Program Purpose

---

Within the context of the aims of a BYU education our mission is to educate professional leaders with an in-depth understanding of all aspects of computer systems and their relationship to the world. These leaders will combine their technical understanding with their broad-based general education to visualize systems, communicate effectively, think analytically and implement solutions.

As reflected in this mission statement, the program is strongly technological but intended to be part of a broader, liberal education context. Thus phrases such as "leaders", "relationship to the world" and "broad-based general education" are specifically intended to evoke the larger context of BYU's aims. Furthermore, as explicitly stated, this mission statement rests on the foundation of the "Aims of a BYU Education."

Cybersecurity Program Educational Objectives:

1. Apply knowledge in service to community and family and engage in lifelong learning through personal study and continuing education.
2. Develop a fulfilling profession which may include employment in industry or academia, technology-based entrepreneurship, and postgraduate study in engineering or other disciplines.
3. Leverage technical background to make innovative contributions to society and serve in responsible positions of leadership.
4. Be an example of faith, character, and high professional ethics.

Curricular Structure

Cybersecurity is a computing-based discipline involving technology, people, information, and processes to protect computing systems from adversaries. It involves the creation, operation, analysis, and testing of secure computing systems. Cybersecurity professionals know how to secure websites, mobile apps, operating systems, databases, networks, and embedded computing systems. They stay current on the latest computer vulnerabilities, help prevent employees from falling victim to social engineering attacks, collaborate with leadership to mitigate and manage risks, monitor systems to identify intruders, and respond effectively when successful attacks occur. Penetration testers, also known as Red Team members, are hired by companies and organizations to identify vulnerabilities by ethically hacking into systems. Digital forensics investigators use sophisticated tools to track down attackers and capture evidence that can be used in court.

The field has grown tremendously in recent years and is expected tocontinue rapid growth in the coming decades. BYU's Cybersecurity program is recognized as a National Center of Academic Excellence in Cyber Defense (CAE-CD) by the NSA and has placed students in the public and private sector at top companies both small and large. TheCybersecurity program is ABET accredited. Graduates fill roles as penetration testers, forensics computer analysts, network and systems administrators, data security engineers, information security analysts, security architects, IT security engineers, and Chief Information Security Officers.

The Cybersecurity degree shares foundational courses with Computer Engineering (CpE) and Computer Science (CS) (ECEN 191, ECEN 192, ECEN 224/225, CS 111, CS 235, CS 236). This allows students to transfer between programs during the first two years of their studies as they refine their interets and understanding of computing disciplines. Cybersecurity rests on a foundation of Math and Science and thus includes classic courses in Math (Math 112, Stats 201, MATH 312/315) and Science (Physics 121). Core cybersecurity concepts and principles are covered throughout the curriculum and in all years of the program (e.g., CYBER 110, CYBER 266, CYBER 366, CYBER 467). The curriculum requires exposure to many areas of computing in which cybersecurity concepts are embedded (e.g., web systems, networking, operatingn systems, databases). It also provides a wide range of electives from across computing disciplines including courses on encryption (MATH 485), wireless networking (EC EN 526), machine learning (EC EN 471), blockchain (CS 466), and within the CYBER progam (e.g., cloud architecture and security, advanced networking, systems administration, usable & secure design). In line with Cybersecurity programs across the nation, there is a strong emphasis on experiential learning within the curriculum. This is reflected in the emphasis on lab-work and projects in major courses. All technical courses in the major include substantial lab and project requirements and the capstone experience for undergraduate students is a two-semester project class where the students work in assigned teams to design, build, manage, complete and report on a significant project with a Cybersecurity component. Additionally, 200 hours of work in the area of Cybersecurity are required prior to graduation.

The graduate program consists of a thesis-based MS degree requiring 30 credits of relevant courseework. Currently graduate enrollment is strong and students complete a variety of activities related to Cybersecurity-related research and application.

Catalog Information

Learning Outcomes

---

Below are the Program Learning Outcomes for the Cybersecurity B.S. degree.

Problem Analysis and Solutions

Analyze a complex computing problem and apply principles of computing and other relevant disciplines to identify solutions.

