Faculty Contact Information:
Mailing Address: UMUC – Unit 29216, APO AE 09102
Phone: 06224/929773 | |
Consultation:
in classroom during lunch break; other times by appointment
CLASS MEETINGS:
0900-1600
16/17 Aug; 6/7 Sept; 20/21 Sept; 4/5 Oct | |
Required Texts and Readings:
| Whitman, M.and Mattord, J. (2003). Principles of Information Security. Boston, MA: Thompson - Course Technology. | |
Supplementary Readings:
|
The standard for papers in the graduate program is the APA style. All participants in this course and all graduate INSS, MGMT, PUAD, and ECON courses should have a copy of the style guide:
American Psychological Association. (2001). Publication Manual of the American Psychological Association, 5th Edition. Washington DC: Author. All graduate students should be prepared to utilize the UMUC online library at http://www.umuc.edu/library/. The library contains a large number of full text academic journals that are free of charge and immediately available. The library homepage also contains a number of links related to improving students' research and writing skills.
Throughout the course, the instructor will assign specific articles that students are expected to read and discuss as part of the “Participation” component of the course grade. | |
Recommended Journals:
Publications of the various professional societies (such as ACM -- the Association for Computing Machinery, the IEEE Computing Society, and the various management professional societies) are strongly recommended. In addition, there are many trade journals (such as eWEEK) that MIS professionals should become familiar with, many of these being published both weekly and on-line.
Of particular interest will be
Communications of the ACM
and
Newsletter of the ACM Special Interest Group on Security, Access, and Control
| |
Course Description:
| 3 semester hours credit. Prerequisites: Either INSS 510, INSS 520, INSS 530, or permission of the Program Director. Explores security policies, models, and mechanics for secrecy, integrity, and availability. Topics include operating systems models and mechanisms for mandatory and discretionary controls; data models, concepts, and mechanisms for database security; basic cryptography and its applications; security in computer networks and distributed systems; as well as control and prevention of viruses and other malicious programs. | |
Course Goals:
Upon completion of the course, participants should:
1. Understand the threats, vulnerabilities and risks with an information system infrastructure
2. Understand the security issues in network systems
3. Have a basic understanding of cryptography
4. Be familiar with cryptographic technologies including symmetric key cryptosystem and asymmetric key cryptosystem
5. Have a basic understanding of firewalls, routers and protocols in communication systems
6. Be familiar with Risk Management practices
7. Be able to distinguish between business continuity and disaster recovery
8. Develop an understanding of laws and ethics regarding information systems security | |
Course Objectives:
At the conclusion of this course the student will be able to:
1. Identify the resources of an information system that must be protected
2. Distinguish information security from operations and physical security
3. List potential security threats, vulnerabilities and risks of information systems, particularly on the network
4. Define and discuss the role of cryptography
5. Evaluate various data encryption methods
6. Identify various control mechanisms used to prevent, detect and correct error in an information system
7. Define the responsibilities of Security Administrators
8. Be able to develop a disaster recovery plan for an information system
9. Develop standards, guidelines and procedures to implement security policy in an information system | |
Grading Information:
Grades for this course will be assigned as follows:
A 90%+ B 80 – 89% C 70-79%
F Below 70% F(a) or regular non-attendance F(n)
Grades of Incomplete or Withdrawal are governed by UMUC – Europe policies. Please refer to the UMUC – Europe Graduate Catalog available in your local Education Center or online at http://www.ed.umuc.edu/general_info/publications/catalogs/index.html for further details.
| |
Course Requirements:
Graduate school at the masters level focuses on helping students obtain the education needed for success as professionals in their chosen fields. Thus, UMUC-Europe Graduate Programs and Bowie State University share the common goals of promoting excellence in academic scholarship through thoughtful inquiry and the skillful application of knowledge and theory for the betterment of society.
In order to maximize your graduate educational experience in general and this course in particular, your course grade comes from:
Midterm Examination: 25%
Take-home Examination: 10%
Final Examination: 30%
Paper and Presentation: 25%
Participation: 10%
| |
Description of Course Requirements:
Midterm and Final Examinations will be in-class. Part of each exam will be similar to (or even the same as) the undergraduate exam; the graduates will have (an) essay question(s) that the undergraduate students do not have.
The Take-home examination will be (a) comps-type question(s). Since you will be allowed (encouraged, required) to use additional sources, it will essentially become a mini-paper. This will be assigned during the second weekend of class, and will be due the third weekend.
