Self-Study Design Final

SANS Technology Institute

STI

Self-Study Design Final

Submitted to:

Middle States Association of Colleges and Schools

Commission on Higher Education

February 16, 2012

Table of Contents

I. Introduction 3

Mission 3

Vision Statement 3

Compelling Public Purpose: Knowledge for Peace 3

History 4

Institutional Profile 6

II. Self-Study Design Rationale 7

III. Intended Outcomes of the Self-Study 9

IV. Forming the Steering Committee and Working Groups 9

VI. Research Questions 13

VII. Organization of the Self-Study Report 20

VIII. Timeline for Institutional Self-Study 21

IX. Profile of the Visiting Evaluation Team 22

X. Inventory of Supporting Documents 23

I. Introduction

Mission

The mission of the SANS Technology Institute is to develop the information security technology leaders needed to help strengthen the information community all over the world by improving the security of cyberspace. SANS Technology Institute seeks to prepare both the managers of information security groups and the technical leaders who direct security technology programs. SANS Technology Institute's primary functional emphasis is instruction, but the Institute faculty and students will engage in research and public service programs.

Vision Statement

STI aspires to be The Premier Skills-Based Cyber Security Graduate School. As a center for security leadership and technical excellence, we will attract excellent students, provide an innovative higher educational experience and prepare information security leaders. As a result, STI will improve the overall security of individuals, communities, organizations and governments worldwide.

Compelling Public Purpose: Knowledge for Peace

The mission statement is a critical component of an institution. The heart of the SANS Technology Institute mission is "to help strengthen the world by improving the security of cyberspace." Cyber violence in its multiple forms, at all levels of the internet, is a major problem. It is not uncommon for large internet server providers to average more than 1,000 cyber-attacks per day. Organized crime has been rapidly moving into phishing, the fastest growing crime segment. The Latin word scientia, the root of our word for science, means knowledge, which we feel is the only real defense to this growing threat. If we do not learn how to harden systems, manage change, design networks and ensure that software is developed securely, we remain vulnerable to internet predators. Hence, our motto Scientia pro Pace (Knowledge for Peace) reflects the goal of STI. We want to develop the exceptional technology students of today into the technology leaders of tomorrow, and to ensure that the number and capability of these leaders create a formidable defense against cyber-crime and other forms of cyber-attacks.

History

The parent company, Escal Institute of Advanced Technologies, a Delaware corporation, was originally established in 1989 to create multiple institutes in various areas of technology, but later its Board of Directors decided to focus on only one area of technology – cyber security. The SANS (Systems administration, Audit, Network, Security) Institute is a privately held company owned by Alan and Marsha Paller, envisioned to provide advanced-level, state-of-the-art training to the men and women who are responsible for cyber security in corporations, universities, and government agencies.

SANS began by providing short training classes in a few areas of information security. Over time, as the body of knowledge in information security grew and as the professionals in the field took on greater responsibilities, SANS courses kept pace, both in number and in depth. Today SANS offers more than 20 different courses. Newer courses have added information security management, legal, and policy dimensions to round out the cyber security professionals’ capabilities. SANS also added optional research and writing projects for those who wanted to demonstrate a deeper understanding of the material. On average, more than 18,000 information security professionals complete at least one course from SANS each year. More than 85,000 people have completed at least one full length course with SANS.

Late in 2003, several SANS students approached their faculty members and asked whether SANS could make it possible for them to use SANS courses, in part, to fulfill requirements for graduate degrees. They maintained that the SANS courses taught advanced level practice and theory, were rigorous, and far more up-to-date than the courses in their current graduate programs. In addition, their employers wanted more ‘higher educational’ opportunities for their employees. SANS approached the Maryland Higher Education Commission (MHEC) to pursue authorization as a graduate degree granting institution. On November 16, 2005, MHEC voted to authorize SANS to grant graduate degrees. SANS Technology Institute (STI) was born. Leveraging the SANS Institute content delivery model, STI is not a typical brick and mortar higher educational institution. Instead, courses are taught at "residential institutes", hotel venues worldwide as well as through various distance learning modalities.

