANS Technology Institute, faculty member, general faculty advisor, and he teaches, maintains and develops courseware. Eric serves on the following SANS Technology committees: Faculty and Administration, Curriculum, and Academic and Student Affairs. He is an industry recognized security expert, with over 15 years of hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. He is a SANS Faculty Fellow and course author.
[pic]
Name: President Stephen Northcutt
Title/Role: STI President, Ex-Officio Director on the Board of SANS Technology Institute, SANS Faculty Fellow, Course Author, Course Lead, STI Committee Member, STI Faculty Advisor
Most Advanced Degree: Bachelor of Science, Mary Washington College
Discipline: Security and Management
Stephen Northcutt founded the GIAC certification and serves as president of the SANS Technology Institute, a postgraduate level IT security college. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.
Since 2007 Stephen has conducted over 34 in depth interviews with leaders in the security industry, from CEOs of security product companies to the most well known practitioners in order to research the competencies required to be a successful leader in the security field. He maintains the SANS Leadership Laboratory where research on these competencies is posted. He is the lead author for Execubytes, a monthly newsletter that covers both technical and pragmatic information for security managers. He leads the Management 512 Alumni forum, where hundreds of security managers post questions. He is the lead author/instructor for Management 512: SANS Security Leadership Essentials, a prep course for the GSLC certification that meets all levels of requirements for DoD Security Managers per DoD 8570 and he also is the lead author/instructor for Management 421: Management and Leadership Competencies. Stephen also blogs at the SANS Security Leadership blog.
[pic]
Name: Ed Skoudis
Title/Role: Director on the Board of SANS Technology Institute, SANS Faculty Fellow, Course Lead, STI Faculty Advisor, Penetration Testing Development Second Chair
Most Advanced Degree: M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
Field of Experience: Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
Discipline: Security
Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed serves on the Board of Directors of SANS Technology Institute. He also serves on the following SANS Technology Institute committees: Faculty Administration and Curriculum.
Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips.
[pic]
Name: Lenny Zeltser
Title/Role: Director on the Board of SANS Technology Institute, SANS Senior Instructor, Course Lead, STI Committee Member
Most Advanced Degree: M.B.A. from M.I.T.
Field of Experience: Security. See details below.
Discipline: Security, Management, Forensics
Lenny Zeltser leads the security consulting practice at Savvis, where he focuses on designing and operating security programs for cloud-based IT infrastructure. Lenny's other area of specialization is malicious software; he teaches how to analyze and combat malware at the SANS Institute. He is also a member of the board of directors for the SANS Technology Institute and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.
Lenny is one of the few individuals in the world who has earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see and
[pic]
Name: Dave Shackleford
Title/Role: Director on the Board of SANS Technology Institute, SANS Certified Instructor
Most Advanced Degree: Masters in Business Administration, Georgia State University
Field of Experience: Security. See details below.
Discipline: Security, Audit, Management
Dave Shackleford is EMC's chief security strategist, as well as the head of the Center for Policy and Compliance, a group focused on developing controls for industry and regulatory compliance initiatives. He is also an instructor and course author for the SANS Institute, where he serves as a GIAC technical director. Previously, Dave worked as chief technical officer for both the Center for Internet Security and a security consulting firm in Atlanta where he became one of the first Visa-certified Qualified Security Assessors while managing the firm's PCI compliance practice. He has managed information security for a major airline and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition, he has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture, and engineering. Dave is the co-author of Hands-On Information Security from Course Technology as well as the "Managing Incident Response" chapter in the Course Technology book Readings and Cases in the Management of Information Security. Recently, Dave co-authored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the Technology Association of Georgia's Information Security Society and the SANS Technology Institute.
[pic]
Name: Alan Paller
Title/Role: Chair and Director on Board of SANS Technology Institute, Advisor on Presentations, STI Committee Member
Most Advanced Degree: Masters, Engineering, Massachusetts Institute of Technology; and B.S., Engineering, Cornell University.
Field of Experience: Public Policy and Marketing Security in Large Organizations. See details below.
Discipline: Security
Alan Paller is the director of research for the SANS Institute, responsible for projects ranging from the SANS Internet Storm Center (the Internet’s early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. Alan advises STI Master’s candidates in preparing and giving presentations. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.
Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.
He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.
[pic]
Name: Rob Lee
Title/Role: SANS Faculty Fellow, Course Lead, Course Author, Forensics Development Second Chair
Most Advanced Degree: M.B.A. Georgetown University, Washington D.C.; B.S. Space Operations Engineering, U.S. Air Force Academy
Field of Experience: Forensics. See details below.
Discipline: Forensics
Rob Lee is a member of ManTech's Computer Forensics & Intrusion Analysis Division that provides advanced computer forensics and intrusion operations support to the national security and intelligence communities. He works for commercial and government clients, providing incident response, forensics, intrusion detection, vulnerability analysis, and specialized R&D. Rob is a graduate of the U.S. Air Force Academy. He served in the U.S. Air Force performing intrusion detection while at the 609th Information Warfare Squadron. As a member of the Air Force Office of Special Investigations he performed network wiretaps, computer forensics, and conducted computer crime intrusion investigations. Rob regularly assists the Honeynet Project and coauthored the bestselling book, Know Your Enemy, 2nd Edition.
[pic]
Name: Jeff Frisk
Title/Role: SANS Certified Instructor, Course Lead, Course Author, STI Committee Member, Director of GIAC Certification Program
Most Advanced Degree: BS, Engineering, Rochester Institute of Technology
Field of Experience: Engineering, Project Management.
Discipline: Management
Jeff Frisk currently serves as the director of the GIAC certification program and is a member of the STI Curriculum Committee. Jeff holds the PMP certification from the Project Management Institute and GIAC GSEC credentials. He also is a certified SANS instructor and course author for MGT 525. He has worked on many projects for SANS and GIAC including courseware, certification and exam development. Jeff has an engineering degree from The Rochester Institute of Technology and more than 15 years of IT project management experience with computer systems, high tech consumer products, and business development initiatives. Jeff has held various positions including managing operations, product development, electronic systems/computer engineering. He has many years of international and high-tech business experience working with both big and small companies to develop computer hardware/software products and services.
[pic]
Name: David Hoelzer
Title/Role: SANS Faculty Fellow, Course Lead, Course Author, STI Faculty Advisor, STI Committee Member, Audit Development Second Chair
Most Advanced Degree: B.S. in Information Technology, Summa Cum Laude.
Field of Experience: Intrusion Detection and Auditing. See details below.
Discipline: Security, Management, Audit
David Hoelzer is a high scoring certified SANS instructor and author of more than twenty sections of SANS courseware. He is an expert in a variety of Information Security fields having served in most major roles in the IT and Security industries over the past twenty five years. Recently, David was called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. David has been highly involved in governance at SANS Technology Institute, serving as a member of the Curriculum Committee. As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories and many colleges and universities. David is a Research Fellow in the Center for Cybermedia Research; and also a Research Fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC). He also is an adjunct research associate of the UNLV Cybermedia Research Lab and a Research Fellow with the Internet Forensics Lab. David has written and contributed to more than 15 peer reviewed books, publications and journal articles. Currently, David serves as the Principal Examiner & Director of Research for Enclave Forensics; a New York/Las Vegas based incident response and forensics company. He also serves as the Chief Information Security Officer for Cyber-Defense, an Open Source security software solution provider. In the past, David served as the Director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT, Summa Cum Laude, having spent time either attending or consulting for Stony Brook University, Binghamton University & American Intercontinental University.
[pic]
Name: Richard Hammer
Title/Role: Director on the Board of SANS Technology Institute, STI Course Advisor
Most Advanced Degree: Master of Science in Information Security Engineering, SANS Technology Institute
Field of Experience: See details below.
Richard is a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, GSPA certifications, CISSP and Security+ certifications, CEH certification. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE). Richard serves on the Board of Directors of SANS Technology Institute.
[pic]
Other Faculty - SANS Technology Institute
Name: Tanya Baccam
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: B.S. Dordt College, Management Information Systems, Business Administration, and Accounting.
Field of Experience: Security Services. See details below.
Courses: Security, Audit
Tanya is a SANS senior certified instructor, as well as a SANS courseware author. With more than 10 years of information security experience, Tanya has consulted with a variety of clients about their security architecture including areas such as perimeter security, network infrastructure design, system audits, web server security and database security. Currently, Tanya provides a variety of security consulting services for clients such as system audits, vulnerability and risk assessments, database assessments, web application assessments and penetration testing. She has previously worked as the Director of Assurance Services for a security services consulting firm and served as the Manager of Infrastructure Security for a healthcare organization. She also served as a Manager at Deloitte & Touche in the Security Services practice. Tanya has played an integral role in developing multiple business applications and currently holds the CPA, GIAC GCFW, GIAC GCIH, CISSP, CISM, CISA, CCNA, and OCP DBA certifications. Tanya completed a Bachelor of Arts degree with majors in Accounting, Business Administration and Management Information Systems.
[pic]
Name: George Bakos
Title/Role: SANS Certified Instructor
Most Advanced Degree: Credits in Computer Science, Science, and English Science
Field of Experience: Intrusion Detection. See details below.
Discipline: Security
George Bakos has been interested in computer security since the early 1980s when he discovered the joys of BBSs and corporate databases. These days he is a senior engineer for Northrop Grumman's Cyber Threat Analysis & Intelligence team working to understand what's going on inside the minds and hearts of his adversaries. He was the developer of Tiny Honeypot and the IDABench intrusion analysis system and was one of the researchers behind the Dartmouth Distributed Honeynet System. George developed and taught the U.S. Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams nationwide. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.[pic]
Name: Chris Brenton
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: Electrical Engineering Courses at North Eastern in Boston
Field of Experience: Security, Incident Handling. See details below.
Discipline: Security
Chris Brenton is a private consultant with over ten years of experience in the field. He is one of the founding members of the initial Honeynet Project and one of the original Internet Storm Center handlers, and he started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Protection In-Depth course. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.[pic]
Name: Guy Bruneau
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: B.A. in Information Technology, University of Quebec
Field of Experience: Security, Incident Handling, Packet Forensics, Vulnerability Assessment, Intrusion Detection and Prevention. See details below.
Discipline: Security
Guy is a Senior Security Consultant with IPSS Inc. in Ottawa, Ontario. He works within IPSS Inc. security practice assisting clients with their Security needs, implementation and engineering of Intrusion Detection/Prevention Systems (IDS/IPS) on large networks, integration of Enterprise Security Management (ESM) solutions, Network Packet Forensic analysis, Network Security Auditing, and Incident Response and Reporting. Guy has a B.A. (IT) from University of Quebec, holds GIAC GSEC, GCIA, GCIH, GCUX and GCFA certifications. He is a SANS a course author, SANS certified instructor and a SANS Incident Storm Center handler. He authored the OS hardened Snort with Sguil IDS platform and DNS Sinkhole platform where both ISO are freely available at: .
[pic]
Name: Eric Conrad
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S. Information Security Engineering, SANS Technology Institute
Field of Experience: Security. See details below.
Discipline: Security
Certified SANS instructor Eric Conrad is lead author of the book The CISSP Study Guide. Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now president of Backshore Communications, a company focusing on intrusion detection, incident handling, information warfare, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at .
[pic]
Name: Ted Demopoulos
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S., Mathematics, University of New Hampshire
Field of Experience: Security. See details below.
Discipline: Security; Management and Developer
Ted Demopoulos' first significant exposure to computers was in 1977 when he had unlimited access to his high school's PDP-11 and hacked at it incessantly. He consequently almost flunked out but learned he liked playing with computers a lot. His business pursuits began in college and have been continuous ever since. His background includes over 20 years of experience in information security and business, including 15+ years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other businesses. Ted is a frequent speaker at conferences and other events, quoted often by the press, and blogs on new media at . In his spare time he writes books on Web 2.0, including Blogging for Business and What No One Ever Tells You About Blogging and Podcasting. He also has an ongoing software concern in Hong Kong, The Arial Group, an enterprise risk management solutions provider. Ted lives in New Hampshire with his wife, three children and dog.
[pic]
Name: Jason Fossen
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: Masters, Philosophy of Science, University of Texas at Austin
Field of Experience: Security with Microsoft/Windows Emphasis. See details below.
Discipline: Security
Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute's week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He graduated from the University of Virginia, received his master's degree from the University of Texas at Austin, and holds a number of professional certifications. He currently lives in Dallas, Texas. Jason blogs about Windows Security Issues on the SANS Windows Security Blog.[pic]
Name: Bryce Galbraith
Title/Role: SANS Certified Instructor
Most Advanced Degree: Computer Science Courses
Field of Experience: Security
Discipline: Security
Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem. As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies as well as being a senior member of Foundstone's world-renowned attack and penetration team. Bryce also served as senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On series. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce currently teaches Security 504: Hacker Techniques, Exploits, and Incident Handling, Security 560: Network Penetration Testing and Ethical Hacking, Security 517: Cutting-Edge Hacking Techniques, Security 550: Information Reconnaissance: Competitive Intelligence and Online Privacy, Security 401: SANS Security Essentials Bootcamp Style, Security 553: Metasploit for Penetration Testers, Security 561: Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells, and several other courses for the SANS Institute. Bryce is an active member of several security-related professional organizations, he speaks at a variety of conferences, and he holds a number of certifications: CISSP, GCIH, GSEC, CEH, CHFI, Security+, and CCNA. Bryce is currently the chief hacking officer at Layered Security, where he provides vulnerability assessment services to clients around the world. Bryce also blogs about security issues at .
[pic]
Name: Jess Garcia
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.Sc. in Telecommunications Engineering, Univ. Politecnica de Madrid
Field of Experience: Security. See details below.
