NORFOLK STATE UNIVERSITY
700 PARK AVENUE * NORFOLK, VIRGINIA * 23504
Robinson Technology Center (RTC)
Office:: (757) 823-9454     Fax: (757) 823-9229
Email: CompSci@nsu.edu

Computer Science Courses

DEPARTMENT OF COMPUTER SCIENCE SYLLABUS

COURSE NUMBER & TITLE:
CSC-455   Management of Information Security
COURSE CREDITS:
3
PREREQUISITES:

CSC 435 Computer Security I or permission of the Instructor.

CO-REQUISITES:
None
COURSE DESCRIPTION:

This course is designed for Security System Administrators and Managers who are responsible for the design, planning and management of security installations in Business and Government Institutions. Topics include Management of Information Security, security planning, security protection (technical and procedural), best practices, risk management, Operations Security, legal issues and certification and accreditation. The course assumes some familiarity with various topics taught in an Introduction to Information Assurance course.

COURSE MATERIALS / REQUIRED TEXT(s) / SUPPLEMENTARY READINGS:

Purchase books/supplies Online at NSU Barnes & Nobles Bookstore (http://norfolkstate.bncollege.com)

COMPUTER SCIENCE OFFICE LOCATION:

The Department of Computer Science is located in Suite 320 Robinson Technology Center. The individual faculty offices are located within the suite.

COURSE RATIONALE:

This course is required for the BS.CSC.IA program and also an elective for B.S. Computer Science students.

COURSE GOALS & INTENDED OUTCOMES

    The major goal of the course is to familiarize students with all aspects of security administration and management with an emphasis on business and military type environments. By the end of the course, students will be able to:
  • Understand the role of the security administration manager
  • Describe threats to information security
  • Identify methods, tools, and techniques for combating these threats
  • Identify types of attacks and problems that occur when systems are not properly protected
  • Explain integral parts of overall good information security practices
  • Identify and discuss issues related to access control
  • Describe the need for and development of information security policies, and identify guidelines and models for writing policies
  • Define risk management and explain why it is an important component of an information security strategy and practice
  • Describe the types of contingency plan and the steps involved in developing each
  • Identify security issues related to personnel decisions, and qualifications of security personnel
  • Understand the Security System Life Cycle Model
  • Explain and be able to implement the steps leading to certification and accreditation

COURSE OUTLINE

  • Introduction to Management of Information Security
  • Planning for Security
  • Planning for Contingencies
  • Information Security Policy
  • Developing the Security Program
  • Security Management Models
  • Security Management Policies
  • Risk management
  • Protection Mechanisms
  • Personnel and Security
  • Law and Ethics

Week

Sub-Topics

Assignments (Due Dates are seven days from assignment date. Typically assignments will be assigned on Mondays and will be due at 11:59 pm on the following Sunday unless otherwise stated.

1. Introduction to Management of Information Security

1.1Security
1.2 Management
1.3 Principles of Information Security management
1.4 Project Management
1.5 Applying Project Management to Security
1.6 Project Management Tools

Discussion Board 1
(Self- Introduction)
Discussion Board (Ch. 1)

2. Planning for Security

2.1 Role of Planning
2.2 Precursors to planning
2.3 Strategic Planning,
2.4 Planning for Information Security Implementation

Discussion Board (Ch. 2)

3. Planning for Contingencies

3.1 Components of contingency planning
3.2 Business Continuity Planning
3.3 Disaster recovery Planning

Discussion Board (Ch. 3)

4. Information Security Policy

4.1 Need for policy
4.2  Enterprise Information Security Policy
4.3 Issue-Specific Security Policy
4.4 System-Specific Policy
4.5 Guidelines for Policy

Assignment 1(Ch.s 1, 2, 3)
Discussion Board (Ch. 4)

5. Developing the Security Program

5.1 Organizing for Security
5.2  Information Security within an Organization
5.3 Components of the Security Program
5.4 Info. Security Roles and Responsibilities
5.5 Security Education, Training and Awareness Programs

Discussion Board (Ch. 5)

6. Security Management Models

6.1 Blueprints, Frameworks, and Security Models
6.2 Access Control Models
6.3 Security Architecture Models
6.4 Security Management Models

Discussion Board (Ch. 6)
Assignment 2 (Ch.s 4, 5, 6)

7. Security Management Practices

7.1 Benchmarking
7.2 Performance Measures
7.3 Emerging Trends in Certification and Accreditation

Test 1 (Ch.s 1-6)
Discussion Board (Ch. 7)

8. Risk Management: Identifying and Assessing Risk

8.1 Risk Management
8.2 Risk Identification
8.3 Risk Assessment
8.4 Documenting the Results

Discussion Board (Ch. 8)

9. Risk Management: Controlling Risk

9.1 Risk Control Strategies
9.2 Managing Risk
9.3 Feasibility and Cost-Benefit Analysis
9.4 Recommended Risk Control Practices

Discussion Board (Ch. 9)

