Western Connecticut State University
MIS 341-71 / JLA 341-71 - Information Systems Security
Course Syllabus
FALL 2009
Dr. Marie A. Wright Office Hours
MIS Department
Office: WS 142 Monday: 9:30 am – 10:30 am and 1:30 pm – 2:30 pm
Telephone: (203) 837-9344
Wednesday: 9:30 am – 10:30 am and 1:30 pm – 2:30 pm
e-mail: wrightm@wcsu.edu
Web site: http://people.wcsu.edu/wrightm/ Thursday: 4:15 pm – 5:15 pm
Course Description
This course addresses both the behavioral and technological issues of information systems security. Topic include: physical protection, hardware and software controls, encryption techniques, network and telecommunications security, microcomputer security, viruses, computer security legislation, contingency planning, and disaster recovery.
PREREQUISITE
CS 140 or CS 143 or CS 170 or MIS 260
Course Purpose
To present the basic concepts of information systems security and ethics.
Required Text
Pfleeger, C. P., & Pfleeger, S. L. (2007). Security in Computing. (Fourth Edition). Upper Saddle River, NJ: Prentice-Hall, Inc.
Grading
7 exams, each worth 9% 63%
Research presentation 28%
Guest speaker summaries 9%
100%
Information systems security is a topic that is not highly defined, and it cannot be understood from a quick review of the reading material. By attending class and listening to the ideas presented by the instructor, the guest speakers, and your classmates, you will be able to form an infosec mindset by the end of the course.
You are expected to attend every class. You are responsible for the material presented or assigned in class, whether in attendance or not. Makeup exams will be given only as a last resort, and will be considerably more difficult than the original exam.
Letter Grade/Numeric Equivalents
A 93 and above B 83 – 86 C 73 – 76 D 63 - 66
A- 90 - 92 B- 80 – 82 C- 70 – 72 D- 60 - 62
B+ 87 - 89 C+ 77 - 79 D+ 67 – 69 F below 60
WITHDRAWAL
DEADLINE: November
6, 2009
Proposed Course Outline
NOTE: This is a tentative course outline and may be subject to change at any time
September 3 Course introduction
Ch. 1 Is there a security problem in computing?
Assignment: Read Ch. 1.
September 10 Ch. 1 exam
Ch. 2 Elementary cryptography
Assignment: Read Ch. 2.
September 17 Guest speakers: Mr. Robert Ancona, Senior Business Control Advisor, IBM Global Financing
Dr. David Safford, Manager, Global Security Analysis Lab, IBM Watson Research Center
Summary of guest speaker presentations – Due at the end of class.
September 24 Ch. 2 exam
Ch. 3 Program security
pages 98-149 (through Man-in-the-Middle Attacks)
pages 179-185 (Standards of Program Development through Where the Field is Headed)
Assignment: Read Ch. 3 (pages noted above).
Summary of your research presentation topic – Due October 1.
October 1 Due: Summary of your research presentation topic
Ch. 3 exam
Ch. 4 Protection in general-purpose operating systems
pages 188-193 (stopping at Memory and Address Protection)
pages 208 – 210 (Access Control List through Access Control Matrix)
page 215 (Role-Based Access Control)
pages 219-239 (User Authentication through Where the Field is Headed)
Ch. 5 Designing trusted operating systems
pages 242-245 (through Security Policies)
pages 250-251 (Clark-Wilson Commercial Security Policy through Separation of Duty)
pages 254-256 (Bell-LaPadula Confidentiality Model)
pages 264-278 (Trusted Operating System Design through TCB Design)
Assignment: Read Ch. 4, 5 (pages noted above).
October 8 Ch. 4 & 5 exam
Ch. 7 Security in networks
pages 376-460 (stopping at Digital Distributed Authentication)
pages 464-502 (Access Controls through Where the Field is Headed)
Assignment: Read Ch. 7 (pages noted above).
October 15 NO CLASS
October 22 Guest speakers: Mr. Richard Bunnell, Senior Security Engineer, MassMutual Financial Group
Mr. Philip McMurray, Director, Information Security Architecture and Consulting, MassMutual Financial Group
Summary of guest speaker presentations – Due at the end of class.
October 29 Ch. 7 exam
Ch. 8 Administering security
Assignment: Read Ch. 8.
Detailed outline of your research presentation – Due November 5.
November 5 Due: Detailed outline of your research presentation
Ch. 8 exam
Ch. 10 Privacy in computing
pages 603-611 (stopping at Controls on U.S. Government Web Sites)
pages 613-614 (Non-U.S. Privacy Principles)
pages 629-635 (Precautions for Web Surfing through Shopping on the Internet)
pages 638-645 (Impacts on Emerging Technologies through Where the Field is Headed)
Ch. 11 Legal and ethical issues in computer security
Assignment: Read Ch. 10 (pages noted above) and Ch. 11.
November 12 Guest speakers: Mr. Gerry Johansen, State of Connecticut Compliance and Accreditation Unit, and
Vice President, Secure Alternatives
Mr. Kevin Moker, Vice President of Information Security, Liberty Bank
Summary of guest speaker presentations – Due at the end of class.
November 19 Ch. 10 & 11 exam
Assignment: PowerPoint research presentation due via e-mail by 12:00 noon on Sunday, November 29.
November 26 HOLIDAY
December 3 Presentations
December 10 Presentations
December 17 Presentations
RESEARCH PRESENTATION
· Your presentation must deal with a current information security topic. The security topic should be of particular interest and relevance to you.
· Your presentation should be well researched, with at least 5 external references.
· Do not plagiarize.
· Do not give a presentation that you have done, or are going to do, in another course.
· Presentations will begin on Thursday, December 3, and will end on Thursday, December 17.
· Your presentation should be 15 minutes long.
· The first slide of your presentation should show the title of your presentation and your name.
· Provide a list of references at the end of your presentation. Only those references that have been used and cited in your presentation should appear in this list of references.
· Address your presentation to your colleagues in class; they are your audience.
· Your presentation should be done in a professional manner. The use of visuals (e.g., PowerPoint) is expected. Notes may be used during your presentation, but do not stand in front of the class and read.
· Attendance at all student presentations is expected.
Note the following deadlines:
October 1 – Summary of your research presentation topic (1 – 2 pages, double-spaced). Due at the beginning of class.
Provide a preliminary list of references.
Papers submitted late will lose 1 point off the research presentation grade for each calendar day late.
Papers submitted more than 5 days late will not be accepted.
November 5 – Detailed outline of your research presentation. Due at the beginning of class.
Include a list of references with complete citations.
Papers submitted late will lose 3 points off the research presentation grade for each calendar day late.
Papers submitted more than 5 days late will not be accepted.
November 29 – PowerPoint presentation due via e-mail no later than by 12:00 noon
E-mails received up to 24 hours late will have 10 points deducted from the research presentation grade.
E-mails received more than 24 hours late will not be accepted, and your research presentation grade will be zero.
GUEST SPEAKER SUMMARIES
On those days when guest speakers are scheduled, a short summary of the guest speaker presentations is due at the end of class. Your summary should include your evaluation of the speakers’ presentations.