DEPARTMENT:
|
|
Internet
Technology
|
SUBJECT CODE/ COURSE TITLE: |
|
IT 666/Information Technology Management |
CLASS HOURS: |
|
3 Class Hours per Week |
CREDITS: |
|
3 |
PREREQUISTE: |
|
|
TEXTBOOKS: |
|
T. Peltier | Information Security Risk Analysis |
Auerbach Publications | 2005 | ISBN: 0-8493-3346-6 S. Purser | A Practical Guide to Managing
Information Security | Artech House | 2004 | ISBN: 1-58053-702-2. |
REFERENCE: |
|
Internet. M. Whitman and H. Mattord | Management of
Information security | Thomson Course Technology | 2004 | ISBN: 13:
978-0-619-21515-6 & 10: 0-61921515-1 Computer Magazines and Journals |
SEMESTER: |
|
Fall 2006 |
PREPARED BY: |
|
Dr. A. Joseph |
Course
Description: This course discusses information security from
organizational and managerial perspectives. For an organization, information
security is a continuous management process. Security technology alone cannot
facilitate this process without security tradeoffs and various policy issues
embedded in the process. This course will provide students with a background in
managing information security in organizations. Topics include risk
identification and assessment, security policy and planning, personnel and
security, privacy, security auditing, legal issues.
Professor:
|
|
Dr. A. Joseph
|
Office:
|
|
|
Telephone: |
|
212 346 1492 |
Email: |
|
|
Office Hours: |
|
Wednesday (NYC) |
Final examination:
|
|
40%
|
Mid-term examination: |
|
25% (No make up) |
Homework: |
|
10% (No late homework accepted.) |
Class Participation |
|
|
Project/Report: |
|
35% (A late project will be penalized 5 points per
day for 5 days) |
|
|
|
Extra credit assignment (Optional): Note: Only for students who are otherwise
fulfilling all of the other course requirements. |
|
10% (Due week 12) |
Above 92%
|
|
|
90% -- 92% |
|
|
85% -- 89% |
|
|
80% -- 84% |
|
|
75% -- 79% |
|
|
70% --74% |
|
|
65% -- 69% |
|
|
Below 65% |
|
|
Note: Grade is computed to the nearest whole number. |
Rationale and Learning Objectives
Rationale
Security technology alone is not enough to achieve
information security in organization. It is necessary for security
professionals being aware of the managerial tradeoffs and various policy issues
in utilizing security technology. The purpose of this course is to provide
students with a background in such issues.
Objectives
Students are expected to accomplish the following
after they complete this course:
1.
Understand
Information security management
2.
Understand how to
create and implement security policy
3.
Understand how to
create an organizational security program
4.
Explain and
understand how to implement security management models and practices
5.
Identify and
assess risk
6.
Understand when
to employ appropriate techniques and protection mechanisms in security
management
7.
Understand the
relationship between personnel and security management
8.
Understand law
and ethics issues in security management.
Tentative
Examination Schedule:
Course Section |
Midterm Exam Date |
Project Presentation & Submission Date |
Final Exam Date |
IT 666 (CRN 72664) |
|
|
|
Note: In the interest
of learning, it is very important to
come to class prepared to learn – do all required assignments. Failure to do so
could diminish your ability to get the most out of each lesson and the class.
Remember that learning is action oriented.
Note: It is very
important you read and familiarize yourself with CSIS Statement of Student Responsibilities (see attachment).
TOPICS COVERED
Weeks |
Topics
|
Assignments
|
|
|
|
|
|
1 |
Risk management and frequently asked
questions: The why, what, when and who of risk analysis and
risk assessment; risk management as a business process; employee roles and
responsibilities; information security life cycle; risk analysis process;
risk assessment; cost-benefit analysis; and risk mitigation. |
to be assigned |
|
|
|
|
|
2 |
Risk assessment process: Risk
assessment process; information as asset; and risk assessment methodology |
to be assigned |
|
|
|
|
|
3 |
Quantitative versus qualitative risk
assessment: Quantitative and qualitative pros and cons;
qualitative risk assessment basics; qualitative risk assessment using tables;
the 30-minute risk assessment; vulnerabilit6y analysis; hazard impact
analysis; questionnaires; and single time loss algorithm. |
to be assigned |
|
|
|
|
|
4 |
Management techniques: knowledge and
experience; security incidence and vulnerability information; strategy and
planning; policy and standards; processes and procedures; methods and
frameworks; audits; contracts; and outsourcing. |
to be assigned |
|
|
|
|
|
5 |
Need for a proactive approach and a
proactive approach overview: reality of the modern enterprise; evolution of
organizational structures; limitations of policy-driven decision making;
education and awareness; operational issues; new challenges; The (not so)
Secure Bank; decide on personal strategy; consolidation period; strategy planning
cycle; and core deliverables. |
to be assigned. |
|
|
|
|
|
6 |
Information security strategy: need for
strategy; planning; analysis of current situation; identification of business
strategy and legal and regulatory requirements as well as requirements due
external trends; definition of target situation; definition and
prioritization of strategy initiatives; distribution of draft strategy; and
agreement and publication of final strategy. |
to be assigned |
|
|
|
|
|
7 |
Mid-term examination |
|
|
|
|
|
|
8 |
Policy and standards: Documentation;
policy; establishing a control framework; and standards |
to be assigned |
|
|
|
|
|
9 |
Process design and implementation: Requirements
for stable processes; process improvements; improving the authorization and
access-control procedure of The Secure Bank; and continuous improvement. |
to be assigned |
|
|
|
|
|
10 |
Building an IT security architecture: Evolution of
enterprise IT infrastructure; problems with system-focused approaches; and
three phase approach: design; implementation; and administration and maintenance
phases. |
to be assigned |
|
|
|
|
|
11 |
Creating a security minded culture: Techniques
for introducing cultural change; internal marketing sales; support and
