ITC 1256 Information Security Management
Syllabus
Management of Information Security
Third Edition
Term, Year
General Course Information
Instructor:
Office:
Office Hours:
Phone:
Mail:
E-mail:
Web site:
Classroom:
Class Times:
Sebastian DiFelice
N/A
N/A
(617) 237-0543
N/A
s.defelice@neu.edu or oracledoctor@gmail.com
http://rgwllc.wordpress.com
Prerequisites:
Textbook: Michael E. Whitman, Herbert J. Mattord, Management of Information Security, Third Edition. Course
Technology, Cengage Learning, 2011, ISBN-13 9781435488847.
Course Objectives
This course focuses on the managerial aspects of information security and assurance. Topics covered include access
control models, information security governance, and information security program assessment and metrics.
Coverage on the foundational and technical components of information security is included to reinforce key
concepts. The course includes up-to-date information on changes in the field, such as national and international laws
and international standards like the ISO 27000 series.
Specific topic coverage includes:
 Introduction to the Management of
Information Security
 Planning for Security
 Planning for Contingencies
 Information Security Policy
 Developing the Security Program
 Security Management Models






1
Security Management Practices
Risk Management: Identifying and
Assessing Risk
Risk Management: Controlling Risk
Protection Mechanisms
Personnel and Security
Law and Ethics
ITC 1256 Information Security Management
Syllabus
Web Site
Supplementary information for the course is available at Blackboard. The Web site contains class notes, PowerPoint
slides, class announcements, the course syllabus, test dates, and other information for the course.
E-Mail
All students are requested to obtain an e-mail account. If you have any questions about the course or need assistance,
please contact me in person or by telephone during office hours; or by e-mail at any time. Also, you may submit the
end-of-chapter case project assignments in class on the due date or by e-mail with a date stamp at or before
5:00 P.M. on the due date. E-mail submissions should be submitted as an attachment in Microsoft Word format.
Grading and Evaluation Criteria
40% of the grade is based on a midterm and a final examination. Both examinations are cumulative and given in a
varied format. An in-class review will be held prior to each examination.
20% of the grade is based on quizzes. Quizzes are announced one day in advance and may vary from three to five
questions that may be in any format.
40% of the grade is based on keeping a project notebook. Students are asked to obtain a small notebook to enter
their answers to the various end-of-chapter exercises.
2
ITC 1256 Information Security Management
Syllabus
14-Week Course Outline
Week
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Chapter
Readings
Topics
Introduction to the Management of Information Security
Planning for Security
Planning for Contingencies
Information Security Policy
Developing the Security Program
Security Management Models
Review
Security Management Practices
Risk Management: Identifying and Assessing Risk
Risk Management: Controlling Risk
Protection Mechanisms
Personnel and Security
Law and Ethics
Review
3
Exams
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Midterm Exam
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Final Exam
ITC 1256 Information Security Management
Syllabus
10-Week Course Outline
Week
1
2
3
4
5
6
7
8
9
10
Chapter
Readings
Topics
Introduction to the Management of Information Security
Planning for Security
Planning for Contingencies
Information Security Policy
Developing the Security Program
Security Management Models
Security Management Practices
Risk Management: Identifying and Assessing Risk
Risk Management: Controlling Risk
Protection Mechanisms
Personnel and Security
Law and Ethics
4
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Exams
Midterm Exam
Final Exam
ITC 1256 Information Security Management
Syllabus
8 Week Course Outline
Week
1
2
3
4
5
6
7
8
Topics
Introduction to the Management of Information Security
Planning for Security
Planning for Contingencies
Information Security Policy
Developing the Security Program
Security Management Models
Security Management Practices
Risk Management: Identifying and Assessing Risk
Risk Management: Controlling Risk
Protection Mechanisms
Personnel and Security
Law and Ethics
5
Chapter
Readings
Exams
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Midterm Exam
Due outside of class
Final Exam