Fall 1 credit
Dr. Corey Schou or James Frost Office location: Bldg 5, Rm. 415
Preferred email: Schou@mentor.net Office Phone: 282-4893
Secondary email: Schou@cob.isu.edu Office hours: By Appointment

Course Description

Students who complete this course will gain the skills, policy familiarity, and technical understanding necessary to perform the daily job functions of an Information Systems Security Officer (ISSO). Students will be exposed to the skills and knowledge required to oversee the secure operation of information systems supporting essential processes by examining the policies, procedures and staffing functions necessary to organize and administrate ongoing security functions. Students will acquire skills in developing management strategies to help secure the work environment including threat risk analysis, security policy, liability and enforcement.

PREREQUISITES: INFO 4411, INFO 4413

Targeted Standards

CNSSI 4014

Competencies

Competencies for this course can be found on this website. Students should submit the competencies form for evaluation prior to the examinations.

Required Materials

CNNSSI 4014 (available at https://www.cnss.gov/CNSS/issuances/Instructions.cfm)

Course Objectives

As a result of participation in INFO 4414, the successful student will be able to

  • Maintain a plan for site security improvements and progress towards meeting accreditation.
  • Ensure the information system (IS) is operated, used, maintained, and disposed of in accordance with security policies and practices.
  • Ensure the IS is certified and accredited.
  • Ensure users and system support personnel have required security clearances, authorization and need-to-know, are indoctrinated, and are familiar with internal security practices before access to the IS is granted.
  • Enforce security policies and safeguards on personnel having access to an IS for which the ISSO is responsible.
  • Ensure audit trails are reviewed periodically (e.g., weekly, daily), and audit records are archived for future reference, if required.
  • Initiate protective or corrective measures.
  • Report security incidents in accordance with agency-specific policy when the IS is compromised.
  • Report security status of the IS, as required by the SSM.
  • Evaluate known vulnerabilities to ascertain if additional safeguards are needed.

In addition, the successful student, depending on prior experience,

  • When given a series of system security breaches, will be able to identify system vulnerabilities and recommend security solutions required to return systems to an operational level of assurance. (Entry Level)
  • When given a proposed new system architecture requirement, will be able to investigate and document system security technology, policy, and training requirements to assure system operation at a specified level of assurance. (Intermediate Level)
  • When given a proposed IS accreditation action, will be able to analyze and evaluate system security technology, policy, and training requirements in support of the Senior System Manager (SSM), viz., Chief Information Officer (CIO), Designated Approving Authority (DAA), Chief Technology Officer (CTO), etc., approval to operate the system at a specified level of assurance. This analysis will include a description of the management/technology team required to successfully complete the accreditation process. (Advanced Level)

Grading Criteria for INFO 4414

Assignments 20%
Article Reviews 25%
Final Evaluation 50%
Participation 5%
   

Grading Scale

A 93% - 100%
A- 90% - 92.9%
B+ 87% - 89.9%
B 83% - 86.9%
B- 80% - 82.9%
C+ 77% - 79.9%
C 73% - 76.9%
C- 70% - 72.9%
D+ 67% - 69.9%
D 63% - 66.9%
D- 60% - 62.9%
F 0% - 59.9%
NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service