Mason Awarded $500,000 Grant for Cyber Security Education Research

Posted: November 1, 2013 at 5:00 am, Last Updated: November 4, 2013 at 6:53 am

Print Friendly

By Jennifer Anzaldi

George Mason University’s School of Management and Volgenau School of Engineering recently were awarded a $500,000 grant from the National Science Foundation (NSF) to develop chief information security officer (CISO) core competencies and then apply the results to establish learning objectives and curricula guidelines for cyber security leadership education programs.

In addition, the grant provides funding for developing online cyber security leadership courses and ultimately an online version of Mason’s existing cyber security program, the MS in Management of Secure Information Systems (MSIS).

Angelos Stavrou

Angelos Stavrou

The research funded by the NSF grant seeks to answer the question of what core competencies are critical to cyber security leadership effectiveness. Cyber security is changing as a field with an increasing need for leaders with a multidisciplinary background spanning leadership, management, policy and technology. Cyber security is starting to be viewed as a key element of organization strategy — and organizations are looking to cyber security leaders to communicate effectively about enterprise risks to other executives and corporate boards.

Managing the project at Mason are Angelos Stavrou, associate professor of computer science and associate director of the Center for Secure Information Systems, and J.P. Auffret, director of Mason’s cross-disciplinary cyber security program. Brent Kang, associate professor of the Graduate School of Information Security at the Korea Advanced Institute of Science and Technology and a former Mason professor, is also a co-principal investigator.

Stavrou, Auffret, and Kang’s backgrounds for the project range across technology management and cyber security engineering and policy. Auffret also directs Mason’s MS in Technology Management program — which is a founding partner of the U.S. Government’s CIO University and has already established core competencies for CIOs — and co-founder of the International Academy of CIO. The group has previously had cyber security research funded by NIST, DARPA, DHA, IARPA and NSF.

J.P. Auffret

J.P. Auffret

In order to develop the CISO core competencies and learning objectives, individuals from academia, government and the private sector will share their expertise and exchange best practices in structured interviews, workshops and focus groups. These will not only explore and establish the core competencies that are critical to cyber security leader effectiveness, but also measure how cyber security leaders spend their time (priorities, functions, activities, etc.), and what organizational dimensions are factors in cyber security leader success.

Auffret says, “While this approach has been used in the past by the U.S. Chief Information Officer Council in mapping CIO core competencies to CIO education programs, this approach has not been applied to this extent to cyber security leadership education. The ultimate goals are to strengthen and institutionalize the role of the CISO and to continue to enhance cyber security leadership education curriculum in line with the changing role of the CISO.”

Richard Klimoski, professor of management and psychology, Roy Hinton, associate dean of executive education in the School of Management, Goodlett McDaniel, associate provost of distance education at Mason, and Danny Menasce, University Professor of computer engineering, are also integral to the project, providing expertise and experience in leadership and leadership development, research methodologies, online education, cyber security, distributed networks and multidisciplinary education.

Brent Kang

Brent Kang

The research project will continue through July 2015; results of initial workshops and focus groups will be available in spring 2014.

The core competency research results will be disseminated to academia, government and the private sector through workshops, publications and at a Cyber Security Leadership Education Forum, with the goal of adoption in the private sector and government. Stavrou, Auffret and Kang plan to continue hosting annual Cyber Security Leadership Forums after the grant concludes to provide an ongoing means for academia, government and the private sector to update CISO core competencies, learning objectives and curricula guidelines and foster and expand capacity and access for cyber security leadership education.

Stavrou, Auffret and Kang also plan to promote the learning objectives and curricula guidelines to universities as a set of best practices and metrics to assess and enhance cyber security leadership programs.

This article originally appeared in a slightly different format on the School of Management website.

Write to Robin Herron at

Leave a Comment