Embed Size (px)
Citation preview
1
Proposal for the Establishment of a Center Proposed name of Center: CENTER FOR INFORMATION ASSURANCE (CIA) Name and title of individual submitting this proposal: S. SRINIVASAN PROFESSOR COMPUTER INFORMATION SYSTEMS COLLEGE OF BUSINESS Anticipated Date of Initiation of this Center: APRIL 1, 2007 Existing Center or Institute the proposed Center is intended to replace: NONE Please respond to the following set of instructions, following the numbering scheme indicated. The entire proposal should not exceed six pages (excluding appended materials).
1. Describe the purpose of the proposed Center or Institute. Indicate why a separate organizational structure is needed to fulfill this purpose. Include reference to the relationship of the Center or Institute to the mission of the university, the Strategy for Excellence, and to the mission of each college, school, unit, department or program of which the Center or Institute will be a part. Include references to specific unit ‘scorecard’ indicators to which the Center or Institute will contribute.
The proposed Center for Information Assurance in the College of Business will bring together faculty and students from all disciplines in the college to focus on Information Security. The Computer Information Systems (CIS) department in the College of Business has an approved concentration in Information Security since Fall 2004. This concentration has attracted students from the School of Accountancy as well. Additionally, students from other College of Business disciplines are showing interest in taking the InfoSec courses. Moreover, faculty from Computer Information Systems, Accounting, Finance, and Economics departments work on various aspects of information security related topics such as security audit, internal control, health care, and privacy, in addition to developing new methods to detect network intrusion and design of secure networks. University of Louisville’s mission is to be a “premier metropolitan research university.” To further this goal, the university has to contribute to the well being of the community. In this case, we are able to fulfill this mission of the university to not only contribute to our local community by helping educate our students but also to help the nation in protecting the critical infrastructure. This fits well with the College of Business’ mission “To enhance the intellectual and economic vitality of Louisville, Kentucky, the region, and the broader business community through our academic programs, research, and community outreach activities.” For example, the
2
CIS program developed a Memorandum of Agreement with the Jefferson Community College (JCC) for enabling JCC students to “block transfer” credits to the InfoSec program in the College of Business. This initiative is being supported by a one-year Council on Postsecondary Education (CPE) grant for $180,000. We already have a mechanism in place that enables high school students to take dual credit courses with JCC and then complete their Associate Degree from JCC before block transferring the credits to the InfoSec program in CIS. This program, which is in effect for two years initially, will be expanded later to include all the colleges in the Kentucky Community and Technical College System (KCTCS). Moreover, the InfoSec program has signed a Memorandum of Agreement with Kentucky State University for reciprocity of credits between the two institutions to further augment our InfoSec course offerings. We have an ongoing collaboration with the Kentucky State University (a Historically Black College/University) that enabled us to seek a collaborative grant from the National Science Foundation (NSF) to enhance our information security infrastructure and faculty development. We were successful in receiving a two-year $300,000 grant from NSF for this purpose. The Director of Information Technology Resource Center (iTRC) has been providing internships for CIS students. The mission of iTRC is changing to focus more on meeting many of the challenges that the Department of Homeland Security wants addressed. U of L has received National Security Agency accreditation as a National Centers of Academic Excellence (CAE) in Information Assurance Education. One of the requirements of NSA for CAE designation is to have a dedicated center focused on information security. Since the College of Business has an official concentration in InfoSec in the CIS undergraduate program and the two Memoranda of Agreement with JCC and Kentucky State University, we are interested in creating the new Center for Information Assurance in the College of Business at this time. Once we further strengthen the InfoSec program within the university we plan to expand the Center to include the other units on campus. We envision that taking place over a two to three year period. We expect the Center to contribute to the following unit score card indicators:
1. Number of undergraduate students involved in research or creative activity in collaboration with faculty (One InfoSec undergraduate student collaborated with faculty last year and one other student is collaborating this year with a faculty member)
2. Total student scholarship awards (Specialized scholarships for InfoSec students are
available from NSF, the Department of Defense, and Department of Homeland Security. We are planning to apply for such scholarships)
3. Number of students receiving national awards and/or national recognition (As part of
InfoSec program we expect our students participated in Educause national video competition and national Information Security competition. We took a team for a regional competition this year in preparation for a national competition in the future.)
3
4. Nationally recognized programs (U of L received the National Security Agency designation as a National Center of Academic Excellence in Information Assurance Education in April 2006.)
5. Total number of grants and contracts awarded (Currently the InfoSec program has one
grant –from NSF. We plan to seek further NSF and Department of Defense grants as well as other state grants through the Center.)
