ACM Inroads: Archive

Discussions about the possibility of ABET accrediting programs in cybersecurity began floating around in a small group in the computing community in the early 2010s. The Cyber Education Project (CEP) launched in 2014 and championed the goal of establishing accreditation criteria in the fast-emerging field of cybersecurity. In 2015, the Joint Task Force on Cybersecurity Education (JTF) formed from four major computing societies to produce curriculum guidelines for cybersecurity released as CSEC 2017. This paper describes the development and content of ABET's cybersecurity accreditation criteria, and examines the current state of accreditation in cybersecurity at both the Associate and BS levels.

Introduction

ABET is a recognized world leader in accrediting programs in computing, engineering, applied and natural sciences, and engineering technology. In the United States, some professions require that a person graduate from an ABET-accredited program to receive a license to practice. As of Fall 2022, ABET accredits 4,361 programs at 850 institutions in 41 countries, with 175,000+ students graduating annually from ABET-accredited programs [13]. These programs must meet the quality standards set by their professions to ensure that graduates are prepared to enter and succeed in the workforce. Programs become accredited by satisfying ABET's accreditation criteria that are composed of General Criteria (that apply to all programs accredited by one of ABET's four commissions), and when available, a specific Program Criteria (that is determined by the program's title). Each program is typically assigned to only one of ABET's four commissions using its title, but occasionally the title might require more than one commission; for instance, a program titled Computer Science and Engineering would require accreditation by both Computing and Engineering Accreditation Commissions.

This paper focuses on ABET's accreditation criteria for cybersecurity and cybersecurity engineering. When referring to a Program Criteria we write Cybersecurity with a capital 'C' and when referring to the cybersecurity discipline with a lower case 'c.' We discuss the Cybersecurity and Associate Cybersecurity (CybersecurityA) Program Criteria, which fall under the umbrella of ABET's Computing Accreditation Commission (CAC), and the Program Criteria for Cybersecurity Engineering (CybersecurityE), which falls under ABET's Engineering Accreditation Commission (EAC). Table 1 summarizes information about these Program Criteria.

In the early 2010s, a small group of experts in ABET accreditation from the computing community began discussions on the need for cybersecurity accreditation. In 2014, Greenlaw, Phillips, and Parrish published a paper titled: "Is It Time for ABET Cybersecurity Criteria?" The paper answered this question with a resounding 'yes' and provided rationale supporting its conclusion, including the maturity of the field, existing expertise, importance of cybersecurity, timeliness, workforce demand, requests by programs for accreditation in the field, existence of qualified program evaluators, interest level, and fundamental relevance [20]. The paper also addressed a variety of issues that could be potential showstoppers. The authors then helped to establish and lead the Cyber Education Project (CEP) and set the wheels in motion to create a community to explore cybersecurity education and motivate future ABET accreditation criteria in cybersecurity [21]. They conducted an informal survey of programs and determined that numerous programs would be willing to come up for ABET accreditation in cybersecurity. CEP's efforts led to the formation of a Joint Task Force for Cybersecurity Education (JTF) by the Association for Computing Machinery (ACM), IEEE Computer Society (IEEE CS), Association for Information Systems Special Interest Group on Security (AIS SIGSEC), and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8). Soliciting input from industry experts, academics, the US government, cybersecurity experts, and the general public, the JTF developed curriculum guidelines for cybersecurity that were published in the form of Cybersecurity Curricula (CSEC 2017) [16]. These guidelines helped to establish cybersecurity as one of many viable computing disciplines alongside computer science, information technology, software engineering, computer engineering, data science, and information systems. CSEC 2017 contributed greatly to the eventual creation of Cybersecurity, CybersecurityA, and CybersecurityE Program Criteria. We would be remiss not to mention that the related work led by the US government through its National Centers of Academic Excellence (CAE) in what are currently known as Cyber Defense and Cyber Operations was also instrumental in getting US institutions started in building and developing cybersecurity programs [23].

