IA in Classes
Home Up Reports

Informatics Research Institute

Up

CIS 285 Introduction to Software and Systems Architecture 3 credits

Hardware systems architecture; programming logic and design fundamentals. Includes processor technology, data representation, systems integration and performance, networks, operating systems and systems administration, modules, hierarchy, menus, input validation, object oriented programming, and graphical user interfaces.

Information Assurance Topics Covered

The course provides a rudimentary technical introduction to systems software and architecture, and the functions of a system/network administrator.  The course is a combination of lecture and hands-on labs.  IA and security implications are addressed as follows:

bullet In the general presentation of operating systems, we address buffer overrun threats in the context of the discussion of memory management and the tracking of user permissions in the structure of the process control blocks and file management systems. Integrates discussion of authentication technology embedded in OS, network OS and directory services.
bullet In the networking module, we provide and very general introduction to encryption, explicitly discuss PKI, and present the distinction between firewall and IDS functionality.
 
Somewhat unique in a general architecture course, we include a specific module on security and systems administration.  The security responsibilities associated with the systems and network administration functions are emphasized.  Students are encouraged to think of IA in terms of information integrity, confidentiality and availability.  They are introduced to a variety of technical threats and admonished to be cognizant of accidental as well as malicious threats.  Insider threats and social engineering our also discussed.  The emphasis is on helping students to recognize that IA is a function of good user education and effective security policies as well as technical sophistication.

 

CIS g490 Management of Information Systems 3 credits

Study of the problems associated with the organization, management, and operation of an information processing facility.

Information Assurance Topics Covered

CIS 490/590 serves as a capstone course for CIS undergraduate majors and an elective course for graduate students seeking MBA with emphasis in information systems. 

In contrast to the many information Systems management courses that emphasize IS business strategy, this course focuses on the internal management of the IS function.  The course is gradually evolving to better incorporate IT Infrastructure Library (ITIL) IT management model where security is recognized not only as an independent function, “security management” but as a critical embedded element in infrastructure management, service management (including service delivery and support) and applications management.   For example, security issues are incorporated into discussion of configuration and change management practices.

While, the ITIL model does not explicitly address the organization of these functions, the course does.  With reference to security management, students are specifically introduced to issues concerning location of various security responsibilities internal or external to the IS function.  Case material is presented that sensitizes students to the type of failures that can occur when security functions are not clearly defined and behavioral issues that can result when security roles are split between systems administrators and an external security staff. 

MBA 624 Information Technology in Business 3 credits

The use and assessment of information technology in organizations. Focus is on strategic and integrative issues

Information Assurance Topics Covered

MBA 624 is part of the MBA core.  The primary purpose of this course is to provide all M BA students with a fundamental understanding of how information technology can be employed to support business strategy.  While the primary focus of this course is to introduce students to IS strategy, an ancillary objective of this course is to encourage non-IT line managers to take some responsibility for the quality and functionality of the IT support they receive.  That is, the course is intended to help non-IT managers become more sophisticated and demanding consumers of IT services. 

Students are encouraged to recognize the distinction between IT infrastructure and business application investments and understand how infrastructure investments can impact the overall quality of IT services.  The course presents a specific module discussing IA issues.  Students are introduced to the concepts of information integrity, confidentiality and availability.  Students are requested to assess the business implications of IT failure (regardless of cause) and are generally introduced to disaster recovery and continuity of operations. 

Assigned readings typically include practitioner-oriented security publications such as the latest version of Symantec Internet Security Threat Report.  The implications of identified threats are discussed, as well as insider threats and social engineering.  Policy and technical aspects of IA are also presented emphasizing that IA is an enterprise-wide responsibility and not simply a function of the IS and/or security activities.

All material on this site is copyright unless otherwise noted.
Please respect the authors rights by requesting permission for use and ensuring proper attribution and credit.