Skip Navigation
 

ISSC422 - Information Security

Course Details

Course Code: ISSC422 Course ID: 3183 Credit Hours: 3 Level: Undergraduate

This course allows students to examine a broad range of computer security issues and provides the student with technical knowledge not normally addressed in traditional training. It explores the protection of proprietary information and security planning with an emphasis on networked computer vulnerabilities. It also focuses on detection (e.g. viruses, hackers, types of computer crime, computer forensic examination, etc.), as well as disaster recovery and technology law. A primary focus is put on security of systems and computer crime prevention. Also addressed is the maturing criminal population with increased computer literacy, whose tendency is to move from violent actions to more profitable computer crime. Finally, issues of privacy and freedom of information are examined. This course meets the topical requirements of the DoD Directive 8570.1M Information Assurance Management (IAM) Technical II and Management I categories. Requires CITRIX CLIENT SOFTWARE INSTALLATION FOR ONLINE VIRTUAL LABS accessibility.





Course Schedule

Registration Dates Course Dates Session Weeks
05/27/19 - 11/01/19 11/04/19 - 12/29/19 Fall 2019 Session I 8 Week session
06/24/19 - 11/29/19 12/02/19 - 01/26/20 Fall 2019 Session D 8 Week session
07/29/19 - 01/03/20 01/06/20 - 03/01/20 Winter 2020 Session B 8 Week session
08/26/19 - 01/31/20 02/03/20 - 03/29/20 Winter 2020 Session I 8 Week session
09/30/19 - 02/28/20 03/02/20 - 04/26/20 Winter 2020 Session D 8 Week session

Current Syllabi

After you have completed this course, you should be able to:

CO1: Identify and prioritize information assets.

CO2: Identify and prioritize threats to information assets.

CO3: Define an information security strategy and architecture.

CO4: Plan for and respond to intruders in an information system

CO5: Describe legal and public relations implications of security and privacy issues.

CO6: Present a disaster recovery plan for recovery of information assets after an incident.

For the purposes of this course, a “week” is defined as the time period between Monday–Sunday, for all Weeks 1 to 8. The first week begins on the first day of the semester and ends on midnight the following Sunday.

Contact: Contact between students and faculty can occur in a number of ways: phone, fax, and electronic communications (Internet) are three examples. Students are expected to maintain routine contact with faculty throughout the course. And while the number of these may vary according to the specific course and individual student need, the University requires at least four contacts during the semester. While these contacts will not be graded (unless indicated below) students should be aware that they count toward the total of required course exercises. EMAIL/class message CONTACT IS ALWAYS ACCEPTABLE IN THIS CLASS!

EMAILS: When you contact me via email, please ensure you put the title of the course (ISSC422) and the current session you are in in the subject line.

Per school policy, all matters concerning the class should be with the “messages: function within the class. This will help me align your email within the right course so I can quickly address any questions you may have, or resolve any problems that may come up.

Grades in this course are based on the following:

  1. Lab assignments: You will have four lab assignments throughout the session, worth a combined total of 20% toward your final grade (5% each).
  2. Forum Postings: I will be posting Forum topics related to Information Security throughout the class session. These postings will be directly tied to our assignments section for grading. These postings are worth a total of 52% for weeks 1-8. Discussion items will be posted within the Forum area of the classroom. Your responses will clearly show whether you are up to date on your readings, so be sure to keep up with course work and respond based upon same. Opinions are always welcome…however; postings providing only opinions will be graded accordingly. Your grades for Forum postings are available throughout the semester as they are graded throughout the week. Please ensure you understand the Rubric grading matrix in the next page to guide your response and posting. I will be using this matrix to assign grades for your Forum postings.
  3. Concept Paper: Worth 15% of your final grade. The content for the project paper is listed under the Week 4 of your syllabus

In week 4 for students will write a concept paper to support their reasoning for choosing their topic for their final project in week 7. In other words, in week 4 you are going tell the reader (the instructor) why you think your topic for your final project is worth doing. You are going to justify this as a proposal.

