Communications of the Association for Information Systems


Due to several recent highly publicized information breaches, information security has gained a higher profile. Hence, it is reasonable to expect that information security would receive an equally significant emphasis in the education of future systems professionals. A variety of security standards that various entities (e.g., NIST, COSO, ISACA-COBIT, ISO) have put forth emphasize the importance of information security from the very beginning of the system development lifecycle (SDLC) to avoid significant redesign in later phases. To determine the emphasis on security in typical systems analysis and design (SA&D) courses, we examine (1) to what extent security is emphasized in the core SA&D courses and (2) at what phase in the SDLC do most SA&D courses begin to emphasize security. In order to address these questions, we reviewed SA&D textbooks currently on the market to identify how extensively they cover security-related issues. Given the fairly high awareness of information security in practice, we expected to see an equally high emphasis on such matters in the textbooks. However, our review suggests that this is not the case, which suggests a gap in our preparation. To address this gap, we offer a proposal for modifying a portion of the SA&D curricula.