Add to collection(s) Add to saved
  1. Business
  2. Management

Syllabus - Regis University: Academic Web Server for Faculty

advertisement 
Syllabus
Course Number: MSIA 678
Course Title: Risk Management
Course Description:
This course introduces the student to the basic fundamentals of the Risk Management (RM)
which includes reducing the risk related to threats to the enterprise. This includes a sequence
of activities including risk identification, risk assessments, risk analysis, risk mitigation, risk
transference, and risk acceptance strategies. It takes into all considerations of risk to include
environmental, technology, humans, organizations and politics. There will always be residual
risk. This course examines the main objective of Risk Management which is to reduce the
residual risk to an acceptable level for your organization. RM must address the protection of
information systems against unauthorized access to, or modification of, information in
processing, at rest, or in transit. RM must also provide adequate controls to protect against the
denial of service to authorized users or the provision of service to unauthorized users,
including those measures necessary to detect, document, and counter such threats. This course
will help students examine, learn, and apply effective Risk Management techniques and
strategies.
Prerequisite Courses:
You need to have a good understanding of networking fundamentals, technologies, and
architectures.
Course Overview
Course Outcomes:
Upon completion of this course, learners should be able to:
Evaluate the risk posture of an enterprise using the Risk Management Framework (RMF).
Incorporate current technical tools to design a comprehensive risk mitigation
approach for an enterprise (including separation of duty, certification and
accreditation, protection of personal identifiable information, change management,
incident response, and disaster recovery).
3. Apply the appropriate tools, processes, and policies to monitor enterprise activities.
4. Collect and analyze data to audit an enterprise system.
1.
2.
College for Computer & Information Sciences | 3333 Regis Boulevard, Denver, CO 80221
©2015 Regis University
Revised: 1/30/2015
| regis.edu
Page 1 of 5
5.
Practice ethical use of technology in the enterprise and critical thinking about how to
affect such use.
Course Materials:
Required Texts:
National Institute of Standards and Technology. (2010) Guide for applying the risk
management framework to federal information systems (NIST Special Publication 800–37
Revision 1). Gaithersburg, MD.
National Institute of Standards and Technology. (2010) Recommended security controls for
federal information systems and organizations (NIST Special Publication 800–53
Revision 3). Gaithersburg, MD.
International Organization for Standardization. (Under development) Information technology
— Security techniques — Guidelines on the integrated implementation of ISO/IEC 27001
and ISO/IEC 20000-1 (ISO/IEC DIS 27013). Geneva, Switzerland: ISO.
Required Resources:
Refer to the Course Assignments and Activities, and each Topic’s Readings and Research
section for a complete list for each Topic.
Your facilitator may assign additional readings.
Technology Tools:
1. A PC-compatible computer system running Windows 2000, XP or Vista.
2. Current Antivirus definitions kept up to date throughout the course.
3. Microsoft Office
Optional Materials:
All written assignments are expected to be written using the American Psychological
Association (APA) style and format, which includes a title page, and reference page.
1. Regis Dayton Memorial Library, http://www.regis.edu/library.htm
o Computer & Information Sciences Research Guide,
http://libguides.regis.edu/computer_informationsciences
o Computer and Information Science Research Tutorial,
http://www.regis.edu/library.asp?page=lib.research.tutorials.computer
2. School of Computer and Information Sciences – Resources,
http://www.regis.edu/library.asp?page=research.sg.compscience.
3. Purdue Online Writing Lab General Writing
Resources, http://owl.english.purdue.edu/owl/section/1
Pre-Assignment:
Online Format: Sign on to D2L (Home Page) and become familiar with the course
navigation of the Web Curriculum. See Topic 1 for details.
Classroom-based Format: Read the following before the first night of class:
©2015 Regis University
MSIA 678 CC&IS Course Syllabus
Revised: 1/30/2015
Page 2 of 5
NIST Special Publication 800-37
Rev 1: Guide for Applying the Risk Management Framework to Federal Information
Systems
Pre-Assignment Due Dates:
Classroom-based Format: This assignment is due the first night of class.
Online Format: The instructor will specify the due date for this assignment.
Course Assignments and Activities:
(Syllabus Author: fill in Week, Topics, Readings, Activities, Assignments Due, and Points or %
of Grade)
Topics
Readings
Guide for Applying the Risk
Management Framework to Federal
Information Systems, NIST Special
Publication 800–37
Revision 1
Guide to Protecting the
Confidentiality of Personally
Identifiable Information (PII), NIST
Special Publication 800–122
NIST SP 800–37 Rev 1
1
Authorization and
Accreditation
(A&A)
2
Personally
Identifiable
Information (PII)
3
Risk Management
Framework
4
Incident
Detection,
Response, and
Reporting
Computer Security
Incident Handling Guide, NIST
Special Publication 800–61
Revision 1.