Discipline: Security and Forensics
Jess Garcia, founder of One eSecurity, is a senior security engineer with over 15 years of experience in information security. During the last five years Jess has worked on highly sensitive projects in Europe, the United States, Latin America, and the Middle East with top global customers in the financial, insurance, corporate, media, health, communications, legal, and government sectors. His work has included incident response, computer forensics, malware analysis, security architecture design and review, and more. Previously, Jess worked for 10 years as a systems, network, and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations.
Jess is a frequent speaker at security events, having been invited to dozens of them around the world during the last few years. Jess has also contributed to several books, articles, SANS courseware, the GIAC program, etc. Jess is an active security researcher in areas such as incident response and computer forensics and honeynets. Jess holds a Master’s of Science in telecommunications engineering from the Univ. Politecnica de Madrid.
[pic]
Name: Jonathan Ham
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: M.S.,CIS-Information Systems Security, University of Denver; B.A., Anthropology, University of Nebraska-Lincoln.
Field of Experience: Packet Analysis, Incident Response, Large-Scale Enterprise and Program Management
Discipline: Security
Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He's been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.
[pic]
Name: Jim Herbeck
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.A., Major in Computer Science and Minor in Business Administration, University of Iowa
Field of Experience: Computer Science. See details below.
Discipline: Security, Management, Audit
Jim Herbeck, CISSP, is a managing partner and principal consultant at NOUVEL Strategies, an information risk and security management company based in Geneva, Switzerland.
Jim is a co-founder and advisory board member for the Business Information Security Competency Center at the Geneva School of Business Administration. The center is focused on performing information security research, training, and resources that is business-oriented.
Jim has spent over 20 years working with information systems in commercial, government, academic, and research environments, both in the US and Europe. He received a computer science degree from the University of Iowa and has been an adjunct professor for the Computer Science Department at the University of New Mexico.
[pic]
Name: Mark Hofman
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Major in Computing, Minor in Management, Northern Territory University.
Field of Experience: Security. See details below.
Discipline: Security, Management, Audit
Mark Hofman is a director and founder of Shearwater Solutions and has over 15 years' experience in ICT Security. He has worked for both private industry and government and has provided a wide range of information security consulting services to numerous organizations, including the financial sector, private sector, and government organizations. Mark has had a number of publications, has trained and lectured internationally, and is a handler for the Internet Storm Center. Mark holds professional certifications, including CISSP, GIAC GCFW, CompTIA Security+ and BSI lead auditor accreditations. [pic]
Name: Kevin Johnson
Title/Role: SANS Certified Instructor
Most Advanced Degree: See qualifications below
Field of Experience: Security. See details below [in bio paragraph]
Discipline: Security, Developer, Forensics
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.[pic]
Name: Frank Kim
Title/Role: SANS Certified Instructor, Course Lead, Course Author , Developer Development Second Chair
Most Advanced Degree: Bachelor of Science, UC Berkeley
Field of Experience: Security and application development. See details below.
Discipline: Security; Development
Frank Kim is a co-founder and principal consultant with Think Security Consulting (), a San Francisco Bay area based application security consulting firm. Frank is an author and instructor for SANS Security 541: Secure Coding in Java/JEE. He has over ten years of experience developing applications using Java/Java EE and has designed and developed Web applications for large health care, technology, insurance, and consulting companies. Frank currently focuses on integrating security into the software development life cycle by doing penetration testing, security assessments, architecture reviews, code reviews, and training. Frank holds the CISSP, GPEN, GCIH, GCFA, GCIA, and GSSP Java certifications and is a Sun Certified Java Developer and Programmer.
[pic]
Name: Jason Lam
Title/Role: SANS Certified Instructor, Course Lead, Course Author
Most Advanced Degree: B.A. Computer Science, York University
Field of Experience: Secure development, Penetration testing and Merger & Acquisition Security. See details below
Discipline: Security; Developer
Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He currently holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.
[pic]
Name: Randy Marchany
Title/Role: SANS Certified Instructor, STI Committee Member
Most Advanced Degree: Master of Science MSEE, Computer Engineering, Virginia Polytechnic and State University: B.S., Computer Science, Virginia Polytechnic Institute and State University
Field of Experience: Security. See details below.
Discipline: Security
Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech’s IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.
[pic]
Name: Seth Misenar
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Philosophy, Millsaps College
Field of Experience: Network Security, Intrusion Detection, Penetration Testing. See details below.
Discipline: Security
Seth Misenar is a certified SANS instructor and also serves as lead consultant and founder of Jackson, Mississippi-based Context Security, which provides information security though leadership, independent research, and security training. Seth's background includes network and Web application penetration testing, vulnerability assessment, regulatory compliance efforts, security architecture design, and general security consulting. He has previously served as both physical and network security consultant for Fortune 100 companies as well as the HIPAA and information security officer for a state government agency. Prior to becoming a security geek, Seth received a BS in philosophy from Millsaps College, where he was twice selected for a Ford Teaching Fellowship. Also, Seth is no stranger to certifications and thus far has achieved credentials which include, but are not limited to, the following: CISSP, GPEN, GWAPT, GSEC, GCIA, GCIH, GCWN, GCFA, and MCSE. Beyond his security consulting practice, Seth is a regular instructor for SANS. He teaches numerous SANS classes, including SEC401: SANS Security Essentials Bootcamp Style, SEC504: Hacker Techniques, Exploits, and Incident Handling, and SEC542: Web App Penetration Testing and Ethical Hacking. Seth also serves as both virtual mentor and technical director for SANS OnDemand, the online course delivery arm of the SANS Institute.
[pic]
Name: Michael Murr
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Major in Computer Science, Minor in Mathematics, California State University at Channel Islands
Field of Experience: Forensics. See details below.
Discipline: Security, Forensics
Michael has been a forensic analyst with Code-X Technologies for over five years, has conducted numerous investigations and computer forensic examinations, and has performed specialized research and development. Michael has taught SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling), SANS Security 508 (Computer Forensics, Investigation, and Response), and SANS Security 601 (Reverse-Engineering Malware); has led SANS@Home courses; and is a member of the GIAC Advisory Board. Currently, Michael is working on an open-source framework for developing digital forensics applications. Michael holds the GCIH, GCFA, and GREM certifications and has a degree in computer science from California State University at Channel Islands. Michael also blogs about Digital forensics on his Forensic Computing blog. [pic]
Name: Hal Pomeranz
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: BA in Mathematics with Minor in Computer Science from Swarthmore College
Field of Experience: Security, Linux/Unix. See details below.
Discipline: Security
Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than fifteen years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. He is the Technical Editor for SysAdmin Magazine and was the recipient of the 2001 SAGE Outstanding Achievement award for his teaching and leadership in the field of System Administration. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming. Hal also blogs about command line tips on a regular basis.
[pic]
Name: Mike Poor
Title/Role: SANS Senior Instructor, Course Lead, Course Author
Most Advanced Degree: See qualifications below.
Field of Experience: Intrusion Detection, Response, and Mitigation. See details below.
Discipline: Security
Mike is a founder and Senior Security Analyst for the DC firm InGuardians, Inc. In the past he has worked for Sourcefire as a research engineer and for SANS leading their Intrusion Analysis Team. As a consultant Mike conducts incident response, breach analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds the GCIA certification and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort series of books from Syngress, member of the Honeynet Project and is a Handler for the SANS Internet Storm Center.
[pic]
Name: Megan Restuccia
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.B.A. Colombia University; B.S. Computer Science, William Paterson University
Field of Experience: Security
Discipline: Security
Megan is currently a certified instructor with the SANS Institute as well as a vice president at Morgan Stanley. She has over 14 years' experience in information technology with an extensive background in networking in Unix/Linux and Windows environments for both small and large implementations. Megan currently holds professional certifications, including RHCE, CCWD, CISSP, GSEC, and GIAC GREM, and a certificate in GGSC. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and desktop encryption.[pic]
Name: David Rice
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: M.S., Systems Engineering and Information Warfare, Naval Postgraduate School; and B.S., Physics and General Engineering, U.S. Naval Academy.
Field of Experience: Security. See details below.
Discipline: Security, Audit, Developer
David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.[pic]
Name: Marcus Sachs
Title/Role: SANS Senior Instructor
Most Advanced Degree: Masters in Computer Science with a concentration in Information Security from James Madison University, Masters in Science and Technology Commercialization from The University of Texas at Austin, Bachelors in Civil Engineering. He is currently pursuing a Ph.D. in Public Policy with a concentration in Science and Technology.
Field of Experience: Security Essentials, Malware, Management, National Security Policy
Discipline: Security and Management
Marcus Sachs serves as executive director of government affairs for national security and cyber policy at Verizon in Washington, DC. Prior to joining Verizon in August 2007, he was the deputy director of SRI International's Computer Science Laboratory. Marcus has served as the director of the SANS Internet Storm Center since 2003 and is an internationally recognized computer security expert. He brings nearly 30 years of professional experience to SANS, including 20 years of active military service as an officer in the United States Army and two years of national cyberspace security policy development as a Presidential appointee to the National Security Council staff in the George W. Bush administration. Marcus was the first cyber security official assigned to the Department of Homeland Security in 2003 where he developed the initial concept and strategy for the creation of the United States Computer Emergency Readiness Team. He was also a founding member of the Defense Department's Joint Task Force for Computer Network Defense, created in 1998 as the first US military organization designed to fight foreign threats in cyberspace. He is currently the secretary of the Communications Sector Coordinating Council and is a member of the CSIS Commission on Cyber Security for the 44th Presidency. Marcus is a licensed professional engineer in Virginia.
[pic]
Name: Richard Salgado
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: J.D., Law, Yale Law School
Field of Experience: Legal Issues. See details below.
Discipline: Forensics
Richard P. Salgado is a Senior Counsel with Google for information security and law enforcement matters. Prior to joining Google, Mr. Salgado was with Yahoo!, focusing on international security and compliance work. He also served as Senior Counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code and other technology-driven privacy crimes.
In 2005, Mr. Salgado joined Stanford Law School as a legal lecturer on Computer Crime, and on Internet Business Legal and Policy Issues; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School, and as a faculty member of the National Judicial College. Mr. Salgado regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence and related criminal conduct. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his J.D. from Yale Law School.
[pic]
Name: Eugene Schultz
Title/Role: SANS Certified Instructor
Most Advanced Degree: Ph.D., Cognitive Sciences, Purdue University
Field of Experience: Information Security & Technology
Discipline: Security and Management
Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases. [pic]
Name: Raul Siles
Title/Role: SANS Certified Instructor
Most Advanced Degree: Masters, Computer Science from UPM (Spain) and a postgraduate in Security and E-commerce
Field of Experience: Security. See details below.
Discipline: Security
Raul Siles is a founder and senior security analyst with Taddong. His more than 10 years of expertise performing advanced security services and solutions in various worldwide industries include security architecture design and reviews, penetration tests, incident handling, forensic analysis, security assessments, and information security research in new technologies, such as Web applications, wireless, honeynets, virtualization, mobile devices, and VoIP. Raul is one of the few individuals who have earned the GIAC Security Expert (GSE) designation. He is a SANS Institute author and instructor of penetration testing courses, a regular speaker at security conferences, author of security books and articles, and contributes to research and open-source projects. He loves security challenges, is a member of international organizations, such as the Honeynet Project, and is a handler for the Internet Storm Center (ISC). Raul holds a master's degree in computer science from UPM (Spain) and a postgraduate in security and e-commerce. More information can be found at .
[pic]
Name: Stephen Sims
Title/Role: SANS Certified Instructor , Course Lead, Course Author
Most Advanced Degree: M.S. Information Assurance, Norwhich University (anticipated by end of 2010); B.S., Information Technology, University of Phoenix
Field of Experience: Security
Discipline: Security
Stephen Sims is an information security consultant currently working for Wells Fargo in San Francisco, California. He has spent the past eight years in San Francisco working for several large financial institutions on network and systems security, penetration testing, exploitation development, risk assessment and management. Prior to San Francisco, Stephen worked in the Baltimore/DC area as a network security engineer for companies such as General Motors and Sylvan Prometric. He is one of only a handful of individuals who hold the GIAC Security Expert (GSE) Certification and also helps to author and maintain the current version of the exam. He is a SANS certified instructor and the course author of SANS' first and only 700-level course, SEC709: Developing Exploits for Penetration Testers and Security Researchers. Stephen also holds the CISSP, CISA, and Network Offense Professional (NOP) certification, amongst others.[pic]
Name: John Strand
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: Master of Applied Science, Computer Information Systems, University of Denver
Field of Experience: Security. See details below.
Discipline: Security
John Strand currently is the owner and senior security researcher with Black Hills Information Security, and a consultant with Argotek, Inc for TS/SCI programs. As a certified SANS instructor he teaches: 504 "Hacker Techniques, Exploits and Incident Handling," 517, "Cutting Edge Hacking Techniques," and 560 "Network Penetration Testing." He is a contributing author of Nagios 3 Enterprise Network Monitoring, and a regular contributor to SearchSecurity's "Ask the Expert" series on the latest information security threats. He also regularly posts videos demonstrating the latest computer attacks and defenses at album/26207. He started the practice of computer security with Accenture Consulting in the areas of intrusion detection, incident response, and vulnerability assessment/penetration testing. John then moved on to Northrop Grumman specializing in DCID 6/3 PL3-PL5 (multi-level security solutions), security architectures, and program certification and accreditation. He has a master's degree from Denver University and is currently also a professor at Denver University. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.
[pic]
Name: Chad Tilbury
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S., Computer Science, Northeastern University; B.S. Computer Science, U.S. Air Force Academy
Field of Experience: Forensics, Incident Handling, Network Security. See details below.
