1.     Catalog Description

To enable students to understand security technologies such as cryptography, authentication, authorization, non-repudiation, and commercially available security packages (PKI, PGP, Kerberos, SSL, VPN).Reviews the current security issues in terms of technical, managerial, and legal aspects in a gamut of information systems, with emphasis on e-Commerce. Prevention and administration techniques for securing computers and networks will be discussed in terms of theory and practice.  Prerequisite: MIST 705

​ 

2.   Expected Outcomes

      This course provides an overview of Computer Information Systems Security issues in the current context of the network economy, and discusses the theory and areas of practice.  The expected outcomes are:

1.   To enable students to realize that effective security in today’s network economy requires securing the confidentiality, integrity and availability of information as-sets in four dimensions – the technical (hardware and software), physical (media, building, equipment, etc), organizational (IT alignment, structure, corporate governance, legal, etc) and managerial (policies, procedures, etc) aspects of the information asset.

​ 

2:To enable students to understand the management issues of requirements, policies, procedures, risks, audit, controls, and governance in Corporate Information Systems Security.

​ 

3:To enable students to understand security technologies such as cryptography, authentication, authorization, non-repudiation, and commercially available security packages (PKI, PGP, Kerberos, SSL, VPN).

​ 

4:To enable students to understand the various security technologies used to secure applications, databases and platforms in both wireless and wired networks.

​ 

5:To enable students to assess the security risks associated with newer areas such as e-business, mobile applications, XML and Web Services, wireless communications, and application server.

​ 

6: To enable students to understand the impact of the various legislations on business practices, for example, The Gramm-Leach-Bailey(GLB) Act and Sarbanes-Oxley Act for the financial industry; Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Act (PHIA) for the health care services; Privacy Act – USA for privacy; and the Federal Information Security Management Act(FISMA), Homeland Security Presidential Directives(HSPDs), and the Patriot Act for homeland security.

​ 

3:   Each student is expected to have a working campus email account.

 

4.   Expanded Description of the Course and Instructional Methods:

​ 

This course has been developed to introduce students in business to some of the main concepts and theories that have emerged in the field of knowledge that is generally described as "information security." Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction (http://www.law.cornell.edu/uscode/html/uscode44/usc_sec_44_00003542----000-.html). The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.

Information Security Components: whereas information is transmitted, stored, encrypted, or processed, its value derives from three main attributes or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: Physical, personal and organizational. Essentially, procedures or policies are implemented to tell people (administrators, users and operators) how to use products to ensure information security within the organizations.

Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business’s customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, lawsuits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases an ethical and legal requirement. For the individual, information security has a significant effect on Privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. It offers many areas for specialization including Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few. (Adapted from Wikipedia, the free encyclopedia).

In the class work, students will be asked to apply their knowledge to case studies and develop solutions to the information security problems. The course work will also require the students to gain experience of a limited range of computer software tools in order to better understand the practicalities of deploying such systems in real-time business settings, and their use off-line in strategy and policy development.

Instructional methods:
a.   Instructional methods used in this course include lectures, class discussions and in-class demonstrations:

1.     Lectures are used to clarify and supplement text readings

2.     Class discussions are used to facilitate student understanding and provide integration of course material within the business educational domain

3.     Assignments provide hands-on experience with information technologies

b.   Students are expected to assimilate a portion of course content through self-study of the textbook and instructor-provided materials.

 

​ 

5.  Textbook

Management of Information Security

Authors       Michael E. Whitman, Herbert J. Mattord

Edition        3

Publisher    Cengage Learning, 2010

ISBN           1435488849, 9781435488847

Length        546 pages

 

Reference Textbooks:

Readings and Cases in the Management of Information Security, 1st Edition

Michael E. Whitman - Ph. D., CISM, CISSP - Kennesaw State University

Herbert J. Mattord - MBA, CISM, CISSP - Kennesaw State University

ISBN-10: 0619216271  ISBN-13: 9780619216276

272 Pages  Paperback

©2006     Published

 

​
 

​
 

 

Oher Materials