Add to collection(s) Add to saved
  1. Business
  2. Management

HAMPTON UNIVERSITY

advertisement 
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
CSC 382 Introduction to Information Assurance (Online)
Online Comments
This is an online course. The following information is very important. CSC 382 is the capstone course for
CSC/CIS majors receiving CNSS 4011. It is also the prerequisite for students starting the CNSS 4012 course
sequence. An awareness of the materials is the goal. You will be responsible for a number of readings and
Cyber Security Training modules (see http://www.teexwmdcampus.com/index.k2?locRef=1) . The
workload is reasonable but continuous. I will not accept any late submissions and you are expected to
follow instructions.
If you have questions, contact me at once (see contact information below). If you have trouble with
BlackBoard or using the Hampton University intranet system, contact me immediately.
Course Description
An introduction to the various technical and administrative aspects of Information Security and Assurance.
This course provides the foundation for understanding the key issues associated with protecting
information assets, determining the levels of protection and response to security incidents, and designing a
consistent, reasonable information security system, with appropriate intrusion detection and reporting
features. The purpose of the course is to provide the student with an overview of the field of Information
Security and Assurance. Students will be exposed to the spectrum of Security activities, methods,
methodologies, and procedures. Coverage will include inspection and protection of information assets,
detection of and reaction to threats to information assets, and examination of pre- and post-incident
procedures, technical and managerial responses and an overview of the Information Security Planning and
Staffing functions.
INSTRUCTOR: Mr. Robert A. Willis Jr.
Office: ST 120 Telephone: 757-727-5556
Office Hours:
 MWF 9:00 – 11:00
 TR
Contact:
11:00 – 1:00
 E-Mail: robert.willis@hamptonu.edu
 Skype: rwjr1944
1
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
 Twitter: rwjr1944
Course Objectives: After completing the course, students will be able to:






Identify and prioritize information assets.
Identify and prioritize threats to information assets.
Define an information security strategy and architecture.
Plan for and respond to intruders in an information system
Describe legal and public relations implications of security and privacy issues.
Present a disaster recovery plan for recovery of information assets after an incident.
Minimum Competencies: Students meeting minimum competencies should expect to
receive a grade between 74% and 77%. Minimum competencies for this course are as
follows:





Identify and prioritize information assets.
Identify and prioritize threats to information assets.
Define an information security strategy and architecture.
Plan for and respond to intruders in an information system
Describe legal and public relations implications of security and privacy issues.
Course Topics: This course will cover most of the information assurance concepts including:














Introduction to Information Security (3 hours)
The Need for Security (3 hours)
Legal, Ethical, and Professional Issues in Information Security (3 hours)
Risk Management (3 hours)
Planning for Security (3 hours)
Technology: Firewalls, VPNs, IDS, and Access Control (3 hours)
Cryptography (3 hours)
Physical Security (3 hours)
Implementing Security (3 hours)
Security and Personnel (3 hours)
Information Security Maintenance (3 hours)
Supplement Materials (contents from the optional textbooks) (3 hours)
Laboratory (9 hours)
Mapping to CNSSI 4011 can be found here.
Textbooks:
2
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
 (required) Principle of Information Security, 3rd edition, Michael E. Whitman & Herbert J.
Mattord, Thomson, 2009.
 (on reserve for required readings) The CISSP Prep Guide: Mastering the CISSP and ISSEP
Exams, 2nd edition, Ronald L. Krutz and Russell Dean Vines, Wiley, 2004.
 (on reserve for required readings) Security in Computing, 3rd edition, C. P. Pfleeger, S. L.
Pfleeger, Prentice Hall, 2003.
Supplemental Materials (SM):
Materials not available via the Internet are posted
on BlackBoard
 (SM-1) Maconachy, Schou, Ragsdale and Welch, A Model for Information Assurance: An
Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY 56 June 2001. (required reading)
 (SM-2) NSTISSAM TEMPEST/1 & 2 - 95, December 1995 (some required readings)
 (SM-3) Operations Security (OPSEC), Joint Publication 3-13.3, 29 June, 2006 (some required
readings).
 (SM-4) HUMINT, http://en.wikipedia.org/wiki/HUMINT (some required reading)
 (SM-5) Technical Surveillance Countermeasures Program, Department of Defense, Number
5240.05, Feb. 22, 2006 (some required reading)
 (SM-6) NASA COMSEC Procedures and Guidelines, NPG 1600.6A, Effective Date: March 2,
2000, Expiration Date: March 2, 2002 (some required reading)
 (SM-7) Automated Information Systems (AIS) Security, Department of Veterans Affairs, VHA
Directive 6210, Transmittal Sheet, March 7, 2000 (some required reading)
 (SM-8) Automated Information Systems Security Policy, U.S. Customs Service, Office of
Information and Technology (some required reading)
 (SM-9) Security Standard Operating Procedure No. 4, SSOP NO.4, NAVAL COMMAND,
CONTROL, AND OCEAN SURVEILLANCE CENTER (some required reading)
 (SM-10) Personnel Security Standard, Virginia's Community College,
http://system.vccs.edu/its/InformationSecurityProgram/PersonnelSecurityStandard.htm (some
required reading)
 (SM-11) Personnel Security, University of Mary Washington,
http://www.umw.edu/policies/itsecurityprogram/personnel_security/default.php (some required
reading)
 (SM-12) Standard Practice Procedures for Security Service, George Mason University,
http://www.gmu.edu/departments/universityoperations/SPP%20-%20REV%20Feb%202008.pdf
(some required reading)
 (SM-13) Security Mechanism, RBC bank, http://www.rbcbankusa.com/privacy_security/cid101718.html (some required reading)
3
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
 (SM-14) Software Security Policy, Purdue University,
http://www.purdue.edu/securepurdue/standards/softwareSecurity.cfm (some required reading)
 (SM-15) Audit Trials, HP, http://docs.hp.com/en/5992-3387/ch10s05.html (some required
reading)
 (SM-16) Audit Logging Security Standards, IRS, http://www.irs.gov/irm/part10/ch01s05.html
(some required reading)
 (SM-17) Defending Medical Information Systems Against Malicious Software, Joint
NEMA/COCIR/JIRA Security and Privacy Committee (SPC),
http://www.himss.org/content/files/medical-defendingNEMAwhitepaper.pdf (some required
reading)
 (SM-18) Declassification and Downgrading, Army Regulation 280-5, Chapter 3,
http://www.fas.org/irp/doddir/army/ar380-5/iii.htm (some required reading)
 (SM-19) Using Context- and Content-Based Trust Policies on the Semantic Web, Christian Bizer
& Radoslaw Oldakowski, In Proceeding of WWW2004, May 17-22, 2004, New York, NY, USA,
www4.wiwiss.fu-berlin.de/bizer/SWTSGuide/p747-bizer.pdf (some required reading)
 (SM-20) Input Signal Rage Guidance, www.altra.com,
http://www.altera.com/literature/wp/wp_edge_rate_guidance.pdf (some required reading)
 (SM-21) Design of an intelligent materials data base for the IFR, Transactions of the American
Nuclear Society ; Vol/Issue: 65; American Nuclear Society annual meeting; 7-12 Jun 1992;
Boston, MA (United States); DOE Project,
http://www.osti.gov/energycitations/product.biblio.jsp?osti_id=7232432 (some required reading)
 (SM-22) An Introduction to Computer Security - The NIST Handbook,
http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf (some required reading)
Tentative Course Outline:
Please note that this is an online course and that the
schedule will be followed. You are expected to
follow the schedule.