Discipline: Forensics, Security
Chad Tilbury has spent over ten years responding to computer intrusions and conducting forensic investigations. His extensive law enforcement and international experience stems from working with a broad cross-section of Fortune 500 corporations and government agencies around the world. During his service as a Special Agent with the Air Force Office of Special Investigations, he investigated and conducted computer forensics for a variety of crimes, including hacking, abduction, espionage, identity theft, and multi-million dollar fraud cases. He has led international forensic teams and was selected to provide computer forensic support to the United Nations Weapons Inspection Team. Chad has worked as a computer security engineer and forensic lead for a major defense contractor and more recently as the Vice President of Worldwide Internet Enforcement for the Motion Picture Association of America. In that role, he managed Internet anti-piracy operations for the seven major Hollywood studios in over sixty countries. Chad is a graduate of the U.S. Air Force Academy and holds a B.S. and M.S. in Computer Science as well as GCFA, GCIH, and CISSP certifications. He is currently a consultant specializing in incident response, e-Discovery, and computer forensics.
[pic]
Name: James Tarala
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: Master’s Certificate in Information Assurance, University of Maryland
Field of Experience: Security and Audit. See details below.
Discipline: Audit, Security, Management
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.
[pic]
Name: Benjamin Wright
Title/Role: SANS Senior Instructor, Course Lead, Course Author, Legal Development Second Chair
Most Advanced Degree: JD, Law, Georgetown University Law Center
Field of Experience: Legal Issues. See details below.
Discipline: Legal
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 26 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular blog at .
[pic]
Name: Joshua Wright
Title/Role: SANS Senior Instructor, Course Lead, Course Author
Most Advanced Degree: B.S., Information Science, Johnson and Wales University in Providence, Rhode Island.
Field of Experience: Security. See details below.
Discipline: Security
Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to significantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics. He also blogs about ethical hacking tips.
Appendix 5.2 – Description of Faculty Duties; Dean & Dept. Chair
DRAFT - 0810
Description of Duties of STI Department Chair & STI Dean of Faculty
STI Department Chair - Reports to President:
The Department Chair is also the Chair of the Faculty Committee, Chair of the Curriculum Committee; Chair of the Academic and Student Affairs Committee, General Faculty Advisor to Students and Faculty Adviser Department Chair; and Faculty member. The Department Chair’s duties include:
Overseeing curriculum review along with the Dean of Faculty. This will be in coordination with the President, and other members of the STI Curriculum Committee. Recommendations will be provided periodically to the Academic and Student Affairs Committee, and reports and major changes will be submitted to the Board of Directors.
Maintaining and/or overseeing the update of courses in the STI curriculum.
Assisting in the review of periodic summary reports about (1) master's student’s performance on Learning and Assessment Objectives, (2) evaluation of instructors of master's students, in order to recommend ways of improving teaching and learning. These reports will be submitted to the STI Curriculum Committee/STI Faculty Academic Committee as appropriate, and other appropriate persons if applicable. It will be determined if action is needed, and action items will be assigned to the appropriate person who will report back to the group.
On a rotational basis, grade or assist in grading the master's student's Community Project Requirements.
Performing the following duties periodically or on a rotational basis: attend round-table meetings with master's students at the Residential Institutes, give the presentation known as the STI Brief to interested persons at the Residential Institutes, lead or co-lead meetings among STI faculty.
Attending STI Board meetings when requested and when reasonably possible. Attendance by conference phone generally is acceptable.
Teaching courses;
Teaching new courses on a test basis and recommending improvements;
Working with identified instructors who are having difficulties to assist in determining problem areas and make suggestions to improve teaching;
Helping mentor new faculty and working to achieve a consistent teaching base across all classes.
Other duties as assigned by the President.
STI Dean of Faculty - Reports to President:
Member of the STI Faculty Committee; Faculty member; Chief Research Officer; Manager of Internet Storm Center; Manager of Gold Program; Chair of the Long Range Planning Committee. The Dean of Faculty’s duties include:
Overseeing curriculum review along with the Department Chair. This will be in coordination with the President, and other members of the STI Curriculum Committee. Recommendations will be provided periodically to the Academic and Student Affairs Committee., and reports and major changes will be submitted to the Board of Directors.
Managing research activities.
Managing the Internet Storm Center under a contract with SANS.
Providing academic oversight to assure that the quality of the GIAC Certification and GIAC Gold Certification Programs meets the quality requirements.
Assisting in the review of periodic exam assessment summary reports about (1) master's student’s performance on Learning and Assessment Objectives, (2) evaluation of instructors of master's students, in order to recommend ways of improving teaching and learning. These reports will be submitted to the STI Curriculum Committee/STI Faculty Committee as appropriate, and other appropriate persons if applicable. It will be determined if action is needed, and action items will be assigned to the appropriate person who will report back to the group.
On a rotational basis, grading or assisting in grading the student's Community Project Requirements.
When requested and when reasonably possible, attend Board meetings. Attendance by conference phone generally is acceptable.
Perform the following duties periodically or on a rotational basis: attend round-table meetings with students at the Residential Institutes, give the presentation known as the STI Brief to interested persons at the Residential Institutes, lead or co-lead meetings among faculty.
Teaching courses.
Other duties as assigned by the President.
Appendix 5.3 – Goals of President; First Half 2010
Goals of President for First Half of 2010; Assessment at end of Period
(This document was provided by the President to the Board with invitation for comment)
Name___Stephen Northcutt______________________
Assessment Period: __Jan 1, 2010 – June 30, 2010_________
|I. Results (Complete shaded area at the start of assessment period) |
|Objective/Accountability 1: Lead the overall effort to achieve |Results: We have maintained solid focus on accreditation. With |
|accreditation. |the hire of Matthew Scott to focus on the assessment piece it is|
| |probable that all recommendations of the Middle States Site |
|In particular, have significant involvement in the strategic plan,|Visit will have been addressed. Did the heavy lift for the |
|develop the definition of leadership, increase assessment and |strategic plan including auxiliary documents. Have made |
|develop draft of assessment plan. |tremendous progress increasing the involvement of the |
| |organization. Rubrics are in place and posted on web page. |
|Develop processes to involve more of the organization with STI, | |
|and increase transparency by increasing documentation on the web | |
|page regarding grading rubrics and other significant processes | |
|affecting students. | |
|Objective/Accountability 2: Assess and develop additional |Results: Did a cross walk of the Joyce Thesis on competencies. |
|leadership competencies to further define leadership by performing|Believe we can state with confidence we have a solid set of |
|gap analysis on Table 11 Summary of Customized Competency Models |competence. |
|of the Joyce thesis and STI competencies and ensure students are | |
|exposed to each of the competencies in their time at STI. |Five thought leadership interviews completed during this period |
| |and one immediately afterwards. Need to improve the linkage |
|Continue research in leadership in information assurance with a |between this project and the vendor team. |
|goal of at least three thought leadership interviews per quarter. | |
| | |
| | |
| | |
|Objective/Accountability 3 Complete and review learning objectives|Results: Matthew Scott has taken the lead for program |
|for MGT 512, MGT 421, MGT 404, MGT 438 as needed. |objectives, but I will review as information is completed. |
| | |
|Update and maintain these courses, for the first six months of |Continuing to keep courseware updated and improved. |
|2010 focus on MGT 421 and MGT 512. | |
| | |
| | |
| | |
|Objective/Accountability 4 Oversee development of rubrics for|Results: Have reviewed rubrics, but also have been the first |
|any activity that results in a subjective evaluation of student |person to test them in grading. |
|performance. | |
| | |
| | |
| | |
| | |
| | |
|Objective/Accountability 5 Maintain focus on recruitment. Ensure |Results: We are doing very well making sure the talk is given. |
|STI talk is given at as many conferences as possible as well as |Can’t say 100% but all major US conferences. In addition, we |
|opportunities for SANS students to meet enrolled STI students. |have a new detailed handout for international events when nobody|
| |feels qualified to give the talk. I do note from the diversity |
|Contact graduates to gauge interest in Thought Leadership or |study someone said they have not heard of us so there is room |
|Security Hero interviews. |for improvement. Having Eric Bassel and Tiffany lend a hand has |
| |been a huge advantage. |
|Apply SEO optimization techniques to increase the effectiveness of| |
|the web page in recruitment. |Invited graduates to interviews, no takers. |
| | |
| |Really pleased with our progress SEO wise, between the content |
| |we have created and the content the students are creating, we |
| |are comparing favorably with other similar institutions. |
| | |
|II. STI Committees |
| |
|All of the Board committees: |
|-- Academic & Student Affairs Committee – non-voting member |
|-- Finance Committee – non-voting |
|-- Long-range Planning Committee – non-voting |
| |
|These administrative committees: |
|-- Admissions Committee - voting |
|-- Curriculum Committee – non-voting |
|-- Faculty Administration Committee – non-voting |
|-- Full-time Faculty Committee – non-voting |
| |
| |
|III. External to STI Activities |
|SANS Instructor |
|Courseware Author |
|Savant Protection Advisory Board |
|Beyond Encryption Board of Directors |
| |
| |
| |
Performance Assessment:
Exceptional Performance Fully Meets Requirements Needs Improvement
Overall Rating: 1 _ _ _ 2_ _ _ 3 (3 = Exceptional Performance)
Date of Performance Discussion ________________
Manager’s Signature ________________ Individual’s Signature _________________
| | |
Development
Complete shaded areas at beginning of assessment period.
|IV. Advancement Interests in Next Three Years; Beyond Three Years |
|Increase focus on the SANS Technology Institute, learn the ins and out of higher education governance including operations, |
|strategic planning and assessment. |
|V. Short Term and Long Term Learning/Development Needs |
|Over the next two years, after we are invited to begin self study, attend Middle States courses such as: |
|Fostering A Campus Culture of Assessment |
|A Basic Toolbox for Assessing Institutional Effectiveness |
|Will work with Dean Svoboda to identify the courses and with Diane to block my schedule to make this possible. |
|VI. Learning/Development Plans for Assessment Period |
| |
|VII. Learning/Development Achieved During Assessment Period |
| |
|VIII. Succession Planning-What steps have you taken to train someone to do your job? What steps will you take during the next |
|six months to train someone? |
|For this review period I will ask the board who their first and second choice would be on a person to take this role [omitted- |
|confidential/proprietary]. |
[NOTE: Regarding item VIII above, the board decided it was not necessary to immediately identify someone to replace Stephen Northcutt should he become unable to serve in his position in the future. If the issue arises, a board often appoints someone on an interim basis until a final appointment is made.]
Appendix 5.4 – Charters for STI Committees
Charter for the STI Curriculum Committee
Executive Summary: The SANS Technology Institute (STI) Curriculum Committee is an administrative committee. Its members serve either as paid 1099 authors and instructors or as collateral(unpaid) duty STI/SANS employees . The Curriculum Committee reports to the STI Academic and Student Affairs Committee and has the primary responsibility for oversight in the development and maintenance of STI curriculum and courseware.
Eligibility: SANS courseware authors that are highly experienced and also serve as high performing SANS instructors. The President suggests the membership, and the membership must be approved by the Academic and Student Affairs Committee. The ideal size of the committee is five members. The minimum size to consider the committee functional is four members, and due to the large number of issues that have to be covered in a limited amount of time, the maximum size is seven members.
NOTE: To ensure succession, the Academic and Student Affairs Committee may approve an "up and comer" as a non-voting "trainee" member.
Term of Service: Permanent, once assigned. Members may retire from the committee upon giving advance notice to the committee. The Academic and Student Affairs Committee or the STI Board may discontinue the committee.
Authority: This is an advisory committee, recommendations are not binding, and minutes of meetings are sent to the Academic and Student Affairs Committee for ratification.
Removal: The Academic and Student Affairs Committee may remove a member from this committee by majority vote. In addition, the STI Board of Directors may remove a member from this committee by majority vote.
Benefit to Membership: Serving on the Curriculum Committee gives members opportunities to guide the development of curriculum and courseware in the best of interests of STI.
Primary Functions:
- Ensure that new courseware is being created to reflect the changes in our industry according to the appropriate policies and procedures in place to guide new courseware development.
- Monitor existing curriculum and courseware to ensure it is up to date, relevant and accurate.
- Serve as a resource when a course runs into significant problems as reported by the Student Assessment Analysts as part of their review of student forms or when a student writes in with a complaint.
Meetings. Meetings are held as needed, usually at Residential Institutes, though the committee can work virtually (email, phone conference, etc.) as well. The results of committee decisions are reported to the Academic and Student Affairs Committee for review and ratification.
Quorum. The President is an ex-officio and non-voting member of the committee, but the President may be counted to determine if there is a quorum (majority of the committee members) available to do business. For a vote to carry, the vote must be agreed upon by a majority of the voting members.
Charter for the STI Faculty Administration Committee
Executive Summary: The SANS Technology Institute (STI) Faculty Administration Committee is an administrative committee. Its members serve either as paid 1099 instructors and authors or as collateral (unpaid) duty STI/SANS employees. The Faculty Administration Committee reports to the STI Academic and Student Affairs Committee.
Eligibility: SANS instructors that are highly experienced and are also SANS courseware authors that are willing to dig in and handle the nitty gritty operational details related to STI. The President suggests the membership, and the membership must be approved by the Academic and Student Affairs Committee. The ideal size of the committee is five members. The minimum size to consider the committee functional is four members, and due to the large number of issues that have to be covered in a limited amount of time, the maximum size is seven members.
NOTE: To ensure succession, the Academic and Student Affairs Committee may approve an "up and comer" as a non-voting "trainee" member.
Term of Service: Permanent, once assigned. Members may retire from the committee upon giving advance notice to the committee. The Academic and Student Affairs Committee or the STI Board may discontinue the committee.
Authority: This is an advisory committee, recommendations are not binding, and minutes are sent to the Academic and Student Affairs Committee for ratification.
Removal: The Academic and Student Affairs Committee may remove a member from this committee by majority vote. In addition, the STI Board of Directors may remove a member from this committee by majority vote.
Benefit to Membership: Members have a significant voice in establishing day-to-day policy and operations at STI.
Primary Functions:
—Provide oversight of the faculty that teaches courses in the STI curriculum.
---Serve as a resource when a faculty member runs into significant problems as reported by the Student Assessment Analysts as part of the Analysts’ review of student forms or when a student writes in with a complaint.