5
Change
Management
6
Disaster
Recovery,
Business
Continuity, and
Contingency
Planning
Guide for SecurityFocused Configuration Management
of Information Systems, NIST
Special Publication 800–128 and
NIST SP 800-37
Rev 1
Contingency Planning
for Federal Information Systems,
NIST Special Publication 800–34
Revision 1
©2015 Regis University
MSIA 678 CC&IS Course Syllabus
Revised: 1/30/2015
Activities Assignments
and Associated Points
Activities 1 – 3.
10 points each
Activities 1-3
10 points each
Activities 1-3
10 points each
Activities 1-3
10 points each
Activities 1&2
10 points each
Activities 1&2
10 points each
Page 3 of 5
7
Separation/Segreg
ation of Duty
(SOD)
NIST SP 800-47
NIST SP 800-53 Rev. 4
Activities 1&2
10 points each
8
Auditing and
Accountability
NIST SP 800-53 Rev. 4
Activities 1&2
10 points each
Course Policies and Procedures:
Class Participation
Learners are expected to make every effort to attend all class meetings. Learners unable to
attend the first class must contact the facilitator ahead of time. Learners risk being dropped
from the course if they do not attend the first night of class, or – for online courses – do not
login and post within the first three days of class and do not notify the instructor of an issue. If
the learner misses two or more class sessions or fails to thoughtfully participate in each online
discussion, the learner may fail the class.
Email Communication
Email communication between facilitators and learners must be conducted using Regis email
addresses, or, in the case of online courses, must use the course mail system.
CC&IS Grading Scale
Letter Grade
Percentage
Grade Point
A
A–
B+
B
B–
C+
C
C–
D+
D
DF
93 to 100
90 to less than 93
87 to less than 90
83 to less than 87
80 to less than 83
77 to less than 80
73 to less than 77
70 to less than 73
67 to less than 70
63 to less than 67
60 to less than 63
Less than 60
4.00
3.67
3.33
3.00
2.67
2.33
2.00
1.67
1.33
1.00
.67
0
Additional information about grading can be found in the latest edition of the University Catalog,
available at http://www.regis.edu/Academics/Course%20Catalog.aspx.
©2015 Regis University
MSIA 678 CC&IS Course Syllabus
Revised: 1/30/2015
Page 4 of 5
CC&IS Policies and Procedures
Each of the following CC&IS Policies & Procedures is incorporated here by reference. Students
are expected to review this information each term, and agree to the policies and procedures as
identified here and specified in the latest edition of the University Catalog, available
at http://www.regis.edu/Academics/Course%20Catalog.aspx or at the link provided.
•
The CC&IS Academic Integrity Policy.
•
The Student Honor Code and Student Standards of Conduct.
•
Incomplete Grade Policy, Pass / No Pass Grades, Grade Reports.
•
The Information Privacy policy and FERPA. For more information regarding FERPA,
visit the U.S. Department of Education.
•
The HIPPA policies for protected health information. The complete Regis University
HIPAA Privacy & Security policy can be found here: http://www.regis.edu/About-RegisUniversity/University-Offices-and-Services/Auxiliary-Business/HIPAA.aspx.
•
The Human Subjects Institutional Review Board (IRB) procedures. More information
about the IRB and its processes can be found here: http://regis.edu/Academics/AcademicGrants/Proposals/Regis-Information/IRB.aspx.
The CC&IS Policies & Procedures Syllabus Addendum summarizes additional important
policies including, Diversity, Equal Access, Disability Services, and Attendance & Participation
that apply to every course offered by the College of Computer & Information Sciences at Regis
University. A copy of the CC&IS Policies & Procedures Syllabus Addendum can be found
here: https://in2.regis.edu/sites/ccis/policies/Repository/CCIS%20Syllabus%20Addendum.docx.
©2015 Regis University
MSIA 678 CC&IS Course Syllabus
Revised: 1/30/2015
Page 5 of 5
Related documents
FOR IMMEDIATE RELEASE Aug. 19, 2013 SARES•REGIS
FOR IMMEDIATE RELEASE Aug. 19, 2013 SARES•REGIS
Deo et Patriae Remarks September 25, 2009 Good evening. Thank
Deo et Patriae Remarks September 25, 2009 Good evening. Thank
File - Partnership with Learning Design
File - Partnership with Learning Design
2015-16 GD CAPSTONE MEETING 4
2015-16 GD CAPSTONE MEETING 4
application - William & Mary Law School
application - William & Mary Law School
The online application contains two sections for essays: one for
The online application contains two sections for essays: one for
fall 2009 section ru01 mw 9:00-10:15 am loyola 06
fall 2009 section ru01 mw 9:00-10:15 am loyola 06
Download
advertisement