Week
Topics
Text chapters
Tests /
Assignments
1
1.
Introduction to Information Security
Whitman Ch1 &
HW1
1.1. The History of Information Security
Krutz Ch11, 12 &
1.2. What is Security / Information Security?
1.3. Critical Characteristics of Information
Security?
4
SM-1
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
1.4. NSTISSC Security Model
1.5. Information Assurance Model
(Maconachy, Schou, Ragsdale (MSR)
Cube) (Supplemental Materials SM-1)
1.6. Components of an Information System
1.7. Securing Components
1.8. Balancing Information Security and
Access
1.9. Approaches to Information Security
Implementation
1.10. The Systems Development Life Cycle
1.11. The Security Systems Development Life
Cycle
1.12. Systems Life Cycle Processes,
Certification, and Accreditation (Krutz
Ch11, Ch12)
1.13. Security Professionals and the
Organization
1.14. Communities of Interest
1.15. Information Security: Is it an Art or a
Science?
1.16. Information Security Terminology
2
2.
The Need for Security
Whitman Ch2 &
2.1. Business Needs First
Krutz Ch6 &
2.2. Threats
SM-3, SM-4, SM-13,
2.3. Attacks
SM-14
2.4. OPSEC Process (Operations Security)
(Krutz Ch6 & Supplemental Material SM-
5
HW2
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
3)
2.5. OPSEC Surveys / OPSEC Planning
(Operations Security) (Krutz Ch6 &
Supplemental Material)
2.6. Unclassified Indicators (Operations
Security) (Krutz Ch6 & Supplemental
Material SM-3)
2.7. HUMINT (Krutz Ch6, Supplemental
Materials SM-4)
2.8. Media Processes - Attribution,
Destruction, Classification, Sanitization,
Transportation, Inventory (Krutz Ch6)
2.9. Security Software Development (Whitman
Ch2, Supplemental Materials SM-13, SM14)
3
3.
Legal, Ethical, and Professional Issues in
Information Security
Whitman Ch3 &
HW3
Krutz Ch9
3.1. Law and Ethics in Information Security
3.2. Types of Law
3.3. Relevant U.S. Laws
3.4. International Laws and Legal Bodies
3.5. Policy versus Laws
3.6. Ethics and Information Security
3.7. Codes of Ethics and Professional
Organizations
3.8. evidence collection and preservation
(Krutz Chapter 9)
4
Laboratory 1
Review
TBA
6
Exam 1 TBA
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
5
4.
Risk Management
Whitman Ch4 &
4.1. An Overview of Risk Management
Krutz Ch1
4.2. Risk Identification
4.3. Risk Assessment
4.4. Risk Control Strategies
4.5. Selecting a Risk Control Strategy
4.6. Risk Management Discussion Points
4.7. Documenting Results
4.8. Recommended Practices in Controlling
Risk
4.9. National Threats, Vulnerabilities,
Countermeasures, Risk Management, and
other facets of NSTISS (Krutz Ch1)
6
5.
Planning for Security
Whitman Ch5 &
5.1. Information Security Policy, Standards,
and Practices
Krutz Ch1, Ch3 &
5.2. Telecommunication Systems,
Telecommunications Policies and
Security, Contracts and Reference,
Vulnerabilities, Threats, Countermeasures
(Krutz Ch3)
5.3. Security Policies Implementation (Krutz
Ch1)
5.4. The Information Security Blueprint
5.5. Security Education, Training, and
Awareness Program
5.6. Continuity Strategies
5.7. AIS Security Policy (Supplemental
7
SM-6, SM-7, SM-8,
SM-9
HW4
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Materials SM-7 & SM-8)
5.8. Security Standard Operating Procedure
(Supplemental Materials SM-9)
5.9. COMSEC (Supplemental Materials SM-6)
7
6.
Security Technology
Whitman Ch6, Ch7 &
6.1. Physical Design
Pfleeger Ch3, Ch4,
Ch5
6.2. Computer Security - Access Control,
Audit, Identification and Authentication,
operating system security, trusted
operating system, and Object Reuse
(Pfleeger Ch3, Ch4, Ch5)
HW5
& SM-5
6.3. Firewalls
6.4. Protecting Remote Connection
6.5. Introduction Detection Systems
6.6. Honey Pots, Honey Nets, and Padded Cell
Systems
6.7. Scanning and Analysis Tools
6.8. Access Control Devices
6.9. Technical Surveillance Countermeasures
(Supplemental Materials SM-5)
8
7.
Whitman Ch8
Cryptography
7.1. A Short History of Cryptology
7.2. Principles of Cryptography
7.3. Cryptography Tools
7.4. Protocols for Secure Communications
7.5. Attacks on Cryptosystems
8
Exam 2 –
TBA
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
9
8.
Whitman Ch9
Physical Security
8.1. Physical Access Control
HW7
Laboratory 2
8.2. Fire Security and Safety
8.3. Failure of Supporting Utilities and
Structural Collapse
8.4. Interception of Data
8.5. Mobile and Portable Systems
8.6. Special Consideration for Physical
Security Threats
10
9.
Implementing Information Security
Whitman Ch10 &
9.1. Project Management for Information
Security
Krutz Ch5, Ch6
HW8
9.2. Technical Topics of Implementation
9.3. Nontechnical Aspects of Implementation
9.4. Operations Security (Krutz Ch6)
9.5. Security Architectures and Design
11
Whitman Ch11 &
10. Security and Personnel
10.1. The Security Function Within an
Organization's Structure
Krutz Ch1, Ch6 &
10.2. Positioning and Staffing the Security
Function
10.3. Credentials of Information Security
Professionals
10.4. Employment Policies and Practices
10.5. Security Considerations for Nonemployees
10.6. Separation of Duties and Collusion (Krutz
Ch1, Ch6)
9
SM-10, SM-11, SM-12
HW9
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
10.7. Privacy and the Security of Personnel
Data
10.8. Information Classification Roles (Krutz
Ch1)
10.9. Personnel Security Standard
(Supplemental Materials SM-10, SM-11,
SM-12)
12
Whitman Ch12
Laboratory 3
11. Information Security Maintenance
11.1. Managing for Change
11.2. Security Management Models
11.3. The Maintenance Model
Digital Forensics
13
12. TEMPEST Security (Supplemental Materials
SM-2)
SM-2
12.1. Introduction
12.2. Definition
12.3. RED/BLACK Installation
Recommendation
12.4. Guidance for TEMPEST Integrity
12.5. Secure Voice Systems
12.6. Sensitive Compartment Information
Important Dates:
TBA
The following information applies to all students in the School of Science:
10
HW10,
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
In addition to the minimum grade requirements established by Hampton University, all majors within the
School of Science must pass all required courses offered within the School of Science with a grade of “C”
or better in order to satisfy degree requirements. The minimum grade requirement is in effect for all
science courses taken during Fall 2001 and beyond.
Course Assignment and Calendar:
Homework Assignments: There are two types of homework assignments: problems and projects. Both of
them will be issued and specified with their due date in Blackboard. Problems will be used to evaluate the
understanding of course materials and projects will be used to evaluate the complexity of algorithm studied
in class. All of the projects must be implemented by Java in Unix/Linux environments (when appropriate).