-- Ensure that the appropriate policies and procedures are in place for STI to complete its mission as a computer security degree granting institution.
Meetings. Meetings are held as needed, usually at Residential Institutes, though the committee can work virtually (email, phone conference, etc.) as well. The results of committee decisions are reported to the Academic and Student Affairs Committee for review and ratification.
Quorum. The President is an ex-officio and non-voting member of the committee, but the President may be counted to determine if there is a quorum (majority of the committee members) available to do business. For a vote to carry, the vote must be agreed upon by a majority of the voting members.
Charter for the Student Experience Assessment Committee
Executive Summary: The Student Experience Assessment Committee is an administrative committee of SANS. Its members serve in a collateral (unpaid) duty position that helps to review the trends in student satisfaction and report to the STI Faculty Administration Committee.
Eligibility: SANS employees that have shown discretion and experience dealing with both positive and negative student experiences. The ideal size of the committee is three members. The minimum size to consider the committee functional is two members, and due to the extremely proprietary material that is included in the planning process, the maximum size is three members.
Term of Service: Permanent, once assigned.
Authority: This is an advisory committee, recommendations are not binding, however their wise counsel is needed to make the student security college learning experience as valuable as possible and to ensure the students have the best learning environment possible as they pursue their security degree.
Removal: SANS business unit managers may reassign members as needed so long as qualified replacements are found. The primary work of the committee is done by Student Assessment Analysts.
Benefit to Membership: Members will have an opportunity to participate in continual process improvement by monitoring students’ experience with the teaching facility and related matters.
Primary Functions
The primary function of the Student Experience Assessment Committee is to ensure that STI is not missing a trend or change in the student experience; so that students continue to have a clean, safe, comfortable environment conducive to learning. For example, where negative experiences are reported about a facility, suggestions can be made for improvement to SANS personnel responsible for future facility contracts.
Currently each learning event is evaluated by the students per day. These evaluations are collected and either tabulated on site or sent to the Student Assessment Analysts. These are sent out by event to an oversight group generally consisting of the director of residential institute management, residential institute managers/planners, marketing director, and faculty coordinator.
After each residential institute (major national training event), the committee meets, reviews the aggregate scores, look for trends, changes and anything else significant that should be reported to the STI Faculty Administration Committee.
Charter for STI Admissions Committee
Executive Summary:
The SANS Technology Institute (STI) Admissions Committee is an administrative committee. Its members serve in a collateral (unpaid) duty position that reports to the Office of the President. The committee will provide an annual report for review by the Academic and Student Affairs Committee about the admissions process. The Admission Committee's primary responsibility is managing the admissions process.
Eligibility:
The President appoints the members from among STI/SANS/GIAC employees and/ or other persons who are highly familiar with the mission and culture of STI. Members of the Admissions Committee must have extensive experience with the information security population that we serve.
NOTE:To ensure succession, the Academic and Student Affairs Committee may approve an "up and comer" as a non-voting "trainee" member.
Term of Service:
Permanent, once assigned. Members may retire from the committee upon giving advance notice to the committee.
Authority:
Decisions from this committee are binding. If a decision is appealed, the Office of the President will render a ruling.
Removal:
The Office of the President may remove a member from this committee for failure to participate, frequent failure of judgment , or other cause.
Benefit to Membership:
Members have an early opportunity to meet the students as they are entering the program. Many students will become the leaders in the field of information security and might one day have significant roles in SANS/ GIAC.
Primary Functions:
The task of the Admissions Committee is to review applicants, admit the ones that should prove to be successful in the program, reject the ones that have little or no possibility of success, and on occasion, suggest a path forward for the marginal applicants.
Meetings:
Meetings are held as needed. The committee can work virtually (email, phone conference, etc.).
Quorum:
All members are voting member of the committee. A quorum (majority of members) is needed to conduct business. For a vote to carry, the vote must be agreed upon by a majority of the members.
Charter for the STI Academic and Student Affairs Committee
Executive Summary:
The SANS Technology Institute (STI) Academic & Student Affairs Committee is a committee of the STI Board. Its members serve either as paid 1099 authors or instructors or in collateral (unpaid) duty positions. The committee reports to the greater Board of Directors.
Eligibility:
The Chair of the STI Board and the STI President are ex-officio and non-voting members of this committee. The President of STI appoints the other members of the committee. Some may be members of the STI Board of Directors and/or appointees with special skills and knowledge to support this committee.
NOTE:To ensure succession, the Academic and Student Affairs Committee may approve an "up and comer" as a non-voting "trainee" member.
Term of Service:
Permanent, once assigned. Members may retire from the committee upon giving advance notice to the committee. The STI Board may discontinue the committee.
Authority:
Advisory, this committee makes recommendations to the Board of Directors.
Removal:
The STI Board of Directors may remove a member from this committee by majority vote.
Benefit to Membership:
Members have the opportunity to shape the vision and plans for STI.
Primary Functions:
This committee is responsible for the study of the educational programs of STI and to promote a supportive educational environment that provides activities designed to give varied and meaningful experiences to help students develop academically and professionally. It investigates new programs and recommends programmatic changes. It conducts periodic reviews and evaluations of the policies of STI to ensure that STI's mission is being met and that the aims and objectives are being achieved. This committee recommends policies to the STI Board of Directors for maintaining qualified and competent faculty, high academic standards, and sound instructional practices.
To help in fulfilling its functions, the Academic and Student Services Committee uses the services of the STI Curriculum Committee and the STI Faculty Administration Committee. The Academic and Student Services Committee reviews the recommendations of these committees regarding the above matters.
Meetings:
Meetings are held as needed. The committee can work virtually (email, phone conference, etc.).
Quorum:
The STI Chair and STI President are ex-officio and non-voting members of the committee, but they may be counted to determine if there is a quorum (majority of the committee members) available to do business. For a vote to carry, the vote must be agreed upon by a majority of the voting members.
Charter for the STI Finance Committee
Executive Summary:
The SANS Technology Institute (STI) Finance Committee is a committee of the STI Board. Its members serve in a collateral (unpaid) duty position. The committee reports to the greater Board of Directors.
Eligibility:
The Chair of the Board and the President are ex-officio and non-voting members of this committee. The President of STI appoints the other members of the committee. Some may be members of the STI Board of Directors and/or appointees with special skills and knowledge to support this committee.
NOTE:To ensure succession, the Academic and Student Affairs Committee may approve an "up and comer" as a non-voting "trainee" member.
Term of Service:
Permanent, once assigned. Members may ask to retire from the committee upon giving advance notice to the committee. The Board may discontinue the committee.
Authority:
Advisory, this committee makes recommendations to the STI Board of Directors.
Removal:
The STI Board of Directors may remove a member from this committee upon majority vote.
Benefit to Membership:
Since money is a key tool for realizing goals, members have opportunity to shape the long term vision and plans for STI.
Primary Functions:
Financial accountability and future financial stability are the major objectives of this committee. It is responsible for making recommendations to the STI Board of Directors on budgeting, short and long-term investments, tuition and fees, and all other matters relevant to the financial health and growth of STI.
Meetings:
Meetings are held as needed. The committee can work virtually (email, phone conference, etc.).
Quorum:
The STI Chair and STI President are ex-officio and non-voting members of the committee, but they may be counted to determine if there is a quorum (majority of the committee members) available to do business. For a vote to carry, the vote must be agreed upon by a majority of the voting members.
Charter for the STI Long-Range Planning Committee
Executive Summary:
The SANS Technology Institute (STI) Long-Range Planning Committee is a committee of the STI Board. Its members serve either as paid 1099 instructors or authors, or in collateral (unpaid) duty positions. The committee reports to the greater Board of Directors.
Eligibility:
The Chair of the Board and the President are ex-officio and non-voting members of this committee. The President of STI appoints the other members of the committee. Some may be members of the STI Board of Directors and/or appointees with special skills and knowledge to support this committee.
Term of Service:
Term of Service: Permanent, once assigned. Members may retire from the committee upon giving advance notice to the committee. The Board may discontinue the committee.
Authority:
Advisory, this committee makes recommendations to the Board of Directors.
Removal:
The STI Board of Directors may remove a member from this committee upon majority vote.
Benefit to Membership:
Members have the opportunity to shape the long term vision and plans for STI.
Primary Functions:
This committee is charged with identifying critical challenges facing STI over the next five (5) years. It reviews and updates strategic and long-term issues for STI and makes recommendations to the STI Board of Directors for long-range plans.
Meetings:
Meetings are held as needed. The committee can work virtually (email, phone conference, etc.).
Quorum:
The STI Chair and STI President are ex-officio and non-voting members of the committee, but they may be counted to determine if there is a quorum (majority of the committee members) available to do business. For a vote to carry, the vote must be agreed upon by a majority of the voting members.
Charter for the STI Strategic Planning Advisory Committee
Executive Summary:
The SANS Technology Institute (STI) Strategic Planning Advisory Committee is a volunteer (unpaid) position that is called upon once a year to help review the strategic plan and related documents and to provide feedback.
Eligibility:
STI faculty including adjunct, STI graduates, members of GIAC Advisory Board, and other persons highly qualified to serve on this committee as determined by the President, are eligible to apply to be members of the committee. The ideal size of the committee is five members. The minimum size to consider the committee functional is three members, and due to the extremely proprietary material that is included in the planning process, the maximum size is seven members. All members must sign an NDA covering this material.
Term of Service:
Since this is once per year, committee members are appointed to a five year term which can be renewed if agreeable to the committee member and the President of STI.
Authority:
This is an advisory committee, recommendations are not binding, however their wise counsel is needed to make the strategic planning process as valuable as possible and to ensure the students have the best learning environment possible as they pursue their security degree.
Removal:
If a committee member does not participate in the process, they can be removed from the committee, or removal can occur for other reasonable cause. A committee member can resign at any time, however they are asked to resign BEFORE the process starts in January of a calendar year.
Benefit to Membership:
Members will gain governance and leadership experience by participating in a well organized strategic planning process. In addition, they will have the opportunity to "have their voices heard" as they give feedback on the specific directions for the college.
Primary Functions:
The primary function of the Strategic Planning Advisory Committee is to give feedback and advice for the feasibility, business case and the achievement of outcomes of the Strategic Planning Process.
The Strategic Planning Advisory Committee provides a stabilizing influence so organizational concepts and directions are established and maintained with a strategic focus with a five year horizon.
Once a year, beginning in January, the Strategic Planning Advisory Committee will be provided electronic copies of the strategic plan draft and related documents and asked for feedback. At the conclusion of the process, a telephone, email, or other virtual technology based meeting will be held and any final comments, advice or objections will be recorded and remain on file with the college.
Appendix 7.1 – Employment Records for Grads
PROPRIETARY INFORMATION
June 2010 STI Graduates: Current Position (CP), Previous Position (PP)
[ No Names ]
Current Position & Company as indicated on the Graduate Exit Survey:
MSISE Program:
1) CP Hudson Valley FCU, Information Security Officer- *Promotion and the promotion required a security clearance. Also he noted: “My role in InfraGard has also expanded. I am now the Treasurer of the InfraGard New Mexico Members Association.” He also is a Community SANS instructor.
PP Hudson Valley FCU, Network Manager
CP Xilinx, IT Manager / Information Security Analyst / ISSM- *Promotion
PP Xilinx, (Previous Position Title not available but it was with Xilinx)
CP Empresas Publicas de Medellin known as EPM – a public utility company that provides water, energy, gas, telecommunications - Colombia, South America, Chief Security Officer- * Promotion
PP Empresas Publicas de Medellin known as EPM – a public utility company that provides water, energy, gas, telecommunications - Colombia, South America, Analyst
CP Semke Consulting Inc, Senior Consultant- *Changed Employers/Positions
PP Northrop Grumman Corporation, Chief Security Architect; 2007-2009
Computer Associates (CA, Intl.), Executive Security Advisor; 2004-2007
CP Metafore, Network Architect- *No Change in positions but see his comment: “No, nor did I intend that it would, what I am finding is an increased level of credibility, both within my own organization and more importantly with customers. I’ve found the publication list that is created along the sans.edu path brings an authority that I may have had before, but now has some serious collateral behind it.”
PP Metafore, Network Architect
MSISM Program:
CP Administaff Inc., Supervisor, Technology Security- *No Change in positions. He said he plans to find a Ph.D Program.
PP Administaff, Inc., Supervisor, Technology Security
Appendix 7.2 – Graduate Exit Interview Summary Report
Graduate Exit Interviews
At a Glance Summary
June 2010 – Six Graduates
Note: This summary will be provided to the STI committee at the September 21, 2010 meeting for discussion and action if needed.
Overall Program Evaluation: five rated it 10 (on a scale of 1-10), and one rated it 9.
A. Do you believe SANS Technology Institute's master's program is accomplishing its mission as described in its mission statement below?
(The mission of the SANS Technology Institute is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. SANS Technology Institute seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. SANS Technology Institute's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs that contribute to the learning process.)
6 out of 6 students responded yes
B. Do you believe that STI has provided you with the knowledge and skills needed to take on a leadership role (or to take on a greater leadership role) in your organization or in the information security field?
(Leadership is defined in President Stephen Northcutt’s essay at .)
6 out of 6 graduates responded yes
C. Do you believe the Program has helped you to meet, or move toward, the goals you stated in your outcome statement?
6 out of 6 graduates responded yes. One student reported that by progressing through the program his goals changed for the better.
D. In particular, which of the Community Project Requirements do you believe helped you to meet, or move toward, goals you stated in your Outcome Statement?
Three out of 6 graduates surveyed reported that the Oral Presentations helped them to meet, or move toward, goals stated in their Outcome Statement. One graduate reported that the Joint Written project was beneficial. One graduate reported that attending the Residential Institutes helped them move closer to their goals. One graduate responded that the Group Discussion and Written Project help them move closer to their goals.
