UMUC-Europe Syllabus

The standard for papers in the graduate program is the APA style. All participants in this course and all graduate MSIT, INSS, MGMT, PUAD, and ECON courses should have a copy of the style guide: American Psychological Association. (2001). Publication Manual of the American Psychological Association (5^th ed.). Washington DC: Author. All graduate students should be prepared to utilize the UMUC online library. The library contains a large number of full text academic journals that are free of charge and immediately available. The library homepage also contains a number of links related to improving students' research and writing skills.

Recommended Journals:

Publications of the various professional societies (such as ACM -- the Association for Computing Machinery, the IEEE Computing Society, and the various management professional societies) are strongly recommended. In addition, there are many trade journals (such as eWEEK) that IT professionals should become familiar with, many of these being published both weekly and on-line.

Course Description:

Major technological advances in computers and telecommunications systems have placed information, as tangible corporate assets, at risk. With the proliferation of corporate databases, telecommunications networks, microcomputer workstations and communications technologies, there are numerous threat paths which require risk and security management. This course investigates the risk and security management of information resources from a technical and management perspective. Students may receive credit for only one of the following courses: INFA 610 CSMN 655, INSS 635, or INSS 735.

Course Goals:

Upon successful completion of this course, the student should understand and be able to apply knowledge concerning: Threats to and vulnerabilities of modern computers and systems. Basic theoretical, engineering, and managerial concepts on which information security controls and techniques are based. Relationship of risk assessment methodology and information security. Relationship of industry and government to information security management. Current and emerging issues and trends in information security management issues.

Course Objectives:

Upon successful completion of this course, the student should be able to: Provide an in-depth study of the threats, vulnerabilities and security controls of information and telecommunications systems. Examine the historical, philosophical and emerging trends in risk assessment methodology and the parallel contributions to security and the control of information environments. Develop an understanding of information security techniques both technical and managerial. Foster a deeper understanding of the elements of information security management through an analysis of industry and government programs and policies. Provide the student with a knowledge base covering the full realm of information systems security issues.

Grading Information:

According to the Graduate School's grading policy, the following symbols are used: A (90-100) = excellent B (80-89) = good C (70-79) = passing F (69 or below) = failure The grade of "B" represents the benchmark for the Graduate School. It indicates that the student has demonstrated competency in the subject matter of the course, e.g., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, well-reasoned, well-organized, and grammatically correct responses, whether written or oral. Only students who fully meet this standard and, in addition, demonstrate exceptional comprehension and application of the course subject matter earn a grade of "A." Students who do not meet the benchmark standard of competency fall within the "C" range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they can earn an "F."

Course Requirements:

There are four deliverables for which you will be graded. The midterm and final exam will both be "take-home" essay exams which you will have approximately a week to complete and post. You will be graded on two short papers of 5-7 pages in good APA style. The first is to be on an issue in information assurance related to policy, privacy, confidentiality or intellectual property. The second is to be on a technology issue in information assurance. Midterm Exam: 20% Final Exam: 30% First Individual Paper: 25% Second Individual Paper: 25%

Description of Course Requirements:

Successful graduate students in American universities dedicate approximately three hours of preparation/study time for every hour spent in the face-to-face classroom. Thus, the following course requirements were developed on the assumption that students would be prepared to spend approximately 150 hours of their own time working on them. In an 8-week term, that is the equivalent of a half-time job. Most 14-week graduate distance education courses require at least 10 hours per week of dedicated time, plus time spent in the virtual classroom. STATEMENT ON WRITING REQUIREMENTS: Effective managers and leaders are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all analyses and papers must demonstrate graduate level writing ability and comply with the format requirements of the Publications Manual of the American Psychological Association. All writing assignments will be graded on the basis of content, logic, analysis, mechanics, organization, and research. Careful attention should be given to source citations, proper listing of references, the use of footnotes, and the presentation of tables and graphs. Work submitted online should follow standard procedures for formatting and citation. POLICY ON ACADEMIC INTEGRITY: Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes (but is not limited to) obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types. PLAGIARISM: Plagiarism is the intentional or unintentional presentation of another person's idea or product as one's own. Plagiarism includes, but is not limited to the following: copying verbatim all or part of another's written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources of material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources in footnotes. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion. Resubmission of course work from previous classes (whether or not taken at UMUC, UMUC-Europe or BSU), partially or in its entirety, is not acceptable in this course and will result in an automatic failure on the assignment. DISABLED STUDENTS: Students with disabilities who need to register or request services should contact the Staff Support Team four to six weeks in advance of registration to request and register for services. COURSE EVALUATIONS: Feedback on each graduate course and instructor is important to the university, your professor, and to all UMUC students. UMUC has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course you attend. This should be viewed as an additional course and program requirement.

Course Schedule:

SESSION 1: Introductions. Vulnerabilities to Automated Information Systems. Readings: Pfleeger, Chapter 1 SESSION 2: Viruses, Trojan Horses and other threats. Categories of Controls against threats. Administration of Security. Readings: Chapter 3 Chapter 8.1 SESSION 3: Copyright, patents, ethics and privacy. Readings: Chapter 9 SESSION 4 : Using encryption. Readings: Chapter 2 SESSION 5: Using encryption Readings: Chapter 2 SESSION 6: Using encryption Readings: Chapter 2 SESSION 7: Midterm Examination SESSION 8: Security in Operating Systems. Readings: Chapter 5 SESSION 9 Network & Communications Security. Readings: Chapter 7 SESSION 10: Database security. Readings: Chapter 6 First Paper Due SESSION 11: Risk Analysis, Effective Costs. Readings: Chapter 8 SESSION 12: Security Planning, Policies and Disaster Recovery. Readings: Chapter 8.1 SESSION 13: Administration of Security. Readings: Chapter 8 Second Paper Due SESSION 14: Final Words Final Exam

Academic Policies:

The University has a license agreement with Turnitin.com, a service that helps prevent plagiarism from internet resources. I may be using this service in this class by either requiring students to submit their papers electronically to Turnitin.com or by submitting questionable text on behalf of a student. If you or I submit part or all of your paper, it will be stored by Turnitin.com in their database throughout the term of the University's contract with Turnitin.com. If you object to this temporary storage of your paper, you must let me know no later than two weeks after the start of this class. Please Note: If you object to the storage of your paper on Turnitin.com, I may utilize other services to check your work for plagiarism The official university policy on Plagiarism and Academic Dishonesty can be found at http://www.umuc.edu/policy/aa15025.shtml. Section I.C. states: "Faculty may determine if the resubmission of course work from previous classes (whether or not taken at UMUC), partially or in its entirety, is acceptable when assigning a grade on that piece of course work. Faculty must provide this information in their written syllabi. If the resubmission of course work is deemed to be unacceptable, a charge may not be brought under this Policy and will be handled as indicated in the written syllabi." Please refer to Description of Course Requirements for specific information on how resubmissions will be treated in this course. Students with disabilities should contact the appropriate support office at UMUC-Europe. Jan Keller, Director of Student Services UMUC-Europe, Heidelberg Phone: +49-6221-378299 Email: edstudent_svc@ed.umuc.edu Mailing Address: Unit 29216, APO AE 09102 OR Im Bosseldorn 30, D-69126 Heidelberg, Germany Please refer to the UMUC-Europe Graduate Catalog for information on the following: Academic Integrity Course Load Exception to Policy Grade Appeal Process Make-up Examinations Nondiscrimination Code of Civility Hard copies of the catalog are available at your local Education Center.