Late submissions will not be accepted and will be counted as zero.
Final Exam
The exam will be given on the date scheduled by the registrar. The exam will be comprehensive. There are
no exemptions from the exam.
 TBA
Attendance
Hampton University’s attendance policy will be observed, which means that you are expected to attend all
classes as scheduled. You are responsible for any assignments, deliveries, and class discussions at all
times. I will take attendance at the beginning of each class period. If you are not present for the roll call,
attendance points will be deducted from your grade. I will not tolerate habitual tardiness; it is disruptive
and unfair to your fellow students.
Writing-Across-The-Curriculum
Hampton University adopts the policy in all courses of “writing across the curricula”. In this course, the
objectives will be achieved by homework assignments, program comments, and various tests.
The Ethics Paper: Details about the ethics paper will be provided at least one month prior to the
due date. The ethics paper will be graded based on the criteria listed in “Hampton University
Scoring Rubric”.
Grades
The final grade of this course will be determined by the combined weight of following components:
11
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Examinations (2)
20 %
Homework (10)
40 %
Laboratory (3)
15%
Ethics Paper
5%
Final exam (Comprehensive)
20 %
Course grades will follow the scale of the university grading system:
A+
98-100
A
94-97
A-
90-93
B+
88-89
B
84-87
B-
80-83
C+
78-79
C
74-77
C-
70-73
D+
68-69
D
64-67
D-
60-63
12
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
F
Below 60
Make-Up Policy: No make-up tests will be given without pervious arrangements, a
written medical excuse, or an emergency approved by appropriate university official.
Policy on Academic Dishonesty: Please see page 29 of the Student Handbook.
Cheating: A student caught cheating on an examination or plagiarizing a paper which forms a part of a
course grade shall be given an "F" in the course and will be subject to dismissal from the University, A
student is considered to be cheating if, in the opinion of the person administering an examination (written
or oral), the student gives, seeks, or receives aid during the process of the examination; the student buys,
sells, steals, or otherwise possesses or transmits an examination without authorization; or, the student
substitutes for another or permits substitution for himself/ herself during an examination. All cases of
cheating shall be reported by the instructor to the chair of the department in which the cheating occurred,
to the school dean/division director and to the Provost.
No penalty shall be imposed until the student has been informed of the charge and of the evidence upon
which it is based and has been given an opportunity to present his/her defense. If the faculty member and
the student cannot agree on the facts pertaining to the charge, or if the student wishes to appeal a penalty,
the issue may be taken to the department chair. Each party will present his/her case to the chair who shall
then call a meeting of all involved parties. If the issue is not resolved at the departmental level, the dean
shall conduct a hearing. If the issue is not resolved at the school level either party may appeal the decision
at the school level to the Provost who shall convene the appropriate individuals and conduct a hearing in
order to resolve the issue.
Plagiarism: Plagiarism is defined as "taking and using as one's own the writing or ideas of another." All
materials used to meet assigned written requirements of a course, from any source, must be given proper
credit by citing the source. A student caught plagiarizing a paper which forms a part of a course grade
shall be given an "F" in the course and will be subject to dismissal from the University.
PENALTIES FOR ACADEMIC DISHONESTY
Cases of academic dishonesty are initially investigated and reported by members of the instructional
faculty to the chairperson of the department in which the cheating occurred, to the school dean, division
director and to the Provost. Also, penalties for minor violations of academic dishonesty are to be
recommended at the discretion of the instructor. The penalties for academic dishonesty on examinations
and major course requirements may include one of the following:
1. A grade of "F" on the examination or project.
2. A grade of "F" on the examination or project and dismissal from the course.
13
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
3. A grade of “F” on the examination or project, dismissal from the course and from the University.
When dismissal from the University is the recommended penalty, the chairman of the department submits
the details of the case to the Provost who schedules a hearing.
ADMINISTRATIVE ACTION
The Provost has the authority to dismiss or expel any student who fails to meet scholarship requirements or
to abide by academic regulations.
Dress Code:
This code is based on the theory that learning to select attire appropriate to specific occasions and
activities is a critical factor in the total educational process. Understanding and employing the Hampton
University Dress Code will improve the quality of one’s life, contribute to optimum morale, and embellish
the overall campus image. It also plays a major role in instilling a sense of integrity and an appreciation
for values and ethics as students are propelled towards successful careers.
Students will be denied admission to various functions if their manner of dress is inappropriate. On this
premise students at Hampton University are expected to dress neatly at all times. The following are
examples of appropriate dress for various occasions:
1.
2.
3.
4.
5.
Classroom, Cafeteria, Student Union and University Offices – casual attire that is neat and
modest.
Formal programs in Ogden Hall, the Convocation Center, the Student Center Ballroom, the Little
Theater and the Memorial Chapel – event appropriate attire as required by the event
announcement.
Interviews – Business attire.
Social/Recreational activities, Residence hall lounges (during visitation hours) – casual attire that
is neat and modest.
Balls, Galas, and Cabarets – formal, semi-formal and after five attire, respectively.
Examples of inappropriate dress and/or appearance include but not limited to:
1.
2.
3.
4.
Do-rags, stocking caps, skullcaps and bandannas are prohibited at all times on the campus of
Hampton University (except in the privacy of the student’s living quarters).
Head coverings and hoods for men in any building.
Baseball caps and hoods for women in any building.
a. This policy item does not apply to headgear considered as a part of religious or cultural
dress.
Midriffs or halters, mesh, netted shirts, tube tops or cutoff tee shirts in classrooms, cafeteria,
Student Union and offices;
14
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
5.
6.
7.
8.
9.
Bare feet;
Short shirts;
Shorts, all types of jeans at programs dictating professional or formal attire, such as Musical Arts,
Fall Convocation, Founder’s Day, and Commencement;
Clothing with derogatory, offensive and/or lewd message either in words or pictures;
Men’s undershirts of any color worn outside of the private living quarters of the residence halls.
However, sports jerseys may be worn over a conventional tee-shirt.
Procedure for Cultural or Religious Coverings
1.
2.
3.
Students seeking approval to wear headgear as an expression or religious or cultural dress may
make a written request for a review through the Office of the Chaplain.
The Chaplain will forward his recommendation the Dean of Students for final approval.
Students that are approved will then have their new ID card picture taken by University Police
with the headgear being worn.
All administrative, faculty and support staff members will be expected to monitor student behavior
applicable to this dress code and report any such disregard or violations to the Offices of the Dean or Men,
or Dean of Women for the attention of the Dean of Students.
CODE OF CONDUCT
Joining the Hampton Family is an honor and requires each individual to uphold the policies, regulations, and
guidelines established for students, faculty, administration, professional and other employees, and the laws of
the Commonwealth of Virginia. Each member is required to adhere to and conform to the instructions and
guidance of the leadership of his/her respective area. Therefore, the following are expected of each member
of the Hampton Family:
1. To respect himself or herself.
2. To respect the dignity, feelings, worth, and values of others.
3. To respect the rights and property of others and to discourage vandalism and theft.
4. To prohibit discrimination, while striving to learn from differences in people, ideas, and opinions.
5. To practice personal, professional, and academic integrity, and to discourage all forms of dishonesty,
plagiarism, deceit, and disloyalty to the Code of Conduct.