Design, Implement, & Evaluate Computing Solutions

Design, implement, and evaluate a computing-based solution to meet a given set of computing requirements in the context of the program's discipline.

Communicate Effectively

Communicate effectively in a variety of professional contexts.

Legal & Ethical Judgment

Recognize professional responsibilities and make informed judgements in computing practice based on legal and ethical principles.

Teamwork and Management

Function effectively as a member or leader of a team engaged in activities appropriate to the program's discipline.

Security Principles and Practices

Apply security principles and practices to maintain operations in the presence of risks and threats.

Evidence of Learning

---

At the course level, assessments include quizzes, exams, homework assignments, labs, papers and so on. Many projects require students to report orally and in formal technical reports. Students are also required to complete term papers and report on key developments within their discipline. The final capstone project includes significant reporting requirements in the form of oral presentations, posters, code documentation, and formal technical reports. External sponsors help achieve a balanced evaluation of the program. Semi-annual meetings with the External Advisory Board (EAB) and annual surveys of alumni provide data for both evaluating student competence and also evaluating the mission and goals of the program. An exit survey and group interviews with graduating students are conducted to identify areas of strength and improvement. Additionaly, students self-report on how well they achieve learning outcomes for each required class as part of a their course evaluations.

All full-time faculty members that teach CYBER courses participated in an analysis of the data and discuss ways that they can improve any deficiencies. The course outcomes are evaluated both directly and indirectly as discussed below.

Direct Measures of Course Outcomes

Each course in the major has defined learning outcomes. These are displayed in the BYU course catalogue. These outcomes are used by faculty in teaching. They are reviewed and changed as needed, after discussion in faculty meetings.

Achievement of these specific course outcomes is evaluated by faculty teaching the courses with assignments and evaluations directed towards the objectives.

Indirect Measures of Course Outcomes

Graduating students each have an exit interview as part of a group of students. They also fill out an exit survey. The questions of the survey address their perceptions of how well they met the Program Learning Objectives. Thus, each year, there is an indirect measure of all 6 Program Learning Outcomes from a graduating student perspective. Feedback is discussed with faculty teaching required courses. Each required class is surveyed each semester relative to completion of course outcomes as part of the student evaluations. Some of the course outcomes map to Program Learning Outcomes. Faculty review these together at least annually to discuss how to improve outcomes. Selected groups of alumni are also surveyed regularly (annually) with faculty discussions of the results. 

Learning and Teaching Assessment and Improvement

---

On the program level, all courses are evaluated by students through a formal, anonymous student response system each semester (administered by BYU). Results are provided to individual instructors and to administrative supervisors. Additionally, all graduating students must complete an exit survey and group interview in order to graduate. The survey asks questions about the 6 Program Learning Outcomes and their experience in the program more generally. Results are anonymized and summarized and then provided to all faculty. These results are discussed in faculty meetings. An External Advisory Board meets twice a year, reviews the program content, meets individually with students and provides feedback to the program. These meetings are recorded and summaries are provided to faculty and discussed in faculty meetings. Peer evaluations of instructors are also conducted before advancement and promotion.

Analysis, Evaluation, and Improvement Process

The entire program is reviewed and modified at least annually, with program changes and course outcome changes submitted in the Fall. Regular faculty meetings are held, and decisions are recorded, to deal with on-going program changes.

Indirect measures of Program Learning Outcomes are tracked each year from the exit survey data collected from each graduating student. Trends are evaluated each year.

Direct measures of Program Learning Outcomes are based on assignments that measure class outcomes that map to program outcomes. For example, peer evaluation data from capstone classes is used to evaluate Outcome 5 focused on teamwork. The list of Program Learning Outcomes indicates which classes map to which outcome. The faculty focus on evaluating only 2 program learning outcomes per academic year, according to the schedule below:

2018-19: All learning outcomes assessed (since program was new that year)

2019-20: Program Learning Outcomes 1 and 2 assessed directly

2020-21: Program Learning Outcomes 3 and 4 assessed directly

2021-22: Program Learning Outcomes 5 and 6 assessed directly

And so forth, repeating the 3-year cycle of covering all 6 learning outcomes.