This course is a managerial view of information security. It provides brief hands-on experience with technical aspects of security, but it concentrates on planning, risk management, development, specification, informal, cultural and legal aspects of information security management. The pre-requisite for this course is INSS640 - Information Systems in Business.
In the first part of the course (weeks one to five) we study the basic information security concepts and have a hands-on introduction to technical aspects of information security. The second part of the course (weeks six to eleven) covers managerial and informal aspects of information security. Finally, the last part of the course (weeks twelve to fifteen) introduces cultural, standards, legal and forensical aspects of information security.
You will work in a small group to do assignments and discuss and report on selected security cases. All cases are included in the Textbook. You will also take home a mid-term and final exam. Assignments (5) differ from cases (8) in their nature. Assignments are hands-on exercises, while cases are short essay papers (between two to five pages). Both are to be made in groups of 2-3 students and posted as one file per group in the ASSIGNMENTS area of WebTycho. Both the mid-term and the final exams are to be done individually.
We offer other courses with a more technical emphasis such as INSS753 - Internet and Network Security if you are also interested.
The exercises are hands-on use of security tools to provide practical experience with information security software. The assignments are to be done in group and posted on the corresponding ASSIGNMENTS tab in WebTycho, as follows:
The cases are actual situations that allow us to discuss specific information security management issues and topics. The cases are also to be done in group and a final report is to be submitted in the corresponding ASSIGNMENTS tab in WebTycho, as follows (the numbers in parenthesis are the page number of the case in the Textbook):
The mid-term exam is an individual exam comprised of modified multiple-choice questions, where you select an answer and explain why you did so, and a few hands-on exercises based on the exercises you did in group.
The final exam is an individual exam comprised of multiple-choice questions, where you select an answer and explain why you did so, and a few essay questions based on your experiences with the cases discussed in class.
Dhillon, Gurpreet Principles of IS Security:Text and Cases, Wiley, 2007. ISBN 13-978-0-471-45056-6.
See also: Book student resourceWeb site.
to be added throughout the semester, in addition to the ones available in the book Web site.
|01/29||Information security and basic security requirements [1,2]||Google hacking exercise|
|02/05||Models for security specification ||Cases in Computer Crime (349)|
|02/12||Cryptography in information security ||PGP e-mail exercise|
|02/19||Network security - vulnerabilities ||scanning exercises|
|02/26||Network security - defense mechanisms ||firewall, IDS exercises|
|03/05||Formal Information Security and Planning [6,7]||Developing a Security Policy at M&M (431)|
|03/12||Designing information systems security ||Security Management at the Tower (369)|
|04/02||Risk management for information security ||Case of a computer hack (325)|
|04/09||Informal aspects and governance of information security [10,11]||IS security at Southam Council (356)|
|04/16||Culture and information security ||Computer crime and the demise of Barings Bank (375)|
|04/23||Information security standards ||Taylor City Police Department security breach (426)|
|04/30||Legal aspects of information security: HIPAA, SOX, FISMA ||Software for legal aspects of IT security : a Web exercise|
|05/07||Computer Forensics ||Botnet: anatomy of a case (335)|
This page is maintained by Al Bento who can be reached at firstname.lastname@example.org. This page was last updated on February 8, 2007. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.