6. To foster a personal professional work ethic within the Hampton University Family.
7. To foster an open, fair, and caring environment.
15
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
8. To be fully responsible for upholding the Hampton University Code.
Students with disabilities which require accommodations should (1)
register with the Office of Testing Services and 504 Compliance to provide
documentation and (2) bring the necessary information indicating the need
for accommodation and what type of accommodation is needed. This should
be done during the first week of classes or as soon as the student receives
the information. If the instructor is not notified in a timely
manner, retroactive accommodations may not be provided.
DISCLAIMER
This syllabus is intended to give the student guidance in what may be covered during the semester and will
be followed as closely as possible. However, the professor reserves the right to modify, supplement and make
changes as course needs arise.
16
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Hampton University Scoring Rubric
The Hampton University Advisory Council of the Writing Program has approved and recommended the use of
the scoring rubric as a guide for evaluating student-writing performance across the curriculum.
6
A paper in this category:







States purpose (e.g., position or thesis) insightfully, clearly and effectively
Provide thorough, significant development with substantial depth and persuasively marshals support
for position
Demonstrates a focused, coherent, and logical pattern of organization
Displays a high level of audience awareness
Use disciplinary facts critically and effectively
Has support control of diction, sentence structure, and syntactic variety, but may have a few minor
flaws in grammar, usage, punctuation, or spelling
Documents sources consistently and correctly using a style appropriate to the discipline
5
A paper in this category:







States purpose (e.g., position or thesis) clearly and effectively
Provide development with some depth and complexity of thought and supports position convincingly
Demonstrates effect pattern of organization
Displays a clear sense of audience awareness
Use disciplinary facts effectively
Has good control of diction, sentence structure, and syntactic variety, but may have a few minor
errors in grammar, usage, punctuation, or spelling
Documents sources correctly using a style appropriate to the discipline
4
A paper in this category:





States purpose (e.g., position or thesis) adequately
Provides competent development with little evidence of complexity of thought
Demonstrates an adequate pattern of organization
Displays some degree of audience awareness
Uses disciplinary facts adequately
17
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy


Has adequate control of diction, sentence structure, and syntactic variety, but may have some error in
grammar, usage, punctuation, or spelling
Documents sources adequately using a style appropriate to the discipline
3
A paper in this category:







States purpose (e.g., position or thesis) but with varying degree of clarity
Provides some development for most ideas
Demonstrates some pattern of organization, but with some lapses from the pattern
Displays uneven audience awareness
Uses some disciplinary facts
Has some control of diction, sentence structure, and syntactic variety, but may have frequent error in
grammar, usage punctuation, or spelling
Documents sources using a style appropriate to the discipline, but may have errors.
2
A paper in this category:







States purpose (e.g., position or thesis) unclearly
Provides inadequate development of thesis
Demonstrates inconsistent pattern of organization
Displays very little audience awareness
Uses disciplinary facts ineffectively
Has little control of diction, sentence structure, and syntactic variety, and may have a pattern of
errors in grammar, usage, punctuation, or spelling
Acknowledges sources but does not document them using a style appropriate to the discipline
1
A paper in this category:






Fails to state purpose (e.g., position or thesis)
Fails to develop most ideas
Lacks a pattern of organization
Displays no audience awareness
Use few or no disciplinary facts
Lakes control of diction, sentence structure, and syntactic variety, with a pattern of errors in
grammar, usage, punctuation, or spelling
18
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy

Fails to document or acknowledge sources
19
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Mapping to NSTISSI 4011 Standard
C.
Security Basics (Awareness
Level)
Instructional/Behavioral
Content
a
Using the Comprehensive
Model of Information Systems
Security, introduce a
comprehensive model of
information systems security
that addresses:
*
The student will list and describe
the elements of AIS security.
Topic 1.2-1.3 Pg. 8-9
Whitman
*
The student will summarize security
disciplines used in protecting
government automated information
systems.
Topic 1.2-1.7 Pg. 8-17
Whitman
b
critical characteristics of
information information states,
and security measures.
*
Student will give examples of
determinants of critical
information.
Topic 1.2-1.8 Pg. 3-18
Whitman
Topical Content
a
INFOSEC Overview:
Chapter 2: The Need for Security
Whitman
*
threats
Topic 2.2, Chapter 2: Threats Pg. 38- 59
Whitman
*
vulnerabilities
Topic 2.2, 2.3, 4.9, Whitman Chapter 2: Attacks
Pg. 60-68 / Krutz Chapter1: Information Security
and Risk Management Pg. 28
Whitman +
Krutz
20
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
critical information characteristics
+
Chapter 1: Introduction
Whitman
confidentiality
Topic 1.2-1.5, Chapter 1: Confidentiality Pg. 10
Whitman
+
integrity
Topic 1.2-1.5, Chapter 1: Integrity Pg. 12
Whitman
+
availability
Topic 1.2-1.5, Chapter 1: Availability Pg. 10
Whitman
*
information states
+
transmission
Topic 1.4-1.5, Chapter 1: NSTISSC Security
Model Pg. 13
Whitman
+
storage
Topic 1.4-1.5, Chapter 1: NSTISSC Security
Model Pg. 13
Whitman
+
processing
Topic 1.4-1.5, Chapter 1: NSTISSC Security
Model Pg. 13
Whitman
*
security countermeasures
+
technology
Topic 6.1-6.8 Chapter 6 & 7: Security
Technology Pg. 243-282
Whitman
+
policy, procedures and practices
Topic 1.4-1.5, 5.1,5.3,5.4, Chapter 1:
Information Security Policy, Standards, and
Practices Pg. 173-185
Whitman
+
education, training and awareness
Topic 1.4-1.5, 5.6, Chapter 5: Security
Education, Training, and Awareness Program
Pg. 203-206
Whitman
Whitman
b
Operations Security (OPSEC):
*
OPSEC process
Topic 2.4, Krutz Chapter 6: Operations Security
Pg. 339-358 / OPSEC (Supplemental materials
SM-3)
Krutz +
Supplemental
materials
*
INFOSEC and OPSEC
interdependency
Topic 2.4, Krutz Chapter 6: Operations Security
Pg. 339-358 / OPSEC (Supplemental materials
SM-3)
Krutz +
Supplemental
materials
21
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
unclassified indicators
Topic 2.4, Krutz Chapter 6: Operations Security
Pg. 339-358 / OPSEC (Supplemental materials
SM-3)
Krutz +
Supplemental
materials
*
OPSEC surveys/OPSEC planning
Topic 2.4, Krutz Chapter 6: Operations Security
Pg. 339-358 / OPSEC (Supplemental materials
SM-3)
Krutz +
Supplemental
materials
c
Information Security:
*
policy
Topic 5.1, Chapter 5: Information Security
Policy, Standards, and Practices Pg. 174
Whitman
*
roles and responsibilities
Topic 10.2, Chapter 11: Positioning & Staffing
the Security Function Pg. 473-479
Whitman
*
application dependent guidance
Input Signal Rage Guidance (supplemental
materials SM-20); Design of an intelligent
materials data base for the IFR (supplemental
materials SM-21)
Supplemental
materials
d
INFOSEC
*
cryptography
+
strength (e.g., complexity, secrecy,
characteristics of the key)
Topic 7.2 Chapter 8: Cryptographic algorithims.
