1. 1
Proposal for the Establishment of a Center
Proposed name of Center: CENTER FOR INFORMATION ASSURANCE (CIA)
Name and title of individual
submitting this proposal: S. SRINIVASAN
PROFESSOR
COMPUTER INFORMATION SYSTEMS
COLLEGE OF BUSINESS
Anticipated Date of Initiation
of this Center: APRIL 1, 2007
Existing Center or Institute the
proposed Center is intended
to replace: NONE
Please respond to the following set of instructions, following the numbering scheme indicated.
The entire proposal should not exceed six pages (excluding appended materials).
1. Describe the purpose of the proposed Center or Institute. Indicate why a separate
organizational structure is needed to fulfill this purpose. Include reference to the
relationship of the Center or Institute to the mission of the university, the Strategy for
Excellence, and to the mission of each college, school, unit, department or program of
which the Center or Institute will be a part. Include references to specific unit
‘scorecard’ indicators to which the Center or Institute will contribute.
The proposed Center for Information Assurance in the College of Business will bring together
faculty and students from all disciplines in the college to focus on Information Security. The
Computer Information Systems (CIS) department in the College of Business has an approved
concentration in Information Security since Fall 2004. This concentration has attracted students
from the School of Accountancy as well. Additionally, students from other College of Business
disciplines are showing interest in taking the InfoSec courses. Moreover, faculty from Computer
Information Systems, Accounting, Finance, and Economics departments work on various aspects
of information security related topics such as security audit, internal control, health care, and
privacy, in addition to developing new methods to detect network intrusion and design of secure
networks.
University of Louisville’s mission is to be a “premier metropolitan research university.” To
further this goal, the university has to contribute to the well being of the community. In this
case, we are able to fulfill this mission of the university to not only contribute to our local
community by helping educate our students but also to help the nation in protecting the critical
infrastructure. This fits well with the College of Business’ mission “To enhance the intellectual
and economic vitality of Louisville, Kentucky, the region, and the broader business community
through our academic programs, research, and community outreach activities.” For example, the
2. 2
CIS program developed a Memorandum of Agreement with the Jefferson Community College
(JCC) for enabling JCC students to “block transfer” credits to the InfoSec program in the College
of Business. This initiative is being supported by a one-year Council on Postsecondary
Education (CPE) grant for $180,000. We already have a mechanism in place that enables high
school students to take dual credit courses with JCC and then complete their Associate Degree
from JCC before block transferring the credits to the InfoSec program in CIS. This program,
which is in effect for two years initially, will be expanded later to include all the colleges in the
Kentucky Community and Technical College System (KCTCS).
Moreover, the InfoSec program has signed a Memorandum of Agreement with Kentucky State
University for reciprocity of credits between the two institutions to further augment our InfoSec
course offerings. We have an ongoing collaboration with the Kentucky State University (a
Historically Black College/University) that enabled us to seek a collaborative grant from the
National Science Foundation (NSF) to enhance our information security infrastructure and
faculty development. We were successful in receiving a two-year $300,000 grant from NSF for
this purpose.
The Director of Information Technology Resource Center (iTRC) has been providing internships
for CIS students. The mission of iTRC is changing to focus more on meeting many of the
challenges that the Department of Homeland Security wants addressed. U of L has received
National Security Agency accreditation as a National Centers of Academic Excellence (CAE) in
Information Assurance Education. One of the requirements of NSA for CAE designation is to
have a dedicated center focused on information security. Since the College of Business has an
official concentration in InfoSec in the CIS undergraduate program and the two Memoranda of
Agreement with JCC and Kentucky State University, we are interested in creating the new
Center for Information Assurance in the College of Business at this time. Once we further
strengthen the InfoSec program within the university we plan to expand the Center to include the
other units on campus. We envision that taking place over a two to three year period.