E. Which Course was most valuable?
Graduates surveyed reported that they had multiple classes that were valuable. The following is a list of courses that graduates reported and the number of students who made similar statements.
SEC 504- 3 students believed that this course was most valuable
MGT 421
SEC 560-2 students believed that this course was most valuable
MGT 525- 2 students believed that this course was most valuable
MGT 512
SEC 617
SEC 503- 2 students reported that this course was valuable
F. Do you believe that your presentation and writing skills have improved as a result of being in the program?
6 out of 6 graduates surveyed responded yes.
G. Would you recommend STI to persons who are interested in obtaining a degree in this field?
6 out of 6 graduates surveyed responded yes.
H. What specific recommendations would you offer to make the program more valuable to you?
- Accreditation
- A more hands-on faculty advisor
- Use of OnDemand courses as a graduate (like “auditing” a course)
- Increase student-student interaction/engagement
- Increase content and length of MGT courses (specifically leadership, policy, security awareness courses)
- Re-design .edu website to be more artistic and sales driven.
Appendix 7.3 – Policy for Grads desiring mentoring/ guidance
Re: STI Graduates who may desire support in achieving leadership
The following information is for STI graduates who desire support in achieving leadership positions. If you wish to receive this assistance, please send me an email along with your email address, phone number, and the information noted below. – Thanks, Debbie S, 720-941-4932
Procedures for Providing Mentoring/Guidance to STI Graduates who Desire Support in Achieving Leadership Positions:
If you wish to receive this assistance, please email the Dean of Students at info@sans.edu with the request along with your email address and phone number.
Please provide information that might be helpful such as:
Organization where the graduate is employed, title, general description of the graduate’s duties if it is not clear, general description of the organization if it is not clear
Does the Outcome Statement on file with STI still apply?
Does the statement from the Graduate Exit Interview still apply (about what the graduate plans to do after graduation)?
What are the aspirations of the graduate?
Any other info that the graduate thinks would be valuable when he/she discusses it with the faculty member.
The Dean of Students will notify the faculty member that a graduate has requested assistance, and she will forward information that might be helpful.
The faculty member will email the graduate (and cc info@sans.edu) to contact the graduate. Discussions can be via email or phone or face-to-face; and it may involve one or more contacts depending on the situation.
The faculty member will listen to the student and offer understanding/suggestions. Depending on the situation, the faculty member may suggest some or all of the following:
Reading resources
Training (maybe Business Writing, English Usage, Toastmaster’s Club, etc.)
Employment Resources
Teaching Development Possibility
Other involvement with STI/GIAC/SANS/ISC
Other persons that it would be good for the graduate to contact
Miscellaneous
Upon completion of providing assistance, the faculty member will give a short summary to info@sans.edu so it can be placed into the graduate’s file.
Appendix 7.4 – Grading Rubrics
Group Discussion and Written Project Rubric
[pic]
Joint Written Project Rubric
[pic]
Oral Presentation Rubric
[pic]
[pic]
[pic]
MGT 404: Fundamentals of Info Sec Policy Grading Rubric
V1.0- June 3, 2010
The below assignment covers BOTH the substitute for the exam and the written assignment for MGT 404 Fundamentals of Info Sec Policy:
-- Student’s proposed topics must be submitted to info@sans.edu for review before student starts.
-- The student will write TWO policies.
-- One policy will be a UNIQUE policy- same approximate length as the policies in the SANS Policies Archive. It must be a unique one, not one already posted in the SANS Policies Archive ( ) or anywhere on sans.edu .
-- The other policy will be an EXISTING policy from the policy website that student will improve and update. It will be assigned by STI (or student can request a specific one for STI's consideration).
-- For EACH policy, student also will prepare a related poster or related short presentation (5 slides).
-- It must be graduate level work.
-- Student will use the "Policy Assessment Rubric" provided below, and provide STI with the results of student's scoring.
-- STI will grade the assignments. Passing papers will be posted at sans.edu/resources Student Projects and/or .
POLICY ASSESSMENT RUBRIC:
Please score your policy and provide supporting examples to the following questions:
--A score of 1 – 3 indicates the policy does not meet this objective.
--A score of 4 – 7 would be given to policies that partially meet the objective.
--Policy that meets the objective can be scored 8 to 10.
--At the completion of the exercise, add all of your scores and divide by 6. This will give you an indicator as to the quality of the policy.
Is this policy fragment clear and concise? __
Does it set SMART objectives? __
Does it contain the 5 W's (who, what, where, when, why)? __
Does it outline responsibility and compliance? __
Does it designate the actions required? __
Does it provide sufficient guidance from which a specific procedure can be developed? __
MGT 421: Leadership and Management Competencies- Grading Rubric
V1.0 – June 3, 2010
The below assignment covers BOTH the substitute for the exam and the written assignment for MGT 421: Leadership and Management Competencies
Your proposed topic on a leadership competency must be submitted to info@sans.edu for review before you start. You have up to one year to complete the paper after your proposed topic is approved (or less time if you are nearing graduation).
The paper will be approximately five typed pages (single spaced, double space between paragraphs). It must be graduate level work.
You must do research and cite at least 10 references. The references cannot all be web references. At least 2 of the references must be from printed and published sources. Remember that STI has a library that you can borrow books from – see ; or you can recommend that STI purchase a book so you can use it (and it will be placed into the STI library thereafter).
The paper also must be peer reviewed by another STI student using the checklist/rubric below. You are responsible for finding a student to peer review it.
The results of the peer review must be submitted by the peer review student when you submit your paper for grading to info@sans.edu . You should note if you took into consideration the peer reviewer’s comments before you submitted the paper.
Leadership Competency Checklist/Rubric:
Thank you for agreeing to score a STI student’s leadership competency submission.
Please use the following checklist to provide constructive feedback to your peer.
Whenever you see scale of 1 to 10, 1 is failing, 10 is excellent. A STI master’s student must earn 8 or higher in order to have a passing paper.
1) Clarity of competency - For the purpose of this assignment, competencies can be divided into three major groups:
- Management competencies, that help you manage operationally, (e.g. Team Building, Project Planning, Scheduling, Conflict Resolution).
- Leadership competencies, skills that make people more willing to follow you, (e.g. Vision, Personal Power, Projection of Trustworthiness).
- Governance competencies, skills, knowledge and abilities that give you the tools to serve as a senior leader, (e.g. Strategic Planning, Due Diligence, Organizational Structuring).
- Does the paper indicate clearly which group of competencies it is part of? __
- Is the paper consistent and focused on the competency? __
- Does the title accurately reflect the content of the paper? __
2) Usefulness.
- On a scale of 1 – 10, how useful do you feel the mastery of this competency would be for a leader as defined in the STI leadership Essay at ? __
- On a scale of 1 to 10, how useful do you feel the mastery of this competency would be for a senior leader (CEO, VP, President)? __
3) Transference of Knowledge. On a scale of 1 – 10, how well does this paper prepare you to begin to master this competency? __
4) Quality of writing. Sometimes writing problems make it harder for the reader to understand and absorb the message. Please score the quality of writing from 1 to 10 and give specific constructive feedback. __
5) Feedback. Please provide any additional feedback to your peer that you feel would help them create a better paper. __
Name of STI Student who is writing the paper: _______________ Name of STI Student Peer Reviewer: ____________
MGT 438: How to Establish a Security Awareness Program- Grading Rubric
V1.0- June 3, 2010
Below is the assignment that covers BOTH the substitute for the exam and the Written Assignment for M438 How to Establish a Security Awareness Program:
A. You will write ten security tips of the day. For samples of tips of the day, see .
Your tips should not be the same or too similar to the existing tips that are posted.
B. For the Presentation and Poster, submit your proposed topic to info@sans.edu for review.
You need to provide support for why you believe it is an important topic.
The "Security Awareness Topic Worksheet" gives guidelines on how to make this assessment.
General Parameters: Prepare an awareness poster, and a short presentation (five slides). They should be related, and should address important issues (for example, why is it the answer, or why is needed, etc.).
C. Your work must be graduate level work.
STI may post passing papers to sans.edu/resources Student Projects and/or .
SECURITY AWARENESS TOPIC WORKSHEET (review this worksheet before making your proposal):
Please support your choice of topic of an awareness presentation and poster by answering the following questions:
1. Search for, review and assess any available current awareness and training material. __ Is there existing material on this topic that can be easily found? __ If so, why do you feel this is an important topic for you to work on? __ In particular, if another STI student has done this topic, you must have explicit permission to duplicate the topic. __
2. Are there any findings and/or recommendations from oversight bodies (e.g., Congressional inquiry, inspector general, internal review/audit, and internal controls program, respected vulnerability reports) that indicate this topic is important and there should be awareness material created for this topic?
3. Have you conducted conversations and interviews with management, owners of general support systems and major applications, and other organization staff whose business functions rely on IT who have suggested your proposed topic is a priority to cover? __
4. Can you list published problems (such as denial of service attacks, website defacements, hijacking of systems used in subsequent attacks, successful virus attacks) that might indicate the need for training (or additional training) of specific groups of people? __ Please list supporting URLs. __
5. Has a technical or infrastructure change occurred that indicates the need for awareness training on a particular topic? __ If so, please describe. __
Work Study Leadership Essay - Assignment Checklist/ Rubric
Draft 08/09/2010
[The essay described in the following paragraph applies to students accepted on or after April 19, 2010]
Assignment Guidelines
Students will write an essay about what they learned about leadership as a result of performing Work Study. To prepare them for Work Study and for writing this essay, students must read the leadership essay at before they undertake Work Study. The essay will be due within two weeks after Work Study (not to exceed one and a half typed pages; single spaced; double spaced between paragraphs). Performance on the essay will be evaluated by faculty of SANS Technology Institute. The student will be graded on a pass/fail basis, but that may change in the future.
In your essay please include the following:
1. Refer to at least 3 competencies cited in President Northcutt’s Leadership Article (available at ) that you utilized or experienced during Work Study.
2. Discuss your level and quality of participation.
3. Discuss your ability to work well in a team setting at this Work Study experience.
4. Other insights you would like to share regarding your Work Study experience (i.e. things you learned; how you connected with peers, faculty or other professionals; etc.).
Scoring (Pass/Fail)
You will receive credit for this assignment based on the following guidelines:
1. Quality of writing. (A quality paper will have good to excellent content and/or structure, clean spelling and good to excellent use of language).
2. Was there depth in the student’s thinking regarding the Work Study experience?
3. Did the student follow the assignment guidelines?
Group Discussion and Written Project- Reflection Essay Assignment Checklist/ Rubric
Updated August 06, 2010
Assignment Guidelines
Before GDWP grade will be entered for a student, the student must provide Reflections within 2 weeks after the GDWP is given. Student will submit to info@sans.edu a written document not to exceed 2 typed pages (single spaced, double spaced between paragraphs) reflecting on student's own performance and student's use of leadership skills, and on the partner's performance and the partner's use of leadership skills. Please refer to President Northcutt’s essay on leadership (located @ ) before beginning this assignment.
The reflection should be more than just a summary of the assignment and should include:
1. Overall performance of team
a. What did the team do well, what are some areas of improvement?
b. Discuss your project management methodology; how did you and your team stay organized and on task?
2. Individual performance
a. Discuss leadership skills utilized during the project. Reference competencies outlined in President Northcutt’s essay on leadership.
b. How well did you communicate with your partner(s)? What communication techniques did you use?
3. Team members performance
a. Discuss leadership skills you observed from your partner(s) during the project. Reference competencies outlined in President Northcutt’s essay on leadership.
b. How well did your partner(s) communicate with you?
Scoring (Pass/Fail)
You will receive credit for this assignment based on the following guidelines:
1. Quality of writing. (A quality paper will have excellent content and/or structure, clean spelling and excellent use of language).
2. Was there depth in the student’s reflections regarding the GDWP assignment?
3. Did the student follow the reflection assignment guidelines?
Joint Written Project - Reflection Essay Assignment Checklist/ Rubric
Updated August 06, 2010
Assignment Guidelines
Before JWP grade will be entered for a student, the student must provide Reflections within 2 weeks after the JWP is given. Student will submit to info@sans.edu a written document not to exceed 2 typed pages (single spaced, double spaced between paragraphs) reflecting on student's own performance and student's use of leadership skills, and on the partner's performance and the partner's use of leadership skills. Please refer to President Northcutt’s essay on leadership (located @ ) before beginning this assignment.
The reflection should be more than just a summary of the assignment and should include:
1. Overall performance of team
a. What did the team do well, what are some areas of improvement?
b. Discuss your project management methodology; how did you and your team stay organized and on task?
2. Individual performance
a. Discuss leadership skills utilized during the project. Reference competencies outlined in President Northcutt’s essay on leadership.
b. How well did you communicate with your partner(s)? What communication techniques did you use?
3. Team members performance
a. Discuss leadership skills you observed from your partner(s) during the project. Reference competencies outlined in President Northcutt’s essay on leadership.
b. How well did your partner(s) communicate with you?
Scoring (Pass/Fail)
You will receive credit for this assignment based on the following guidelines:
1. Quality of writing. (A quality paper will have excellent content and/or structure, clean spelling and excellent use of language).
2. Was there depth in the student’s reflections regarding the JWP assignment?
3. Did the student follow the reflection assignment guidelines?
Presentation - Reflection Essay Assignment Checklist/ Rubric
Updated July 29, 2010
Assignment Guidelines
Before presentation grade will be entered for a student, the student must provide Reflections within 2 weeks after the presentation is given. Student will submit to info@sans.edu a written document not to exceed 2 typed pages (single spaced, double spaced between paragraphs) reflecting on student's performance in preparing and giving the presentation.
The reflection should be more than just a summary of the assignment and should include:
1. Individual performance
a. Discuss your overall impressions of the assignment and your performance.
b. Discuss presentation techniques utilized to help your performance.
c. Discuss how you prepared for the presentation.
