Information Technology (IT) encompasses all aspects of computing technology. The pervasiveness of IT over the past decade means that information assurance and security (IAS) know-how has become increasingly important for IT professionals worldwide. However, South African universities do not get specific curriculum guidelines to ensure that all essential security-related aspects are included in the IT courses offered. With respect to IAS, these universities are therefore required to self-regulate through measuring against international norms and standards. One such norm for the IT profession is given by the ACM/IEEE-CS in the ‘Information Technology 2008, Curriculum Guidelines for Undergraduate Degree Programs in Information Technology’ document. This paper examines this norm, together with relevant South African curricula policy document, to establish what information security guidance exists to support IT curriculum developers and educators. In addition, it argues that an integrated educational IAS model can help address IAS as a pervasive theme throughout IT curricula.