MyUMUC

WebTycho

UMUC Europe Home

Undergraduate Programs

Portal

Graduate | Current Syllabi | Term005 |

INSS 635 SECURITIES CONTROL AND AUDIT INFORMATION

COURSE OUTLINE

Class Times: 16:30 - 19:00 05/06 - 25/07 Class Location: Harrogate, England Lecturer: Joyce M. Rowe, Ph.D. Office Hours: 1/2 hr. after class; Phone: TBA by appointment e-mail: jrowe@faculty.ed.umuc.edu Course Credit: 3 semester hours Pre-requisite: INSS 510, INSS 520 or INSS 530 or permission of the lecturer TEXTBOOK: Secrets and Lies: Digital Security in a Networked World by Bruce Schneier; Wiley Publishing, 2000. HANDOUTS: Will be distributed from time-to-time; you will be responsible for this material COURSE DESCRIPTION Introduces the topic of security by looking at computers from the "outsiders" points of view and then by the internal controllers points of view. Various methods of information systems security violations detection, control and prevention will be discussed.. ADP security, type of ADP audit, concepts and techniques in ADP audits are discussed. Course also examines exposure to risk, assessment of risk, establishment of professional standards and internal control policies and procedures.

GRADING CRITERIA:
Participation/Discussion/SoftwareAssignments	15 points
Security Plan/ Project	20 points
Subject research/presentation(15);class participation (5)	20 points
Midterm	20 points
Final	25 points