2. Improvement
a. If this was your second presentation discuss how you felt this presentation compared to your 1st presentation.
b. Discuss any changes you made to improve your performance during your 2nd presentation compared to your 1st presentation.
Scoring (Pass/Fail)
You will receive credit for this assignment based on the following guidelines:
1. Quality of writing. (A quality paper will have excellent content and/or structure, clean spelling and excellent use of language).
2. Was there depth in the student’s reflections regarding the Presentation assignment?
3. Did the student follow the assignment guidelines?
Appendix 8.1 – Summary of Diversity Report
Overall Summary of Diversity Survey Responses
In June 2010, the department of Student Services developed a survey to address the issue of diversity within the faculty and student population at STI. The survey was distributed to a variety of professionals who are actively involved in the information security field. Some respondents instruct courses for SANS, served as SANS mentors, or have taken courses with SANS. We had 6 full responses to the survey. Additionally, 1 respondent provided only general comments on ways to improve recruitment. The following is a summary of the responses.
1. What are your thoughts as to the reason why not many women are applying to STI’s Master of Science Degree Programs in Information Security Engineering or Information Security Management?
• Lack of awareness about program
• Lack of interest in females to pursue a master’s degree
• Limited number of females in the field
• Lack of available time to commit to a program-
• Limited number of females in the field with high levels of expert knowledge or interest in drilling deep into the IT security details.
2. What are your suggestions in regard to how STI might better attract or recruit female applicants?
• Increase awareness among women- GIAC-SANS awareness days in engineering/technical colleges for graduating students.
• Work with WITI (Women in Technology Institute)
• Increase presence at major conferences such as Blackhat and RSA.
• Possible involvement in info sec mentor program
• Increased on-line presence
• Increase the amount of females who attend SANS training events
• Increase visibility
• Articulate the benefits of achieving a Master’s Degree. What will you walk away with after completing the program?
• Scholarship for qualified females
• Ability to transfer courses taken at other institutions
• Start marketing to college women in computer science undergraduate programs and highlight the field of security.
3. What barriers exist for females in obtaining a Master’s in Information Security Degree?
• Lack of knowledge of the information security discipline
• Lack of female role models/mentors
• Lack of interest
• Lack of immediate benefits of receiving a master’s degree
• Cost and time
• Not enough bachelors programs
• Family responsibilities (work, school, husband and children)
• Recouping the cost of the degree
4. Is there anything about STI’s admissions requirements that might have an impact on whether female students will apply?
Three respondents answered ‘no’ to this question. One respondent indicated that the process looked ‘fairly typical’ however the leadership essay and the outcome statement could be combined so that potential applicants don’t become intimidated by writing two essays, especially if they have been out of school for a while. One respondent thought that the work experience requirement might be limiting to potential applicants and suggested that STI look into accepting students who have intern experience instead of work experience. Similarly, one respondent indicated that she didn’t believe the industry has many females so the first three required qualifications (which cover work experience and employer support) could impact whether female students apply.
5. What are your suggestions in regard to how STI might better attract or recruit more female faculty instructors?
• Some of the details of becoming an instructor that would benefit an understanding include:
* work-life balance
* flexibility in work schedule
* web-based/vlive teaching options
* competitive compensation package and benefits
• seed and grow females to the industry and demonstrate the value becoming an instructor.
• I have tried to recruit a few women myself since I'd like more female instructors, but based on the responses I've received, basically a lot of the women I know that would be good, already have very good positions where they're at. It doesn't make sense economically and family-wise for them to become instructors. Plus, it is a challenging position to be in given the number of men in the field. :-) Basically, they're comfortable where they're at.
• SANS presence at Colloquium
• Improve SANS communication process for people who wish to become instructors.
• Generate buzz
• Re-engage SANS alumni
• Focus on industry specific forums and identify women participants to solicit interest
• Look at other universities and research centers (like IBM) and try to recruit females
6. What barriers exist for females in becoming a SANS instructor?
• Lack of knowledge/expectations of and benefits associated with being a SANS instructor
• Perception of ‘techies’ that females may not have the knowledge or ability to be as technical as their male counterparts
• Family planning (might not be economically beneficial to become an instructor)
• Travel away from home
• Time
7. What barriers exist for females in obtaining leadership roles in the infosec field?
There were only four (4) responses to this question. One respondent indicated that no barriers existed. One respondent indicated the need to prove themselves, more so than a man. Similarly, one respondent indicated that culture can be a barrier for some. As a way to overcome this barrier, the respondent indicated that integrating a course on overall management styles and organizational culture (men and women) into the curriculum could help. One respondent indicated the presence of a ‘glass ceiling’.
8. Please feel free to provide us with any other suggestions or comments.
• I think you face the same challenges all educational institutions face that offer technology or infosec programs. Have your curricula been certified as meeting NSAs educational standards, awarding STI as a Center of Academic Excellence?
• Sorry to go on and on about Women in Technology, but it is a topic that is near and dear to my heart being on the board of my university. We are also trying to increase enrollment and lessen the gender gap. Let me know if there is anything I can do to help.
• First, I didn't know about STI at all! I'm a SANS Mentor too. SANS needs to advertise it in their various e-mailings. Also, Stephen might want to advertise in journals published by women-centric orgs like WITI and SWE. I think what STI and Stephen are attempting is a great idea. Good luck!
Appendix 10.1 – Qualifications for Instructors teaching Mgt. courses
More clearly articulated qualifications for instructors teaching in the Management program without a doctoral degree.
Name: Jeff Frisk
Title: Instructor, Certified, Staff
Most Advanced Degree: BS, Engineering, Rochester Institute of Technology
Field of Experience: Engineering, Project Management.
Discipline: Management
Jeff Frisk currently serves as the director of the GIAC certification program and is a member of the STI Curriculum Committee. Jeff holds the PMP certification from the Project Management Institute and GIAC GSEC credentials. He also is a certified SANS instructor and course author for MGT 525. He has worked on many projects for SANS and GIAC including courseware, certification and exam development. Jeff has an engineering degree from The Rochester Institute of Technology and more than 15 years of IT project management experience with computer systems, high tech consumer products, and business development initiatives. Jeff has held various positions including managing operations, product development, electronic systems/computer engineering. He has many years of international and high-tech business experience working with both big and small companies to develop computer hardware/software products and services.
Name: David Hoelzer
Title: SANS Audit Curriculum Co-Chair, SANS Senior Instructor, STI Committee Member
Most Advanced Degree: B.S. in Information Technology, Summa Cum Laude
Field of Experience: Intrusion Detection, Audit. See details below.
Discipline: Security, Audit, Management
David Hoelzer is a high scoring certified SANS instructor and author of more than twenty sections of SANS courseware. He is an expert in a variety of Information Security fields having served in most major roles in the IT and Security industries over the past twenty five years. Recently, David was called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. David has been highly involved in governance at SANS Technology Institute, serving as a member of the Curriculum Committee as well as Audit Curriculum Lead. As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories and many colleges and universities. David is a Research Fellow in the Center for Cybermedia Research; and also a Research Fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC). He also is an adjunct research associate of the UNLV Cybermedia Research Lab and a Research Fellow with the Internet Forensics Lab. David has written and contributed to more than 15 peer reviewed books, publications and journal articles. Currently, David serves as the Principal Examiner & Director of Research for Enclave Forensics; a New York/Las Vegas based incident response and forensics company. He also serves as the Chief Information Security Officer for Cyber-Defense, an Open Source security software solution provider. In the past, David served as the Director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT, Summa Cum Laude, having spent time either attending or consulting for Stony Brook University, Binghamton University & American Intercontinental University.
Appendix 10.2 - Excerpts from 2010 annual board meeting
Excerpts from the June 2010 annual board meeting re curriculum, program goals, mission:
CURRICULUM IMPROVEMENTS.
(a) Work Study essay added
(b) Dry run on presentations – If the student has not given a presentation to a public audience, then they give a “dry run” of it first in front of a faculty member.
(c) Presentation course as a possible requirement.
The President said he is leaning toward requiring it in the future as an online course with no fee. We need a good videotape of the instructor who will be teaching it since there were some complications with the first videotape.
Alan mentioned that a good trick in teaching someone to give a good presentation (if they are not generally good at speaking) is to ask the person to ask questions in the presentation, and then to answer them. More people are good at answering questions even if they are not good at speaking.
(d) Software Training Requirement/DEV courses. Students can choose from among several DEV courses to satisfy the Software Security Training requirement. Some of the short DEV courses have been removed, but the courses that the STI students like to choose remain in the line-up.
(e) Posting of grading rubrics and regrade fee on the website to be done soon.
(f) Cyber Guardian has some requirements that are the same as the E degree requirements – possibility of linking it in some way in the future.
(g) Maybe we will consider a forensics focus possibility for the electives in the E Program.
(h) Gold paper report by Johannes Ullrich
The gold paper improvement project has been moving forward. Some of its features include publication of a template, checklist, changes to the grading form, use of a rubric, issuance of special topic guidelines to students/advisers, review by additional advisers, etc. Also, many years ago, students were assigned a topic; now the student proposes a topic which works well. Over-all, students are satisfied, though on some occasions a gold adviser takes a long time to grade a paper. It generally requires 10 to 20 hours to advise/grade a paper, gold advisers have substantial jobs of their own, the program cannot afford to pay them market rates, so occasionally delays result. The Gold manager mitigates the problem by extending deadlines if the student was not at fault. This way the quality of the review is not jeopardized by asking the advisor to rush the review of a paper.
PROGRAM GOALS FOR THE MSISE PROGRAM AND FOR MSISM PROGRAM.
The draft is moving through committee review, and will be ready to submit to the Board for review in about a month. [The board later approved the program goals in July 2010]
MISSION STATEMENT. The Board unanimously approved the existing Mission Statement provided that the last six words are deleted.
Below is the NEW Mission Statement (and the Old statement for ease of reference).
New:
The mission of the SANS Technology Institute is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. SANS Technology Institute seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. SANS Technology Institute's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs.
Old:
The mission of the SANS Technology Institute is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. SANS Technology Institute seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. SANS Technology Institute's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs that contribute to the learning process.
Appendix 10.3 - Draft of STI Teaching Approval Policy
DRAFT to be discussed at 9/21/10 STI Faculty Comm Mtg
Teaching Approval for STI
Version 4 – Draft – August 10, 2010
In order to teach a class for STI, there is a three step process the instructor has to follow:
1) At a minimum, the instructor must be a certified instructor, unless otherwise approved by the STI faculty committee;
2) The instructor must be qualified in the particular class they are going to teach;
3) Must maintain overall teaching scores of 8.8
STEP 1
To become a certified instructor they must meet the following requirements:
****insert in latest requirements for certified instructor
A certified instructor is not tied to any specific class and means the person has met the base requirements in order to be faculty for a course in the STI curriculum. Once this has been achieved, the instructor must than become qualified for the particular class they are going to teach
STEP 2
In order to teach a specific class they must meet the following:
1) Obtain approval by the course lead to teach the class. Note: course leads have to be approved by the STI faculty committee that provides oversight to all instructors that teach courses in the STI master’s curriculum. The course lead should discuss with the development chair before recommending an instructor.
2) Go through any necessary training provided by the course lead;
3) Teach the class at a community SANS event (small event), unless an exception is agreed to by the STI curriculum committee, and score over an 8.8;
STEP 3
Instructors of courses in the STI curriculum must continually maintain a high quality of instruction every time they teach. A minimum of an 8.8 score is required. If the instructor scores low at one event, root cause analysis will be performed and the course lead will work with the instructor to help improve their scores. If the scores do not improve, they will no longer be able to teach the course.
COURSE LEADS LISTING:
The following are the course leads for each of the current courses in the STI curriculum:
SEC 401 – Eric Cole
SEC 501 – Eric Cole
SEC 502 – Chris Brenton
SEC 503 – Mike Poor
SEC 504 – Ed Skoudis
SEC 505 – Jason Fossen
SEC 506 – Hal Pomeranz
SEC 542 – __________
SEC 560 – Ed Skoudis
Sec 617 – Josh Wright
SEC 709 -- Stephen Sims
MGT 404 – Stephen Northcutt
MGT 421 – Stephen Northcutt
MGT 438 - Stephen Northcutt
MGT 525 – Jeff Frisk
MGT 411 – David Hoelzer
AUD 507 – David Hoelzer
FOR 508 – Rob Lee
FOR 408 – Rob Lee
FOR 610 (GREM) – Lenny Zeltser
LEG 523– Ben Wright
DEV 542 (also called SEC 542) – __________
DEV 522 (expects a cert to be developed – in meantime, a writ assignment is given) – Jason Lam
DEV 544 (4 days and has cert) – Frank Kim
DEV 536 (no cert developed yet so written assignment) Secure Coding for PCI Compliance –David Hoelzer
**DEV 541 (4 days and has cert) – Frank Kim
**DEV general , and also should 541 be added to M curriculum, are items to be discussed at in-person committee meeting in mid September 2010.
DEVELOPMENT CHAIRS & DEVELOPMENT SECOND CHAIRS LISTING:
Forensics – Dennis Kirby, Development Chair; Rob Lee, Development 2nd Chair
Audit – Dennis Kirby, Development Chair; David Hoelzer Development 2nd Chair
Developer – Dennis Kirby, Development Chair ; Frank Kim Development 2nd Chair
Cyber Guardian – Eric Bassel, Development Chair; ______, Development 2nd Chair
Pen Testing - _______, Development Chair; Ed Skoudis, Development 2nd Chair
(560, 432, 617, 709)
MONITORING:
Coordinate with faculty coordinator, Deb Jorgenesen, for a list on quarterly or so basis that will be reviewed by STI faculty committee.
Appendix 11.1 – Updated STI Brief
Slide 1
[pic]
Thank you for your interest in SANS Technology Institute (STI).
The following pages contain Frequently Asked Questions and other details about STI.
