Search
MyUMUC
WebTychoBowie State University
|
|
|
|
Class Times: Conference Course
Class Location: Naples, Italy
Lecturer: Joyce M. Rowe, Ph.D.
Office Hours: as needed on line;
Phone: +333-911-3043, call anytime
e-mail: jrowe@faculty.ed.umuc.edu
Course Credit: 3 semester hours
Pre-requisite: INSS 510, INSS 520 or INSS 530 or permission of the lecturer TEXTBOOK: The CISSP Prep Guide, Krutz and Vines, Wiley Computing Publishing, 2001Special Reading Assignments: As required
COURSE DESCRIPTION
Course examines an organizations exposure to risk, assessment of risk,
establishment of professional standards and internal control policies and
procedures. Attention will be focused on software, hardware, and personnel
that the organization has and the types of security measures and levels
of each measure, especially within the networking and internet areas.
Special attention will be given to the need for a security risk assessment
and the accompanying written security policies and plans that each organization
should develop and follow in trying to maintain a safe networking environment.
| GRADING CRITERIA: | |
| Participation/Class Discussion | 10 pts |
| Security Plan/Risk Assessment | 20 pts |
| Company Security Evaluation | 20 pts |
| How to-Govt, Bus, Personal Computer Security | 30 pts |
| Final Exam | 20 pts |
GRADING SCALE:
| 90-100 | = A |
| 80 - 89 | = B |
| 70 - 79 | = C |
| Below 70 | = FA |
ASSIGNMENTS
Participation/Discussion/Assignments—Questions, in-class discussions, internet assignments, outside readings, etc., as assigned. Students should utilize Web Board to aid one another when pertinent information is found and should be shared.
Security Plan/Risk Assessment--Students will develop a Risk Assessment and Security Plan, to include Hardware, Software, Physical, Procedural and Personnel for an organization.
How to Topics – Each student will select one area to prepare "How to" assignments dealing with security breaches, security fixes, etc. Each weekend each student will present his/her particular area of interest and submit a 2-page written summary. The three areas are:
Government—DOD, Department Home Pages, etc.Selected Company Evaluation – Using available web sites, such as EDGAR, students will select a specific company try to learn everything possible about the network, computers, and software run on their system. Using this information, the student will discuss relevant "break in" methods that may be used. (Students may use Web Board to share selected informative sites.)
Business -- Banks, e-businesses
Personal – e-mails; worms, etc.
Final--A final exam will consist of essay questions related to the discussions and tasks in this course. This test will be in the same format of the comprehensives; that is: 75% for content, 25% for English and organization.
COURSE POLICIES/EXPECTATIONS
The following policies apply to this class. These policies are generally reflected in the student catalog.
* Participation Policy: Students are expected to attend classes and participate in classroom assignments and discussions.
* Academic Policy: Students are expected to do their own work. Cheating on tests, plagiarism on written assignments, or any other form of academic dishonesty will result in a "0" for the assignment. Note that a D or an F usually results in at least 60 or 50 points, where violation of academic honesty results in none. See the European Division Catalog for the UMUC policy on academic dishonesty and plagiarism.
* Assignment/Test schedule: Students are expected to hand in all assignments and complete test on the day due. Assignments will be marked down one letter grade for each late period.
* Preparation: Students are expected to read material before attempting to research or discuss on line.
COURSE OBJECTIVES
The objectives for this course are listed in each chapter. Questions on the final will be directly related to these goals, even though the topic may not be covered in class. Students completing class should:
- Identify vulnerabilities of IS systems, especially on the network
- Realize importance of securing IS systems, since they are resource assets of the organization
- Understand basic techniques of data encryption
- Understand the need for and application of firewalls
- Identify components for physical security
- Design and develop a Risk Analysis
- Identify security concerns of information warfare
- Critical Thinking: Students should improve their ability to analyze computer user situations and make appropriate suggestions for resolving security issues of computer systems. The projects in this class encourage students to think critically about real-world situations.
- Writing Skills: Students should improve writing skills through development of assignments and final exam.
- Computer Skills: Students are expected to improve their computer skills by using word processing and security software. The use of Internet and e-mail are also required.
TENTATIVE SCHEDULE
|
|
|
|
|
Nov 2 am |
Introductions; Security problems background and importance | Read Chapters 9 and 10 before class; look up one major "break in" that has occurred within the last 3 months |
|
Nov 2 pm |
Chapter 9: Law, Investigation and | Lecture/discussions on Chap 9;Read RAINBOW Series |
|
Nov 3 am |
Chapter 10; Physical Security | Lecture/discuss Chap 10 |
|
Nov 3 pm |
RAINBOW Series | Lecture/discuss RAINBOW; Select Topic Category; Assignment: "How to Break into . ….."; Read Chapters 1-3 |
|
Nov 16 am |
Chapter 1: Security Management Practices; "How to Break into Personal Home Systems" Reports | Lecture/discuss Chap 1 |
|
Nov 16 pm |
Chapter 2: Access Control Systems ; "How to Break into Business Computers" | Lecture and discuss Chap 2 |
|
Nov 17 am |
Chapter 3: Telecommunications and Network Security; "How to Break into Government Computers" | Lecture/discuss Chap 3; Assignment: Read Chapters 4 – 6; "How to Protect . . ." |
|
Nov 17 pm |
Chapter 4: Cryptography; "How to Protect Business Systems" | Lecture/discussion on Chapter 4 |
|
Nov 23 am |
Chapter 5: Security Architecture and Models; "How to Protect Government Systems" | Lecture/discussion on Chapter 5 |
|
Nov 23 pm |
Chapter 6: Operating Security; "How to Protect Personal Systems" | Lecture/discussions on Chap 6 |
|
Nov 24 am |
Company Reports Presented | Company Reports—How much do you know of their security system; How do you break in? Assignment: Read Chapters 7 – 8; "How does the Law protect . . ."; Study for Final Exam; Complete Security Plans |
|
Nov 24 pm |
Chapter 7: Applications and Systems Development; "How does the Law protect Personal Systems" | Lecture/discussion on Chap 7 |
|
Dec 14 am |
Chapter 8: Business and Continuity Planning and Disaster Recovery Planning; ; "How does the Law protect Business Systems" | Lecture/discussion on Chap 8 |
|
Dec 14 pm |
"How does the Law protect Government Systems" | Complete Company Risk Assessment and Security Plan; study for exam |
|
Dec 15 am |
Final Exam | |
|
Dec 16 pm |
Company Risk Assessment and Security Plan | Company Risk Assessment and Security Plans presented |