• No results found

PSA 547 Information Security and Technology

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "PSA 547 Information Security and Technology"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

PSA 547

Information Security and Technology

Group Q (May 7, 2015 – June 18, 2015)

Professor: Dr. Tina Ebenger Office: 510

Office Phone: 219-473-4392 Home Phone: 219-365-9024 E-mail: [email protected] (office)

Course Time: Thursday, 8:30 – 12:30 Thursday, 6:00 – 10:00

Room 204 – CCSJ and Room 419 – CCSJ (computer lab)

Professor Background: Dr. Ebenger received her Ph.D. in Political Science from the University of Cincinnati. Her dissertation title was “Privacy, Technology and Public Policy: The Case of Electronic Mail.” Her research and teaching interests include: the Internet, technology, public policy and privacy; civil rights and civil liberties; corruption in politics, and voter participation.

Course Description: This course focuses on the personnel, legal, regulatory and privacy issues that constitute many of the basic management areas that must be considered in developing and implementing an effective information security program. The course examines the legal basis for privacy and security of information and related technologies. Students study the USA PATRIOT ACT, GASSP (Generally Accepted System Security Practices), security best practices, and appropriate organizational responses to risk associated with the integrity of information. Presents methods and procedures for the assessment of risk, and examines strategies for mitigation of risk involving operational procedures, political issues in the organization, and the implementation of an enterprise wide security strategy.

(2)

Learning Objectives:

At the end of the course, the student will

• know and comprehend the fundamental principles and concepts of

information security including the Common Body of Knowledge

• develop a basic knowledge of computer hardware, Internet and security

architecture, and related security software

• recognize and distinguish between risks, threats and vulnerabilities on/to

information systems

• understand the legal and ethical aspects of information systems security • be able to analyze and evaluate the effectiveness of security

strategies/plans of information systems

• oversee the development and implementation of practical strategies/plans

to secure information systems

Textbooks:

Security: Information Security: Principles and Practices, Mark Merkow and Jim Breithaupt, 2006.

Information Security: Contemporary Cases, Marie Wright and John Kakalik, 2007

The Art of Deception, Kevin Mitnick, 2002

Dictionary of Computer and Internet Terms, Barron’s Business Guides, 11th edition, 2013.

Assessment:

Exercises/Projects (5, 3pts. each) 15% of grade Group Project/Presentation 30% of grade Three Papers (15pt. each) 45% of grade Class Participation 10% of grade

___________________ 100%

(3)

Class Policy for Assignments: Exercise/Project Assignments:

Each week, there will be a set of exercises or projects assigned for that reading assignment (see Schedule of Readings, pp. 5-7). Note that each chapter has Exercises and Projects but you will only be assigned one or the other. Make sure you are doing the right assignment. If an exercise is assigned, it should beone-half page, at a minimum, and the projects should be one page, at a minimum. Each paper should be typed, double-spaced, 12 pt. font, and are DUE the date they are discussed in class.

There are several in-class assignments noted on the syllabus. They are exactly what they say they are: we will complete the assignments in the computer lab here at CCSJ. You do not need to do anything prior to the assignment other than look it over and ask any questions you have about them in class.

There are also three papers due for this class. The questions to be answered in these papers are:

Paper #1 – The CIA triad - confidentiality, integrity and availability - are goals for information security. Discuss each one and give instances where one goal would be more important than the other. How would you guarantee confidentiality, integrity or availability in your examples? DUE May 14. Paper #2 – Create a fictitious company and create a complete business continuity plan (BCP) and a disaster recovery plan (DRP). Project 6.1, p. 138 DUE May 28.

Paper #3 – Of the 10 domains of common body of knowledge for Information Security, which do you believe is the most significant? Give reasons for your answer, as well as summarize that particular domain. DUE June 11.

These papers should be 3-5 pages in length. They must be typed, 12 pt. font, and double-spaced. Also, THEY MUST BE IN YOUR OWN WORDS. DO NOT CUT AND PASTE, OR COPY FROM THE BOOK WITHOUT PROPER

CITATION. ANY PAPER CONTAINING SOMEONE ELSE’S WORDS

WITHOUT PROPER CITATION (PLAGIARISM) WILL BE RETURNED WITH AN “F” GRADE.

If any student is caught plagiarizing any assignment, they will receive an “F” for that assignment and will receive no higher than a “C” for the course.

(4)

Also, it is advised that students complete the self-test at the end of each chapter. It will not be graded but it is a good way to review the material in the chapter and to make sure you have grasped the main points.

Group Project/Presentation: Students will be divided into groups of four (4) and will be assigned a project. The project will consist of a case study of a company, school, retail establishment, public library, or a place of your choosing. The name of the establishment where you are doing your case study is due the second week of class, Thursday, May 14, 2015.

The case study should include: the size (the physical location as well as number employees); the products made/sold or the services provided; what information is stored and how; the methods by which the information is secured; the problems they have been faced with and how they have dealt with them. (A handout with specific questions will be provided the first day of class so you have a template to work from.) You will conclude with an evaluation of the security procedures in place, any problems you foresee, and suggestions to address these problems. Each group will present their project to the class during the last class of the course (Thursday, June 18, 2015) and submit a paper (7-10 pages, and no less than 7 pages) regarding their findings.

