Syllabus – IAS2233 OnLine -1- IAS2233 - Online Introduction to Information Assurance/Security. INSTRUCTOR: Dr. Pedro A. Diaz-Gomez OFFICE: 203D, Howell Hall OFFICE PHONE: (580) 581-7934 E-MAIL: pdiaz-go@cameron.edu OFFICE HOURS: Please look Blackboard under the Faculty Information Tab . PREREQUISITE: EET 1063. REQUIRED TEXT: Michael E. Whitman and Herbert J. Mattord. Principles of Information Security, 4rd Edition. Course Technology CENGAGE Learning. ISBN 1-111-13821-4 SUPPLEMENTAL READINGS: Federal Information Processing Standards Publications (FIPSs): Publication 199 Standards for Security Categorization of Federal Information and Information Systems; FIPS 200 Minimum Security Requirements for Federal Information and Information Systems; FIPS Publication SP800-27 Rev A Engineering for Information Technology Security (A Baseline for Achieving Security); National Institute of Standard and Technology (NIST) 800-34 Rev. 1 Contingency Planning Guide for Information Technology Standard; NIST FIPS 140-2. You can look for these publications in the web page http://csrc.nist.gov/publications/ Internet Access Students need internet access; so, it is the responsibility of the Student not only to have access to the internet, but to have a word processor to write down projects. Cameron University facilitates these resources on main Campus. CATALOG COURSE DESCRIPTION: Best practices, basic policies and procedures, ethics, and fundamental legal issues will be explored. Risk Management and Disaster Recovery as applied to Information Assurance/Security will be investigated. Ethics and vulnerability issues will be also be covered. Online 3 hours. Prerequisite: EET 1063. EXPANDED COURSE DESCRIPTION: This course provides the foundations of information assurance and security from a business prospective. Topics covered include human factors, compliance with regulations, personnel security, risk assessment and ethical considerations. This course maps the following sections of National Security Telecommunications and Information Systems Security 4011 and the Committee on National Security Systems 4012: Security Awareness 1 Syllabus – IAS2233 OnLine -2(4011), Review Accreditation (4012), Grant Final Approval to Operate (4012), Planning and Management (4011), Policies and Procedures (4011). COURSE OBJECTIVES: Understanding vulnerabilities, threats, and risks (INFOSEC, OPSEC, Software Security, and Information Security – CNSS 4011 and 4012. Understanding the concepts of security policies (Awareness CNSS 4011). Understand basic security mechanisms used in order to protect information (NSTISS Planning and Management, Access Control – CNSS 4011 and 4012). Understand physical security and personnel security (Roles of Various Organizational Personnel – CNSS 4011 and 4012). Understand the development of the information assurance infrastructure and The Security Systems Development Life Cycle. ( Introduced AAS - SSLO1.1, Awareness – CNSS 4011, Grant Final ATO, Review Accreditation, Verify Compliance – CNSS 4012) Understand the importance of human factors like ethics in the process of information assurance. ( Reinforced AAS - SSLO4.1) COURSE FORMAT: The strategy for this course calls on the student to be an active participant in the learning process. Students must prepare in advance each topic to be covered in class and as part of their preparation they must make home works which come directly from the class’ book. Usually students have to discuss topics with class mates. For doing that, you will be using the corresponding topic under the Discussion Board in Blackboard. To begin with, look at the forum Introduction under the Discussion Board and introduce yourself to the classmates. The instructor expands upon key concepts with comments and examples provided by the book and class slides. The course includes virtual class room and chat sessions. ACTIVE vs. PASSIVE LEARNING 1: Studies indicate that students retain: 10% of what they read; 20% of what they hear; 30% of what they see; 50% of what they see and hear; 70 % of what they say; and 90% of what they say as they do. Adult learners learn better if they are ACTIVELY involved in the learning process! The following has been adapted from the West Virginia Department of Psychology Undergraduate Handbook (http://www.as.wvu.edu/psyc/Undergraduate/Handbook/StudentSuccess/actpass.htm) 1 Active: Attend virtual class room and chat sessions. Pay attention, participate in discussions, and asks questions. Active: Skim assignments first, make up a list of questions they want answered, and then read the assignment to answer the questions. Kimberly Merrit. Sillabus MIS Spring 2007. Cameron University. Computing & Technology Department. 