In the ACM guidelines for curricula at educational institutions, the recommendations for Information Security Assurance (ISA) education do not specify the topics, courses, or sequence of courses. As a consequence, there are numerous ISA education models and curricula in existence at educational institutions around the world. Therefore, it is appropriate to evaluate the quality of academic information security programs and suggest changes or improvements in the curricula to ensure that undergraduates and graduates have gained the required skills after completing their studies. Despite a variety of ISA curricula and diverse educational models, universities often fail to provide their graduates with skills demanded by employers. In this paper, we make suggestions for the actions that should make the ISA curricula in the universities responsive to the needs of the general population and the industry in which graduates with ISA skills and specialization will be employed.