| |
CIS g410 Information
Security and Privacy 3 credits)
CIS g410 Information Security and Privacy 3 credits. Focuses on
information security, integrity, and privacy techniques. Comparison of
standards. Implications for electronic commerce and international trade
are discussed. PREREQ OR COREQ: CIS 480 or CIS 310 or permission of
instructor. D
Textbook:
Management of Information Security – Whitman & Mattord – 2004 –
Course Technology
Other reference books and suggested readings are listed at my web site
Office Hours: Mon. – M/W. 10a-11a; 2-3p and T/Th 11a. Also, I am often available
before or after a class by appointment
John Stuart Mill identified the struggle between liberty and authority in his
treatise – “On Liberty.” This course focuses on the creation of information from
data and the need for organizations to practice information assurance as a
balance between security and access. It will involve additional research and
understanding of computer security of hardware, software and data. A holistic
viewpoint for information assurance is developed from the McCumber model. This
course will also involve aspects of privacy and the expectations of government
and business organizations. It is expected that the successful student prepare
for lectures by completing the reading materials plus conduct external (to Mgmt.
of InfoSec book) research on the topic of the week.
Points for assignments this semester:
|
Research paper
|
25 pts |
|
Security plan review |
10 pts |
|
Essay lecture exams |
30 pts |
|
Final Exam |
15 pts |
|
Book review |
10 pts |
|
Personal credit analysis,
book review, completion of assignments and knowledge surveys |
10 pts |
|
|
|
PROFESSIONAL DEMEANOR
Part of receiving an education from a professional college like the College
of Business is learning about your chosen field. Another part is learning to act
like a member of that field. Professional Demeanor is in many ways the most
important part of the learning process. How you act affects not only how others
perceive you, but can also result in rewards or, alternatively, negative
consequences. It will also affect your grade in this class.
The grade that you receive in this class will consist of two parts: the
objective portion that is a
calculated average of all assignments, quizzes, exams, etc., and a subjective
portion that is based on your professional demeanor. The professional demeanor
multiplier (PDM) can range from 0.85 to 1.05, and will be multiplied by your
calculated average. Students will be assigned a PDM of 1.0 unless behaviors are
exhibited that signify unreadiness for the workforce. Exceptional students may
also be rewarded accordingly.
Final Grade = Calculated Grade * PDM
Students will demonstrate professional demeanor and commitment in a variety
of ways: energetic and respectful participation in class, willing acceptance and
completion of obligations; punctuality; and not whining. Professional demeanor
includes several subjective items such as punctuality, attendance, positive
attitude, preparation, appropriate language and respectfulness to other students
and the professor. Students are expected to come to class prepared, participate
in activities and discussions, and treat others with respect
in the classroom, which includes listening interactively to classmates and the
professor, and respecting others’ viewpoints.
 |
Attendance is very important therefore students are expected to attend
class. It is your responsibility to contact the professor when you are
unable to attend, and to obtain information about missed assignments,
etc., from classmates. |
|
|
If you
must carry a cell phone, set it to vibrate instead of ringing. It is
best if you turn it off during class. Be prepared for class. Read the
assigned readings carefully before class, and spend some time thinking
about what you've read. Write down questions about the reading as they
occur to you. |
|
|
Read and
prepare answers for the Review Questions at the end of each chapter. |
|
|
Get to
class on time. |
|
|
Ask
questions in class or e-mail me questions to address during the next
lecture. |
|
|
Stay
alert and attentive in class. |
|
|
Participate in class discussions. |
|
|
Do not
carry on "sidebar" conversations with those around you in class. |
|
|
Spend
enough time on assignments to ensure that you are actually learning the
material, and are able to turn in work of high quality. |
|
|
Assignments are an opportunity to learn, not something to just "get
done." |
|
|
Turn in
assignments on time. |
|
|
Do not
leave class early unless prior arrangements have been made with the
professor. |
|
|
Do not
read the newspaper during class. |
|
|
Do not
bring meals or snacks to class. |
|
|
Every
cell phone, beeper, laptop volume control, pager, personal digital
assistant, should be set to mute or off before coming to class. If any
of these devices rings, beeps, or plays in class, it will be noted. |
|
|
Some
students enroll in a course already having experience in the subject
area, and while contributions to discussions are welcomed, arrogance and
unwillingness to learn or comply with professor directions is not
tolerated. |
LAPTOP POLICY
Increasing numbers of students are using personal computers to take notes in
class. Some classmates sitting nearby have occasionally been distracted by the
sound of the keys. To maintain an atmosphere conducive to learning in the
classroom and to avoid distracting others, students using laptops in classrooms
should follow these principles of good practice.