The paper and presentation are to be on some current “hot topic” pertaining to information system security and privacy issues. You are to research the topic significantly beyond whatever information the textbook provides, and then share your findings with the class. Since there are three weeks between the first and second weekends of class in this term, we will use email for your topic proposals and instructor feedback. No later than Tuesday, 2 September, you must submit a one-page proposal (Word or WordPerfect document) outlining your topic and the sources you expect to use for your research (you may add sources). You will receive feedback from the instructor on within two days regarding the suitability, scope, etc. of your proposal and topic.
The final version of your paper will be due, again via email and as a Word or WordPerfect document, no later than Wednesday, 1 October. You are encouraged to submit a rough draft for feedback sometime during the 3rd or 4th week of September.
Papers must conform to the APA style. The paper should be in the format described in the guidelines for the INSS 690 final paper (see http://faculty.ed.umuc.edu/~meinkej/inss690/apaguidelines.pdf). A Powerpoint summary of using references in the APA style can be found at http://owl.english.purdue.edu/workshops/pp/APA2.PPT and a more extensive description of the APA style is available at http://owl.english.purdue.edu.
You will give a Powerpoint presentation on your findings the afternoon of Saturday, 4 October. If you cannot be present that day, contact the instructor to arrange an alternate time for your presentation.
Every member of the class will be provided with access to the Webboard for this class (http://webboard.ed.umuc.edu/~mis/) and will be expected to check there frequently.
From time-to-time, questions will be asked in class (by the instructor and/or by students) for which you will be told to search out an answer (using the web, library, or other sources) and share the information found with the rest of the class via the Webboard. This is part of “Participation,” as the Webboard is our mechanism for communication during the weeks between class meetings.
If you must miss class, you are responsible for getting information from fellow students regarding what you missed. Assume that there will be discussion and/or lecture information that is not in the textbook. Realize also that the Course Schedule shown below is subject to change by the instructor as needed. The instructor is willing to help you regarding what you missed, but will not have notes regarding the discussions that take place in the classroom, nor on the presentations by the graduate students, and cannot repeat the class. Your “Participation” for the missed class should come in the form of postings to the Webboard.
If you must miss an exam, you are responsible for making arrangements with the instructor, in advance if possible.
| |
Course Schedule:
Projected Course Schedule:
AM Sat 16 Aug: Introduction; Introduction to Information Security (Ch. 1)
PM Sat 16 Aug: The Need for Security (Ch. 2)
AM Sun 17 Aug: Legal, Ethical and Professional Issues in Information Security (Ch. 3)
PM Sun 17 Aug: Risk Management: Identifying and Assessing Risk (Ch. 4)
Paper topic proposal due via email by Tuesday, 2 September
AM Sat 6 Sept: Risk Management: Accessing and Controlling Risk (Ch. 5)
PM Sat 6 Sept: Blueprint for Security (Ch. 6)
AM Sun 7 Sept: Planning for Continuity (Ch. 7)
PM Sun 7 Sept: Question time; Midterm Exam (Chapters 1-7)
AM Sat 20 Sept: Security Technology (Ch. 8)
Rough draft of paper encouraged this week or next
PM Sat 20 Sept: Cryptography (pg 323-354)
AM Sun 21 Sept: Physical Security (Ch. 9)
PM Sun 21 Sept: Implementing Security (Ch. 10)
Final version of paper due via email by Wednesday, 1 October
AM Sat 4 Oct: Security and Personnel (Ch. 11)
PM Sat 4 Oct: Graduate Student Presentations;
Information Security Maintenance (Ch. 12)
AM Sun 5 Oct: Information Security Maintenance (Ch. 12);
Review and Course Wrap-up
PM Sun 5 Oct Final Exam
(Comprehensive, with heavier emphasis on material since the Mid-term)
| |
Academic Policies:
Please refer to the UMUC - Europe Graduate Catalog, available online at http://www.ed.umuc.edu/general_info/publications/catalogs/index.html or from your local Education Center, for information on the following:
Academic Integrity
Course Load
Exception to Policy
Grade Appeal Process
Make-up Examinations
Nondiscrimination
Students with Disabilities | |
Faculty Bio:
| Dr. Dean earned the BA in Mathematics from Vanderbilt University, and the MS and PhD in Computer Science from the University of Alabama in Birmingham. She has worked at various times as a programmer, programmer/analyst, systems analyst, and project manager in the areas of medical information systems, small business support, and life insurance. Since 1975, she has been involved in teaching and curriculum development in computing, most recently at Samford University in Birmingham, AL. She has served on the Board of Directors and as President of the Consortium for Computing Sciences in Colleges. She serves on the Regional Board of the CCSC Southeastern Conference. Her areas of interest include curriculum development, database management systems, programming languages, security, and operating systems. | |