10. Protection Mechanisms

10.1 Access Controls
10.2 Firewalls
10.3 Intrusion Detection and Prevention Systems
10.4 Remote Access Protection
10.5 Wireless Networking Protection
10.6 Scanning and Analysis Tools
10.7 Cryptography

Assignment 3 (Ch.s 7, 8, 9)
Discussion Board (Ch. 10)

11. Personnel and Security

 11.1 Staffing the Security Function
11.2  Info. Security Professionals, Credentials
11.3  Employment Policies and Practices

Discussion Board (Ch. 11)

12. Law and Ethics

12.1 Computer crime
12.2 Law and Ethics in Information Security
12.3 The Legal Environment
12.4 Ethical Concepts in Information Security
12.5 Prof Org. and their Codes of Ethics
12.6 Org Liability and the Need for Counsel

Discussion Board (Ch. 12)

13. CISSP topics

Selected topics from the CISSP and CAP Guide

Discussion Board (CISSP topics)
Assignment 4 (Ch. 10, 11, 12)

14. CISSP topics

Selected topics from the CISSP and CAP Guide

Discussion Board (CISSP topics)

15. CISSP topics

Selected topics from the CISSP and CAP Guide

Discussion Board (CISSP topics)
Assignment 5 (CISSP topics)

 

 

Final Exam (Chapters 1 - 12)

PRIMARY METHOD(S) OF INSTRUCTION / METHODS TO ENGAGE STUDENTS

This course is delivered entirely online with synchronous and asynchronous activities deployed as required. The primary method of access to this course is the University Blackboard Learning Management System (LMS) and may be supplemented by other online resources. This course may also employ conferencing tools such as video conferences or Web conferences to facilitate communication and interaction with distant and local students.

The primary method of instruction will be online. The instructional method of use will be inductive, going from specific to general. Online learners will acquire new knowledge through exposure to new material and ideas and will discuss these ideas and concepts on the discussion board.

    The following instructional strategies and methods will be among those used to achieve the learning objectives:
  • Class discussions
  • Collaborative learning
  • Case study
  • Assigned readings
  • Blackboard (on-line delivery)

GRADING STANDARDS

Assignments & Discussion Boards60%
Exams40%
The grading scale is as follows:
A90 - 100
B+ 87 - 89
B 80 - 86
C+ 77 - 79
C 70 - 76
D+ 67 - 69
D 60 - 66
F 0 - 59

 

ACADEMIC INTEGRITY STANDARDS

The Department of Computer Science employs a NO tolerance policy on cheating. Cheating includes, but is not limited to, copying others work, misrepresenting the work of others as your own (includes online sites), plagiarism, sharing when unauthorized, and the use of cell phones and/or electronic media when unauthorized. The following outlines the departmental procedure if a student is suspected of cheating during their academic tenure with the Computer Science Department at Norfolk State University.

    Offense 1:
  • The student will receive a grade of ZERO on the assignment AND a note will be placed in the student’s permanent departmental file. Non- CS Majors will receive a ZERO and be reported to the chair of their respective department.

  • Offense 2:
  • The student will receive a letter grade of ‘F’ for the course AND the student will be reported to the Office of Student Rights and Responsibilities for adjudication. Students are expected to uphold the school's standard of conduct relating to academic honesty.

Students assume full responsibility for the content and integrity of the academic work they submit. The guiding principle of academic integrity shall be that a student's submitted work, examinations, reports, and projects must be that of the student's own work. Students shall be guilty of violating the honor code if they:

  • Represent the work of others as their effort.
  • Use or obtain unauthorized assistance in any academic work.
  • Give unauthorized assistance to other students.
  • Modify without instructor approval, an examination, paper, record, or report for the purpose of obtaining additional credit.
  • Misrepresent the content of submitted work.
  • The penalty for violating the honor code is severe. At the discretion of the instructor any student violating the honor code is subject to receiving an F for the course. If a student is unclear about whether a particular situation may constitute an honor code violation, the student should contact the instructor to discuss the situation.

    For this class, it is permissible to assist classmates in general discussions of computing techniques. General advice and interaction are encouraged. Each person, however, must develop his or her own solutions to the assigned projects, assignments, and tasks. A student may not use or copy (by any means) another's work (or portions of it) and represent it as his/her own.

    COMPUTER LITERACY REQUIREMENTS

    To successfully complete this course you must possess:

    • A basic knowledge of computers. For example, understanding files and folders to upload or download course content is absolutely essential. Basic computer literacy classes (CSC-150) are available on campus as elective courses. Students deficient in the necessary computer skills should consider taking such classes.
    • An understanding of the Web and its resources, such as the library and online research tools accessed through a Web browser.
    • Familiarity with Microsoft Office applications, such as Word and PowerPoint; this is absolutely essential for your academic success.
    • Familiarity with NSU's e-mail system to guarantee effective communications with both instructors and classmates. All NSU students have been assigned an e-mail account and are expected to access it regularly via the Web.
    • Knowledge of Blackboard Learning Management System (LMS), which is mandatory for this course.