Set your computer so that no audible signal is heard (e.g., when the battery is
low). Similarly, install software so that there is no sound when the software is
"booted up" or used.
Students using portable or notebook computers in the classroom should make every
attempt to sit in an area of the classroom where noise from the computer will
not bother other students. In general, it is best if all students using portable
computers sit near the back of the classroom.
Restrict laptop use to note taking or class-related web sites. Random browsing,
playing computer games, exchanging e-mail and Internet messaging are
discouraged. If you engage in unauthorized communication or entertainment
(surfing, instant messaging, chat room chatting, DVD viewing, music playing,
game playing, etc.), you will be asked to leave quietly.
If a guest speaker comes into the class, please give the person your full
attention and close your laptops.
The CIS 410 class schedule for the fall semester. Changes are posted on the
web site.
| Day |
Chapter |
Topic |
| Aug 23 & 25 |
1 |
Introduction to Management of Information Security Initial concepts of
information assurance & identification of research goals Preliminary
knowledge survey & an introduction to concept maps Review of McCumber
model and its importance in security |
| Aug 30 & Sept 1 |
2 |
A review of leadership and management styles Planning for Security: A
discussion of top-down compared to bottom up planning. Cultural issues
of plan-driven v. event-driven planning. The information SYSTEM and the
issue of countermeasures |
| Sept 6 & 8 Day off |
3 |
Sept. 6th, Monday, is Labor Day Planning for Contingencies: Incidents,
disasters and avoidance methodologies. Is a business worth continuing? –
the issue of business continuity planning and disaster recovery. |
| Sept 13 & 15 |
4 |
Information Security Policy: Hitting a bull’s-eye with a security
policy. These are the guidelines for all your controls in the
organization. Preliminary proposal for the research paper is due on
Sept. 13th |
| Sept 20 & 22 |
5 |
Exam #1 on Chapter One – Four on Sept 20th Developing a
Security Program: How much security is needed and the critical nature of
education, training and awareness (SETA). |
| Sept 27 & 29 |
6 |
Final research paper proposal due Sept. 27th Security
Management Models and Practices: NIST 800-12 and 16 give great
guidelines … for government installations. How should private business
respond, through adherence to British standard 7799? |
| Oct 4 & 6 |
11 |
Analysis of personal credit report due Oct. 4th Law and
ethics: The interface between law and ethics is either large or small
depending on your viewpoint. What are the legal obligations of the
organization under law (Sarbanes-Oxley Act of 2002, Patriot Act, DMCA)? |
| Oct 11 & 13 |
On Liberty
7 |
The concerns for the harm principle and tyranny Risk Management: First
we must know our assets since we have met the enemy and it is us. |
| Oct 18 & |
20 |
Completion of chapter 7 Exam #2 covering chapters 5, 6, 7, and 11 plus
“On Liberty” on Oct. 20th |
| Oct 25 & 27 |
8 |
Risk Management – Assess and Control: the discussion from mitigation to
risk appetite. Group assignment for a security poster. |
| Nov 1 & 3 |
9 |
Protection Mechanisms: Technology for security of intrusion detection
systems, honey pots (the top of security countermeasures pyramid) Review
of a security policy due Nov. 3rd |
| Nov 8 & 10 |
10 |
Cryptography and encryption – Caesar had it right Personnel and
Security: Background checks and social engineering are critical in the
digital firm. Personnel security, credentials and practices, plus
systems maintenance – keeping security practices current and valid
Writing lab review of your research paper. |
| Nov 15 & 17 |
12 |
Project management – security implementations require planning,
planning, and more planning. |
| Day |
Chapter |
Topic |
| Research paper due |
– Nov. 17th |
|
| Nov 22 - 24 |
|
THANKSGIVING WEEK OFF |
| Nov 29 & Dec 1 |
|
Book review presentations |
| Dec 6 & 8 |
|
Book review presentations Knowledge survey revisited |
| Dec 17 |
|
Final exam Fri – 12:30p – 2:30p. |
CREDIT REPORT
You are to analyze your personal credit report from any of the national
credit reporting source
(Experian, Equifax, or Trans Union). These reports start at $9 and only a single
reporting source is required.
