1. INTRODUCTION

Information security is a discipline that is concerned with the implementation and support of security and control procedures to protect the availability, integrity and privacy of electronically stored data. In dealing with security, a risk is any hazard or danger to which a system or any of its components (e.g., hardware, software, information, or data) is subjected. Threat is any actor, action, or event that has a potential to be a risk in the above sense, and vulnerability is a point within a system that is susceptible to attack from a threat. With the rapid growth in the global Information Technology (IT) environment, increased levels of risks, threats and vulnerabilities are seen. Organizations have started employing Information Security Managers (ISM) to ensure availability, authenticity, confidentiality, integrity, and usability by protecting the information in all stages of input, process, and output (NIST 1990). As such, the ISM is responsible for an organization's information security policy and program support and for the selection and maintenance of specific safeguards/controls for the organization's computer and communications network and application software.

Sound curricula in Information Security Management are required to develop enough number of ISMs who can help ensure reliable deployment of IT.

In designing a curriculum for new or emerging occupational areas such as Information Security Management, a systematic approach like DACUM (Developing A CUrriculuM) lends itself conveniently to integrate the pragmatic perceptions of the practitioners in the industry and the rigorous prescriptions of the instructors in the academia. In adapting DACUM (Halasz 1994), material pertaining to ISM job can be gathered from best practitioners in that...