IFSM430 - A501 Syllabus Course Title Information Systems and

advertisement
IFSM430 - A501 Syllabus
Course Title
Term
Education Center
Instructor
Instructor Website
Information Systems and Security
Fall 1 – Session 1 (24 August 2010 ~ 14 October 2010)
Camp Foster, Okinawa
Jose Paloschavez – jpaloschavez@asia.umuc.edu
http://paloschavez.com
Course Materials:
Whitman, M. E., & Mattord, H. J. (2009). Principles of information security
(3rd ed.). Boston: Cengage Course Technology.
Course Description:
IFSM 430 Information Systems and Security (3) Prerequisite: IFSM 300. A
survey covering aspects of establishing and maintaining a practical
information security program. The security aspects and implications of
databases, telecommunication systems, and software are examined, along with
techniques used to assess risks and discover abuses of systems.
Course Goals/Objectives:
After completing this course, the student should be able to:







Identify and discuss the fundamental reasons why information systems
security is such a critical element in today's business, government,
education, and home technology-based environments
Identify and discuss the key information systems security legislative
and policy documents that provide guidance in developing an information
system security program for an organization (information literacy)
Review and develop the key elements of an information systems security
management program
Perform and document a risk-based analysis of information systems
security for an organization, to include identification of threats,
vulnerabilities, and countermeasures (effective writing)
Develop a security plan to address the results of the risk assessment
(effective writing)
Research and report on the key technological solutions to achieving
information systems security (information literacy, effective writing)
Identify and discuss the ethical and societal issues related to
implementing information systems security programs (civic
responsibility).
Course Introduction:
This course is based on the security standards as defined by NIST and
includes the following topics:
Requirements for Information Systems Security
Incidents highlighting the need for information systems security will be
reviewed. These incidents occur at work and at home. They affect the use of
1
information systems and require actions to ensure that systems are available
for use. In an age of reliance on the Internet and Internet economy, any
disruptions to Internet systems are costly and even hazardous.
Guidance in Developing Information Systems Security Programs
Students will review several key operational documents that will assist in
understanding information systems security. These documents provide the basis
for building information systems security programs because they provide
guidance that can be used in a specific operational environment. Students
will also identify and discuss reasons for the development of risk-assessment
security plans that provide information assurance and security for
organizations.
Performing Risk Analyses
Students will follow the NIST guidelines (NIST Special Publications 800-26
and 800-30), used by government and industry. NSA’s Assessment levels will
also be mentioned.
Technology Issues and Solution Tools for Information Systems Security
This topic deals with many of the technical issues related to information
systems security. The list of topics to cover grows on an almost daily basis.
This class will however concentrate on three topics: malicious code,
intrusion-detection methods, and cryptography.
Ethical and Social Issues Related to Information Systems Security
The Information Age has brought great benefits but has also created new and
challenging issues relating to ethics and society. For example, for each
security risk there is a countermeasure. Most of these countermeasures
require that controls be put into place, both procedurally and technically.
The sum of theses controls are potentially an invasion of privacy.
Grading Information and Criteria:
Grades will be based on points earned during the term of the class as
follows:
Homework and In-Class Participation
Projects
Mid-Term Exam
Final
10%
30%
30%
30%
Grading Scale:
Letter grades will be assigned as follows:
A = 90-100%
B = 80-89%
C = 70-79%
2
D = 60-69%
F = Below 60
Other Information:
There is no extra credit.
Late assignments are penalized 3% of total points per day late.
Project Descriptions:
The projects consist of two brief (8-10 pages) papers. The general subject of
the first paper is Security Technology, as discussed in chapters 6 and 7 of
the text. The general subject of the second paper is on Legal, Ethical, and
Professional Issues related to Information Security as discussed in chapter
3. In each paper, students are to choose a topic in the relevant area and
submit to the instructor for approval. The papers are to be written in the
APA format.
Academic Policies:
Cases of plagiarism are handled consistent with current UMUC guidelines.
See the UMUC policies at the following URL:
http://www.umuc.edu/policy/
Course Weekly Schedule:
Reference is made to chapters in Whitman and Mattord:
Week 1:
Chapter 1 - Introduction to Information Security
Chapter 2 - Need for Security
Week 2:
Chapter - 4 Risk Management
Chapter - 5 Planning for Security
Week 3:
Chapter - 6 Security Technology: Firewalls and VPNs
Chapter - 7 Security Technology: IDS, Access Controls & other Security Tools
Week 4:
Midterm
Chapter - 8 Cryptography
Week 5:
Project 1 is due
Chapter - 9 Physical Security
Chapter - 10 Implementing Information Security
3
Week 6:
Chapter - 3 Legal, Ethical, Professional Issues in Information Security
Chapter - 11 Security and Personnel
Week 7:
Chapter - 12 Information Security
Week 8:
Final Exam
Project 2 is due
4
Download