The SANS Institute is the parent of STI and also GIAC (Global Information Assurance Certification), a certification enterprise. SANS fosters original research in information security and codifies the results into high quality educational material. STI makes use of the SANS educational materials and uses GIAC in part to assess mastery of the content material. GIAC certification exams are available for key areas of information security. GIAC "Gold" Certification includes not only a certification exam but also research paper. The following quote by Hal Berghel, PhD (University of Nevada, Las Vegas), MHEC consultant testifies to the quality of the educational materials:

Not only have SANS courses become a staple in security, they are mission-critical. And I use this phrase carefully and without exaggeration. SANS is the only educational environment that fully recognizes and appreciates the critical importance of currency and relevance. I should mention that as a computer scientist who specializes in Internet security, I attend SANS training several times a year to maintain currency. What is more, as Director of the School of Computer Science, I send three other PhD-level faculty to SANS courses as well. Like other universities, while our research and educational offerings are laudable, we simply cannot duplicate the infrastructure, expertise and technical staff to duplicate the SANS experience without incurring enormous additional expense. In a very real sense, SANS occupies a unique and indispensable role in digital security that even the leading computing programs in the world cannot duplicate.

Institutional Profile

STI offers two graduate degree programs. The Masters of Science in Information Security Engineering (MSISE)prepares graduates to be leaders in the design and build process of the information security enterprise. The Masters of Science in Information Security Management (MSISM) prepares graduates to be leaders in the management of the information security enterprise.

Student Profile

Program of Study / Current Students / Males / Females / Graduates / Degree Completion Time (average)
Information Security Engineering / 47 / 41 / 6 / 13 / 2.98 years
Information Security Management / 14 / 13 / 1 / 3 / 2.81 years
Dual / 1 / 1
Total / 62 / 49 / 12 / 16 / 2.90 years

Faculty Profile

STI Title / Higher Ed Equivalency / Males / Females / Total
SANS Faculty Fellow / Professor / 8 / 0 / 8
Senior Instructor / Associate Professor / 13 / 1 / 14
Certified Instructor / Assistant Professor / 17 / 1 / 18
Non-certified Instructor / Lecturer / 15 / 0 / 15
Total / 53 / 2 / 55

Tuition

MSISE / Credits / Tuition
$1200 per credit 11/02/2011 / 35 / $ 42,000.00
Capstone experience / 0 / $ 1,598.00
TOTAL TUITION / $ 43,598.00
MSISM / Credits / Tuition
$1200 per credit 11/02/2011 / 37 / 44,400.00
TOTAL TUITION / 44,400.00

II. Self-Study Design Rationale

STI is a unique institution of higher education. Integral to STI’s self-study design is the link between the role of planning and assessment in achieving the institute’s mission and the institute’s scholar practitioner model for teaching and learning. The academic leaders and faculty of the institute are at once both scholars and practitioners; simultaneously engaged in the continuous research, assessment, evaluation, and response to threats and practices in the global information security community of practice. As such, the institute has adopted a scholar practitioner philosophy in the design, development, and ongoing implementation of curriculum that translates the dynamic nature of global information security practice into dynamic learning experiences designed to develop and sustain the highest quality leaders in the field.

The scholar practitioner philosophy recognizes the inexorable linkage between theory, and the rapidly changing realities of practice in the global information security community. STI operationally monitors the change through the SANS Internet Storm Center (ISC; a consensus community for cyber threats world-wide). The scholar practitioner philosophy recognizes the need for dynamic continuously updated security curriculum as well as more reflective curriculum building the development of knowledge and skills to lead, manage, design, plan, implement and sustain organizations with respect to information security. This is deeply reflected in the history of assessment driven curriculum revisions of the two masters’ degrees: Information Security Management and Information Security Engineering.

Because this is the first self-study undertaken by SANS Technology Institute, a comprehensive self-study design model as described in Self Study: Creating a Useful Process and Report; Second Edition will be utilized. This will allow STI to address our unique role in higher education and emphasize the importance of the scholar practitioner model for teaching and learning within the institute. STI’s self-study will use working groups whose reports will morph into chapters in the final self-study report. Because STI is small, working groups will also be small and several group members will overlap with each other.

Working Groups / Standards
1: Mission, Goals and Integrity / Standard 1, Mission and Goals
Standard 6, Integrity
2: Planning, Resources, and Institutional Renewal / Standard 2, Planning, Resource Allocation and Institutional Renewal
Standard 3, Institutional Resources
3: Leadership, Governance, and Administration / Standard 4, Leadership and Governance
Standard 5, Administration
4: Student Admissions and Support Services / Standard 8, Student Admissions and Retention
Standard 9, Student Support Services
5: Faculty / Standard 10, Faculty
6: Educational Offerings, General Education, and Related Educational Activities / Standard 11, Educational Offerings
Standard 12, General Education
Standard 13, Related Education Activities
7: Institutional Assessment and Student Learning Assessment / Standard 7, Institutional Assessment
Standard 14, Assessment of Student Learning

III. Intended Outcomes of the Self-Study

This self-study provides the institute an opportunity to assess and analyze the progress STI has made over the years and to utilize the results of the self-study to strengthen the institute for the future. Creating a self-study allows STI to deeply engage with the STI community, the SANS Institute community and the GIAC community to strengthen collaboration amongst all related entities and document the importance of the dynamic relationship between all three. Most importantly, this self-study will document the alignment with the STI’s programs and services to the stated mission and goals.