2 Syllabus – IAS2233 OnLine -3 Active: Participates in the learning environment, making choices, looking for answers outside of the class environment. Active learners want deep learning. Deep learning is insightful learning. Deep learners look for the meaning behind the learning. There will be extra credit points for students that participate in virtual class rooms, group discussions and other interactions programmed for this course. No more than 50 points will be grant for this Extra credit. BLACKBOARD: Blackboard (http://blackboard.cameron.edu/ ) will be used throughout the course to provide a forum for disseminating information, group work, discussions, projects, and for exams. The correct blackboard course in which to enroll is: Intro Information Assurance/Security. EVALUATIONS: Exams. Exams are done individually. There are three (3) scheduled exams for this course. This includes the final. Please see at the end of this syllabus the schedule and Blackboard. The exam format will typically be multiple choices, short answers and essays. Exams are open notes and book. Every exam covers all the content covered in the book, home works and projects. Every exam has two parts. For the first part, you have 1:30 hours and for the second part you have at most 1:00 hour. After those periods of time the exam will not be available. Once you begin an exam, you have to finish it. You are going to use Blackboard for presenting your exams. Under Assignments, you will find the option exams and in there you will find the scheduled exam. You can take the exam only once and in the due day the exam is scheduled. Exams will not be curved and must be taken individually. Midterms will be available from 6:00 am. To 8:00 pm. As University Policy Students have to take an exam proctored, saying that the final will proctored and you have to e-mail the corresponding party (to be announced) about the place on campus where you will take it in the specific date given by your Instructor. Every exam cover all the content studied in the book and assigned by the instructor as home works, projects and readings. The answer to the question if this is going to be in the exam is YES. The answer to the question of what chapters are going to be in the exam is ALL. Quizzes. There will be no quizzes in this course. Make-up Exams. As a general rule, there will be no make-up examinations. If extenuating circumstances beyond the student’s control exists (e.g. immediate family member death, hospitalization, serious illness or accident), email the instructor. Make-ups are at the instructor’s discretion and will be made on a case-by-case basis. No consideration will be given after the fact unless the gravest circumstances exist and no late that one week after the due date of the exam. 3 Syllabus – IAS2233 OnLine -4Projects. There will be three projects which apply and expand concepts covered in this course. All projects must be done in a word processor. No handmade reports are accepted and only electronic copies have to have submitted through Blackboard. Look under assignment using the tab projects and after that look for the corresponding project submission, in order to submit the corresponding project. Projects are done in teams of two students. No hardcopies or e-mail attachments are accepted. It is mandatory to keep electronic copy of projects and scripts submitted. No changes can be made to documents, scripts and files submitted for evaluation. Students must keep backups of those files which may be asked for the Instructor for revision and evaluation. Lateness penalties for projects Projects must be done the due date, if not, students will get 0 (zero) points in it. There is no exception to this policy. Home works. There will be review questions and exercises from the end of each chapter that will not be received by the instructor for grading. However, some of those could be part of extra credit according to the discretion of the Instructor. No more than 50 points will be grant for homework extra credit. Preparation for Class and studying together: Students must be adequately prepared for each exam. Students must have into accounted that exams, and projects are made individually and that students must give credit were credit must be done giving the corresponding citation. In addition, the instructor may call upon students/student groups to discuss topics assigned from assignments. Because the virtual class room are designed to expand upon and clarify text concepts, students who fail to read the assigned material may not understand the material and may not draw full benefit from discussion. GRADING: Grades are computed on the basis of points earned according to the Tables bellow. Exams, and Projects could have different points according to the difficulty of each one and those are at the discretion of the instructor. ACTIVITY Points Exam 1 Exam 2 Final Exam Projects 200 200 200 400 Total 1000 Grading Criteria: 4 Syllabus – IAS2233 OnLine -5Grade A B C D F Percentage >= 900 800 – 899 700- 799 600 – 699 < 600 Note: The instructor reserves the right to adjust the grading plan to account for unusual circumstances. Grades will be posted on blackboard at most 36 hours after the corresponding evaluation takes place, and if there is any question or concern about a grade, students have 1 week to e-mail the instructor. CONDUCT: Please refer to the Common Syllabus under Cameron Links in Blackboard, this is part of this syllabus. Academic Honesty. Each student is expected to engage in all academic pursuits in a manner that is above reproach. Students are expected to maintain complete honesty and integrity in the online academic experiences. Any student found guilty of academic dishonesty will be subject to disciplinary action as outlined in the Cameron University Student Handbook, Cameron University Code of Student Conduct. If in doubt about proper conduct for graded activities, please ask the instructor. DROP DATES: It is the student’s responsibility to withdraw from the class on or before the appropriate drop date. Failure to withdraw by the appropriate deadline may result in a failing grade. ATTENDANCE: Attendance: If a student does not “login” to the course within the first 2 weeks of class, the student can be dropped from the course. NETIQUETTE: e-mails. 