6. Total grants and contracts – dollar amount by collaborating investigators (excluding
financial aid) (Currently the InfoSec program has one grant – from NSF for $300,000.) 7. Total number of research grants and contracts proposals submitted (Currently members
of the proposed Center for Information Assurance have submitted research grant proposals to NSF and we plan to expand this significantly in the next two years through the Center.)
8. Total number of research grants and contracts awarded (Members of the proposed Center
will be submitting research grant proposals to federal, state agencies as well as corporations through the Center.)
9. Total research grants and contracts – dollar amount received (Members of the proposed
Center will be submitting research grant proposals to federal and state agencies as well as corporations through the Center.)
10. Total federal research grants and contracts – dollar mount received (Members of the
proposed Center will be submitting research grant proposals to federal agencies through the Center.)
11. Total publications in refereed journals (Members of the proposed Center have already
published InfoSec related papers in refereed journals and will continue to publish in such journals.)
12. Number of exhibits, artistic performances, presentations, etc. (Members of the proposed
Center have already made four presentations in 2005 on InfoSec topics and will continue to make such presentations. Also, under the direction of one of the members of the Center two videos were produced by three students for submission to a national contest. Another student participated in presenting the collaborative research during the Undergraduate Research Symposium at U of L. Under the guidance of one member of the Center one student prepared a paper and presented it at a regional InfoSec conference in Georgia. Members of the Center will continue to be involved in such activities.)
13. Number of interdisciplinary grant applications (Members of the proposed Center belong
to multiple disciplines within the College of Business. One of the main goals of the Center is to pursue grants from external funding agencies showing the interdisciplinary collaboration of the members.)
4
14. Number of interdisciplinary research projects (Members of the proposed Center belong to multiple disciplines within the College of Business. One of the main goals of the Center is to pursue interdisciplinary research projects. Already, members from CIS and Accountancy have collaborated and published papers and additional such work is in progress currently.)
15. Total publications in refereed journals across disciplines (Members of the proposed
Center belong to multiple disciplines within the College of Business. One of the main goals of the Center is to pursue interdisciplinary research projects. Already, members from CIS and Accountancy have collaborated and published papers and additional such work is in progress currently.)
2. Indicate who will direct the proposed Center or Institute and what other members of the administration and faculty will be involved in it. Indicate also the level of each individual's involvement on an annual FTE basis for the first three years of the Center's or Institute's operation. Attach a brief curriculum vitae for the person who will direct the Center or Institute and for the key faculty members who will be involved in it. Indicate how any current members of the faculty or administration who will be involved in the Center or Institute will be replaced in their present activities. Provide a statement from each key faculty member (5% time commitment or greater) indicating that his or her approved workplan includes time spent on Center or Institute activity.
The Center for Information Assurance (CIA) will be directed by S. Srinivasan, Professor of CIS. He will devote 5% of the time to organize seminars as well as teach and perform research in InfoSec, and pursue grant opportunities in InfoSec with other members of the Center. He will also be working to develop new InfoSec courses as well as manage the two InfoSec Labs in the College of Business. Other members of the Center are:
# Faculty Name Rank and Department Year 1 FTE
Year 2 FTE
Year 3 FTE
1 Alan Attaway Associate Professor of Accountancy and Associate Director
2% 2% 2%
2 Robert Barker Associate Professor of CIS 1% 1% 1% 3 Jay Brandi Professor of Finance 1% 1% 1% 4 Satish Chandra Associate Professor of CIS 1% 1% 1% 5 Stephen Gohmann Professor of Economics 1% 1% 1% 6 Jian Guan Associate Professor of CIS 1% 1% 1% 7 Alan Levitan Professor of Accountancy 1% 1% 1% 8 Wyatt McDowell Associate Professor of Commercial Law 1% 1% 1% 9 Andrew Wright Assistant Professor of CIS 1% 1% 1% 10 Jozef Zurada Professor of CIS 1% 1% 1%
5
The FTE percentages were calculated based on the anticipated teaching and research in InfoSec area. Faculty members with a 1% work allocation will teach at least one InfoSec related course or perform collaborative research in this area. Faculty member with a 2% work allocation is currently teaching at least one InfoSec related course and performing collaborative research in this area.
3. Indicate on an annual FTE basis the needs of the Center or Institute for P&A staff, classified staff, and other personnel in its first three years. Indicate how any current members of the university staff who will be involved in the Center or Institute will be replaced in their present activities.
The Center does not anticipate the need for any dedicated P & A staff. All activities that are currently being coordinated by S. Srinivasan will continue to be coordinated by him. These include organizing and conducting the three InfoSec Seminars in Spring and Fall semesters, development and teaching of new InfoSec courses, perform collaborative research with other colleagues, and manage the two InfoSec Labs in the College of Business.
4. Indicate the space requirements for the Center or Institute in its first three years, and how that space will be provided.
