In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During this period three main efforts have proceeded in parallel: 1) Definition of accreditation standards for IT programs, 2) Creation of a model curriculum for four-year IT programs, and 3) Description of the characteristics that distinguish IT programs from the sister disciplines in computing. During the deliberations of the SIGITE Curriculum Committee, several topics emerged that were considered essential, but that did not seem to belong in a single specific knowledge area or unit. One of the most significant of these "pervasive themes" is Information Assurance and Security (IAS). A consensus emerged that these themes must be addressed during the entire learning experience and that students and instructors need to be constantly aware of how these themes are woven through the fabric of the curriculum. In this paper we present an introduction to SIGITE and the context of the work of the Curriculum Committee on IT2005, the IT curriculum volume described in the Overview Draft document of the Joint Task Force for Computing Curriculum 2005. We then describe the IAS component of the IT2005 document and how some IT programs are incorporating IAS as a "pervasive theme" that is woven through the curriculum. We conclude with some observations about the experience and some suggestions for those attempting to integrate information assurance and security into an existing program. (Contains 3 figures.)