354-375
Whitman
+
encryption (e.g., point-to-point, network,
link)
Topic 7.2 Chapter 8: Cryptographic algorithims.
354-375
Whitman
+
key management (to include electronic
key)
Topic 7.2 Chapter 8: Cryptographic algorithims.
354-375
Whitman
*
transmission security
Topic 1.4-1.5 Whitman Chapter 1: NSTISSC
Security Model Pg. 14 / Information Assurance
Model (Maconachy, Schou, Ragsdale (MSR)
Cube)(Supplemental materials SM-1)
Whitman +
Supplemental
materials
*
emanations security
Topic 12.1, 12.3, 12.4 12. TEMPEST Security
(supplemental materials SM-2)
Supplemental
materials
22
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
physical, personnel and
administrative security
*
computer security
Topic 8.1-8.6, 10.1-10.7 Chapter 9: Physical
security Pg. 391-429. Chapter 11: Security and
Personnel Pg. 469-502
Whitman
+
identification and authentication
Topic 1.5, 6.2, 6.8, Pfleeger Chapter 2, 3, 5 /
Whitman Chapter 7: Security Technology Pg.
338 / Information Assurance Model (Maconachy,
Schou, Ragsdale (MSR) Cube)(Supplemental
materials SM-1)
Pfleger +
Whitman +
supplemental
materials
+
access control
Topic 6.2, 6.8, Pfleeger Chapter 2, 3, 5: Security
Features of Trusted Operating Systems Pg. 208213 / Whitman Chapter 7: Security Technology
Pg. 338
Pfleeger +
Whitman
+
audit
Topic 6.2, 11.1, Pfleeger Chapter 2, 3, 5:
Security Features of Trusted Operating Systems
Pg. 269-273 / Whitman Chapter 12: Information
Security Maintenance Pg. 517
Pfleeger +
Whitman
+
object reuse
Topic 6.2, Chapter 5: Security Features of
Trusted Operating Systems Pg. 270
Pfleeger
D.
NSTISS Basics (Awareness
Level)
Instructional/Behavioral
Content
a
Describe components (with
examples to include: national
policy, threats and
vulnerabilities,
countermeasures, risk
management, of organizational
units, facets of NSTISS)
23
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
Outline national NSTISS Policies.
Topic 5.1, 5.3, Whitman Chapter 5: Information
Security Policy, Standards, and Practices Pg.
172-186 / Krutz Chapter 1: Security Policy
Implementation Pg. 20-24
Whitman +
Krutz
*
Cite examples of threats and
vulnerabilities of an AIS.
Topic 2.2-2.3, 4.9, Whitman Chapter 2: Threats
and Attacks Pg. 40-73 / Krutz Chapter 1:
Information Security and Risk Management Pg.
28
Whitman +
Krutz
*
Give examples of Agency
implementation of NSTISS policy,
practices and procedures.
Topic 5.1-5.3, Whitman Chapter 5: Information
Security Policy, Standards, and Practices Pg.
172-184 / Krutz Chapter 1: Security Policy
Implementation 20-24
Whitman +
Krutz
Topical Content
a
National Policy and Guidance:
*
AIS security
Topic 5.1, 5.3, Whitman Chapter 5: Information
Security Policy, Standards, and Practices Pg.
172-186 / Krutz Chapter 1: Security Policy
Implementation Pg. 20-24
Whitman +
Krutz
*
communications security
Topic 5.2, Chapter 3: Telecommunications and
Network Security Pg. 95-96
Krutz
*
protection of information
Topic 1.4-1.5, 5.5-5.6, Whitman Chapter 1:
NSTISSC Security Model Pg. 13, Chapter 5:
Planning for Security Pg. 186-208 / Information
Assurance Model (Maconachy, Schou, Ragsdale
(MSR) Cube)(Supplemental materials SM-1)
Whitman +
supplemental
materials
*
employee accountability for agency
information
Topic 10.4 chapter 11: Privacy and the security
of Personnel Data. Pg. 492-500
Whitman
b
Threats to and Vulnerabilities of
Systems:
*
definition of terms (e.g., threats,
vulnerabilities, risk)
Topic 1.16 Chapter 1: Information Security
Terminology. Pg. 30-31
Whitman
24
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
major categories of threats (e.g.,
fraud, Hostile Intelligence Service
(HOIS), malicious logic, hackers,
environmental and technological
hazards, disgruntled employees,
careless employees, HUMINT, and
monitoring)
Topic 2.2 Chapter 2: Threats Pg. 40-63
Whitman
*
threat impact areas
Topic 2.2 Chapter 2: Threats Pg. 40-63
Whitman
c
Legal Elements:
*
fraud, waste and abuse
Topic 3.1-3.5 Chapter 3: Legal, Ethical, and
Professional Issues Pg. 87-99
Whitman
*
criminal prosecution
Topic 3.1-3.5 Chapter 3: Legal, Ethical, and
Professional Issues Pg. 87-99
Whitman
*
evidence collection and
preservation
Topic 3.8, Chapter 9: Legal, Regulations,
Compliance, and Inverstigation Pg. 497-498
Krutz
*
investigative authorities
Topic 3.1-3.5 Chapter 3: Legal, Ethical, and
Professional Issues Pg. 87-99
Whitman
d
Countermeasures:
*
cover and deception
Topic 6.6, Chapter 7: Security Technology Pg.
320-321
Whitman
*
HUMINT
Topic 2.7, Krutz Chapter 6: Operational E-mail
Security Pg. 382-386 / HUMINT (supplemental
materials SM-4)
Krutz +
supplemental
materials
*
monitoring (e.g., data, line)
Topic 6.5, 6.7, 6.8, Chapter 6: Security
Technology Pg. 289-300
Whitman
*
technical surveillance
countermeasures
Topic 6.9, Technical Surveillance
Countermeasures (supplemental materials SM-5)
supplemental
materials
*
education, training, and awareness
Topic 5.5, Chapter 5: Security Education,
Training, and Awareness Pg. 206-209
Whitman
25
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
assessments (e.g., surveys,
inspections)
e
Concepts of Risk Management:
*
Topic 6.1-6.8, Chapter 6 & 7: Security
Technology Pg. 243-279, 287-342
Whitman
threat and vulnerability assessment
Topic 4.3, 4.9, Whitman Chapter 4: Risk
Assessment Pg. 139-144 / Krutz Chapter 1: Risk
Management and Assessment Pg. 26-30
Whitman +
Krutz
*
cost/benefit analysis of controls
Topic 4.4-4.5, Chapter 4: Risk Management Pg.
145-154
Whitman
*
implementation of cost-effective
controls
Topic 4.4-4.5, Chapter 4: Risk Management Pg.
145-154
Whitman
*
consequences (e.g., corrective
action, risk assessment)
Topic 4.4-4.5, Chapter 4: Risk Management Pg.
145-154
Whitman
*
monitoring the efficiency and
effectiveness of controls (e.g.,
unauthorized or inadvertent
disclosure of information)
Topic 4.4-4.5, Chapter 4: Risk Management Pg.