2 Whenever you send an e-mail to me please pay attention to the following guideline: Tom Russell. Work shop on “Three quick WAC strategies to get your semester off to a great start” Cameron University Jan. 7 2008. trussell@cameron.edu 2 upon entering the lab. The telephone number of the Burch Hall lab is (580)-581-2338. 5 Syllabus – IAS2233 OnLine -6 Writte down the subject indicating what class you belong to. For example IAS2233 Project # 1 submission date. Begin the body of the e-mail greeting. After greeting explain clearly the purpose of your e-mail. The more information you provide the better. Finally, write down your complete name as it appears in blackboard. I always reply e-mails at most 24 hours after I receive it, but if you do not follow this guideline, your e-mail will be automatic deleted and you will receive an automatic reply in this regard. As Cameron University policy, you have to use your Cameron e-mail account for every email used in this course. If for any reason you cannot contact your Instructor by e-mail, you can call him at his office (580)-581-7934. 6 Syllabus – IAS2233 OnLine -7- Tentative Schedule DATES Jan 06 - 12 SEMEST ER WEEKS 1 COURSE TOPICS Syllabus. Beginning of Project # 1. Introduction to Information Security: What is security? CNSS (NSTISSI-4011) Security Model. Components of an Information System. Approaches to Information Security Implementation. The system Development Life Cyle. The Security Systems Development Life Cycle.Security professionals and the Organization. TEXT CHAPTERS Chapter 1 Chapter Summary Pag 33. Review questions Pag. 33 & 34. Exercises Pag 34 #2, 3, & 5. Jan 13 - 26 2-3 The Need for Security: Business Needs First, Threats, Attacks, Secure Software Development. Chapter 2 Chapter Summary Pag. 82. Review Questions Pag 83 & 84 . Exercises Pag. 84 # 1, 3, & 5. Jan 27 – Feb 2 4 Project 1 Submission on Feb 2nd. Beginning of Project # 2. Legal, Ethical, and Professional Issues in Information Security: Laws and Ethics in Information Security. Relevant U.S. Laws. International Laws and Legal Bodies. Ethics and Information Security. Codes of Ethics and Professional organizations. Chapter 3 Chapter Summary Pag. 113. Review Questions Pg. 114 & 115. Exercises pag. 115 #1, 4 & 5. Feb 3 - 9 5 Risk Management: Overview, Risk identification, Risk Assessment, Risk Control Strategies, Quantitative vs. Qualitative Risk Control Practices. Risk Management. Chapter 4 Chapter Summary Pag. 166 & 167. Review questions Pa. 167-168. Exercises Pag. 168 & 169 # 1, 3, & 5. Exam # 1on Feb. 9th .Online. 7 Syllabus – IAS2233 OnLine -8DATES Feb 10 - 23 SEMEST ER WEEKS 6-7 COURSE TOPICS Planning for Security: Information Security Planning and Governance, Information Security Policy Standards, and Practices, The Information Security Blueprint, Security education, Training, and Awareness program, Continuity Strategies. TEXT CHAPTERS Chapter 5 Chapter Summary Pag. 240 & 241. Review Questions Pag 241 & 242. Exercies Pag 242 # 5. Feb 24 – March 1 8 Project # 2 Submission on March 1st. Beginning of Project # 3. Security Technology: Firewalls and VPNs: Access Control, Firewalls, protecting remote Conections. Chapter 6 Chapter Summary Pag. 286. Review Questions Pag. 287. Exercises Pag. 288 # 5. March 2 - 8 9 Security Technology: Intrusion Detection, Access Control, and other Security Tools: Intrusion Detection and Prevention Systems, Honeypots, Honeynets, and Padded Cell Systems, Scanning and Analysis Tools, Biometric Access Controls. Chapter 7 Chapter Summary Pag. 344 & 345. Review Questions Pag. 345 & 346. Exercises Pag. 346 # 1. March 9 - 23 10-11 Cryptography: Foundations of Cryptography, Cipher Methods, Cryptographic Algorithms, Cryptographic Tools, Protocols for Secure Communications, Attacks on Cryptosystems Chapter 8 Chapter Summary Pag. 392 & 393. Review Questions Pag. 393 & 394. Exercises Pag. 394 # 1. Exam # 2 on March 16th. Online March 26 29 12 Physical Security: Physical Access Controls, Fire Security and safety, Failure of Supporting Utilities and Structural Collapse, Interception of Data, Mobile and Portable Systems. Chapter 9 Chapter Summary Pag. 427. Review Questions Pag. 428. Exercises Pag. 429 # 1, 2 and 4. 8 Syllabus – IAS2233 OnLine -9DATES March 30 – April 5 SEMEST ER WEEKS 13 COURSE TOPICS Implementing Information Security: Information Security Project Management, Technical and Non-Technical Aspects of Implementation, Information Systems Security Certification and Accreditation. TEXT CHAPTERS Chapter 10 Chapter Summary Pag. 465. Review Questions Pag. 466. Exercises Pag. 467 # 1. Project # 3 on April 5th Submission. April 6 - 19 14-15 Security and Personnel: Positioning and Staffing the security Function, Credentials of Information Security Professionals, Employment Policies and Practices, Security Considerations for Nonemployees, Internal Control Strategies, Privacy and the security of Personnel Data. Chapter 11 Chapter Summary Pag. 503. Review Questions Pag. 505. Exercises Pag. 506 # 1, 2, 3, 4, and 5. April 20 - 26 16 Information Security Maintenance: Security Management Maintenance Models. Digital Forensics. Chapter 12 Chapter Summary Pag. 574. Review Questions Pag. 575. Exercises Pag. 576 # 1, 2, 3, 4, and 5. Final Exam. Online Proctored On Campus from April 27th to May 4th and from 8:00 am to 5:30 pm. Students have to register. Campus Labs The labs on the second floor of the Howell Hall Building are open five days each week as follows: M-Fri 8:00 AM – 5:00 PM The Campus Lab at Burch Hall is open most holidays. Be prepared to show your current student ID card. 9