The rapid rise in cybercrimes since the early years of the 21st century such as information and identity theft, child pornography, credit-card fraud, intellectual-property infringements, denial of service attacks, harassment and cyberstalking, scamming, online extortion, network takeovers via botnets, fake news, stolen funds, ransomware, and more drove home the urgent need for a well-educated workforce of cybersecurity professionals [32]. The US's National Initiative for Cybersecurity Education (NICE) determined that in 2021 there was a global shortfall of 2,720,000 cybersecurity professionals, with that number increasing rapidly by 13.5% per year [22]. By 2025, there is expected to be a shortfall of roughly 4,500,000 cybersecurity workers, with the three biggest demands being for cloud services, data analysis, and programming [22]. NICE reports that the most common job titles for such professionals are cybersecurity analyst, cybersecurity manager, cybersecurity consultant, software developer, systems engineer, network engineer, penetration and vulnerability tester, systems administrator, and cybersecurity specialist [22]. Graduates coming out of ABET-accredited Cybersecurity, CybersecurityA, or CybersecurityE programs are well-qualified to take on these important roles.

In the decade since Greenlaw, Phillips, and Parrish published their paper on cybersecurity accreditation [20], much work has been done relating to their initial efforts. We survey that work here. Raj and Parrish [28] examined how standards should be developed for undergraduate cybersecurity education. Raj et al. [27] studied the benefits and challenges of cybersecurity accreditation. A special issue of IEEE Computer edited by Sobel, Parrish, and Raj looked at the curricular foundations for cybersecurity [30]. Among the articles in that issue was one by Gibson et al. [17] that discussed four distinct approaches toward developing undergraduate cybersecurity degree programs at four diverse institutions: the United States Air Force Academy, the United States Naval Academy, Towson University, and Southeast Missouri State University. Although varying significantly in their approaches, all four of these programs received accreditation in cybersecurity by ABET's CAC. That is, the programs did not need to follow a uniform approach nor a fixed curricular model to become accredited. Gibson et al. made it clear that the Program Criteria in Cybersecurity had been designed with sufficient flexibility to permit typical programs with titles such as cyber operations, information assurance, network security, computer security, information security, computer forensics to be able to meet these criteria [17]. Many others have looked at cybersecurity education issues as well, [14,25,26,31],

Guided broadly by CSEC2017, the ACM Committee for Computing Education in Community Colleges (CCECC) created a task force to develop ACM's Cyber2yr2020 that provides the ACM Curriculum Guidance for Associate degree programs in cybersecurity [24]. Raj et al. discussed the need for cybersecurity accreditation at the associate's level [29]. They observed that "the content of such programs has been driven by many factors including the needs of local industry, professional certification requirements for entry-level jobs, and education advancement programs under such organizations as the National Security Agency, the National Institute of Science and Technology (NIST), the National CyberWatch Center, and the Association for Computing Machinery (ACM). A consequence of this diversity of drivers is wide variation in the types of graduates produced, which is not conducive to developing shared expectations, from prospective students to employers." Greenlaw and Mufeti show how to spawn a two-year program in cybersecurity from a typical four-year Bachelor of Science program in computer science [18]. Along related lines, Greenlaw and Mufeti [19] show how to develop an ABET accreditable four-year program in cybersecurity from a typical Bachelor of Science in computer science program.

Let's briefly examine when various items appeared in ABET's Criteria relating to the accreditation of cybersecurity programs. In parallel to the development of accreditation criteria for cybersecurity in the CAC, many of the same players were involved in developing accreditation criteria for cybersecurity engineering in the EAC. Those efforts were driven largely by Steven Lingafelt and members of CEP [15]. In the 2018–19 Criteria for Accrediting Computing Programs [3], it is noted that on August 7, 2017, the ABET Computing Area Delegation approved a version of the Program Criteria for Cybersecurity for a one-year review and comment period. A year later the official Program Criteria for Cybersecurity appeared [4]. In 2020–21, the proposed accreditation criteria for the Associate Cybersecurity appeared [5]. In 2021–22, a new version of the criteria for the Associate Cybersecurity appeared [6]. In 2022–23, the final version of the Program Criteria for Associate Cybersecurity was approved [7]. During this time, the accreditation criteria that originally appeared for cybersecurity in 2019–20 were not altered. As of this writing, they remain the same in [7]. In the Criteria for Accrediting Engineering Programs [8], in 2018–19 the proposed accreditation criteria for CybersecurityE are linked. In 2019–20, the approved accreditation criteria for CybersecurityE appeared [9]. Since that time, the originally approved Program Criteria for CybersecurityE have not been modified. Figure 1 summarizes this discussion in a timeline.