feedback; security awareness training; security skills training; and
involvement initiatives. |
to be assigned |
|
|
|
|
|
12 |
Project
presentation and submission: projects presented to class and submitted. |
to be assigned |
|
|
|
|
|
13 |
Law and ethics: legal
environment; ethical concepts and differences therein; certifications and
professional organizations; and organizational liability and need for
counsel. |
to be assigned |
|
|
|
|
|
14 |
Final
Examination. |
|
|
|
|
|
|
|
|||
|
|
||
|
|
||
Note 1: This course
is structured around freely formed small collaborative teams in a cooperative
learning environment. Students are encouraged to work together in their
respective teams to form effective and productive teams that share the
learning experience within the context of the course, help each other
overcome learning difficulties, spend time to get to know each other, and
spend time each week to discuss and help one another with the course work
(content and assignments). Each team member is responsible for the completion
and submission of each assignment. Each team member will be individually
graded. |
|||
|
|||
Note 2: During the
first class session, student background information may be collected to get a
sense of the diversity of student population, educational background, and
learning style. An assessment test may be given to determine students’
prerequisite knowledge of the subject. |
|||
|
|||
Team project: Students in
small teams of two to four persons will participate in a research project
supported by a technical report. The research topic will be on an emerging
area of interest to an organization or the research community. In this
project, teams will conduct research to assist in the determination of the
solution to the research problem. They will demonstrate their knowledge and
understanding of how research is conducted and the significance of the
problem solution. The project grade to individual students within a team will
be based upon their personal involvement and level of participation in the
project as determined by their teammates and the professor. |
|||
|
|||
Web support: This course
may be supported with most or all of the following Blackboard postings:
lesson questions, lessons (MS PowerPoint), instructions and guidelines
pertaining to the course, information security management related news, team
and class discussions boards, correspondence about the course, homework
solutions, examination grades, and miscellaneous course related information
and activities. |
|||
|
|||
Supplementary materials: Handouts in
class or web postings of current events and issues affecting information
security and risk analysis/assessment.
Some books that may be helpful to the course will be posted on
Blackboard. |
|||
|
|||
In class activity and participation: Students are encouraged to bring to class articles on current newsworthy events in information security, risk analysis/assessment and management and related news to share with the class. Students are welcome to inform the class on these events and their significance to information security management. |
|||
Students are strongly encouraged to download
relevant posted lessons from Blackboard and review them. They are encouraged
to ask questions about these lessons in class. Effort may be made to present some lessons using the
storytelling format supported with subsequent discussion and elaboration on
the central themes of the respective lessons. The key elements of a story are the following: causality,
conflict, complication, and character. |
Collaborative teams are designed to function outside
of the classroom. Collaborative team activities will be reinforced inside the
class during the lessons. Teams are encouraged to function cohesively and to participate
in all class activities.
The following excerpts about collaborative learning
are from research documents:
·
In the university
environment, educational success and
social adjustments depend primarily on
the availability and effectiveness of developmental academic support systems.
·
Most organized learning occurs in some kind of team team characteristics
and team processes significantly contribute to success or failure in the
classroom and directly [affect] the quality and quantity of learning within the
team.
·
Team work invariably produces tensions that are
normally absent, unnoticed, or suppressed in traditional classes. Students bring with them a variety of
personality types, cognitive styles, expectations about their own role in the
classroom and their relationship to the teacher, peers, and the subject matter
of the course.
·
Collaborative
learning involves both management and decision-making skills to choose among
competing needs. The problems
encountered with collaboration have management, political, competence, and
ethical dimensions
·
The two key underlying principles of the collaborative
pedagogy are that active student involvement is a more powerful learning tool
than the passive attendance and that students working in teams can make for
more effective learning than students acting alone. The favorable
outcomes of collaborative learning include greater conceptual understanding, a
heightened ability to apply concepts, and improved attendance. Moreover, students become responsible for their own learning is likely to
increase their skills for coping with ambiguity, uncertainty, and continuous
change, all of which are characteristics of contemporary organizations.
Who creates a new activity in the face of risk and
uncertainty for the purpose of achieving success and growth by identifying
opportunities and putting together the required resources to benefit from them?
Creativity is
the ability to develop new ideas and
to discover new ways to of looking at problems and opportunities
Innovation is
the ability to apply creative solutions to those problems and opportunities to
enhance or to enrich people’s lives.
Each team may be viewed as a small business that is
seeking creative and innovative ways to maximize its product, academic
outcome or average team grade. A satisfactory product is the break-even team
average grade of 85%. Teams getting average grades above 85% are profitable
enterprises. |