Information Technology: Information Technology Security Specialist Concentration
School of Business & Computer Technologies
Breuder Advanced Technology & Health Sciences Center, Rm. E257 · (570) 327-4517
Frequently Asked Questions (FAQs)
- What does Pennsylvania College of Technology's BSS degree prepare me to do?
- What are some of the jobs available to me with this degree?
- What are typical pay ranges for security professionals?
- What are CNSS and NSTISSI?
- How is the NSA Curriculum organized?
- Why is following the NSA standards important?
- What if I don't plan to work for the government?
- How will my employer know I have these skills? Is there documentation somewhere?
- Which NSA standards will Penn College offer?
- Where can I go to get additional information?
Q: What does Pennsylvania College of Technology's BSS degree prepare me to do?
A: The BSS degree was built around several educational standards designed by the CNSS and NSTISSI for training government employees in Information Assurance and Security (IAS). The standards currently implemented by the BSS degree prepare you primarily as an information risk analyst but also include some background in IAS training, secure system design and secure system auditing.
Q: : What are some of the jobs available to me with this degree?
A: In large organizations, many security jobs require experience in addition to a degree. Usually you will start in an Information Technology position and work your way up to the security jobs. Some of the positions available to you as a security professional are Information Risk Analyst, Security Engineer, Security Analyst, Risk manager, Compliance Analyst, Business Continuity Analyst, Systems Security Auditor, and Information Assurance Analyst. There are also more technical positions in information security including Network Analyst, Network Technician, Software Developer, Programmer, Systems Security Analyst, and Systems Administrator.
Q: What are typical pay ranges for security professionals?
A: For entry level positions, pay is comparable to other IT positions which range from $35K to $60K depending on the organization and location. Senior level positions are advertised in the range of $85K to $120K again based on the organization and location.
A: CNSS is the Committee on National Security Systems. NSTISSC is the National Security Telecommunications and Information Systems Security Committee. NSTISSI describes the Curricular content created by NSTISSC for IAS training. CNSS and NSTISSC have created curriculum standards for IAS training. These standards are currently administered by Information Assurance Directorate (IAD) of the National Security Agency (NSA). In this document, we refer to these curriculum standards collectively as the NSA curriculum.
Q: How is the NSA Curriculum organized?
A: The content is organized into several modules. One module, NSTISSI-4011, represents the core curriculum. Other standards define areas of specialization in IAS. Penn College has currently implemented 4011 and 4016. The 4016 standard defines a specialization in Information Risk Analysis. You can find definitions for all the standards at http://www.nsa.gov/ia/academia/cnsstesstandards.cfm.
Q: Why is following the NSA standards important?
A: The NSA curriculum standards were created by CNSS and NSTISSC to define the expectations for IAS education for government employees and employees of para-government organizations like contractors. These curricula are developed in parallel to the information security standards that must be met by government departments and contractors wishing to work for the government. In short, if you are going to work for the government in any capacity and have access to government information systems, you will likely be required to complete at least part of this training. By aligning our degree with these standards, our graduates already have exposure to much of the training that is expected.
Q: What if I don’t plan to work for the government?
A: Keep in mind that even if you are working for an organization in the private sector, if your organization has any government contracts, they will have to comply with the government information security standards or risk losing that contract. If you are working with any of these systems, you will have to comply with these standards as well. Additionally, some organizations are adopting the published security standards rather than develop their own methods from scratch. In either case, our curriculum content gives you an extra advantage when organizations want people with these skills.
Q: How will my employer know I have these skills? Is there documentation somewhere?
A: The NSA, through the IAD, sponsors a program where curricular content developed by a school can be reviewed and certified by the NSA as being compliant with the published standards. The program is called the Information Assurance Courseware Evaluation (IACE) Program and can be referenced at http://www.nsa.gov/ia/academia/iace.cfm?MenuID=10.1.1.1. The BSS curriculum was developed with this in mind and we have already begun the application process to have our program reviewed. If our program is certified, we will be able to issue certificates indicating which NSA standards you have completed.
Q: Which NSA standards will Penn College offer?
A: Currently we have only deployed 4011 – the core, and 4016 – the Risk Analyst specialization. We hope to be able to offer additional specializations in the future.
Q: Where can I go to get additional information?
A: