Search
MyUMUC
WebTychoBowie State University
TERM I
RAF Menwith Hill Tuesdays and Thursdays
Harrogate, England 1630 - 1930 hours
Lecturer: James Helton
Course Name: INSS 635 – Information Systems Security and Audit
Prerequisites: INSS 510, INSS 520, and INSS 530 or permission of the Instructor
Description: Introduces Automated Data Processing (ADP) audit and control
methods, with emphasis on information systems controls. ADP security, type of
ADP audit, concepts, and techniques used in ADP audits are discussed. We will
also examine exposure to risk assessment and professional standards in the field
of internal control policy and procedures.
Text: The CISSP Prep Guide, Ronald L. Krutz and Russell Dean Vines, Wiley, New York, 2001. ISBN: 0-471-41356-9
Ojectives: Upon successful completion of INSS 635 a student should:
(1) understand and be able to discuss principles of information assurance
(2) distinguish information security from operations and physical security
(3) discuss potential security threats and methods of protection
(4) display an understanding of laws and ethics regarding information security
(5) be able to develop and present a basic Continuity and Disaster Recovery Plan
Evaluation: Grades for this course will be based on
Group Presentation--- 20%
Individual paper/presentation ---40%
Mid-term exam ---20%
Final exam ---20%
and will be assigned as follows:
A 90 to 100
B 80 to 89
C 70 to 79
F Less than 60
Student Responsibilities:
Students are expected to read the assigned chapter in the text prior to coming to class. Graduate courses are expected to be more of a discussion of the topic rather than the instructor simply lecturing. I expect all students to actively participate in the discussion and to provide their thoughts on topics from the text.
Class attendance is expected. More than six one-hour unexcused absences may lead to a grade of F. Students should be prepared to spend a substantial amount of time outside of class preparing assignments. It is the student's responsibility to make up any class-work missed. Missed exams may be re-taken on a case-by-case basis and only if a valid excuse is provided. This must usually be pre-coordinated between the student and instructor. Grades of Incomplete (I) will only be given if a) the student has completed at least 50% of the prescribed course work and b) the student has a bone fide excuse for requiring an incomplete grade. Unless otherwise agreed by the instructor, grades of "I" must be reconciled within 30 calendar days of regular course completion.
Homework/Presentations: Students will prepare a group oral presentation based on case studies provided by the instructor. Each group will be given one “side” of the case to present as part of a debate. Students will be graded on oral presentation skills, logic of their case, and research accomplished in preparation. Visual aids are also a “recommended” option. Each student is required to prepare part of the presentation, as well as partake of the discussion. All cases will be presented on the Tuesday of the Mid-term exam.
Each student will also be given an individual assignment consisting of a research paper prepared on a topic provided by the instructor. The student will accept the topic, and prepare a paper on the topic from his own viewpoint. The student will also provide a 5 – 10 minute oral presentation (with visual aids) of his work on the final Tuesday of the course. I will not limit the size of the paper, or suggest a “minimum” number of words/pages. However, students are encouraged to write enough to explain their topic without over or under-writing. Students will be graded on the research accomplished, written presentation skills, supporting data, and oral presentation.
Your Instructor: James Helton is a Systems Software Engineer working for Lockheed Martin Corporation. He has been teaching with the University of Maryland since January 2001. In addition to working as a software engineer, James was an Information Systems Security Officer in the U.S. Air Force for five years. He has a Bachelor’s Degree in Information Systems, with a Masters Degree in M.I.S.
Instructor contact: I am available before or after class, or by appointment. You may contact me at my home phone or my e-mail address as follows:
Home Phone (before 1900 S-S): (01535) 646256
E-mail: jim-helton@flexnet.co.uk
Tentative Course Schedule:
Day -------------Topic to be covered -------------------------Text---------- Due
1 -----Get to know each other. Security Mgt Practices ---------CH 1
2 ----- Access Control Systems --------------------------------CH 2
3 ----- Telecommunications Network Security------------------ CH 3
4 ----- Network Security continued -----------------------------CH 3
5 ----- Cryptography --------------------------------------------CH 4
6 -----Security Architecture and Models -------------------------CH 5
7 ----- Group Case Study Debate----------------------------------N/A----- Group Project
8 ----- Midterm Exam Chapters--- 1 - 6
9 ----- Operations Security ---------------------------------------CH 6
10 ----- Applications and Systems Development ------------------CH 7
11 ----- Continuity Planning and Disaster Recovery ---------------CH 8
12 ----- Law, Investigation, Ethics --------------------------------CH 9
13 ----- Physical Security -----------------------------------------CH 10
14 ----- Case Studies and Developing Recovery Plans -------------N/A
15 ----- Individual Oral Presentations -------------------------------N/A----- Indiv. Project
16 ----- Comprehensive Final Exam -------Chapters 1 – 10