The topic for your week 4 concept paper will be the same as your final project; they are linked together. The week 4 concept paper justifies the writing of your final project.

Here are the Week 4 requirements and topics that you may choose from:

Submit a 3 page concept paper (coversheet, introduction and reference page do not count) IAW APA format on an approved topic (see pre-approved topics in the syllabus). Paper organization will include (use as headings):

Requirements:

• Coversheet

• Introduction.

• Problem Statement.

• Relevance and Significance.

• References (at least five).

Pre-approved research topics:

• Authentication/Digital signatures

• Data collections tools (hardware & software)

• E-business/e-commerce security

• End user security issues.

• Government vs. commercial organization security issues.

• HIPAA

• Identity Theft

• ID&IH Management and Legal Issues

• Instant Messaging security.

• Intrusion detection.

• Sarbannes Oxley

• Security Threats & Vulnerabilities

• Wireless technology security

You may also choose a topic not listed but do check for approval. Students should choose a topic that interests them and they would like to learn more about.

Project/Research Paper: There will be one individual project paper throughout the session, worth 15%. The content for the project paper is listed under the Week 7 of your syllabus.

Using the chosen topic for their Week 4 concept paper, students will develop a final

Project Paper: (Due by Sunday of Week 7 11:55 PM EST)

1. Submit a 10 page research paper (cover sheet, introduction and reference page do not count) with APA standard annotations on an approved topic (see pre-approved topics below).

2. Some pre-approved research topics

• Authentication/Digital signatures

• Data collections tools (hardware & software)

• E-business/e-commerce security

• End user security issues.

• Government vs. commercial organization security issues.

• HIPAA

• Identity Theft

• ID&IH Management and Legal Issues

• Instant Messaging security.

• Intrusion detection.

• Sarbannes Oxley

• Security Threats & Vulnerabilities

• Wireless technology security

You may use resources from the APUS Online Library, any library, government library, or any peer-reviewed reference (Wikipedia and other non-peer-reviewed sources are not acceptable). The paper must be at least 10 pages double-spaced, 1" margin all around, black12 point fonts (Times New Roman, Arial, or Courier) with correct APA formatted citations. Graphics are allowed but do not apply for the minimum page count. A minimum of 10 references are needed. The paper may be subjected to Turnitin against plagiarism.

You must complete each and every one of the assignments, regardless of how well you do on the other assignments. This includes all requirements for book reports, theme papers, term papers, and any other type of evaluation the professor has assigned. Failure to complete all assignments may result in an “F”.

Evaluation Technique

The grading scale used in this course is the standard grading scale used by AMU. Grades are based on a 4.0 scale as follows:

Grading Scale

Please see the student handbook to reference the University’s grading scale.

NameGrade %
Forums 25.00 %
Week 1 Forum 3.13 %
Week 2 Forum 3.13 %
Week 3 Forum 3.13 %
Week 4 Forum 3.13 %
Week 5 Forum 3.13 %
Week 6 Forum 3.13 %
Week 7 Forum 3.13 %
Week 8 Forum 3.13 %
Exercises 30.00 %
Week 4 Concept Paper 15.00 %
Week 7 Project Paper 15.00 %
Labs 20.00 %
Week 1 Lab 2.50 %
Week 2 Lab 2.50 %
Week 3 Lab 2.50 %
Week 4 Lab 2.50 %
Week 5 Lab 2.50 %
Week 6 Lab 2.50 %
Week 7 Lab 2.50 %
Week 8 Lab 2.50 %
Weekly Quizzes 25.00 %
Week 1 Quiz 3.13 %
Week 2 Quiz 3.13 %
Week 3 Quiz 3.13 %
Week 4 Quiz 3.13 %
Week 5 Quiz 3.13 %
Week 6 Quiz 3.13 %
Week 7 Quiz 3.13 %
Week 8 Quiz 3.13 %

Starting April 2016 this title & edition has moved to VitalSource. The VitalSource e-book is provided via the APUS Bookstore. Please visit http://apus.libguides.com/bookstore for more information.

