After completing this course, the student should be able to:

• Identify and discuss the fundamental reasons why information systems security is such a critical element in today's business, government, education, and home technology-based environments
• Identify and discuss the key information systems security legislative and policy documents that provide guidance in developing an information system security program for an organization (informatioin literacy)
• Review and develop the key elements of an information systems security management program
• Perform and document a risk-based analysis of information systems security for an organization, to include identification of threats, vulnerabilities, and countermeasures (effective writing)
• Develop a security plan to address the results of the isk assessment (effective writing)
• Research and report on the key technological solutions to achieving information systems security (information literacy, effective writing)
• Identify and discuss the ethical and societal issues related to implementing information systems security programs (civic responsibility)

The course is based on the security standards as defined by NIST and is presented in teh following topic areas:

Requirements for Information Systems Security
We will review incidents that highlight the need for information systems security.  These incidents occur at work and at home.  They affect our use of information systems and require actions on the part of ourselves and our employers to ensure that systems are available for use.  In an age of reliance on the Internet and Internet economy, any disruptions to Internet systmes are costly and may, at times, be life-threatening.  It is mandatory that individuals and organizations be aware of and address these issues.

Guidance in Developing Information Systems Security Programs
You will review several key oprational documents that will assist you in understanding information systems security.  These documents provide the basis for building information systems security programs because they provide guidance that can be used in a specific operational environment.  You will also begin to identify and discuss reasons for the development of risk-assessment security plans that provide information assurance and security for organizations.

Performing Risk Analyses
You will follow the NIST guidelines (NIST Special Publications 800-26 and 800-30).  Government and industry use this methodolgoy.  You may find it interesting that the National Security Agency uses a simlar modified method; they call it a Level I Assessment.  NSA's level II Assessment includes monitoring tools, and their Level III Assessment includes systems-penetration testing (i.e., hacking) and requires judicial approval.

Technology Issues and Solution Tools for Information Systems Security
This topic deals with many of the technical issues related to information systems security.  The list of topics to cover grows on an almost daily basis.  You will be provided with relevant URLS for each topic but we will concentrate on three: viruses, intrusion-detection methods, and the fastest-growing area of interest, biometrics.  Each of these topics is worthy of your in-depth study.  However, one or several may be of specific interest to you where you work.

Ethical and Social Issues Related to Information Systems Security
The Information Age has brought great benefits.  It has also, as we have discovered, raised many issues related to information systems security.  In attempting to address those security issues, new and different issues have now come to the fore.  For each security risk there is a countermeasure.  Most of these countermeasures require that controls be put into place, both procedurally and technically.  The sum of theses controls empowers organizations to monitor an individual's digital world.