    For those of you not familiar with the Blackboard LMS, an online orientation can be accessed by self-registering in Blackboard. The course name is "Blackboard Student Training." Additional assistance with Blackboard can be obtained through the Blackboard Central Help Desk at bbtechsupport@nsu.edu or by phone at 757-823-2328 M - F 8AM - 6PM at the Lyman Beecher Brooks Library (LBBL), suite 3007.

    Addressing your computer skills will greatly enhance your learning experience, reducing wasted time and frustration for yourself and your instructors. Please feel free to contact the Office of Information Technology (OIT) Client Services or the Office of Distance Education for advisement on how to receive assistance with your computer literacy instructional needs.

    PROCTORING POLICY     (For Online Courses Only)

    Students who choose not to come on campus to take their exams, must have exams in online courses proctored. A proctored exam is one that is administered by an impartial individual (called a proctor) who monitors and supervises a student while that student is taking an exam. The proctor ensures the security and integrity of the exam process. Students will be required to submit an Online Course Proctor Identification Approval Form to each instructor. The form must be submitted and approved by the instructor within 30 days from the starting date of the semester. The instructor will not accept late forms (beyond the 30 day limit). Once the proctor has been approved by the instructor, the students will be required to present their Spartan Identification Card and photo identification to the proctor prior to students receiving the exam. Students are responsible for arranging a proctor for their exam(s) and all costs incurred for this service.

    WRITTEN WORK CRITERIA

    All written work is expected to reflect correct use of grammar, spelling, and organization of material. Work with errors of this nature will be penalized.

    SCHOOL-WIDE TUTORING SERVICES STATEMENT

    The college of Science, Engineering, and Technology provides tutoring services through the STARS Tutoring Center for those NSU student who may be experiencing difficulties in Mathematics, Computer Science, Engineering, Biology, Chemistry, Nursing, Technology and Physics courses. The STARS office is located in Suite 100, RTC. This service is free of charge and provided to NSU students only. You can access information about this service by going to http://stars.nsu.edu.

    AMERICANS WITH DISABILITIES ACT (ADA) STATEMENT

    In accordance with Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990, we ask if you have a disability or think you have a disability, please contact O.A.S.I.S., the Office of Accessibility Services, upon registration at Norfolk State University to confidentially discuss any accommodation needs.

      Audrey M. Wells, Coordinator, O.A.S.I.S.
      Office of Accessibility Services and International Student Services
      Norfolk State University, 700 Park Ave., Student Services Center, Suite 110, Norfolk, VA. 23504
      Phone: 757-823-8325, Fax: 757-823-2640, Email: amwells@nsu.edu

    UNIVERSITY ASSESSMENT STATEMENT

    As part of NSU's commitment to provide the environment and resources needed for success, students may be required to participate in a number of university-wide assessment activities. The activities may include tests, surveys, focus groups and interviews, and portfolio reviews. The primary purpose of the assessment activities is to determine the extent to which the university's programs and services maintain a high level of quality and meet the needs of students. Students will not be identified in the analysis of results. Unless indicated otherwise by the instructor, results from University assessment activities will not be computed in student grades.

    WRITING COMPETENCY ASSESSMENT

    All first-time freshmen and readmitted students entering Fall 2001 and thereafter and transfer students entering Fall 2002 and thereafter are required to take an exit examination to assess writing competency. After completing ENG 102, students must register for ENG 299 (no credit, no charge) until successfully passing the Examination of Writing Competency. Degree-seeking students at the baccalaureate level are required to take the writing examination before completing 90 semester hours. Associate degree-seeking students must take the exam no later than one semester prior to the anticipated date of graduation. For more information, refer tot he NSU Undergraduate catalog.

    UNIVERSITY WIDE & COURSE-SPECIFIC REQUIREMENTS

      Information Technology Literacy
    • Learning foundation skills (hardware, software, and operating systems).

      Critical Thinking
    • Solving problems utilizing application software from a narrative description.
    • Knowing the appropriate software application to apply to a specific task.

      Laboratory
    • Demonstrating proficiency in utilizing software applications.
    CLASS ATTENDANCE POLICY

    A student is expected to attend all classes. The student assumes all responsibility for work missed due to an absence. Make-up work may be permitted at the discretion of the instructor. Refer to the NSU Student Handbook (https://www.nsu.edu/Assets/websites/student-affairs/student-handbook/NSU-Student-Handbook.pdf)

    NSU EMAIL ACCOUNT

    In an effort to keep student informed about Norfolk State University updates and account information, students must check their official NSU email account frequently. You may access your official NSU email account through the MyNSU portal at https://www.nsu.edu/mynsu/index. Once there, follow instructions provided to login to the MyNSU portal (NOTE: you access your NSU email from within the MyNSU portal).

    DISCLAIMER: The instructor reserves the right to revise the syllabus as appropriate and will make reasonable attempts to notify students.