GRADING SCALE:
90-100 = A	80 - 89= B	70 - 79= C	Below 70 = FA

ASSIGNMENTS
Individual cases/assignments --Students will be assigned in-class case discussions; individual case problems, weekly current "issues" in security, etc. Students will also "experiment" with network-available software for "hacking" and security control. Projects --Students will be divided into small teams and will develop a Security Plan for an organization. The plan will include all types of security: Hardware, Software, Physical, Procedural and Personnel. Subject Research and Class Participation -- Students will select a topic concerning security protection or security violation The student will make a 10- to 15-minute class presentation, turn in a 5-page summary along with a page of resources used, (use the APA or MLA format for this bibliography, as provided on the UofM Library website), and provide each class member a 1-page handout. Students will be graded on the quality of their presentations and summations along with their classroom discussion. By the end of the class every student should have an elementary understanding of these topics; this material will be eligible for testing on exams. Midterm/Final --Graduate midterm and final exams will consist of essay questions related to the goals listed at the beginning of each chapter and the outside readings and a comprehensive exam question. This portion of the tests (worth 100 points) will be graded exactly like comprehensives; that is: 75% for content, 25% for English and organization. Undergraduate midterm and final exams will contain 25 -50% objective questions and the remainder short answer discussion and/or programming-related questions.
COURSE POLICIES/EXPECTATIONS
The following policies apply to this class. These policies are generally reflected in the student catalog. * ATTENDANCE POLICY: Regular class attendance is expected, both mornings and afternoons of weekend classes. If you should miss a meeting, it is your responsibility to obtain information concerning the material covered and upcoming assignments. If there is a quiz or other assignment due on that class period, previous arrangements should be made with the instructor whenever possible. Please note that those students receiving tuition assistance from the Federal Government must not miss three consecutive class meetings without prior approval, or the education Services Officer (ESO) must be notified by the instructor. * ACADEMIC HONESTY: Students are expected to do their own work. Cheating on tests, plagiarism on written assignments, or any other form of academic dishonesty will result in a "0" for the assignment. Note that a D or an F usually results in at least 60 or 50 points, where violation of academic honesty results in none. See the European Division Catalog for the UMUC policy on academic dishonesty and plagiarism. * ASSIGNMENT/TEST SCHEDULES: Students are expected to hand in all assignments and complete all tests on the days they are due. If a student fails to complete any assignment or test, the resulting grade will be a "0," rather than an "F." Any other assignments will be marked down half a letter grade for each half week the assignment is late. Quizzes cannot be made-up unless the student had an excused absence. Major tests to be missed must be taken *before* the date the test is to be given in class. On the date of research presentations or project presentations, each person must be in attendance for *the first presentation. Otherwise, the presentation will be deemed late and a 10% reduction will be made for all presentations given that the student missed. CLASS PREPARATION: Students are expected to come to class prepared. This means they should have read the materials assigned for class for that session and have prepared any pertinent assignments. Quizzes may be given.
COURSE OBJECTIVES
The objectives for this course are listed in each chapter. Questions on the midterm and final will be directly related to these goals, even though the topic may not be covered in class. Students completing class should: Identify vulnerabilities of IS systems, especially on the network Realize importance of securing IS systems, since they are resource assets of the organization Understand basic techniques of data encryption Understand the need for and application of firewalls Identify components for physical security Design and develop a Risk Analysis Identify security concerns of information warfare The activities and assignments for this course are designed to help the student know, comprehend, and apply the basic concepts of systems analysis and design. In addition to the academic objectives, students are expected to improve their skills in the following areas: Critical Thinking: Students should improve their ability to analyze computer user situations and make appropriate suggestions for resolving security issues of computer systems. The projects in this class encourage students to think critically about real-world situations. Writing Skills: Students should improve writing skills through development of the Research Project and formal report on the major project and on the mid-term and final. Oral Presentation Skills: Students should improve their presentation skills through their oral reports on the major project, class discussions, and group presentations. Computer Skills: Students are expected to improve their computer skills by using word processing and security software. The use of Internet and e-mail are also encouraged.
TENTATIVE SCHEDULE
	Topics Discussed	Activities (see web sites at bottom)
Class 1 June 5	Chap. 1 Introduction; Chap. 2 Digital Threats	Attacking: Current news ites assignments: Hacking (Microsoft and DOD); Video; Read chaps. 3 and 4
Class 2 June 7	Discuss news items; Chap. 3 Attacks; Chap. 4 Adversaries	Current news items: Government attacks; DOD CD; Read Chap. 4
Class 3 June 12	Discuss news items; Open sources for attack software	Pick paper assignment topic; Practice hacking; Outside readings on Traitors, Moles, and Criminal Activities; Read Chaps. 18-19
Class 4 June 14	Discuss Hacking efforts; Milnick; Traitors and Moles; etc.; Chap. 18 Vulnerabilities; Chap 19 Threat and Risk Assessment	Current news items on denial of service; Outside readings on networking fraud; video
Class 5 June 19	Discuss DOS and news items; networking fraud	Current news items on viruses and e-mail problems; outside readings on viruses; search for "sniffers"
Class 6 June 21	Discuss viruses; sniffers; signatures, theft of account nos., cookies	Current news items on e-business problems; Become a "sniffer"; Chap. 24
Class 7 June 26	Discuss problems with electronic business,; Chap 24 Security Processes	Study for midterm
Class 8 June 28	Mid-Term	Defending: Read Chaps 5 -7; check 3 websites for pretection software and/or advice
Class 9 July 3	Discuss Chap. 5 Security needs; Chap. 6 Cryptography; Chap 7 Cryptography in Context	Current news items on encoding measures; electronic signatures and recent laws; Read Chaps. 8 - 9
Class 10 July 5	Discuss news items; Chap. 7 Crytography (cont); 8 Computer security; Chap. 9 Identification and Authentication	Current news items on federal laws on cryptography; paper due next class; Read Chaps. 10-11; video
Class 11 July 10	Paper due and presented; discuss laws; Discuss Chap. 10 Network Computer Security; Chap. 11 Network Security	Current news items on physical security and biometrics; Read Chaps. 12 - 13
Class 12 July 12	Discuss news items and computer security; Chap. Chap. 12 Network Defenses; Chap. 13 Software Reliability	Current news items on authentication techniques and biometrics; Projects due next class; Read chap. 14
Class 13 July 17	Project presentations; Discuss Chap 14 Secure Hardware	Current news items on networks; Read Chaps. 15-17
Class 14 July 19	Discuss Chap. 15 Certificates; Chap. 16 Security Tricks; Chap. 17 Humans	Current news items; Read Chaps. 20-22; video
Class 15 July 24	Discuss Chap. 20 Security Policies; Chap. 21 Attack Trees; Chap. 22 Product Testing	Assignment:Final Exam
Class 16 July 26	Final Exam

Web sites to visit for information on security violations:
www.itpapers.com
www.infosyssec.org/
www.wired.com/wired/archive/hacking_warez/
www.pc-radio.com/otr/hacking.html
www.robertgraham.com/pubs/sniffing-faq.html
www.rootprompt.org/article.php3?article=493
stein.cshl.org/~lstein/talks/WWW6/sniffer

Web sites for hackers/sniffers:
www.hackershomepage.com
www.hip97.nl
www.hackingexposed.com

Return to: Graduate Programs Syllabi