The remainder of this paper is outlined as follows. In section 2, we examine the accreditation criteria for Cybersecurity and in section 3 we discuss the accreditation criteria for CybersecurityA. Section 4 offers a discussion of the CybersecurityE Program Criteria. In section 5 we look at programs that have achieved these accreditations. Section 6 examines the state of cybersecurity accreditation and whether the original expectations for the criteria were met. Finally, Section 7 discusses future trends and directions for cybersecurity accreditation.

Program Criteria for Cybersecurity

In this section we examine the 2022–2023 ABET Program Criteria for Cybersecurity [7]. We look at CybersecurityA [7] in the following section and CybersecurityE [12] in section 4. As is often the case with ABET Program Criteria, the accreditation criteria for cybersecurity involve only Criterion 3, Student Outcomes (SOs), and Criterion 5, Curriculum. The additional SO reads as follows: "Apply security principles and practices to maintain operations in the presence of risks and threats." [7] This SO seems entirely reasonable because if a system cannot remain operational, it is of little use. In the curriculum area (a), another 15 credits of course work beyond the General Criteria curriculum requirements are added. They must come in the areas of computing or cybersecurity. Guided by CSEC 2017 [16], the requirements for Cybersecurity include the following [7].

Application of the crosscutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking.
Fundamental topics from each of the following: (a) Data Security, (b) Software Security, (c) Component Security, (d) Connection Security, (e) System Security, (f) Human Security, (g) Organizational Security, and (h) Societal Security.
Advanced Cybersecurity topics that build on the crosscutting concepts and fundamental topics to provide depth.
And lastly, there is a math requirement of at least six credits that includes discrete mathematics and statistics.

These criteria were largely driven by CSEC2017, which itself drew substantially from the CEP effort. For a number of accreditation cycles now, the Program Criteria for Cybersecurity have not been modified. As the field of cybersecurity further matures, over time there might be some modification to the list of security topics, but for now the work of the CSEC2017 group and the original criteria authors are holding strong, which reflects credit to the work of the JTF that developed the CSEC 2017 guidelines [16].

Program Criteria for Associate Cybersecurity (Cybersecuritya)

The accreditation criteria for the Associate Cybersecurity are derived largely from the Program Criteria for Cybersecurity and the Cyber2y2020 effort [24]. CybersecurityA tones down the requirements, as the program is typically for just two years. In this case, the accreditation criteria also involve just SOs and Curriculum. However, this new material replaces, not extends the General Criteria, as is usually done with additional material in the SO and Curriculum Criteria. There are five new SOs. Four of them specifically mention cybersecurity or security topics. Number 3 below focuses on communication, with the intent being communication about cybersecurity and security topics. The SOs follow here [7].

Graduates of the program will have an ability to:

Analyze a broadly defined security problem and apply principles of cybersecurity to the design and implementation of solutions,
Apply security principles and practices to maintain operations in the presence of risks and threats,
Communicate effectively in a variety of professional contexts,
Recognize professional responsibilities and make informed judgments in cybersecurity practice based on legal and ethical principles, and
Function effectively as a member of a team engaged in cybersecurity activities.

Rather than having 45 hours of required computing and cybersecurity coursework, the requirement is for 30 hours of coverage of the "application of techniques, skills, and tools necessary for cybersecurity practice;" the crosscutting concepts, and the cybersecurity topics listed in the Program Criteria for Cybersecurity [7]. The quoted text specifies application and practice, which is more appropriate to a two-year program than a four-year one. A second addition to CybersecurityA is "Programming or scripting skills." [7] Finally, the mathematics requirement has been reduced from the one in the four-year program. It is only required that students get an appropriate math background to fulfill the SOs and Program Educational Objectives (PEOs). The PEOs are specified in the General Criteria.

In summary, the accreditation criteria for CybersecurityA contain the bulk of what the Program Criteria for Cybersecurity do, however, at a less rigorous level, having a greater focus on application and practice, with fewer required credits, less general computing topics, and less stringent mathematics requirements. Given the similarities in the requirements in the Program Criteria for Cybersecurity and CybersecurityA, it would not be difficult to create an ABET accreditable two-year degree in cybersecurity from an already accredited four-year program. In [18], Greenlaw and Mufeti actually show how to do this from a typical BS in Computer Science. In that situation, it is usually necessary to incorporate additional topics in cybersecurity and to make sure that all the crosscutting concepts are covered.

Program Criteria for Cybersecurity Engineering (Cybersecuritye)

Let's take a look at the EAC's Program Criteria for CybersecurityE. As usual for the EAC, there are curriculum and faculty requirements in the accreditation criteria. The curriculum must include the following [12].