We expect the Center to contribute to the following unit score card indicators:
1. Number of undergraduate students involved in research or creative activity in
collaboration with faculty (One InfoSec undergraduate student collaborated with faculty
last year and one other student is collaborating this year with a faculty member)
2. Total student scholarship awards (Specialized scholarships for InfoSec students are
available from NSF, the Department of Defense, and Department of Homeland Security.
We are planning to apply for such scholarships)
3. Number of students receiving national awards and/or national recognition (As part of
InfoSec program we expect our students participated in Educause national video
competition and national Information Security competition. We took a team for a
regional competition this year in preparation for a national competition in the future.)
3. 3
4. Nationally recognized programs (U of L received the National Security Agency
designation as a National Center of Academic Excellence in Information Assurance
Education in April 2006.)
5. Total number of grants and contracts awarded (Currently the InfoSec program has one
grant –from NSF. We plan to seek further NSF and Department of Defense grants as
well as other state grants through the Center.)
6. Total grants and contracts – dollar amount by collaborating investigators (excluding
financial aid) (Currently the InfoSec program has one grant – from NSF for $300,000.)
7. Total number of research grants and contracts proposals submitted (Currently members
of the proposed Center for Information Assurance have submitted research grant
proposals to NSF and we plan to expand this significantly in the next two years through
the Center.)
8. Total number of research grants and contracts awarded (Members of the proposed Center
will be submitting research grant proposals to federal, state agencies as well as
corporations through the Center.)
9. Total research grants and contracts – dollar amount received (Members of the proposed
Center will be submitting research grant proposals to federal and state agencies as well as
corporations through the Center.)
10. Total federal research grants and contracts – dollar mount received (Members of the
proposed Center will be submitting research grant proposals to federal agencies through
the Center.)
11. Total publications in refereed journals (Members of the proposed Center have already
published InfoSec related papers in refereed journals and will continue to publish in such
journals.)
12. Number of exhibits, artistic performances, presentations, etc. (Members of the proposed
Center have already made four presentations in 2005 on InfoSec topics and will continue
to make such presentations. Also, under the direction of one of the members of the
Center two videos were produced by three students for submission to a national contest.
Another student participated in presenting the collaborative research during the
Undergraduate Research Symposium at U of L. Under the guidance of one member of
the Center one student prepared a paper and presented it at a regional InfoSec conference
in Georgia. Members of the Center will continue to be involved in such activities.)
13. Number of interdisciplinary grant applications (Members of the proposed Center belong
to multiple disciplines within the College of Business. One of the main goals of the
Center is to pursue grants from external funding agencies showing the interdisciplinary
collaboration of the members.)
4. 4
14. Number of interdisciplinary research projects (Members of the proposed Center belong to
multiple disciplines within the College of Business. One of the main goals of the Center
is to pursue interdisciplinary research projects. Already, members from CIS and
Accountancy have collaborated and published papers and additional such work is in
progress currently.)
15. Total publications in refereed journals across disciplines (Members of the proposed
Center belong to multiple disciplines within the College of Business. One of the main
goals of the Center is to pursue interdisciplinary research projects. Already, members
from CIS and Accountancy have collaborated and published papers and additional such
work is in progress currently.)
2. Indicate who will direct the proposed Center or Institute and what other members of the
administration and faculty will be involved in it. Indicate also the level of each
individual's involvement on an annual FTE basis for the first three years of the Center's
or Institute's operation. Attach a brief curriculum vitae for the person who will direct the
Center or Institute and for the key faculty members who will be involved in it. Indicate
how any current members of the faculty or administration who will be involved in the
Center or Institute will be replaced in their present activities. Provide a statement from
each key faculty member (5% time commitment or greater) indicating that his or her
approved workplan includes time spent on Center or Institute activity.
The Center for Information Assurance (CIA) will be directed by S. Srinivasan, Professor of CIS.
He will devote 5% of the time to organize seminars as well as teach and perform research in
InfoSec, and pursue grant opportunities in InfoSec with other members of the Center. He will
also be working to develop new InfoSec courses as well as manage the two InfoSec Labs in the
College of Business.
