INSTRUCTOR: Charlotte Eudy McConn, M.S., CDP, CISSP
Office:106 Hawthorn Building Office Hours: M: 10am-12pm, W: 2:30-3:30
Access to course material and readings can be found in the ANGEL Course Management System (CMS),http://cms.psu.edu.
|Click here to
* Course Description
* Course Objectives
* Course Outline
* Class Policies & Grading
Angel Logon,(Submit labs, check due dates)
Why should SRA majors be interested in this course?
Communication technologies have become a key component to support
critical infrastructure services in various sectors of our society. In
an effort to share information and streamline operations, organizations
are creating complex networked systems and opening their networks to customers,
suppliers, and other business partners. Increasing network complexity,
greater access, and a growing emphasis on the Internet have made information
systems and network security a major concern for organizations.
COURSE DESCRIPTION: (University
IST 456 Security and Risk Management
IST 456 focuses on security and risk management. Students will learn
contemporary security issues; security management processes, architecture
and models; risk analysis and management; security planning, analysis
and safeguards; security policies development and administration; contingency
planning, incidence handling and response; and security standards and
certification processes. 456 will also address security certification
and accreditation, security inspections, security processing mode, and
system certification .
A major component of the course will be case studies and a final team-based
project. This course will incorporate collaborative and action-learning
experiences wherever appropriate. Emphasis will be placed on developing
and practicing writing and speaking skills through application of the
concepts, theories and technologies that define the course.
COURSE LEARNING OBJECTIVES:
Upon completion of the course, the student will:
• Have experience researching and analyzing security and risk management
• Define an information security strategy and architecture
• Be able to develop a comprehensive information systems security
• Understand the interactions between systems design, systems management,
social factors and the socio-political environment as pertain to security
and risk management
• Describe the components of and the importance of management involvement
in disaster recovery and continuity planning
• Understand the role of security inspections, security certification
and accreditation, and system certification.
• Explain integral parts of overall good information security practices
• Identify the social and technical issues related to effective
• Describe the need for and development of information security
policies, and identify guidelines and models for writing policies
• Create an effective security assessment of an organization
• Define risk management and explain why it is an important component
of an information security strategy and practice
• Present a disaster recovery plan for recovery of information assets
after an incident
• Identify security issues related to personnel decisions, and qualifications
of security personnel
• Research current best practices in security
management as supported by major professional organizations
REQUIRED READINGS AND REFERENCE MATERIALS:
I recommend that you set aside at least two hours per week in the library for completing the assigned readings for this course and download all online readings at the beginning of the semester to mitigate risk. Weekly reading assignments can be found on the Angel course management Calendar and links to online readings can be found in the Angel Lessons tab.
1) Text: Management of Information Security, 3rd
ed. Whitman & Mattord, Course Technology, ISBN 13:
•This site contains many of the links to the government security documents (SP 800-xx) mentioned in your text.
3) At technet.microsoft.com:
"Security and Risk Management Guide"
Supplementary information for the course is available on the Angel course
management system at cms.psu.edu. The Web site contains class notes, PowerPoint
slides, class announcements, the course syllabus, test dates, and other
information for the course. Answers to the end-of-chapter review questions,
student assignment files, and hands-on projects also can be obtained from
the Web site.
Library Reserve: Reference materials and copies of readings are available
for your use at the course reserve desk in the library. Other articles
& case studies may be assigned throughout the semester.
IST 456 - TENTATIVE COURSE OUTLINE
Check the Angel course management system for course topics by week,
assignments, tests dates, and other course announcements.
Week Topic Assignments: Notes & Due dates:
1 Introduction & course overview Text Cpt 1
2 Investigate InfoSec standards websites NIST, CERT, DHS, Angel Qz 1 Due
Microsoft Technet Website Presentation
3 Planning for Security, Text Cpt 2
4 SDLC vs SecSDLC Text Cpt 2 Angel Qz 2 Due
5 Planning for Contingencies Text Cpt 3
(Incident response vs Disaster Recovery Planning)
6 World Trade Center Case Study Angel Qz 3 Due
7 Disaster Recovery Case Study Research Research Presentations
8 Review & exam Exam Cpt 1-3
9 InfoSec Policy Development & Mgmt Text Cpt 4
10 Policy Standards SP 800-18 NIST Website Policy Manual Project
11 Developing the Security Program Text Cpt 5 InfoSec Policies
& Training Plan Due
12 IT Security Training SP 800-16 NIST Website Angel Qz 5 Due
13 Security Management Practices Text Cpt 7 Angel Qz 7 Due
Thanksgiving Break, no class
14 Personnel and Security Text Cpt 11
15 Security Self Assessment Text Appendix A Angel Qz 11 Due
Exam Week Exam Cpt 4,5,7,11
Check Angel for specific instructions.
(10% of grade) Attendance and participation
(40% of grade) Research Assignments and Presentations:
(10% of grade) Online quizzes for each assigned reading by specific target dates.
(40% of grade) Exams