Class Policy on Attendance:

As this is an accelerated course, attendance is crucial. Therefore, one excused absence will be accepted; however, two absences, regardless of it being work-related, excused, etc., will result in a grade of no higher than a B for the course. It is suggested that if you cannot attend the full amount of classes at this time, you withdraw from the program and re-enroll when you can commit more time and effort to your studies.

Statement of Plagiarism:

If an instructor or other Calumet College of St. Joseph personnel find that a student has plagiarized or been involved in another form of academic dishonesty, the instructor or other personnel may elect to bring the matter up for judicial review. The maximum penalty for any form of academic dishonesty is dismissal from the College. The procedures for judicial review are listed under the section of CCSJ handbook that addresses student grievances.

Grading Scale:

A: 100-93 B+: 89-87 C+: 79-77 D+: 69-67 A-: 92-90 B: 86-83 C: 76-73 D: 66-63

(5)

SCHEDULE OF READINGS:

P&P –

Security: Information Security: Principles and Practices

Cases

– Information Security: Contemporary Cases

Mitnick –

The Art of Deception

Month/Week Class Date Topics and Assignments January

1st Thursday, May

7

P&PChapter 1 “Why Study Information Security?” P&PChapter 2 “Information Security Principles of

Success”

Cases – Chapter 1 “Protecting Employee Data” ASSIGNMENT – Exercise 2.5 (p. 37)

In class assignment – Exercise 2.1 and Project 2.1 (pgs. 36-37)

P&PChapter 3 “Certification Programs and the Common Body of Knowledge”

Groups Assigned 2nd Thursday, May

14 P&P – Chapter 4 “Security Management” ASSIGNMENT– CHOOSE

ONE

: Exercise 4.1,

OR

4.2

OR

4.3 (p. 86)

P&P – Chapter 5 “Security Architecture and Models” Group Project Locations Due

(6)

Month/Week Class Date Topics and Assignments January

3rd Thursday, May 21

P&P – Chapter 6 “Business Continuity Planning and Disaster Recovery Planning Security”

YouTube Video -

http://www.youtube.com/watch?v=z8i3nTg-zxw

Cases – Chapter 3 “Contingency Planning” P&P – Chapter 7 “Law, Investigations, and Ethics”

ASSIGNMENT – Exercise 7. 5 (p. 162) Guest Speaker – Sgt. James Washburn, retired

CPD, OCD 4th Thursday, May

28 P&P – Chapter 8 “Physical Security Control” Cases – Chapter 2 “Integrating IT and Physical

Security”

ASSIGNMENT – Project 8.3 (p. 186) P&P – Chapter 9 “Operations Security”

IN CLASS ASSIGNMENT - Exercise 9.1 and 9.3

P&P – Chapter 10 “Access Control Systems and Methodology” IN CLASS ASSIGNMENT – Password Cracking Paper #2 DUE February 5th Thursday, June 4

Mitnick (read Part I, skim Part II, read Part III and Part IV)

P&P – Chapter 11 “Cryptography”

Cases – Chapter 6 “Tracking a Computer Intruder” ASSIGNMENT – Exercise 11.1 and 11.6 (p. 253 and

(7)

Month/Week Class Date Topics and Assignments February

6th Thursday, June 11

P&P – Chapter 12 “Telecommunications, Network, and Internet Security”

Cases – Chapter 7 “Developing and Implementing a Successful Information Security Awareness Program” P&P Chapter 13 “Application Development Security”

P&P – Chapter 14 “Securing the Future” Paper #3 DUE

7th Thursday, June 18

References

Download now ( PDF - 7 Page - 188.69 KB )

Related documents

Development of Science Education Peer Assessment Scale: Validity and Reliability Study

In this study, it is aimed to develop the Science Education Peer Comparison Scale (SEPCS) in order to measure the comparison of Science Education students'

Essays on the production and commercialization of new scientific knowledge

Quality: We measure quality (Q in our formal model) by observing the average number of citations received by a scientist for all the papers he or she published in a given

Humanitarian Protection Advocacy in East Asia: Charting a Path Forward

38 International organisations such as UNHCR regularly criticise Japanese, Chinese and Korean refugee policies, but less frequently discuss each country’s humanitarian

House-ing Urban Kin: Family Configurations, Household Economies and Inequality in Brazil’s Public Housing

I problematize three family images associated with the design and implementation of housing projects: the bureaucratic family, envisaged by policymakers as conflating with a model

JAMAICA: A Famous, Strong but Damaged Brand

I argue that positive global coverage of Jamaica’s outstanding brand achievements in sports, music and as a premier tourism destination, is being negated by its rival brands –

PKCS #5 v2.1: Password-Based Cryptography Standard

The encryption operation for PBES2 consists of the following steps, which encrypt a message M under a password P to produce a ciphertext C, applying a

Advanced Dental Practice Management Programme

Increased competition and the current economic crisis have brought about an unfavorable business climate for dental practices, but also have had a positive effect on the wider

The Atheist Experience: A Sociological Approach to Atheist Identity in College Students

I invite you to take part in a research study because I would like to understand how college students who identify as atheist come to adopt this identity and how they experience