Other members of the Center are:
# Faculty Name Rank and Department Year 1
FTE
Year
2 FTE
Year 3
FTE
1 Alan Attaway Associate Professor of Accountancy and
Associate Director
2% 2% 2%
2 Robert Barker Associate Professor of CIS 1% 1% 1%
3 Jay Brandi Professor of Finance 1% 1% 1%
4 Satish Chandra Associate Professor of CIS 1% 1% 1%
5 Stephen Gohmann Professor of Economics 1% 1% 1%
6 Jian Guan Associate Professor of CIS 1% 1% 1%
7 Alan Levitan Professor of Accountancy 1% 1% 1%
8 Wyatt McDowell Associate Professor of Commercial Law 1% 1% 1%
9 Andrew Wright Assistant Professor of CIS 1% 1% 1%
10 Jozef Zurada Professor of CIS 1% 1% 1%
5. 5
The FTE percentages were calculated based on the anticipated teaching and research in InfoSec
area. Faculty members with a 1% work allocation will teach at least one InfoSec related course
or perform collaborative research in this area. Faculty member with a 2% work allocation is
currently teaching at least one InfoSec related course and performing collaborative research in
this area.
3. Indicate on an annual FTE basis the needs of the Center or Institute for P&A staff,
classified staff, and other personnel in its first three years. Indicate how any current
members of the university staff who will be involved in the Center or Institute will be
replaced in their present activities.
The Center does not anticipate the need for any dedicated P & A staff. All activities that are
currently being coordinated by S. Srinivasan will continue to be coordinated by him. These
include organizing and conducting the three InfoSec Seminars in Spring and Fall semesters,
development and teaching of new InfoSec courses, perform collaborative research with other
colleagues, and manage the two InfoSec Labs in the College of Business.
4. Indicate the space requirements for the Center or Institute in its first three years, and
how that space will be provided.
The Center does not anticipate any need for office space in the first year. During the first year
any student helper used will be able to perform the work from one of the InfoSec Labs which
have adequate desk space with computer. In the second and third years, the Center hopes to find
dedicated student help in Fall and Spring semesters and at that time it will assign desk space in
the InfoSec Lab. This student assistant will help all members of the Center in helping acquire
the necessary material for teaching and research and provide some web support in managing the
InfoSec web site (http://www.louisville.edu/infosec) that is currently being managed by S.
Srinivasan.
5. Indicate initial equipment and other infrastructure resources (including technology) that
the Center or Institute will need, and explain how these will be provided. (see Form 1,
Part II.5)
The proposed Center for Information Assurance has all the necessary hardware and software in
the two InfoSec Labs. Moreover, additional funds from the NSF’s Capacity Building grant is
available to acquire any additional research and teaching materials. Furthermore, the College of
Business has created a Research Incentive Grant fund in the amount of $75,000 per year that the
Center members could apply for additional research funding.
6. 6
6. Indicate the amount and source of funds that will be needed to operate the Center in its
first three years. Include itemized amounts for personnel, equipment, technological
support, and operating expenses.
The Council on Postsecondary Education has approved the transfer of $10,000 from an existing
grant directed by S. Srinivasan to create the Center for Information Assurance. The National
Science Foundation has approved the transfer of $5,000 from an existing grant directed by S.
Srinivasan to create the Center for Information Assurance. The existing Capacity Building grant
from NSF supports payment of expenses related to the speakers for the InfoSec Seminar Series.
The Center plans to apply for additional grants from state and national agencies to support the
Center’s work.
Student assistant for years 2 through 5 $8,000
Printing and mailing of brochures, posters $1,000
Travel by road within a 100 mile radius of Louisville $1,000
The Center will not require any technology support as it has adequate technology resources
currently. Since the Labs were designed only in 2004 and 2005, the upgrades will not be needed
in less than three years. The Center plans to organize seminars and short courses on current
security and management related topics which will fetch revenue from member participation.
