IFSM430 - A501 Syllabus Course Title Term Education Center Instructor Instructor Website Information Systems and Security Fall 1 – Session 1 (24 August 2010 ~ 14 October 2010) Camp Foster, Okinawa Jose Paloschavez – jpaloschavez@asia.umuc.edu http://paloschavez.com Course Materials: Whitman, M. E., & Mattord, H. J. (2009). Principles of information security (3rd ed.). Boston: Cengage Course Technology. Course Description: IFSM 430 Information Systems and Security (3) Prerequisite: IFSM 300. A survey covering aspects of establishing and maintaining a practical information security program. The security aspects and implications of databases, telecommunication systems, and software are examined, along with techniques used to assess risks and discover abuses of systems. Course Goals/Objectives: After completing this course, the student should be able to: Identify and discuss the fundamental reasons why information systems security is such a critical element in today's business, government, education, and home technology-based environments Identify and discuss the key information systems security legislative and policy documents that provide guidance in developing an information system security program for an organization (information literacy) Review and develop the key elements of an information systems security management program Perform and document a risk-based analysis of information systems security for an organization, to include identification of threats, vulnerabilities, and countermeasures (effective writing) Develop a security plan to address the results of the risk assessment (effective writing) Research and report on the key technological solutions to achieving information systems security (information literacy, effective writing) Identify and discuss the ethical and societal issues related to implementing information systems security programs (civic responsibility). Course Introduction: This course is based on the security standards as defined by NIST and includes the following topics: Requirements for Information Systems Security Incidents highlighting the need for information systems security will be reviewed. These incidents occur at work and at home. They affect the use of 1 information systems and require actions to ensure that systems are available for use. In an age of reliance on the Internet and Internet economy, any disruptions to Internet systems are costly and even hazardous. Guidance in Developing Information Systems Security Programs Students will review several key operational documents that will assist in understanding information systems security. These documents provide the basis for building information systems security programs because they provide guidance that can be used in a specific operational environment. Students will also identify and discuss reasons for the development of risk-assessment security plans that provide information assurance and security for organizations. Performing Risk Analyses Students will follow the NIST guidelines (NIST Special Publications 800-26 and 800-30), used by government and industry. NSA’s Assessment levels will also be mentioned. Technology Issues and Solution Tools for Information Systems Security This topic deals with many of the technical issues related to information systems security. The list of topics to cover grows on an almost daily basis. This class will however concentrate on three topics: malicious code, intrusion-detection methods, and cryptography. Ethical and Social Issues Related to Information Systems Security The Information Age has brought great benefits but has also created new and challenging issues relating to ethics and society. For example, for each security risk there is a countermeasure. Most of these countermeasures require that controls be put into place, both procedurally and technically. The sum of theses controls are potentially an invasion of privacy. Grading Information and Criteria: Grades will be based on points earned during the term of the class as follows: Homework and In-Class Participation Projects Mid-Term Exam Final 10% 30% 30% 30% Grading Scale: Letter grades will be assigned as follows: A = 90-100% B = 80-89% C = 70-79% 2 D = 60-69% F = Below 60 Other Information: There is no extra credit. Late assignments are penalized 3% of total points per day late. Project Descriptions: The projects consist of two brief (8-10 pages) papers. The general subject of the first paper is Security Technology, as discussed in chapters 6 and 7 of the text. The general subject of the second paper is on Legal, Ethical, and Professional Issues related to Information Security as discussed in chapter 3. In each paper, students are to choose a topic in the relevant area and submit to the instructor for approval. The papers are to be written in the APA format. Academic Policies: Cases of plagiarism are handled consistent with current UMUC guidelines. See the UMUC policies at the following URL: http://www.umuc.edu/policy/ Course Weekly Schedule: Reference is made to chapters in Whitman and Mattord: Week 1: Chapter 1 - Introduction to Information Security Chapter 2 - Need for Security Week 2: Chapter - 4 Risk Management Chapter - 5 Planning for Security Week 3: Chapter - 6 Security Technology: Firewalls and VPNs Chapter - 7 Security Technology: IDS, Access Controls & other Security Tools Week 4: Midterm Chapter - 8 Cryptography Week 5: Project 1 is due Chapter - 9 Physical Security Chapter - 10 Implementing Information Security 3 Week 6: Chapter - 3 Legal, Ethical, Professional Issues in Information Security Chapter - 11 Security and Personnel Week 7: Chapter - 12 Information Security Week 8: Final Exam Project 2 is due 4