Also look at the bibliography for additional supplemental required.

Required Software

1. Microsoft Office Word

2. Adobe Acrobat Reader (Click here for free download)

Selected Bibliography

Materials not available via the Internet are posted on the class LMS

107th Congress. (17 Dec 2002). E-Government Act of 2002, Public Law 107-347, US Congress. Retrieved 28 Dec from: http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf (6)

Boettcher, C., DeLong, R., Rushby, J., & Sifre, W. (Oct 2008). The MILS component integration approach to secure information sharing. In Digital Avionics Systems Conference, 2008. DASC 2008. IEEE/AIAA 27th (pp. 1-C). IEEE. Retrieved 28 Dec from: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4702758 (20)

California Records and Information Management. (Feb 2002). Electronic Management records handbook. US State of California State and Consumer Services Agency, Department of General Services. Retrieved 28 Dec from: http://www.documents.dgs.ca.gov/osp/recs/ermhbkall.pdf (5, 6)

CNSS (Apr 2004). National Information Assurance Training Standard for Information Systems Security Officers. Committee on National Security Systems National Manager (CNSS) Instruction 4014. Retrieved 28 Dec from: http://www.cnss.gov/Assets/pdf/cnssi_4014.pdf (18)

DCI (24 May 2000). Protecting Sensitive Compartmented Information Within Information Systems, Directorate of Central Intelligence (DCID) 6/3 Manual. Retrieved 28 Dec from: http://www.fas.org/irp/offdocs/dcid-6-3-manual.pdf (20)

Dempsey, K., Shah, N., Johnson, A., Johnston, R., Jones, A., Orebaugh, A., Scholl, M., & Stine, K. (Sep 2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. NIST Special Publication 800-137. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. Retrieved 28 Dec from: http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf (19)

Department of Defense (20 Dec 1996). DoD Doctrine for Operations Security JP-3_54. Program Manual. US. Department of Defense. Retrieved 28 Dec from: http://www.fas.org/irp/doddir/dod/jp3-54/ (2)

Department of Defense (6 Mar 2000). DoD Records Management Program. Program Manual No. 50152p. US. Department of Defense. Retrieved 28 Dec from: http://www.defense.gov/webmasters/policy/dodd50152p.pdf (5)

Department of Defense (3 Nov 2008). DoD Operations Security (OPSEC) Program Manual. US. Department of Defense. Retrieved 28 Dec from: www.dtic.mil/whs/directives/corres/pdf/520502m.pdf (2)

Department of Defense (nd). Defense Information System Agency Publications. US Department of Defense. Retrieved 28 Dec from: http://www.disa.mil/About/Policy-Publication-Information (9)

Design principles for security-conscious systems – based on the Saltzer and Schroeder’s Principles (1975 paper). Retrieved from https://www.eecs.berkeley.edu/~daw/teaching/cs261-f07/slides-aug30.pdf

Financial Crimes Enforcement Network (5 Mar 2010). Guidance on Obtaining and Retaining Beneficial Ownership Information. Financial Crimes Enforcement Network (FinCEN), along with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission, Retrieved 28 Dec from: http://www.fincen.gov/statutes_regs/guidance/pdf/fin-2010-g001.pdf (12, 13)

Johnson, A., Dempsey, K., Ross, R., Gupta, S., & Bailey, D. (Aug 2011). Guide for Security-Focused Configuration Management of Information Systems. NIST Special Publication 800-128. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. Retrieved 28 Dec from: http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf (7, 8)

Keene, S. (2007). Reliability, Law of Least Astonishment and the Interoperability Imperative. Reliability Society of the Institute of Electrical and Electronics Engineers (IEEE). Retrieved from https://www.hawaii.edu/csati/summit/SKeene_Reliability_Society_Interoperability.pdf