The anticipated revenue from these seminar activities and short courses will fund the anticipated
expenses of the Center.
7. Provide a written statement from the Dean, University Libraries (or designee)
concerning the adequacy of current resources. The statement should include a
comparison of local holdings to standards/recommendations of national accrediting
agencies, the holdings of benchmark institutions, and/or other recognized measures of
adequacy. If additional resources are needed to support the program, the statement
should include an estimate of costs and the sources of additional funding. The statement
should be requested at least one month prior to submitting the final proposal to the Office
of the University Provost.
The Dean of University Libraries has mentioned her support of the InfoSec program activities at
U of L in her letter dated November 29, 2005. In that letter she has specifically identified the
existing InfoSec resources that the U of L libraries have and what has been planned for the future
in this area.
8. Indicate the anticipated amount and source of revenue for the Center or Institute in its
first three years on Form 2. Include a narrative that explains in detail all sources of
revenue.
The Center has an initial funding of $10,000 from the Council on Postsecondary Education and
an additional $5,000 from the National Science Foundation. Additional revenue is expected
from fees for seminars and workshops. Any unspent portion of the revenue would carryover
from year to year. Many of the Center’s proposed activities are currently supported by the NSF
7. 7
grant. The Center members are planning to seek additional funding from state and national
funding sources.
9. Indicate how the work of the Center or Institute will be evaluated. Please describe the
Center or Institute’s evaluation plan according to the following criteria:
a. the specific objectives or anticipated outcomes for the work of the Center or
Institute;
i. Conduct inter-disciplinary and discipline based research related to
information security technology, implementation and policy aspects
ii. Create new courses or modules in existing courses related to information
security
iii. Develop a seminar series on current security related topics aimed at
corporate executives
iv. Develop short courses (one-day, two-day duration) on special topics such
as Sarbanes-Oxley Act Compliance, Information Security Policies, and
Security Audit.
b. the specific measures, assessment tools, and/or performance indicators that will be
used to assess the fulfillment of the Center or Institute’s objectives;
Item (i) above is quantifiable from publications and conference
presentations.
Item (ii) above is quantifiable from new courses or course modules
developed and taught.
Items (iii) and (iv) above are quantifiable from the number of seminars
and short courses offered.
c. the schedule for collection, analysis, and reporting of evaluation data described in
b. above;
Data collection, analysis, and reporting of evaluation data described in (b)
above will be done annually.
d. the person, committee, or entity that will receive the evaluation data or reports
and is responsible for developing and implementing changes and improvements.
Person receiving the evaluation data and annual report is the Dean,
College of Business.
Signature of Submitter:
Name: S. Srinivasan Date: February 2, 2006
8. 1
Form 1
Departmental Expenditure for Centers and Institutes (Academic Year)
(Columns 4-5 continuation only)
Year 1 Year 2 Year 3 Year 4 Year 5
I. Personnel
1. Full-time ranked faculty (FTEF)
a. Number of FTEF ___0.16 _ ___0.16 _ ___0.16 _ ___0.16 _ __0.16 _
b. Average salary $120,000 $123,600 $127,308 $131,127 $135,061
c. Fringes per avg. salary $25,800 $26,574 $27,371 $28,192 $29,038
d. Cost of FTEF: a x (b+c) $23,328 $24,028 $24,749 $25,491 $26,256
2. Part-time faculty (PTF)
a. Course credit hours
taught by PTF __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
b. Average PTF salary
per credit hour __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
c. Average PTF fringes
per credit hour __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
d. Cost of PTF: a x (b+c) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
3. Other (specify)
Categories %
(e.g., secy.) full-time rate __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
Cost of Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
Total Personnel Costs: $23,328 $24,028 $24,749 $25,491 $26,256
II: Operating Costs:
1. Supplies $1,000 $1,000 $1,000 $1,000 $1,000
2. Travel $1,000 $1,000 $1,000 $1,000 $1,000
3. Library Budget (in addition
to current expenditures)
a. Books __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
b. Journals __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
c. Electronic Resources __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
d. Other (please specify) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
4. Student support
(assistantships,
fellowships, tuition waiver) __ 0 __ $8,000 $8,000 $8,000 $8,000
5. Equipment
a. Instructional __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
b. Research __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
c. Computer equipment
and software __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
d. Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
Total Operating Costs: $2,000 $10,000 $10,000 $10,000 $10,000
9. 2
FORM 1 (continued)
III. Capital Costs
1. Facilities
a. New Construction __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
b. Renovation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
c. Furnishings __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
2. Other (please specify) __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
Total Capital Costs: __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
Total Expenditures: $25,328 $34,028 $34,749 $35,491 $36,256
Form 1A
A rational should be provided for all costs recorded on FORM 1. If an explanation of an expenditure is
contained elsewhere in the proposal, it is necessary only to record on this form the section in which it
appears.