145-154
Whitman
f
Concepts of System Life Cycle
Management:
*
requirements definition (e.g.,
architecture)
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28;
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578;
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
*
development
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28,
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578,
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
26
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
demonstration and validation
(testing)
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28,
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578,
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
*
implementation
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28;
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578;
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
*
security (e.g., certification and
accreditation)
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28;
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578;
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
*
operations and maintenance (e.g.,
configuration management)
Topic 1.10-1.12,10.3, Whitman Chapter 1:
Introduction to Information Security Pg. 20-28;
Whitman Chapter 11: Security and Presonnel
Pg. 479-491 / Krutz Chapter 11: Understanding
Certification and Accredittion Pg. 559-578;
Krutz Chapter 12: Initiation of System
Authorization Process Pg. 585-610
Whitman +
Krutz
g
Concepts of Trust:
27
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
policy
Topic 6.2, 9.4, Pfleeger Chapter 5: Designing
Trusted Operating Systems Pg. 229-232 / Krutz
Chapter 6: Operations Security Pg. 346-349 /
Using Context- and Content-Based Trust Policies
on the Semantic Web (supplemental materials
SM-19)
Pfleeger +
Krutz +
supplemental
materials
*
mechanism
Topic 6.2, 9.4, Pfleeger Chapter 5: Designing
Trusted Operating Systems Pg. 229-232 / Krutz
Chapter 6: Operations Security Pg. 346-349 /
Using Context- and Content-Based Trust Policies
on the Semantic Web (supplemental materials
SM-19)
Pfleeger +
Krutz +
supplemental
materials
*
assurance
Topic 2.9, 6.2, 9.5, Krutz Chapter 2: Secure
Software Development, Pg. 73-74; Krutz Chapter
5: Security Architecture and Design Pg. 314-316
/ Pfleeger Chapter 5: Designing Trusted
Operating Systems Pg. 229-232
Krutz +
Pfleeger
h
Modes of Operation:
*
dedicated
Topic 9.4, Chapter 6: Operations Security Pg.
349-350
Krutz
*
system-high
Topic 9.4, Chapter 6: Operations Security Pg.
349-350
Krutz
*
compartmented/partitioned
Topic 9.4, Chapter 6: Operations Security Pg.
349-350
Krutz
*
multilevel
Topic 9.4, Chapter 6: Operations Security Pg.
349-350
Krutz
i
Roles of Various Organizational
Personnel
*
senior management
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
28
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
program or functional managers
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
system manager and system staff
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
telecommunications office and staff
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
security office
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
COMSEC custodian
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
INFOSEC Officer
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
information resources management
staff
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
audit office
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
29
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
OPSEC managers
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
*
end users
Topic 10.1-10.4, 10.8 Whitman Chapter 11:
Security and Personnel Pg. 471-479 / Krutz
Chapter 1: Information Classification Roles Pg.
16-20
Whitman +
Krutz
j
Facets of NSTISS:
*
protection of areas
Topic 8.1-8.6 Chapter 9: Physical Security Pg.
399-429
Whitman
*
protection of equipment
Topic 8.1-8.6 Chapter 9: Physical Security Pg.
399-429
Whitman
*
protection of passwords
Topic 6.8 Chapter 7: Security Technology Pg.
338-339
Whitman
*
protection of files and data
Topic 6.5-6.8 Chapter 7: Security Technology
Pg. 287-342
Whitman
*
protection against malicious logic
Topic 2.9 Chapter 2: The Need For Security Pg.
73-80
Whitman
*
backup of data and files
Topic 9.4 Chapter 6: Operation Security Pg.
378-382
Krutz
*
protection of magnetic storage
media
Topic 2.8 Chapter 6: Operation Security Pg.
362-364
Krutz
*
protection of voice communications
Topic 5.2 Chapter 3: Telecommunications and
Network Security Pg. 95
Krutz
*
protection of data communications
Topic 5.2 Chapter 3: Telecommunications and
Network Security Pg. 95
Krutz
*
protection of keying material
Topic 7.2 Chapter 8: Cryptography Pg. 364-375
/ NASA COMSEC Procedures and Guidelines
(supplemental materials SM-6)
Whitman +
supplemental
materials
*
application of cryptographic
systems
Topic 7.3 Chapter 8: Cryptography, Pg. 375-382
Whitman
30
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
transmission security
countermeasures (e.g., callsigns,
frequency, and pattern forewarning
protection)
Topic 5.2 Chapter 3: Telecommunications and
Network Security Pg. 95-221
Krutz
*
reporting security violations
Topic 3.7, 11.3, Chapter 3: Legal and
Professional Issues in Information Security 108111; Chapter 12: Information Security
Maintenance Pg. 524-525
Whitman
E.
System Operating Environment
(Awareness Level)
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
Instructional/Behavioral
Content
a
Outline Agency specific AIS and
telecommunications systems.
*
Summarize Agency AIS and
telecommunications systems in
operation.
b
Describe Agency "control
points" for purchase and
maintenance of Agency AIS and
telecommunications systems
31
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
Give examples of current Agency
AIS/telecommunications systems
and configurations.
c
Review Agency AIS and
telecommunications security
policies
*
*
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
List Agency-level contact points for
AIS and telecommunications
systems and maintenance.
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
Cite appropriate policy and
guidance.
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
Topical Content
c
Agency Specific Security
Policies:
32
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
guidance
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
*
roles and responsibilities
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
*
points of contact
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
d
Agency specific AIS and
telecommunications policies
*
points of contact
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
33
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
references
F.
NSTISS Planning and
Management (Performance
Level)
Topic 5.1-5.3, 5,7, Whtiman Chapter 5:
Information Security Policy, Standards, and
Practices Pg. 172-186 / Krutz Chapter 1:
Policies, Standards, Guidelines, and Procedure
Pg. 20-26; Krutz Chapter 3:
Telecommunications and Network Security Pg.
95-98 / AIS Security (Policy) (supplemental
materials SM-7, SM-8)
Whitman +
Krutz +
supplemental
materials
Instructional/Behavioral
Content
a
Discuss practical performance
measures employed in designing
security measures and
programs
*
Builds a security plan that
encompasses NSTISS components
in designing protection/security for
an instructor-supplied description
of an AIS telecommunications
system.
Topic 5.4, Chapter 5: The Information Security
Bluepint, Pg. 186-201
Whitman
b
Introduce generic security
planning guidelines/documents
Topic 5.1-5.4, Whtiman Chapter 5: Information
Security Policy, Standards, and Practices Pg.
172-201 / Krutz Chapter 1: Policies, Standards,
Guidelines, and Procedure Pg. 20-26; Krutz
Chapter 3: Telecommunications and Network
Security Pg. 95-98
Whitman +
Krutz
Topical Content
34
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
a
Security Planning
*
directives and procedures for
NSTISS policy
Topic 1.4, 5.3, Whitman Chapter 1: NSTISSC
Security Model Pg. 13-14 / Krutz Chapter 1:
Security Policy Implementation Pg. 20-26
Whitman +
Krutz
*
NSTISS program budget
Topic 1.4, 5.3, Whitman Chapter 1: NSTISSC
Security Model Pg. 13-14 / Krutz Chapter 1:
Security Policy Implementation Pg. 20-26
Whitman +
Krutz
*
NSTISS program evaluation
Topic 1.4, 5.3, Whitman Chapter 1: NSTISSC
Security Model Pg. 13-14 / Krutz Chapter 1:
Security Policy Implementation Pg. 20-26
Whitman +
Krutz
*
NSTISS training (content and
audience definition)
Topic 1.4, 5.3, Whitman Chapter 1: NSTISSC
Security Model Pg. 13-14 / Krutz Chapter 1:
Security Policy Implementation Pg. 20-26
Whitman +
Krutz
b
Risk Management
*
information identification
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
*
roles and responsibilities of all the
players in the risk analysis process
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
*
risk analysis and/or vulnerability
assessment components
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
*
risk analysis results evaluation
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
*
corrective actions
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
*
acceptance of risk (accreditation)
Topic 4.1-4.2, Chapter 4: Risk Management Pg.