Probability, statistics, and cryptographic topics.
Discrete mathematics and specialized mathematics, such as abstract algebra, information theory, number theory, complexity theory, and finite fields.
Engineering topics necessary to determine cybersecurity requirements and to analyze, design, test, and protect complex devices and systems that incorporate hardware, software, and human components.
Application of protective technologies and forensic techniques.
Analysis and evaluation of components and systems with respect to security and to maintaining operations in the presence of risks and threats.
Consideration of legal, regulatory, privacy, ethics, and human behavior topics.

The curriculum must provide both breadth and depth across the range of engineering and computing topics necessary for the application of computer-security principles and practices to the design, implementation, and operation of the physical, software, and human components of a system. Regarding faculty, "The program must demonstrate that faculty members teaching core engineering topics understand methods of engineering design, engineering problem solving, and engineering practice with specific relevance to security." [12] Although the accreditation criteria for Cybersecurity and CybersecurityE began through the same discussions, they diverged along the way. The clear difference is, as it should be, a focus on engineering in the CybersecurityE accreditation criteria. Coverage of many similar topics is required, but a different point of view is taken. Is one set of accreditation criteria easier to meet than the other? Has one set of accreditation criteria been more successful than another? If so, why? We take a look at these and other questions by examining the programs that have achieved cybersecurity accreditation in the next section.

Programs that have Achieved Cybersecurity Accreditation

In the 2017–18 ABET-accreditation cycle, cybersecurity programs at the United States Air Force Academy (USAFA), United States Naval Academy (USNA), Towson University, and Southeast Missouri State University became the first programs to undergo site reviews as pilots under the CAC's Program Criteria for Cybersecurity. The USAFA offers a Bachelor of Science (BS) in Cyber Science. The USNA offers a BS in Cyber Operations. Clearly, both of these programs are critical to the security of the United States, as they educate officers in the armed forces. Towson University offers a BS in Computer Security. Southeast Missouri State University offers a BS in Cybersecurity.

In addition to these pioneering four institutions, Table 2 shows the other programs that have since become accredited under the Program Criteria for Cybersecurity. In the table, we also provide program names. It is instructive to look at the variety of different program names. The variety of names in these programs is a bit unusual for ABET accreditation, meaning that usually under a given accreditation criteria, many programs will have the same name. That fact alone informs us that despite the different foci of these programs, they still fall within the same ABET accreditation criteria, thus making it clear that ABET accreditation allows programs to retain their distinct flavor while meeting a common set of quality standards established for that profession.

A look at the date column in Table 2 reveals that a few universities have a starting date for a cybersecurity accreditation prior to 2018, that is, before the Program Criteria for Cybersecurity were finalized. There are several reasons for this. First, programs that had titles such as Cybersecurity prior to the finalization of the Cybersecurity Program Criteria might have been accredited under only the CAC General Criteria. Second, programs might have changed names to make them more attractive to students and employers. Third, ABET allows programs that meet the criteria to request backdated accreditation start dates to benefit graduates' claim of graduation from accredited programs, as long as the criteria were also met in prior years before the accreditation visit.

At the Associate's level, the following programs are ABET-accredited: Anne Arundel Community College (Associate of Applied Science in Information Assurance and Cybersecurity), Lord Fairfax Community College (Associate of Applied Science in Cybersecurity), and Portland Community College (Cybersecurity). Table 3 summarizes the information about these programs.

In the EAC, the following programs have achieved accreditation under the accreditation criteria for CybersecurityE: George Mason University (BS in Cyber Security Engineering), Iowa State University (BS in Cyber Security Engineering), Louisiana Tech University (BS in Cyber Engineering), and Princess Sumaya University for Technology (BS in Networks and Information Security Engineering). Table 4 summarizes the information about these programs.

As of Fall 2022, Tables 2, 3, and 4 show that 23 programs have been accredited under the Program Criteria for Cybersecurity, three under CybersecurityA, and four under CybersecurityE, respectively, for a total of 30 programs.