Maconachy, W., Schou, C., Ragsdale, D., & Welch, D. (6 June 2001). A Model for Information Assurance: An Integrated Approach, Proceedings of the 2001 IEEE Workshop on IAS, USMA, West Point, NY. Retrieved 28 Dec from: http://it210web.groups.et.byu.net/lectures/MSRW%20Paper.pdf (1)

National Records and Archives Administration (nd). The FRC Toolkit. National Records and Archives Administration Federal Records Center. Retrieved 28 Dec from: http://www.archives.gov/frc/toolkit.pdf (10, 11, 12, 13, 14, 17)

National Security Agency (8 Oct 1999). Controlled Access Protection profile, Ver 1d. Information Systems Security Organization, National Security Agency. Retrieved 28 Dec from: http://www.commoncriteriaportal.org/files/ppfiles/capp.pdf (20)

NSTISS (Dec 1995). National Training Standards for red/Black Installation Guidance, NSTISSAM TEMPEST/1 & 2 - 95. Retrieved 28 Dec from: http://cryptome.org/tempest-2-95.htm (2)

NSTISSC (Apr 2000). National Information Assurance Certification and Accreditation Process (NIACAP). Program Manual NSTISSC No. 1000. Retrieved 28 Dec from: http://www.cnss.gov/Assets/pdf/nstissi_1000.pdf (4, 7)

NSTISSI (20 June 1994). National Training Standards for Information Security (INFOSEC) Professionals. Program Manual NSTISSI No. 4011. Retrieved 28 Dec from: http://trygstad.rice.iit.edu:8000/Government%20Documents/NSTISS/NSTISSI4011.rtf (3)

NSTISSI (Dec 2000). National Training Standards for System Certifiers. Program Manual NSTISSI No. 4015. Retrieved 28 Dec from: http://www.cnss.gov/Assets/pdf/nstissi_4015.pdf (4)

Rai, S., Bresz, F., Renshaw, T., Rozek, J., & White, T. (Nov 2007). Identity and Access Management, The Institute of Internal Auditors. Retrieved 28 Dec 2012 from: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/DownloadableDocuments/GTAG9IdentAccessMgmt.pdf (15, 16, 17)

Reiken Group LLC. Opsec Certification Roadmap. (nd). Reiken Group LLC. Retrieved 28 Dec 2012 from: http://www.opsecprofessionals.org/official/OPSEC_roadmap.pdf (1)

Saltzer, J. & Schroeder, M. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308. Retrieved 28 Dec from: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1451869 (20)

Schneier, B. (2009). Security vs. Usability: When security gets in the way. Retrieved from https://www.schneier.com/blog/archives/2009/08/security_vs_usa.html

US General Accounting Office (10 Dec 2001). Management Planning Guide for Information Systems Security Auditing. National State Auditors Association and the U. S. General Accounting Office Joint Information Systems Security Audit Initiative. Retrieved 28 Dec from: http://www2.dir.state.tx.us/SiteCollectionDocuments/Security/Policies%20and%20Standards/mgmtpln.pdf (9)

Wood, S., Crawford, K., & Lang E. (May 2005). Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers. Technical report 05-6, Defense Personnel Security Research Center. Retrieved 28 Dec 2012 from: http://www.fas.org/sgp/othergov/dod/cireporting.pdf (1)

Book Title:Fundamentals Of Information Systems Security, 2nd ed. - the VitalSource e-book is provided inside the classroom
ISBN:9781284031621
Publication Info:VS-Jones & Bartlett
Author:Kim, Solomon
Unit Cost:$75.79
Electronic ISBN:9781284036169
Electronic Unit Cost:$35.00
Book Title:ISSC422 virtual lab manual provided inside the classroom
ISBN:NTMO
Publication Info:CLASS-Jones & Bartlett
Electronic Unit Cost:$55.00
Book Title:Requires CITRIX CLIENT SOFTWARE INSTALLATION FOR ONLINE VIRTUAL LABS accessibility - instructions provided inside the classroom.
Author: No Author Specified

Previous Syllabi

Not current for future courses.