115-138
Whitman
c
Systems Life Cycle Management
35
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
management control process
(ensure that appropriate
administrative, physical,and
technical safeguards are
incorporated into all new
applications and into significant
modifications to existing
applications)
Topic 1.1, 9.4, Whitman Chapter 1: Introduction
to Information Security Pg. 25-28 / Krutz
Chapter 6: Operations Security Pg. 339-387
Whitman +
Krutz
*
evaluation of sensitivity of the
application based upon risk
analysis - determination of security
specifications
Topic 1.11, 4.1-4.2, Chapter 1: Introduction to
Information Security Pg. 25-28; Chapter 4: Risk
Management Pg. 115-138
Whitman
*
design review and systems test
performance (ensure required
safeguards are operationally
adequate)
Topic 1.11, Chapter 1: Introduction to
Information Security Pg. 25-28
Whitman
*
systems certification and
accreditation process
Topic 1.12, Chapter 11: Understanding
Ceertification and Accrediation Pg. 559-578;
Chapter 12: Initiation of the System
Authorization Process Pg. 586-610
Krutz
*
acquisition
Topic 1.11, 11.4, Chapter 1: Introduction to
Information Security Pg. 25-28; Chapter 12:
Information Security Maintenance Pg. 550
Whitman
d
Contingency Planning/Disaster
Recovery
*
contingency plan components
Topic 5.6, Chapter 5: Planning for Security, Pg.
210
Whitman
*
agency response procedures and
continuity of operations
Topic 5.6 Chapter 5: Planning for Security, Pg.
215-230
Whitman
*
team member responsibilities in
responding to an emergency
situation
Topic 5.6 Chapter 5: Planning for Security, Pg.
215-230
Whitman
*
guidelines for determining critical
and essential workload
Topic 5.4, 5.6, Chapter 5: Planning for Security,
Pg. 186-201, 209-233
Whitman
*
determination of backup
Topic 5.6 Chapter 5: Planning for Security, Pg.
Whitman
36
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
requirements
225-228
*
development of procedures for offsite processing
Topic 5.6 Chapter 5: Planning for Security, Pg.
230-230
Whitman
*
development of plans for recovery
actions after a disruptive event
Topic 5.6 Chapter 5: Planning for Security, Pg.
228-232
Whitman
*
emergency destruction procedures
Topic 5.8, Security Standard Operating
Procedure No.4 (supplemental materials SM-9)
supplemental
materials
G.
NSTISS Policies and
Procedures (Performance
Level)
Instructional/Behavioral
Content
a
List and describe: specific
technological, policy, and
educational solutions for
NSTISS.
*
Playing the role of either a system
penetrator or system protector, the
student will discover points of
exploitation and apply appropriate
and countermeasures in an
instructor-supplied description of
an Agency AIS/telecommunications
system.
Topic 5.1-5.2, Whitman Chapter 5: Planning for
Security Pg. 172-186 / Krutz Chapters 3:
Telecommunications and Network Security Pg.
95-98
Whitman +
Krutz
b
List and describe: elements of
vulnerability threat that exist in
an AIS/ telecommunications
system corresponding
protection measures.
Topic 2.2-2.3, 5.2, Whitman Chapter 2: The
Need for Security Pg. 40-73 / Krutz Chapters 3:
Telecommunication and Network Security Pg.
95-98
Whitman +
Krutz
37
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Topical Content
a
Physical Security Measures:
*
building construction
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
alarms
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
information systems centers
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
communications centers
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
shielding
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
cabling
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
filtered power
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
physical access control systems
(key cards, locks and alarms)
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
stand-alone systems and
peripherals
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
environmental controls (humidity
and air conditioning)
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
fire safety controls
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
storage area controls
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
*
power controls (regulator,
uninterrupted power service (UPS),
and emergency poweroff switch)
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
38
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
protected distributed systems
b
Personnel Security Practices
and Procedures:
*
Topic 8.1-8.6 chapter 9: Physical Security Pg.
399-430
Whitman
position sensitivity
Topic 10.4, 10.9, Whitman Chapter 11: Security
and Personnel, Pg. 492-496 / Personnel Security
Standard (Supplemental Materials SM-10, SM11, SM-12)
Whitman +
supplemental
materials
*
employee clearances
Topic 10.4, 10.9, Whitman Chapter 11: Security
and Personnel, Pg. 492-496 / Personnel Security
Standard (Supplemental Materials SM-10, SM11, SM-12)
Whitman +
supplemental
materials
*
access authorization/verification
(need-to-know)
Topic 5.5, 10.6, 10.9, Whitman Chapter 5,
Planning for Security Pg. 206-208 / Krutz
Chapter 1: Information Security and Risk
Management Pg. 25-26 / Personnel Security
Standard (Supplemental Materials SM-10, SM11, SM-12)
Whitman +
Krutz +
supplemental
materials
*
security training and awareness
(initial and refresher)
Topic 5.5, 10.6, 10.9, Whitman Chapter 5,
Planning for Security Pg. 206-208 / Krutz
Chapter 1: Information Security and Risk
Management Pg. 25-26 / Personnel Security
Standard (Supplemental Materials SM-10, SM11, SM-12)
Whitman +
Krutz +
supplemental
materials
*
systems maintenance personnel contractors
Topic 10.2, 10.9, Whitman Chapter 11: Security
and Personnel Pg. 471-473 / Personnel Security
Standard (Supplemental Materials SM-10, SM11, SM-12)
Whitman +
Krutz +
supplemental
materials
c
Software Security:
*
configuration management
Topic 1.10, 5.4, 9.4, 11.1, Whitman Chapter 1:
The System Development Life Cycle Pg. 20-25;
Whitman Chapter 5: The Information Security
Blueprint Pg. 186-201; Whitman Chapter 12:
Managing for Change Pg. 514 / Krutz Chapter 6:
Operations Security Pg. 351-358
Whitman +
Krutz
39
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
programming standards and
controls
Topic 1.10, 5.4, 9.4, 11.1, Whitman Chapter 1:
The System Development Life Cycle Pg. 20-25;
Whitman Chapter 5: The Information Security
Blueprint Pg. 186-201; Whitman Chapter 12:
Managing for Change Pg. 514 / Krutz Chapter 6:
Operations Security Pg. 351-358
Whitman +
Krutz
*
documentation
Topic 1.10, 5.4, 9.4, 11.1, Whitman Chapter 1:
The System Development Life Cycle Pg. 20-25;
Whitman Chapter 5: The Information Security
Blueprint Pg. 186-201; Whitman Chapter 12:
Managing for Change Pg. 514 / Krutz Chapter 6:
Operations Security Pg. 351-358
Whitman +
Krutz
*
change controls
Topic 1.10, 5.4, 9.4, 11.1, Whitman Chapter 1:
The System Development Life Cycle Pg. 20-25;
Whitman Chapter 5: The Information Security
Blueprint Pg. 186-201; Whitman Chapter 12:
Managing for Change Pg. 514 / Krutz Chapter 6:
Operations Security Pg. 351-358
Whitman +
Krutz
*
software security mechanisms to
protect information
Topic 2.9, Security Mechanism / Security
Software Policy (supplemental materials SM-13,
SM-14)
supplemental
materials
*
segregation of duties
Topic 10.6, Krutz Chapter 1: Information
Security and Risk Management Pg. 25-26;
Chapter 6: Operations Security Pg. 346-347
Krutz
*
concept of least privilege
Topic 9.4, Chapter 6: Operations Security Pg.