Personnel Costs: The new Center will be managed by a Director. The amount listed here in Form 1 reflects
the anticipated salary of a Director for other university duties such as teaching and research. Five percent of
the Director’s time and two percent of the Associate Director’s time will be devoted to managing the Center.
The fringe benefits are calculated at 21.5% of the salary. The amount indicated for years one through five is
based on these assumptions. For years two through five a 3% increase from the prior year amount is used.
Operating Costs: The Center is planning to develop a brochure and poster to promote the activities of the
Center. The cost reflects the cost of printing and mailing the brochures and posters. A modest amount is
planned for travel in connection with the activities of the Center. The travel is expected to be by road to
places in Louisville and the surrounding cities.
We hope to employ a student assistant in years 2 through 5 and pay the student a flat stipend, subject to
obtaining grants from external agencies such as the National Science Foundation.
10. 3
FORM 2
AMOUNT AND SOURCES OF REVENUE*
1. Regular state appropriation
and tuition and fees __0__ __0__ __0__ __0__ __0__
a. New money __0__ __0__ __0__ __0__ __0__
b. Internal reallocation $23,328 $24,028 $24,749 $25,491 $26,256
2. Institutional allocation from
restricted endowment __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
3. Institutional allocation from
unrestricted endowment __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
4. Gifts __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
5. Extraordinary state
appropriation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
6. Grants or contracts
a. Private sector __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
b. Local government __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
c. State _$10,000_ __ 0 __ __ 0 __ __ 0 __ __ 0 __
d. Federal _$5,000 _ _$8,000_ _$8,000_ _$8,000_ _$8,000_
e. Other __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
7. Capitation __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
8. Capital __ 0 __ __ 0 __ __ 0 __ __ 0 __ __ 0 __
9. Other (please specify) _$2,000 _ _$2,000_ $3,000 $3,000 $3,000
Seminars and workshops
Total Revenues $40,328 $34,028 $35,749 $36,491 $37,256
* A narrative must be included that explains in detail all sources of revenue.
Faculty members currently teaching courses would continue to teach these courses and that is the
basis for the allocation under “Regular State appropriation and tuition and fees.”
Under “Federal grant” we have allocated $8,000 for each of the years 2 through 5. We expect to
obtain grant money from NSF, DoD, or other federal agencies to support one undergraduate student
in years 2 through 5. If for some reason the projection falls short, then the student will not be hired
and the workload distributed among the Center’s faculty members.
The Council on Postsecondary Education has approved the transfer of $10,000 from an existing
grant under the direction of S. Srinivasan for the new Center for Information Assurance. The
National Science Foundation has approved the transfer of $5,000 from an existing grant under the
direction of S. Srinivasan for the new Center for Information Assurance. Any unspent portion of
the revenue would carryover from year to year.
11. 4
The Center plans to offer seminars and workshops aimed at corporate executives and security
professionals. A fee structure will be developed for these events. We hope to generate $2,000 from
these activities during the first two years and enhance it to $3,000 for the next three years.