The Center does not anticipate any need for office space in the first year. During the first year any student helper used will be able to perform the work from one of the InfoSec Labs which have adequate desk space with computer. In the second and third years, the Center hopes to find dedicated student help in Fall and Spring semesters and at that time it will assign desk space in the InfoSec Lab. This student assistant will help all members of the Center in helping acquire the necessary material for teaching and research and provide some web support in managing the InfoSec web site (http://www.louisville.edu/infosec) that is currently being managed by S. Srinivasan.
5. Indicate initial equipment and other infrastructure resources (including technology) that the Center or Institute will need, and explain how these will be provided. (see Form 1, Part II.5)
The proposed Center for Information Assurance has all the necessary hardware and software in the two InfoSec Labs. Moreover, additional funds from the NSF’s Capacity Building grant is available to acquire any additional research and teaching materials. Furthermore, the College of Business has created a Research Incentive Grant fund in the amount of $75,000 per year that the Center members could apply for additional research funding.
6
6. Indicate the amount and source of funds that will be needed to operate the Center in its first three years. Include itemized amounts for personnel, equipment, technological support, and operating expenses.
The Council on Postsecondary Education has approved the transfer of $10,000 from an existing grant directed by S. Srinivasan to create the Center for Information Assurance. The National Science Foundation has approved the transfer of $5,000 from an existing grant directed by S. Srinivasan to create the Center for Information Assurance. The existing Capacity Building grant from NSF supports payment of expenses related to the speakers for the InfoSec Seminar Series. The Center plans to apply for additional grants from state and national agencies to support the Center’s work. Student assistant for years 2 through 5 $8,000 Printing and mailing of brochures, posters $1,000 Travel by road within a 100 mile radius of Louisville $1,000 The Center will not require any technology support as it has adequate technology resources currently. Since the Labs were designed only in 2004 and 2005, the upgrades will not be needed in less than three years. The Center plans to organize seminars and short courses on current security and management related topics which will fetch revenue from member participation. The anticipated revenue from these seminar activities and short courses will fund the anticipated expenses of the Center.
7. Provide a written statement from the Dean, University Libraries (or designee) concerning the adequacy of current resources. The statement should include a comparison of local holdings to standards/recommendations of national accrediting agencies, the holdings of benchmark institutions, and/or other recognized measures of adequacy. If additional resources are needed to support the program, the statement should include an estimate of costs and the sources of additional funding. The statement should be requested at least one month prior to submitting the final proposal to the Office of the University Provost.
The Dean of University Libraries has mentioned her support of the InfoSec program activities at U of L in her letter dated November 29, 2005. In that letter she has specifically identified the existing InfoSec resources that the U of L libraries have and what has been planned for the future in this area.
8. Indicate the anticipated amount and source of revenue for the Center or Institute in its first three years on Form 2. Include a narrative that explains in detail all sources of revenue.
The Center has an initial funding of $10,000 from the Council on Postsecondary Education and an additional $5,000 from the National Science Foundation. Additional revenue is expected from fees for seminars and workshops. Any unspent portion of the revenue would carryover from year to year. Many of the Center’s proposed activities are currently supported by the NSF
7
grant. The Center members are planning to seek additional funding from state and national funding sources.
9. Indicate how the work of the Center or Institute will be evaluated. Please describe the Center or Institute’s evaluation plan according to the following criteria:
a. the specific objectives or anticipated outcomes for the work of the Center or
Institute;
i. Conduct inter-disciplinary and discipline based research related to information security technology, implementation and policy aspects
ii. Create new courses or modules in existing courses related to information security
iii. Develop a seminar series on current security related topics aimed at corporate executives
iv. Develop short courses (one-day, two-day duration) on special topics such as Sarbanes-Oxley Act Compliance, Information Security Policies, and Security Audit.
b. the specific measures, assessment tools, and/or performance indicators that will be
used to assess the fulfillment of the Center or Institute’s objectives;
Item (i) above is quantifiable from publications and conference presentations. Item (ii) above is quantifiable from new courses or course modules developed and taught. Items (iii) and (iv) above are quantifiable from the number of seminars and short courses offered.
c. the schedule for collection, analysis, and reporting of evaluation data described in
b. above;
Data collection, analysis, and reporting of evaluation data described in (b) above will be done annually.
d. the person, committee, or entity that will receive the evaluation data or reports
and is responsible for developing and implementing changes and improvements.
Person receiving the evaluation data and annual report is the Dean, College of Business.
