Information security education in South Africa

Purpose: The purpose of this paper is to argue that information security should be regarded as a critical cross-field outcome (CCFO). This could assist in narrowing the evident "information security gap" that currently exists in undergraduate information technology/information systems/computer science (IT/IS/CS) curricula at South African universities. Design/methodology/ approach: This paper briefly reviews existing literature relating to outcomes-based education in South Africa with a specific focus on CCFOs. A literature review was also carried out to determine existing approaches to education in information security. A survey was carried out to establish the extent to which information security is currently incorporated into the IT/IS/CS curricula at South African universities and a discussion group was used to provide insight into the current situation at undergraduate level. Findings: Education in information security has matured much more rapidly in postgraduate than in undergraduate programmes at South African universities. In addition, the extent to which information security is addressed at undergraduate level is on an ad hoc basis, with isolated attention being paid to a few information security aspects. An integrated approach to information security education is therefore proposed by considering information security as a CCFO. Research limitations/implications: Further research is required to determine how appropriate information security aspects can be seamlessly integrated into the various learning programmes at undergraduate level. Practical implications: The proposed integrated approach to information security education will require that IT/IS/CS educators develop strategies to incorporate relevant information security aspects into their learning programmes. Originality/value: This paper proposes an integrated approach to information security education by considering information security as a CCFO. © Emerald Group Publishing Limited.