Slide 2
[pic]
If you look closely at a number of other graduate programs for information security, you will realize that security is “just one more thing” that many institutions offer; and the faculty often do not have "street credentials.“ STI, on the other hand, offers a program that has been called "laser focused." Information Assurance is our craft and our driving passion. STI provides security professionals, who have shown themselves dedicated to excellence, with the knowledge and skills needed to improve the security of information throughout the world. The students and faculty form a community of practitioners that will last long past graduation. If you look at the resources section of our website at sans.edu/resources/, you will see actual student papers, publications, and presentations that our students have completed. We teach leadership, research, and strong technical communication skills by modeling these core competencies consistently. Our program is not for everyone; it requires a significant investment of time and a certain level of ability. However, any competing program also takes an investment of time. The question is: what are you left when you complete the program? Many of our STI graduates become SANS instructors security-training/instructors.php, SANS courseware authors, GIAC exam developers , researchers and incident handlers with the Internet Storm Center, and other important positions in the field of information security.
Slide 3
[pic]
* Can I start taking SANS courses and GIAC Certifications BEFORE I am in the college? Yes
* Will they transfer into STI if I am later admitted to the college? Yes, if the cert is current, has a score of 80 (or average of 80 if there were two parts to the exam) or higher, and is related to the curriculum.
3. What is a Gold? It is the paper students write after they pass the GIAC exam. Almost all courses in the curriculum require Gold papers (or if Gold is not available, then the college provides a Written Assignment). For interesting reading, see the Reading Room at and click on the “Last 25 Papers.” Many of those papers were written by STI students.
4. Will STI accept transfers of credit from institutions other than SANS/GIAC? Not at this time. SANS courses are based on original research, and not generally available sources, so STI does not accept coursework from other higher education institutions. Exception: CISA can be used as a substitute for the AUD 507 course in the MSISM (Management ) Program.
5. Do I have to have a GIAC Cert or GIAC Gold Cert in order to apply? We no longer require that as an admission prerequisite. But once a person is admitted to the Program, almost all courses require a GIAC Cert and GIAC Gold Cert . (If they are not available, a Written Assignment/substitute is provided by the college).
6. We strongly believe leaders must be able to write and speak well. The college is looking for applicants who demonstrate strong English language skills. If one has concerns about those skills, it is recommended that they take a course in business English language usage before they apply.
Slide 4
[pic]
SANS, GIAC and STI are affiliated entities.
Each entity has its own Mission, Board, and Focus.
Slide 5
[pic]
The second bullet above is the language that Middle States requires that institutions use to explain the status of Candidate for Accreditation.
We are giving this process the utmost priority.
Can a person obtain tuition reimbursement from their company/agency under the company/agency’s Tuition Reimbursement Program?
Some companies/agencies will allow it under their Tuition Reimbursement Programs due to the high quality of STI’s training and/or status. For example, we have been informed that Microsoft, Booz Allen Hamilton, Ticketmaster, Saint-Gobain, Metafore, Basin Electric Power Coop, and others may allow it under their Tuition Reimbursement Programs. You should check with your company/agency.
Slide 6
[pic]
STI has two Degree Programs.
This page discusses the MSISM (Management) Program.
The next page discusses the MSISE (Engineering) Program.
Some of the courses are the same between the two Programs.
Which Program is more difficult?
The MSISE (Engineering) Program generally is considered more difficult because it is more technical. The MSISM (Management) Program also is technical, but not as technical as the MSISE (Engineering) Program.
Which Program has more students at this time?
MSISE (Engineering)
Slide 7
[pic]
This page describes the MSISE (Engineering) Program.
You can see that some of the courses are the same as the courses in the MSISM (Management) Program, but there are some differences.
Some examples of differences
The E Program requires SEC 401-GSEC in place of MGT 512-GSLC.
The E Program requires two electives. Those electives do NOT require a Paper to be written.
The E Program also requires SEC 503 Intrusion Detection in Depth-GIAC GCIA Gold.
The E Program requires the GIAC GSE.
Slide 8
[pic]
STI and its students believe that the Community Project Requirements are an extremely important part of the curriculum. They set us apart from many other institutions. An important page for applicants to read is .
Does a student have to take a course at a Residential Institute when the student is performing a Community Project Requirement (CPR) at a Residential Institute?
No, with a few exceptions. Also, please note that most master’s students do take a course when they attend a Residential Institute to perform a CPR.
The student must take a course when the student is performing the Work Study CPR. Also, when the student is performing Teaching Assistant duty as a CPR in the MSISM (Management) Program, the student is acting as a TA for a course-cert that the student already has passed.
Slide 9
[pic]
The cost is pay-as-you-go, rather than paying for several courses up-front like many colleges require.
The cost can vary depending on the course delivery method. For example, a live training event course generally costs more than an on-line course.
Slide 10
[pic]
Is it ok if an applicant earned the bachelor’s degree many years ago?
Yes, and it does NOT have to be in the field of information security/technology.
The employer recommendation is a form that can be downloaded from our website. It asks certain questions, so it is much easier for an employer to use than if the employer had to draft a special letter.
Slide 11
[pic]
This page intentionally left blank.
Appendix 13.1 - Curriculum Committee Update
To: STI Curriculum Committee:
1. Curriculum Update Report:
Please review the areas on the attached curriculum update report (from Katherine Calhoon) for which you are the initial reviewer ** to see if they appear to need attention.
Then send a note to the committee with your comments, or stating that it looks ok.
** REVIEWERS:
SEC 401 – Eric Cole
SEC 504 – Ed Skoudis
OTHER SEC – Johannes Ullrich
MGT 525 - Jeff Frisk
MGT 305 – David Hoelzer
MGT 421, 404, 438, 512 – Stephen Northcutt
MGT 411 – David Hoelzer
LEG – Stephen Northcutt
AUD – David Hoelzer
DEV 536 – Dennis Kirby/David Hoelzer
DEV 522 –Dennis Kirby/Johannes Ullrich
DEV 542 – Dennis Kirby/David Hoelzer
OTHER DEV – Dennis Kirby
2. Exam Assessment Summary:
I reviewed the exam assessment summary which listed the Certs earned by STI students in first half of 2010.
(a) The scores were all good – 80 or above.
(b) Performance on the exams seemed approximately equal when comparing different methods of delivery or different instructors.
(c) If two or more students received three stars or less on a certain objective, it is listed below:
GCPM / MGT 525 Project Mgt for Jeff Frisk’s comment. (TWO students took GCPM; they received over-all scores of 80 or above).
--Close Project or Phase 0 stars taken 5/20/10
--Close Project or Phase 0 stars taken 6/7/10
--Communication Management 2 stars taken 5/20/10
--Communication Management 2 stars taken 6/7/10
--Conduct Procurements 3 stars taken 5/20/10
--Conduct Procurements 3 stars taken 6/7/10
--Control Schedule 1 star taken 5/20/10
--Control Schedule 1 star taken 6/7/10
--Control Scope 1 star taken 5/20/10
--Control Scope 3 stars taken 6/7/10
--Develop Project Team 3 stars taken 5/20/10
--Develop Project Team 3 stars taken 6/7/10
--Estimate Activity Durations 3 stars taken 5/20/10
--Estimate Activity Durations 3 stars taken 6/7/10
--Manage Project Team 2 stars taken 5/20/10
--Manage Project Team 2 stars taken 6/7/10
--Verify Scope 1 star taken 5/20/10
--Verify Scope 3 stars taken 6/7/10
(d) Related Info – STI Course Adviser Summary for 2nd Q 2010 – from Richard Hammer:
----I contacted 9 students and 6 responded.
----None of the students that responded reported any issues or concerns about the exams they have taken.
----The engineering students taking MGT525 have commented about how difficult project management is for them, much different from the technical courses. I had the same feelings as I was working on implementing projects, not really planning them out and charting progress. I actually thought it was good to be taken out of my comfort zone and forced to understand good project management fundamentals.
----The GSE is another concern and I will paste below a correspondence that is typical.
Sample:
Hi XXX,
Thanx for the reply and the update. There is no pressure here to take the exam before you are ready and it looks like you have things well planned out.
I was the first STI graduate so I understand all the pressures you are facing.
I have worked a lot with the GIAC people, developed part of the GSE exam and proctored it twice. The best advice I can give you is play with the tools, get a backtrack DVD and use all the tools. You need to be comfortable looking at network traces and using the tools. You need to be comfortable with both Windows and Linux. I think it is a very far hands on exam, but you must be familiar with the tools used in GCIA and GCIH at a minimum and understand how to securely configure windows and Linux. Reading the course material will help you with the written exam, but not really with the hand on. You must practice and VMs are a great way to build a network and play.
Hope this helps, feel free to contact me anytime if you need some assistance getting tools to work. The live DVDs are really great for that.
wrote:
I live a little east of Pittsburgh, PA. To be honest I was not planning on studying SEC 508 for a month or two. On July 7th I have my first mentor session for SEC 401 I need to be prepared for that.
My gold paper on the "Null Box" is due on July 24th. Finally my new manufacturing modeling program went live last week and people already want changes.
In about a month I will re-read all the books while taking notes.
After I finish each book I will listen to the appropriate day's material and re-do each of the labs. When I complete all that I go through the book again speed reading and I create an index. Finally I take the first practice test and see where my index is weak. Make appropriate adjustments and depending on how well things went I make a decision on whether or not I should do the real test or take the second practice exam.
I may or may not go through all the on demand material. It depends on how comfortable I am with the material.
Are you an STI graduate?
What I really need is study tips for the GSE. The reason I am mentoring 401 is so that I can use the experience to really pour over the material because they tell me that it features prominently in the
exam. I also have the materials for 504 (I tried to mentor that too but only got 2 students so it got canceled). The 503 materials are a few years old but they tell me that it does not matter. I am concerned because I know much of the information but I lose details because I do not deal with the tools on a daily basis. My job is mundane dealing mostly with creating mathematical models of the company's products. The fun security stuff is handled by others who really don't want my help because I challenge their 1990's version of how to secure things.
Appendix 13.2 – Curriculum Update Report
Summary of Comments from Reviewers:
MGT 525: [JF earlier provided the following reply re M525 to the committee; it is pasted below for ease of reference]
I have just completed a course update for MGT525. The feedback below is helpful and I have included an executive summary of changes below, in addition to addressing some finer points about the topics listed. All the gory change details have been sent to Katherine.
After an initial look into the GCPM certification objectives (CO) highlighted in the report, the lower 'star' rankings are in many cases tied to exam composition artifacts. Many of the specific objectives listed have a lower exam weighting and the 'star' ranking format does NOT give a true indication of performance. For example, there are only two questions from the close project CO represented on the GCPM exam, so a 'star' ranking of 1-5 is not really applicable. Moving forward, I will look into the psychometric data from the GCPM exam to see what can be done to address these artifacts, suggesting changes where needed.
Also, I do see that although the project management material is not technically demanding, it is a different sort of skill set for the engineering students to master. My personal relationships with each of the previous STI graduates and current STI students who have taken the MGT525 course affirm this. The good news is that I have overwhelmingly received feedback from STI students that the MGT525 course has added a lot of value to their overall studies and made them more well rounded leaders and infosec professionals.
One focus of this update was to increase the effective communication content throughout the course and tie this concept together with other knowledge areas. I also restructured a number of the lab exercises based on student feedback and current trends. There is additional content and lab exercises regarding project selection methods and I added expanded earned value calculation introduction sections with additional earned value technique labs on days one and two. Based on student feedback and common 'in-class' questions I added detail to the schedule development process section on activity start and finish dates as related to forward and backward passes. I changed the approach of the lab exercises on the final day of the course to provide more structured closure in addition to added focus on metrics as tied to continual monitoring. JF
SEC 504 - Course has been updated regularly according to schedule, with several new exercises and attack scenarios. No further attention necessary. EC
SEC 401 – It is updated on a regular basis and all outstanding issues addressed. Training is also provided for new and existing instructors to make sure all instructors understand changes and updates. No further actions required. EC
OTHER SEC courses: I keep reviewing the course evaluations for them and don’t see any issues with them being out of date. JU
MGT 421 - Major update in December 2009. Major update in April 2010 further developed focus on competencies. SN
MGT 404 - Major update completed in March 2010. SN
MGT 438 - No major update activity since 2009. Likely to be some major changes [proposed since John Fitzgerald will be looking into security awareness. SN
MGT 512 - New releases out in December 2009, March 2010, and June 2010. July 2010, just completed updates for annual GIAC Fairway Marker review, new version to be released in December 2010. SN
MGT 411 - This course is up to date. Even so, "freshening" work is occurring right now prior to its use in Dubai. DH
AUD 507 - This course is up to date and has a clear path in place. 50% of day 1 will change when 407 debuts. DH
[side note by DH: MGT 521 Meeting the Minimum: PCI/DSS 1.2: Becoming and Stayiing Compliamt)- Draft of updated standard expected from PCI council at the end of August which will trigger updates.]
DEV 522 – Up to date – [Revision to 5 days] first taught at SANSFIRE 6/10. DK
DEV 522 - just underwent a major overhaul and is up to date. JU
DEV 542 –Up to date – this should read Dennis Kirby and Ed Skoudis. DK
DEV 543 –Concur with DH on DEV543 - Brand new and ready to be used. DK
DEV544 – Up to date. DK
DEV541 – Significant update just completed and first time it will be taught is at NS10. DK
Appendix 14.1 – Learning Objectives for LEG 523
LEG 523 Legal Issues in Information Technology and Information Security
An Overview of IT Agreements
The student will demonstrate a broad understanding of the role of contracts as tools for governing technology and data security relationships.
ASP and Software Agreements
The student will demonstrate familiarity with the most common contract clauses (terms and conditions) applicable to various kinds of technology agreements, such as software agreements and application service provider agreements.
Assessing and Managing Public Relations
The student will demonstrate the ability to assess, manage and offer advice about the public relations angle of an IT security emergency.
Avoiding Serial Investigations
The student will demonstrate an understanding of the potential legal and PR ramifications of mishandling security issues as well as ways to limit the damage those incidents can bring to an institution's reputation.
Competitive Boundaries and Liability
The student will demonstrate an understanding of how politics and diplomacy can be used to thwart and react to Internet-based security threats.
Consulting Contracts: Formation, Mechanics and Negotiation
The student will demonstrate knowledge on how to use modern contract methods to achieve data security objectives.
Contracts for Complying with Data Privacy and Anti-Spam Laws
The student will demonstrate the ability to employ contract law and disclaimer law as tools for managing risk and liability associated with data privacy and anti-spam laws.
Disclosure and Cyber Adversaries
The student will demonstrate the ability to make public accountability a cornerstone to risk mitigation when taking assertive security measures.
Disclosure, Documentation and Policy
The student will demonstrate the ability to use effective communications – in the form of public disclosures, internal documentation and enterprise policy – to manage legal and reputation risk.
Electronic Authentication and Signatures
The student will demonstrate working knowledge of law and risk associated with electronic authentication and signatures.
Electronic Contracts: Formation, Terms and Conditions
The student will demonstrate knowledge of how to use electronic contract techniques to form and influence contracts and the terms and conditions applicable to them.
Fraud and Auditors
The student will demonstrate working knowledge of fraud in IT systems and techniques from the audit profession to recognize and respond to fraud and other wrongful activity.
Fraud and Transparency
The student will demonstrate the ability to use information transparency as a tool for avoiding allegations of fraud and other wrongdoing.
Fraud Investigation, Reporting and Monitoring
The student will demonstrate working knowledge of techniques for fraud investigation, reporting and monitoring as tools for addressing both fraud and other wrongdoing.
Industry Specific Privacy Laws
The student will demonstrate working knowledge of industry-specific privacy laws (such as HIPAA and Gramm-Leach-Bliley) and their role in regulating data security.
Intellectual Property: Key Assets and Proprietary Information
The student will demonstrate working knowledge of the primary forms of intellectual property (patents, trademarks, trade secrets and copyrights) and their relevance to information security.
Making, Preserving and Destroying Business Records
The student will demonstrate how to develop modern policy for managing electronic records in an enterprise.
Monitoring: Justification and Dangers
The student will demonstrate the ability to balance the need for security professionals to monitor Internet-based threats against the requirements of modern computer crime laws
Network Use and Policies
The student will demonstrate how to develop modern policy on network usage, in light of recent case law.
Options During a Security Incident
The student will demonstrate an understanding of the importance of thinking creatively about the legal and investigative options available in the wake of an IT security crisis.
Recognizing, Evaluating and Mitigating Risk
The student will demonstrate the ability to recognize, evaluate and apply certain factors (relating to law, reputation and investigation) that reduce the risk of monitoring and responding to Internet-based threats.
Sarbanes Oxley and Its Regulations
The student will demonstrate working knowledge of Sarbanes-Oxley law and its larger implications for modern, technology-intensive enterprises.
Securities Law and Violations
The student will demonstrate working knowledge of how technology can be used to violate securities laws.
Sharing Security Information with Government
The student will demonstrate how a private enterprise can provide information to government, while preserving the rights of the enterprise.
The Culture of Fraud
The student will demonstrate working knowledge of business ethics and the role that corporate culture in promoting ethical practices in an enterprise, an IT department or a team of professionals.
The Role of Written Policy in Liability and Privacy
The student will demonstrate skill in using and interpreting written enterprise policies for managing expectations and risk related to privacy and legal liability.
Understanding Liability for Computer Security Breaches
The student will demonstrate working knowledge of modern legislation, regulation and case law pertaining to liability for information security compromises.
Appendix 14.2 – Learning Objectives for DEV Courses
SANS Technology Institute
DEV 522: Web Application Security Essentials
Learning Objectives
The student will demonstrate an understanding of the following topics:
• Infrastructure security
• Server configuration
• Authentication mechanisms
• Application language configuration
• Application coding errors like SQL injection and cross site scripting
• Cross site request forging
• Authentication bypass
• Web services and related flaws
• Web 2.0 and its use of web services
• XPATH and XQUERY languages and injection
• Business logic flaws
• SSL vulnerabilities and testing
• Proper encryption use in web application
• Session vulnerabilities and testing
• Cross Site Request Forgery
• Business Logic flaws
• Concurrency
• Input related flaws and related defense
• SQL Injection vulnerabilities, testing and defense
• Cross Site Scripting vulnerability and defenses
• Web environment configuration security
• Intrusion detection in web application
• Incident handling
• Honeytoken
• Web services overview
• Security in parsing of XML
• XML security
• AJAX technologies overview
• AJAX attack trends and common attacks
• AJAX defense
• Clickjacking
• DNS rebinding
• Flash security
• Java applet security
• Single Signon solution and security
• IPv6 impact on web security
• Mitigation of server configuration errors
• Discovering and mitigating coding problems
• Testing business logic issues and fixing problems
• Web services testing and security problem mitigation
SANS Technology Institute
DEV 536: Secure Coding for PCI Compliance
Learning Objectives
The student will demonstrate understanding of the following topics:
• Secure SDLC
• Agile Programming
• Requirements Analysis
• Selecting an Application Framework
• Considerations for In-House Frameworks
• API Contracts
• Creation of a Session State Library
• Input Validation Routines
• Error Handling
• Output Validation and Processing
• Secure SQL Handling
- Issues with Stored Procedures
- Sanitization of Input
- Parameterized/Bound Queries
• Session Cloning Protections
• Protecting against Cross Site Request Forgery issues
• Eliminating Cross Site Scripting flaws
• Asymmetric Encryption Strategies for Secure Data Storage
- Implementing Storage
- Implementing Key Change Processes
- Addressing Backup Issues
SANS Technology Institute
DEV 542: Web Application Penetration Testing & Ethical Hacking, GIAC GWAPT
Learning Objectives
AJAX
The student will demonstrate an understanding of what AJAX is and some of its known weaknesses
Application Flow Charting and Session Analysis
The student will demonstrate an understanding of the techniques used to identify the logic flow of a web application.
Automated Web Application Vulnerability Scanners
The student will demonstrate familiarity with automated tools used to find web application vulnerabilities and their distinguishing features.
Client Authentication
The studentwill be able to identify and discuss the strengths and weaknesses of the major types of client authentication.
Cross Site Scripting
The student will demonstrate an understanding of the types of XSS attacks, how to identify XSS vulnerabilities, and how to perform them
Flash
The student will understand Flash technology and its weaknesses.
Java Applets
The student will understand the fundamentals of Java Applets and how to decompile them.
Javascript for Pen Testers
The student will be able to identify the major components of the Javascript scripting language and what the purpose of each component is
PHP
The student will understand the fundamentals of PHP and it's capabilities as a language
Probing and Other Mapping
The student will demonstrate an understanding of port scanning, OS fingerprinting, Version Scanning , and banner grabbing.
Python Scripting Basics
The student will be familiar the some of the basics of the python scripting language at a high level.
Recon Using Public Information
The student will understand how to conduct reconnaissance using publicly available information.
Session Tracking and SSL
The student will be able to discuss how session tracking is used and how SSL/TLS is used in modern web communications.
Spidering
The student will demonstrate mastery of techniques that can be used to spider a site.
SQL Injection
The student will demonstrate an understanding of how to perform SQL injection attacks and how to identify SQL injection vulnerabilities in applications
The HTTP Protocol
The student will demonstrate an understanding of the how HTTP works
Understanding the Web
The student will demonstrate an understanding of the fundamentals of how web applications work.
Web App Pen Test Methodology and Reporting
The student will be able to identify the typical methods and components of a web application penetration test
Web Application Vulnerabilities and Manual Verification Techniques
The student will be able to test for common web application vulnerabilities using a combination of manual techniques and tools.
Web Services
The student will be familiar with web service technologies and attack vectors.
XSS Frameworks and Attack Limiting
The student will demonstrate familiarity with various XSS attack frameworks.
SANS Technology Institute
DEV 544: Secure coding in .Net: Developing Defensible Applications
Learning Objectives
The student will demonstrate understanding of the following topics:
• Web Application Attacks
- Cross Site Scripting
- Cross Site Request Forgery (CSRF)
- SQL Injection
- HTTP Response Splitting
- Parameter Manipulation
• Web Application Proxies
- Using Fiddler
• Validation Concerns
- Character Encoding
- Input Validation
- Output Encoding
- Blacklisting & Whitelisting
• Validation Techniques
- Validation Controls
- Server vs. Client side validation
- Regular Expressions
- HTML Encoding
- CAPTCHA
-
- Stored Procedures
- LINQ
• Authentication
- IIS / pluggable Authentication architecture
- Basic & Digest Authentication
- .NET Form Based Authentication Framework
- Windows Authentication
- Authorization, OS security, and Impersonation
- SSL Client Certificates
- Authentication Policies
• Protecting Sessions
- Secure Session ID generation
- Session data, and persistence
- Session policies, expiry, etc.
- Session Hijacking
- Session Fixation
• Authentication Attacks
- Brute Force Attacks
- Weak Password Storage
- Password Reset
- Secret Questions
• Architecture
- Defense in depth
- Least Privilege
- Thread Safety
- Structured Exception Handling
- Application Logging and Auditing
- Secure Coding Principals
- Handlers, Modules and the HTTP Pipeline
• NET Encryption Services
- Encryption Principals
- Securing communications
- Protecting data at rest
• Code Access Security
• Assemblies
• Global Assembly Cache
• Strong and Weak Named Assemblies
• The Common Language Runtime
• Execution Model
• Security Zones
• Evidence
• Code Groups
• Permissions
• Hacking .NET Security
• Permission Calculations
• Assembly Permission Requests
• Permission Enforcement and Stack Walks
Appendix 14.3 – GSE Learning Objectives
GSE Learning Objectives
Objective Outcome - The GIAC promise is that holders of the GSE will have the following capabilities.
IDS and Traffic Analysis Domain
Capture Traffic
Demonstrate competence with common IDS tools a techniques for capturing traffic.
Analyze Traffic
Demonstrate the ability to decipher the contents of packet capture headers.
Interpret Traffic
Make correct judgments as to the nature of traffic to or from specific hosts in packet captures.
IDS Tools
Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Ethereal
Incident Handling Domain
IH Process
Demonstrate mastery of the Incident Handling process.
Common Attacks
Demonstrate a broad knowledge of computer and network attacks.
Malware
Demonstrate solid understanding of malware and how to handle infected computers.
Preserving Evidence
Demonstrate the ability preserve evidence relevant to an Incident investigation.
ITSEC Domain
Windows Security
Demonstrate general knowledge of Windows Security and proficiency in a Windows environment.
Unix Security
Demonstrate knowledge of Unix Security and proficiency in a Unix environment.
Secure Communications
Demonstrate an understanding of basic cryptography principles, techniques, and tools.
Protocols
Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols.
Security Principles
Consistently demonstrate and practice bedrock security principles.
Security Technologies Domain
Firewalls
Demonstrate competence with firewalls.
Vulnerability Scanners, and Port Scanners
Demonstrate competence with scanning tools including vulnerability and port scanners.
Sniffers and Analyzers
Demonstrate competence with Sniffers and Protocol Analyzers
Common Tools
Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc...
Soft Skills Domain
Security Policy and Business Issues
Demonstrate an understanding of the security policy and business issues including continuity planning.
Information Warfare and Social Engineering
Demonstrate an understanding of Information Warfare and Social Engineering.
Ability To Write
Demonstrate the ability to write quality technical reports or articles.
Ability to Analyze
Demonstrate the ability to analyze complex problems that involve multiple domains and skills.
Teamwork
Demonstrate the ability to work as a member of a team in a professional environment.
Appendix 15 – STI Financials and Budget Projection
CONFIDENTIAL AND PROPRIETARY INFORMATION
[pic]
May 24, 2010
Below are the assumptions taken into consideration when arriving at the annual budgets for the income:
• Students take an average of 2 major courses with certification attempts per year.
• STI receives a portion of the GIAC certification fees
• Teaching Assistant fees which are earned by STI students during conference are paid directly to the college, and are considered a Community Project Requirement.
• Application Fee is $450 for each new incoming student
• Library/media fee is $50 for each admitted student
For each year the following estimations were made:
For 2010:
• Year end projected enrollment - 40
• 5 existing students will graduate in June 2010
• 1 was dismissed in January 2010
• 16 new students will enroll
• 4 students will have a Teaching Assistant assignments
For 2011:
• Year end projected enrollment – 50
• 6 existing students will graduate in June 2011
• 1 student will be dismissed or withdraw
• 17 new students will enroll
• 4 students will have Teaching Assistant assignments
For 2012:
• Year end projected enrollment - 75
• 8 existing students will graduate in June 2012
• 1 student will be dismissed or withdraw
• 34 new students will enroll
• 5 students will have Teaching Assistant assignments
For 2013:
• Year end projected enrollment – 100
• 10 existing students will graduate in June 2013
• 1 student will be dismissed or withdraw
• 36 new students will enroll
• 10 students will have Teaching Assistant assignments
For 2014:
• Year end projected enrollment – 125
• 15 existing students will graduate in June 2014
• 2 students will be dismissed or withdraw
• 42 new students will enroll
• 12 students will have Teaching Assistant assignments
For 2015:
• Year end projected enrollment – 150
• 27 existing students will graduate in June 2015
• 2 students will be dismissed or withdraw
• 54 new students will enroll
• 14 students will have Teaching Assistant assignments
-----------------------
[pic]
-----------------------
206
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- online graduate programs in illinois
- springer undergraduate texts in mathematics
- undergraduate study in uk
- undergraduate study in canada
- undergraduate study in germany
- graduate certificate programs in finance
- health and wellness programs in the workplace
- undergraduate texts in mathematics pdf
- undergraduate texts in mathematics
- undergraduate texts in mathematics list
- undergraduate degree in environmental engineering
- undergraduate scholarships in canada