University Of Calgary To Offer Virus Writing Course

[pagvac]

Wow! Things are changing so fast. I'm almost done with my Computer Engineering major. I'm thinking about doing a master's degree on Computer Security. I must say I've found a very small number of universities that offer that type of degree.

Now, thank god, things are changing and classes so important such us virrii wri are being introduced in bachelors degree. Really, nowing your enemy is the only way to defend yourself from it!

sorry, i meant now not only masters degrees but also bachelors degrees on computer security

[Agent_Steal]

I was just wondering Ms.M what exactly are the requirements that you have to meet before they accept the Bachelors Degree that you and your colleagues are working on ??? just curious ...

[Galdron]

Greetings...... I know I am a lurker.


Ms Mittens Cmon give us the info!!!!!


Good thread for a change. Heheh AO is still a good place.

[MrLinus]

The process is simple but is filled with politics and committees and such:

1. Get the School to agree to do a submission. This is one of many degrees that the school wants to do but only a few will be selected.

2. Put together the proposal (info is found here: http://peqab.edu.gov.on.ca/appro.html ). The document on HOW TO SUBMIT (font type, page layout, what goes into what section, how it's to be presented, etc.) is 56 pages long. 12 copies in total including 2 electronic ones.

3. Wait for the committee to approve it.

4. Run it. Now, if you think that I'm going to run a degree program and right away launch it into online without seeing if the regular version works, that's silly. Besides, the online version would have some different requirements. Some things would work in the classroom, some won't. The reality is we only have so many professors who can work on developing these courses and not enough money to hire more. Since we are a publically funded school we are dependent on what the Ministry gives us. I doubt they will give us that much money given their recent financial woes.

5. Expand it.

Galdon, what info were you looking for? What the degree will have in it? I could give you my vision of it but that will unlikely be the exact same when the degree runs. As with anything, it's bound to change as time progresses. Certainly there are some things that will be covered (intro to security, firewalls, IDS, OS specific security, forensics, pen testing, network security design, law and ethics, etc.) but some things may be removed or only offered as optional. The degree is to be a hands-on, applied degree with a component in co-op (required), research participation (with whatever research is going on at the College and possibly this might be a grid project) and the student's own thesis.

[MrLinus]

As a side note, a competing college has announced their degree. My boss seems worried about this but as I pointed out to my boss:

a) the degree seems somewhat haphazard

b) has limited networking topics

c) seems more cryptographically related than security

Looking at this I wouldn't be interested. But maybe that's me..

[Tiger Shark]

Ms. M: It's not just you.......

I find it hard to come up with good reasons for a lot of the stuff they have in that curriculum and it's relationship to computer security in the "real world"..... CPU architecture.... Hmmmm... Knowing how the CPU is designed is going to help me.... How?

Then I really don't see what is the "meat" of much of the job, Intro through Advanced network protocols and finally something like "Current protocols and their inherent weaknesses".

As you note the heavy emphasis on math is aimed towards cryptography - but, depending upon your environment, that can be a very small part of the whole.

It's possible that they shyed away from a lot of content to avoid criticism that they are "teaching" hackers but to be honest I think this is a reflection of a lot of the IT courses out there today. The problem the institutions have with IT is a valid one though in that by the time they have gone through the process of creating a curriculum it is often already out of date so they seem to shy away from the "cutting" edge a little and, IMO, do the students and their future employess something of a disservice.

Before you shout at me...... That is a generalization formed by looking at the curriculum's studied by a few hundred applicant's as they lay down in resumes and cover letters - therefore it only really applies to American schools, [ducking and weaving......].

As something of an aside: It appears to me that a lot of the Computer "Science" courses taught over here are little more than programming and, having ploughed through all those resumes, I get the distinct impression that an awful lot of schools use their CS students to write low cost addons to their accounting, enrollment etc. apps that the prof looks over, tests the good ones and implements the best on their systems. I can assure you that from my experience many of these students know little about the "science" of computers and a lot about C++.....

[MrLinus]

Tiger, I won't shout at you. You bring up the very points that I want to address in the degree I'm creating. I'd rather the students have hands on experience and something more directly related to what they are doing than "fluff". I'd want students to understand and be able to manage a network; know what things to watch out for when being an admin; etc. Certainly some scripting/coding might be necessary but I don't think this is the be-all-end-all for those that administer DNS servers, Domain Controllers, LDAP servers, Kerberos servers, Exchange/sendmail, Apache, CISCO devices, etc. Better understanding of some of the protocols and how they interact would be needed.

Anyways, sorry for rambling but it just grinds me that an educational unit releases this and doesn't recognize the potential damage they are doing to the security industry.

[Tiger Shark]

Ms. M:

Tiger, I won't shout at you

I didn't know if I was being a tad too "controversial" with someone in the very trade I am criticizing......

and doesn't recognize the potential damage they are doing to the security industry.

As I said in my post, they've been doing it for years in the other IT fields.... Why change now....

Do you get any feedback from "those who must be obeyed" regarding the concept that "we can't be seen to be teaching hackers"? I would think that this would be quite high on their list of objections to some content that would be of the most use... Pen testing springs to mind..... <sigh>

[mark_boyle2002]

In scotland most of the universitys do these as standard.

Also you can do open university courses in the same e.g learning at home.

This may be something for you guys to consider.

http://www.open.ac.uk/

[bballad]

Originally posted here by Tiger Shark
Ms. M: Any chance that could be done online?

wow that is a bad idea, as it is Iam worried that one of these kids viri will get into the wild and that is when its in a nice contained network putting this online would be a nightmare.