Status of Cybersecurity, Cybersecuritya, and Cybersecuritye Accreditations

Due to the COVID-19 pandemic, ABET conducted virtual visits in 2020–21 and 2021–22. In the 2022–23 cycle, ABET is conducting a mix of onsite and virtual visits [2]. During the pandemic, ABET has reported that a number of institutions postponed their visits or simply did not come up for accreditation as anticipated. The demands of converting to online instruction, along with the increased costs of handling COVID-19, made it impossible for some institutions to carry out their ABET plans as well, especially when applying for initial accreditation. Thus, the number of institutions that one might have expected to become ABET-accredited in cybersecurity is likely to be down due to extenuating circumstances, but the 2021–22 accreditation cycle shows some rebound. Initial reports are that the 2022–23 cycle continues to see an increase in applications of initial cybersecurity accreditation.

If we compare the actual Program Criteria for Cybersecurity, CybersecurityA, and CybersecurityE to other Program Criteria in the CAC, CAC, and EAC, respectively, we find that these three Program Criteria are more complex. They are longer when written down because the number of requirements is greater and, in some cases, more specific. But they are also more complex in the sense that they do not use standard terminology. This fact is natural because cybersecurity is still very much an emerging discipline. We have found that the non-standard terminology introduces a complication for programs proving to ABET that they meet the Program Criteria. Programs must translate their jargon into that used in the Program Criteria for Cybersecurity, CybersecurityA, and CybersecurityE. Failure to do so, for example, with the crosscutting concepts or the security areas may lead to the appearance of omissions of required materials. Although not a deal-breaker if sorted out properly, it is another hurdle that programs face when applying for accreditation in cybersecurity.

To apply for ABET accreditation, a program must have produced at least one graduate to establish its viability. A new program at the BS level normally would not have graduates for three to four years after its emergence, and at the Associate's level for two years. Thus, we expect some lag in programs seeking accreditation. In addition, it typically takes programs a few years to develop an effective continuous-improvement process, as required in the General Criteria, Criterion 4. In light of the issues just discussed, to see by 2022 that 30 programs have achieved ABET accreditation in cybersecurity is amazing. Perhaps there was a small backlog of programs waiting to seek ABET accreditation in cybersecurity too. During the COVID-19 pandemic years, no new programs were accredited in cybersecurity.

We believe the number of accredited cybersecurity programs will grow at a rate of four to five per year, as was the case during the first three years of the cybersecurity criteria's existence and in the 2021–22 cycle. Most two-year institutions, such as community colleges, do not have any ABET-accredited programs. So, one would expect the take-up to be slower with CybersecurityA. Moreover, faculty at community colleges have higher teaching loads to meet the institutional mission, leaving little time for service activities needed to launch an effort for accreditation. The cost of accreditation, however small, is still high for community colleges and the criteria too new to make any meaningful generalizations at this time.

As colleges and universities compete for students, it will be important for them to distinguish themselves with quality programs in cutting-edge fields. We expect to see a steady uptake in cybersecurity accreditations in the coming years.

The number of programs coming up for accreditation under CybersecurityE is smaller than projected. While reasons are not clear as yet, there is speculation that these Program Criteria are challenging to meet, contain many requirements, and are still relatively new. Perhaps when programs one-to-three years old start producing graduates and the pandemic settles a bit more, we will see a flurry of programs seeking cybersecurity accreditation. We certainly hope so, so that workforce demands can be met by well-educated individuals.

Future Trends and Directions for Cybersecurity Accreditation

As pointed out in the introduction, much work is ongoing regarding the development of the field of cybersecurity and its accreditation. The strong and swift push to develop ABET Program Criteria for Cybersecurity has helped not only to advance the field more rapidly, but also to standardize expectations sooner than they would have been otherwise. With the tremendous rise in the number of cybercrimes (for example, the FBI reported a 300% increase in the number of cybercrimes since the start of the COVID-19 pandemic [32]), this development is important for society as a whole. Due to the COVID pandemic, institutions may not have been able to follow through on their plans for ABET accreditation in the area of cybersecurity. Table 2 shows that a number of private institutions have sought accreditation for their cybersecurity programs. As colleges and universities compete for students, it will be important for them to distinguish themselves with quality programs in cutting-edge fields. We expect to see a steady uptake in cybersecurity accreditations in the coming years.

While serving as evaluators for programs in cybersecurity, authors of Self-Studies for institutions coming up for accreditation in cybersecurity, authors of the original Program Criteria for Cybersecurity, collaborators with those developing CybersecurityE, and consultants to programs that have successfully attained cybersecurity accreditations, we make several observations about these Program Criteria.