In the context of the fourteen standards, the goals of this self-study are:

(1)  To ensure STI is aligned with collegiate expectations at the master’s degree level.

(2)  To ensure STI’s scholar practitioner model for teaching and learning is preparing leaders in information security to design/ build and manage the information security enterprise.

(3)  To ensure STI is aligned with best practices in information security.

(4)  To ensure STI has the necessary resources to grow at a sustainable level in order to meet our stated mission and goals.

IV. Forming the Steering Committee and Working Groups

In June 2011, STI established a seven person Steering Committee consisting of faculty, administration, and alumni. The Steering Committee is charged with (1) creating and implementing the self-study institutional design (2) nominating members to participate in working groups, (3) assisting in formulating effective, self-study research questions for each of the working groups, (4) ensuring open communication between the working group and steering committee, (5) writing and editing the majority of the self-study final document and (6) planning and organizing site visits.

Steering Committee Co-Chairs
Bonnie Diehl / Provost, Chief Academic Officer (CAO)
Matthew Scott / Assistant Provost of Learning Outcomes
Members
Toby Gouker / Chancellor/Chief Operating Officer (COO)
Jim Voorhees / MSISM Program Director
Eric Cole / MSISE Program Director
David Hoelzer / Faculty member
Rick Smith / Alumnus
Membership of Working Groups
Working Group 1: Mission, Goals and Integrity Standard 1, Mission and Goals; Standard 6, Integrity
*Stephen Northcutt / President
Bonnie Diehl / Provost/CAO
Toby Gouker / Chancellor/COO
Mason Brown / SANS Director
Dave Shackleford / Board member
Alan Paller / Board Chair
Working Group 2: Planning, Resources, and Institutional Renewal Standard 2, Planning, Resource Allocation and Institutional Renewal; Standard 3, Institutional Resources
*Toby Gouker / Chancellor/COO
Stephen Northcutt / President
Bonnie Diehl / Provost/CAA
Peggy Logue / CFO
Mason Brown / SANS Director
Working Group 3: Leadership, Governance, and Administration Standard 4, Leadership and Governance; Standard 5, Administration
*Bonnie Diehl / Provost/CAO
Stephen Northcutt / President
Toby Gouker / Chancellor/COO
Mason Brown / SANS Director
Working Group 4: Student Admissions and Support Services Standard 8, Student Admissions and Retention; Standard 9, Student Support Services
*Debbie Svoboda / Dean of Admissions and Student Services
Toby Gouker / Chancellor/COO
Matthew Scott / Assistant Provost of Learning Outcomes
Kiel Wadner / Student
Rick Smith / Alumni
Working Group 5: Faculty Standard 10, Faculty
*Johannes Ullrich / Dean of Research
Deb Jorgensen / Director of Instructor Development
Deanna Boyden / Community SANS Program
Heather Kohls / SANS Mentor Program
Toby Gouker / Chancellor/COO
Bonnie Diehl / Provost/CAO
Working Group 6: Educational Offerings, General Education, and Related Educational Activities Standard 11, Educational Offerings; Standard 12, General Education;
Standard 13, Related Education Activities
*David Hoelzer / Faculty member
Matthew Scott / Assistant Provost of Learning Outcomes
Eric Bassel / Director
Stephen Northcutt / President
Johannes Ullrich / Dean of Research
Eric Cole / MSISE Program Director
Jeff Frisk / Faculty member
Ed Skoudis / Faculty member
Dennis Kirby / Curriculum Committee member
Seth Misenar / Student
Jim Voorhees / MSISM Program Director
Working Group 7: Institutional Assessment and Student Learning Assessment Standard 7, Institutional Assessment; Standard 14, Assessment of Student Learning
*Matthew Scott / Assistant Provost of Learning Outcomes
Bonnie Diehl / Provost/CAO
Stephen Northcutt / President
Johannes Ullrich / Dean of Research
Eric Cole / MSISE Program Director
Jeff Frisk / Faculty member
Ed Skoudis / Faculty member
Dennis Kirby / Director, SANS
David Hoelzer / Faculty member
Jim Voorhees / MSISM Program Director

*Chair of working group