uate degrees. Some universities are public (or state) universities and are partially funded by tax revenue collected by the state in which they reside. Others are completely private.
It is the faculty in each university or college who determine the courses that are taught and the content material of each course. U.S. universities offer three levels of programs. At the undergraduate level, typically there is no degree program specifically focusing on information assurance. It is considered more important for the undergraduate student to receive a broad education. Several hundred universities do teach some sort of information assurance courses at the undergraduate level. A small number of those teach only courses in cryptography.
In the United States, most information assurance courses can be found in the curriculum for computer science. Sometimes material on information assurance is taught as just one module within a course on more expansive topics such as networks, operating systems, or databases. In other cases, there are complete courses, or even a sequence of courses, in information assurance. The subject of cryptography is often treated by itself with courses either in computer science or in mathematics. In the United States the subject of physical security is rarely—if at all—taught in a university.
At the graduate level, some universities offer master’s degrees. For example, Carnegie-Mellon University offers a master’s degree in information security technology and management. Most students take industrial positions after graduation. Entire degree programs in information assurance are relatively rare at the master’s degree level. At the Ph.D. level, about 900 doctorate degrees are awarded each year in computer science and engineering. I estimate that no more than 5 to 10 of those degrees are in information assurance. As a result, the United States is producing very few Ph.D. students who are capable of performing research in information assurance. Consequently, the capability of the United States to field new research programs in information assurance is limited by a lack of qualified personnel.
The U.S. government encourages increased education in information assurance at the university level, but this is simply encouragement, not direction. First, the federal government offers scholarships to students who study information assurance. In one program, called the Federal Cyber Service Scholarships for Service, the government pays for two years of education, and in return the student works for the U.S. government in the area of security administration for two years after graduation. In 2003, 200 Cyber Service scholarship students will graduate from either undergraduate or graduate programs. In addition to this program, there are several other government-funded scholarship programs, as