The jargon in the field of cybersecurity is not yet standardized.
Expectations of training-focused programs leading to individual certifications, such as the CISSP, are different from the expectations of education-focused undergraduate programs. Some educators themselves find these distinctions hard to grasp.
Programs struggle with the "Application of the crosscutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking." [7] In some cases, programs are applying these concepts, but using different terminology. In other cases, programs are missing one or two of the crosscutting concepts. Usually, the missing crosscutting concepts are adversarial thinking and systems thinking.
Programs have difficulty with 'connection security' and to a lesser extent 'component security.' ABET's use of these terms, which stems from CSEC 2017, often confuses programs. Educators are still not up to date with the CSEC 2017 curricular guidelines.
CybersecurityE contains a daunting list of required topics and substantial mathematics in a variety of areas.

When the cybersecurity engineering accreditation criteria were being developed, there was a push toward inclusion of topics rather than their omission. In other words, no one wanted to let go of their favorite topics, and the criteria became somewhat bulky due to compromise. Although some topics were clearly needed, on the fringes, a couple of topics may have slipped in that will become less important over time. And, also over time, as expectations and terminology become more standardized, we expect the three cybersecurity Program Criteria to evolve and perhaps become tighter, along similar sizes in terms of word count to other Program Criteria in the respective commissions. For the moment, the initial versions of the criteria are serving their communities well.

Due to the ever-increasing importance of cybersecurity in national security, business, banking, communications, and so on, the need for a well-educated workforce is expected to grow rapidly [22]. Once the effects of COVID-19 pass, we expect there to be a number of programs in the pipeline for cybersecurity accreditation at both the Associate's and Bachelor's levels. The need for ABET accreditation criteria in cybersecurity remains as strong as ever. We look forward to more programs seeking out this important accreditation and producing graduates to fill the tremendous workforce demand.

References

1. ABET, Accredited Programs, https://amspub.abet.org/aps/category-search?commissions=2&disciplines=91&degreeLevels=A&degreeLevels=B; accessed 2022 Sep 7.

2. ABET, COVID-19 Updates, https://www.abet.org/accreditation/covid-19-update/, accessed 2022 Sep 8.

3. ABET, Criteria for Accrediting Computing Programs, Version 2, 2018–2019, https://www.abet.org/wp-content/uploads/2018/02/C001-18-19-CAC-Criteria-Version-2.0-updated-02-12-18.pdf, accessed 2022 Sep 2.

4. ABET, Criteria for Accrediting Computing Programs, 2019–2020, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs-2019-2020/, accessed 2022 Sep 2.

5. ABET, Criteria for Accrediting Computing Programs, 2020–2021, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs-2020-2021/, accessed 2022 Sep 1.

6. ABET, Criteria for Accrediting Computing Programs, 2021–2022, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs-2021-2022/, accessed 2022 Aug 31.

7. ABET, Criteria for Accrediting Computing Programs, 2022–2023, abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs2022-2023, accessed 2022 Mar 14.

8. ABET, Criteria for Accrediting Engineering Programs, 2018–2019, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2018-2019/, accessed 2022 Sep 4.

9. ABET, Criteria for Accrediting Engineering Programs, 2019–2020, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2019-2020/, accessed 2022 Sep 2.

10. ABET, Criteria for Accrediting Engineering Programs, 2020–2021, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2020-2021/, accessed 2022 Sep 2.

11. ABET, Criteria for Accrediting Engineering Programs, 2021–2022, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2021-2022/, accessed 2022 Sep 2.

12. ABET, Criteria for Accrediting Engineering Programs, 2022–2023, https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2022-2023/, accessed 2022 Sep 2.

13. ABET, Setting the Standard Worldwide: ABET, 2022, https://www.abet.org/accreditation, accessed 2022 Feb 24.

14. Blair, J., Buck, S., Burley, D., Parrish, A. and Phillips, A., The Cyber Education Project: Defining Educational Standards for an Emerging Discipline, in Proceedings of the Workshop on Information Security and Privacy (WISP), 2015.

15. Blair, J., Ekstrom, J., Lingafelt, S., Parrish, A., Sobiesk, E. and Stockman, M., Developing ABET Criteria for Undergraduate Cybersecurity Programs, in SIGCSE '19: Proceedings of the 2016 IEEE Frontiers in Education Conference (FIE 2016), Special Session, Erie, Pennsylvania, 2016.