Signature of Submitter: Name: S. Srinivasan Date: February 2, 2006
1
Form 1 Departmental Expenditure for Centers and Institutes (Academic Year)
(Columns 4-5 continuation only)
Year 1 Year 2 Year 3 Year 4 Year 5 I. Personnel 1. Full-time ranked faculty (FTEF) a. Number of FTEF ___0.16 _ ___0.16 _ ___0.16 _ ___0.16 _ __0.16 _ b. Average salary $120,000 $123,600 $127,308 $131,127 $135,061 c. Fringes per avg. salary $25,800 $26,574 $27,371 $28,192 $29,038 d. Cost of FTEF: a x (b+c) $23,328 $24,028 $24,749 $25,491 $26,256 2. Part-time faculty (PTF) a. Course credit hours taught by PTF __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ b. Average PTF salary per credit hour __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ c. Average PTF fringes per credit hour __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ d. Cost of PTF: a x (b+c) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 3. Other (specify) Categories % (e.g., secy.) full-time rate __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ Cost of Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ Total Personnel Costs: $23,328 $24,028 $24,749 $25,491 $26,256 II: Operating Costs: 1. Supplies $1,000 $1,000 $1,000 $1,000 $1,000 2. Travel $1,000 $1,000 $1,000 $1,000 $1,000 3. Library Budget (in addition to current expenditures) a. Books __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ b. Journals __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ c. Electronic Resources __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ d. Other (please specify) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 4. Student support (assistantships, fellowships, tuition waiver) __ 0 __ $8,000 $8,000 $8,000 $8,000 5. Equipment a. Instructional __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ b. Research __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ c. Computer equipment and software __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ d. Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ Total Operating Costs: $2,000 $10,000 $10,000 $10,000 $10,000
2
FORM 1 (continued) III. Capital Costs 1. Facilities a. New Construction __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ b. Renovation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ c. Furnishings __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 2. Other (please specify) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ Total Capital Costs: __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ Total Expenditures: $25,328 $34,028 $34,749 $35,491 $36,256
Form 1A A rational should be provided for all costs recorded on FORM 1. If an explanation of an expenditure is contained elsewhere in the proposal, it is necessary only to record on this form the section in which it appears. Personnel Costs: The new Center will be managed by a Director. The amount listed here in Form 1 reflects the anticipated salary of a Director for other university duties such as teaching and research. Five percent of the Director’s time and two percent of the Associate Director’s time will be devoted to managing the Center. The fringe benefits are calculated at 21.5% of the salary. The amount indicated for years one through five is based on these assumptions. For years two through five a 3% increase from the prior year amount is used. Operating Costs: The Center is planning to develop a brochure and poster to promote the activities of the Center. The cost reflects the cost of printing and mailing the brochures and posters. A modest amount is planned for travel in connection with the activities of the Center. The travel is expected to be by road to places in Louisville and the surrounding cities. We hope to employ a student assistant in years 2 through 5 and pay the student a flat stipend, subject to obtaining grants from external agencies such as the National Science Foundation.
3
FORM 2
AMOUNT AND SOURCES OF REVENUE*
1. Regular state appropriation and tuition and fees __0__ __0__ __0__ __0__ __0__ a. New money __0__ __0__ __0__ __0__ __0__ b. Internal reallocation $23,328 $24,028 $24,749 $25,491 $26,256 2. Institutional allocation from restricted endowment __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 3. Institutional allocation from unrestricted endowment __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 4. Gifts __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 5. Extraordinary state appropriation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 6. Grants or contracts a. Private sector __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ b. Local government __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ c. State _$10,000_ __ 0 __ __ 0 __ __ 0 __ __ 0 __ d. Federal _$5,000 _ _$8,000_ _$8,000_ _$8,000_ _$8,000_ e. Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 7. Capitation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 8. Capital __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __ 9. Other (please specify) _$2,000 _ _$2,000_ $3,000 $3,000 $3,000 Seminars and workshops Total Revenues $40,328 $34,028 $35,749 $36,491 $37,256 * A narrative must be included that explains in detail all sources of revenue. Faculty members currently teaching courses would continue to teach these courses and that is the basis for the allocation under “Regular State appropriation and tuition and fees.” Under “Federal grant” we have allocated $8,000 for each of the years 2 through 5. We expect to obtain grant money from NSF, DoD, or other federal agencies to support one undergraduate student in years 2 through 5. If for some reason the projection falls short, then the student will not be hired and the workload distributed among the Center’s faculty members. The Council on Postsecondary Education has approved the transfer of $10,000 from an existing grant under the direction of S. Srinivasan for the new Center for Information Assurance. The National Science Foundation has approved the transfer of $5,000 from an existing grant under the direction of S. Srinivasan for the new Center for Information Assurance. Any unspent portion of the revenue would carryover from year to year.
4
The Center plans to offer seminars and workshops aimed at corporate executives and security professionals. A fee structure will be developed for these events. We hope to generate $2,000 from these activities during the first two years and enhance it to $3,000 for the next three years.