355-356
Krutz
*
application security features
Topic 1.6, 1.7, 2.9, Chapter 1: Introduction to
Information Security Pg. 14-16; Chapter 2:
Secure Software Development Pg. 73-74
Whitman
*
audit trails and logging
Topic 11.2 Whitman Chapter 12: Information
Security Maintenance Pg. 517-518 / Audit Trails
(supplemental materials SM-15, SM-16)
Whitman +
supplemental
materials
40
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
operating systems security features
Topic 6.2, Pfleeger Chapter 5: Designing
Trusted Operating Systems, Pg. 229-230
Pfleeger
*
need-to-know controls
Topic 9.4, Chapter 6: Operations Security Pg.
360-361
Krutz
*
malicious logic protection
Topic 2.9, Whitman Chapter 2: Secure Software
Development, Pg. 75-80 / Defending Medical
Information Systems Against Malicious Software
(supplemental materials SM-17)
Whitman +
supplemental
materials
*
assurance
Topic 2.9, 9.5, Chapter 2: Secure Software
Development, Pg. 73-74; Chapter 5: Security
Architecture and Design Pg. 314-316
Whitman
e
Administrative Security
Procedural Controls:
*
external marking of media
Topic 2.8, Chapter 6: Operations Security Pg.
362-364
Krutz
*
destruction of media
Topic 2.8, Chapter 6: Operations Security Pg.
363
Krutz
*
sanitization of media - construction,
changing, issuing and deleting
passwords
Topic 2.8, Chapter 6: Operations Security Pg.
362
Krutz
*
transportation of media
Topic 2.8, Chapter 6: Operations Security Pg.
362-364
Krutz
*
reporting of computer misuse or
abuse
Topic 3.7, 11.3, Chapter 3: Legal and
Professional Issues in Information Security 108111; Chapter 12: Information Security
Maintenance Pg. 524-525
Whitman
*
preparation of security plans
Topic 5.4, Whitman Chapter 5: Planning for
Security, Pg. 186-201
Whitman
*
emergency destruction
Topic 2.8, 5.8, Whitman Chapter 6: Operations
Security Pg. 363 / Security Standard Operating
Procedure No.4 (supplemental materials SM-9)
Krutz +
supplemental
materials
41
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
media downgrade and
declassification
Topic 2.8, Chapter 6: Operations Security Pg.
362-364 / Declassification and Downgrading,
AR 380-5 Chapter III (supplemental materials
SM-18)
Krutz +
supplemental
materials
*
attribution
Topic 2.8, Chapter 6: Operations Security Pg.
362-364 / An Introduction to Computre Security The NIST Handbook (supplemental Materials
SM-22)
Krutz +
supplemental
materials
*
repudiation
Topic 2.8, Chapter 6: Operations Security Pg.
362-364 / An Introduction to Computre Security The NIST Handbook (supplemental Materials
SM-22)
Krutz +
supplemental
materials
f
Auditing and Monitoring:
*
effectiveness of security programs
Topic 9.4, 11.2 Krutz Chapter 6: Operations
Security Pg. 365-372 / Whitman Chapter 12:
Information Security Maintenance Pg. 519-544
Whitman +
Krutz
*
conducting security reviews
Topic 9.4, 11.2 Krutz Chapter 6: Operations
Security Pg. 365-372 / Whitman Chapter 12:
Information Security Maintenance Pg. 519-544
Whitman +
Krutz
*
verification, validation, testing, and
evaluation processes
Topic 1.11, 9.4, Whitman Chapter 1:
Introduction to Information Security pg 23-25 /
Krutz Chapter 6: Operations Security Pg. 365372
Whitman +
Krutz
*
monitoring systems for accuracy
and abnormalities
Topic 9.4, 11.2 Krutz Chapter 6: Operations
Security Pg. 365-372 / Whitman Chapter 12:
Information Security Maintenance Pg. 519-544
Whitman +
Krutz
*
investigation of security breaches
Topic 1.10, 5.6, Chapter 1: Introduction to
Information Security Pg. 21; Chapter 6: Planing
for Security Pg. 209-235
Whitman
*
review of audit trails and logs
Topic 11.2 Whitman Chapter 12: Information
Security Maintenance Pg. 517-518 / Audit Trails
(supplemental materials SM-15, SM-16)
Whitman +
supplemental
materials
*
review of software design standards
Topic 2.9 Chapter 2: Secure Software
Whitman
42
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
Development pg 73-74
*
review of accountability controls
Topic 11.2, Chapter 12: Information Security
Maintenance Pg. 519-544
Whitman
*
privacy
Topic 3.3, 10.7, Chapter 3: Relevant U.S. Law
Pg. 91; Chapter 11: Security and Personnel Pg.
502
Whitman
g
Cryptosecurity:
*
encryption/decryption method,
procedure, algorithm
Topic 7.2 Chapter 8: Principles of Cryptography
Pg. 346-348
Whitman
*
cryptovariable or key
Topic 7.2 Chapter 8: Principles of Cryptography
Pg.361-366
Whitman
*
electronic key management system
Topic 7.2 Chapter 8: Principles of Cryptography
Pg. 366
Whitman
h
Key Management:
*
identify and inventory COMSEC
material
Topic 5.9, COMSEC (supplemental materials
SM-6)
supplemental
materials
*
report COMSEC incidents
Topic 5.9, COMSEC (supplemental materials
SM-6)
supplemental
materials
*
destruction procedures for
COMSEC material
Topic 5.9, COMSEC (supplemental materials
SM-6)
supplemental
materials
*
key management protocols
(bundling, electronic key, over-theair rekeying)
Topic 5.9, COMSEC (supplemental materials
SM-6)
supplemental
materials
j
TEMPEST Security:
*
shielding
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
*
grounding
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
*
attenuation
Topic 12.3-12.4 NSTISSAM TEMPEST
(supplemental materials SM-2)
supplemental
materials
43
Quality Enhancement Plan (QEP): From These Roots … A Foundation for Life: Mathematics and Financial Literacy
*
banding
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
*
filtered power
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
*
cabling
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
*
zone of control/zoning
Topic 12.3-12.4 NSTISSAM TEMPEST
(supplemental materials SM-2)
supplemental
materials
*
TEMPEST separation
Topic 12.4 NSTISSAM TEMPEST (supplemental
materials SM-2)
supplemental
materials
44
Related documents
The Spotted Hawk Swoops By
The Spotted Hawk Swoops By
Whitman Test_Take
Whitman Test_Take
“When Lilacs Last in the Dooryard Bloom`d”
“When Lilacs Last in the Dooryard Bloom`d”
a growing nation: literature of the american renaissance
a growing nation: literature of the american renaissance
Whitman and Dickinson Quiz.doc
Whitman and Dickinson Quiz.doc
Reflective response
Reflective response
Poet Webquest: Walt Whitman and Emily Dickinson
Poet Webquest: Walt Whitman and Emily Dickinson
Download
advertisement