16. The CSEC2017 Joint Task Force: [Association for Computing Machinery (ACM), IEEE Computer Society (IEEE-CS), Association for Information Sys. SIG on Security (AIS), and International Fed. for Info. Proc. Technical Comm. on Info. Sec. Ed. (IFIP WG 11.8)], Cybersecurity Curricula 2017, Version 0.95 Report, 13 November 2017, www.csec2017.org, accessed 2022 Sep 2.

17. Gibson, D., Anand, V., Dehlinger, J., Dierbach, C., Emmersen, T. and Phillips, A., Accredited Undergraduate Cybersecurity Degrees: Four Approaches, Computer, 52, 3 (2019): 38–47.

18. Greenlaw, R. and Mufeti, T. K., Reducing Cyber Crime in Africa through Education, Submitted, p. 10, 1 August 2022.

19. Greenlaw, R. and Mufeti, T. K., Through Curriculum Development, Building a Cadre of Cybersecurity Workers in Africa to Fight Cybercrime and Stimulate Economic Development, Submitted, p. 17, 3 September 2022.

20. Greenlaw, R., Phillips, A. and Parrish, A., Is It Time for ABET Cybersecurity Criteria? ACM Inroads, 5, 3 (2014): 44–48.

21. JFT (Joint Task Force on Cybersecurity Education), Cybersecurity Curricular Guidelines | CSEC 2017, cybered.acm.org/, accessed 2022 Sep 2.

22. National Institute for Cybersecurity Education Factsheet on Workforce Demand, 2021. nist.gov/system/files/documents/2021/12/03/NICE%20FactSheet_Workforce%20Demand_Final_20211202.pdf, accessed 2022 Jul 4.

23. National Security Agency, National Centers for Academic Excellence in Cybersecurity, https://www.nsa.gov/Academics/Centers-of-Academic-Excellence/, accessed 2022 Aug 15.

24. NCC Webcast, Cyber2yr2020: ACM Curriculum Guidance for Associate Degree Programs in Cybersecurity, youtube.com/watch?v=u8G34Oc7PTQ accessed 2022 Mar 24.

25. NIST, National Initiative for Cybersecurity Education (NICE), https://www.nist.gov/itl/applied-cybersecurity/nice. accessed 2022 Aug 20.

26. Parrish, A., Impagliazzo, J., Rajendra, R. K., Santos, H., Asghar, M. R., Jøsang, A., Pereira, T. and Stavrou, E., Global perspectives on cybersecurity education for 2030: a case for a meta-discipline, in ITiCSE 2018 Companion: Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education, Larnaca, Cyprus, 2018.

27. Raj, R. K., Anand, V., Gibson, D., Kaza, S. and Phillips, A., Cybersecurity Program Accreditation: Benefits and Challenges, in SIGCSE '19: Proceedings of the 50th ACM Technical Symposium on Computer Science Education, Minneapolis, Minnesota, 2019.

28. Raj, R. K. and Parrish, A., Toward Standards in Undergraduate Cybersecurity Education, Computer, 51, 2 (2018): 72–75.

29. Raj, R. K., Tang, C., Gibson, D., Jones, L. and O'Brien, C., The Need for ABET Accreditation of Associate's Cybersecurity Programs, in ASEE Annual Conference, 2021.

30. Sobel, A., Parrish, A. and Raj, R. K., Curricular Foundations for Cybersecurity, Computer, 52, 1 (2019), 14–17.

31. Sobiesk, E., Blair, J., Conti, G., Lanham, M. and Taylor, H., Cyber Education: A Multi-Level, Multi-Discipline Approach, in SIGITE '15: 16th Annual Conference on Information Technology, Chicago, Illinois, 2015.

32. Wise, J., CYBERCRIME STATISTICS 2022 (U.S. & WORLDWIDE), https://earth.web.com/cybercrime-statistics/, accessed 2022 Sep 8.

Authors

Raymond Greenlaw
Department of Mathematics, Statistics, and Computer Science
University of Namibia
Private Bag 13301, 340 Mandume Ndemufayo Ave
Pionierspark, Windhoek 10005 NAMIBIA
[email protected]

Rajendra K. Raj
Department of Computer Science
Rochester Institute of Technology
One Lomb Memorial Drive, Rochester, New York 14623 USA
[email protected]

Figures

Figure 1. Timeline of the progression of the development of the Program Criteria for Cybersecurity, CybersecurityA, and CybersecurityE.