I am not interested in personal data for this assignment; however, I am
interested in the type of data required to initiate the report, length of
report, accuracy of the report, the detail of the report, what sources are
reported and your personal opinion on the data that is maintained. You should
attach a copy of the initial five pages of your report with sensitive data
blacked out. This assignment is due in memo format on.
KNOWLEDGE SURVEY (webct.isu.edu)
A portion of your grade is from completing a start and end-of semester
knowledge survey. This survey is not a test or graded assignment, but a survey
of your present and subsequent knowledge. The presemester knowledge survey is
available at the beginning of the semester.
BOOK REVIEW PRESENTATION
Part of a life-long learning process is to expand your exposure to the
writings of others. A group of students will review and briefly present the
concepts of one of the following books:
• A Gift of Fire – Sara Baase
• Information Warfare - Erbschloe
• The Right to Privacy - Kennedy
• Database Nation - Garfinkel
• The Cuckoo's Egg - Stoll
• The Art of Deception – Kevin D. Mitnick
These books are available at the library. Each presentation is a half hour long
and must include handouts and involve the entire group.
RESEARCH PAPER
This paper is a minimum of twelve pages in length will address the issue of
“adware/spyware” and linked to information assurance and the extended McCumber
model. This is a rich and robust topic worthy of expansion. Again, this paper is
expected to be at least twelve pages plus references, so you should research a
potential topic and then focus on critical components of that topic.
In this paper, I expect recent articles (limited to the last four years (due to
the “time-fragile” nature of information and privacy), although historic
references may be important to confirm past judicial decisions, events, etc.)
that support your analysis of information assurance in whatever domain you
select. These articles should be journal references; however a sprinkling of
periodicals is acceptable if they are respectable. I do not accept web sites
that are personal opinions (advocacy sites).
You should e-mail me a preliminary proposal of your research topic for approval
to proceed with your investigation of the topic. This preliminary proposal is a
title for your research and a brief summary of the area of research which should
include at least one paper title. The final proposal is also submitted for
approval. This proposal (which constitutes 10% of your research paper grade)
should consist of:
• Selection of topic
• Statement expressing central idea or theme
• Outline of paper
• Initial list of works cited in Chicago/Turabian format
Therefore, begin your initial research now to receive approval. A weak
proposal will receive less than 10 points.
The final paper is due Nov. 17th in both hard copy and electronic formats. All
the materials used in your research paper should be included. Your research
paper and electronic references must be burned to a CD and any pertinent pages
of a book should be included.
DETAILS:
The paper length is a minimum of twelve pages with one inch margins and a
title page plus
bibliography, Times Roman 12 point, 1½ space between lines, page numbering –
centered bottom, Chicago/Turabian footnoting (there are many resources on the
web – an example is:
http://www.bridgew.edu/depts/maxwell/turabian.htm). It is a requirement that
your paper be reviewed by the writing lab at least one week prior to submitting
your final report. The hard copy review is to be submitted with your final
paper. Your paper will not be accepted without a writing lab review.
PLAGIARISM:
Any submission of another’s work as your own will not be tolerated. You
cannot submit a paper that has been submitted for credit in another class. The
statement on academic dishonesty for the College of Business is at this web
site:
http://cob.isu.edu/resources/PolicyonAcademicIntegrity.htm The penalty for
plagiarism can include dismissal from school; it will definitely involve an F
for this class. An F due to plagiarism also includes a notation on your
permanent transcript.
Academic integrity is expected at Idaho State University and the College of
Business. All forms of academic dishonesty, including cheating and plagiarism,
are strictly prohibited, the penalties for which range up to permanent expulsion
from the university with “Expulsion for Academic Dishonesty” noted on the
student’s transcript. If you are unclear as to what constitutes academic
dishonesty, you can get a copy of the College of Business Policy on Academic
Integrity from the College of Business office in BA 202, or from the College of
Business website at
http://cob.isu.edu/resources/PolicyonAcademicIntegrity.htm or refer to
the ISU Faculty/Staff Handbook policy on academic dishonesty at:
http://www.isu.edu/fs-handbook/part6/6_9/6_9.html
|
