Department
of Computer Information Systems
Course
Syllabus (under revision)
Accounting
8680 (Sections 1 --
CRN 82915 and section 2 -- 86440)
CIS 8680 (Sections 1 -- CRN 83025 and section
2 -- 86441)
This syllabus provides a general guideline for the conduct of the course; however deviations may be necessary.
Professor
|
Name |
Carl Stucke, PhD |
|
Office |
906 RCB Building, 35 Broad Street |
|
Office Hours |
Tuesdays 2:45-3:45 (starting 8/24) & by appointment (email is always the best way to reach me. I’m happy to meet at other times, in
person or in chat.) |
|
Office Phone |
(404) 651-3836 |
|
Email |
Venues
Meetings: Minimester I (section 1
of both Acct and CIS) and Minimester II (section 2 of both Acct and CIS): Mondays & Wednesdays 4:30 – 7
online via WebCT and vClass (The first
meeting is in person in Classroom
Internet resources: http://www3.cis.gsu.edu/cstucke/cis8680 (under ongoing update and enhancement)
Schedule Minimester
I and Minimester
II (containing class topics and assignments) (under ongoing revision with specific speakers not confirmed)
Prerequisites: CSP 1, 2, 3, 4, 5, 6, 7, and
8
Course Materials (used
books can typically be found at several sites)
Catalog Description
This course is designed to develop
knowledge and skills for security of information and information systems within
organizations. It focuses on concepts and methods associated with planning,
designing, implementing, managing, and auditing security at all levels and on
all systems platforms, including worldwide networks. The course presents
techniques for assessing risk associated with accidental and intentional
breaches of security. It covers the associated issues of ethical uses of
information and privacy considerations.
Course Objectives
Upon successful completion of this
course, students will develop a sound understanding of
Based on this understanding, students will develop
qualifications to
1.
Design organizational policies for information
security and privacy
2.
Create threat scenarios of potential vulnerabilities
for particular settings
3.
Specify safeguards for computer-based information
assets
4.
Plan and organize the information security and
privacy function within an organization
5.
Determine a planning process for analyzing
information risks and choosing optimal organizational responses
The
organizing principle for the course is drawn toward the attainment of these
five qualifications.
·
Prerequisites are strictly enforced. Students failing to complete a prerequisites
with a grade of “C” or higher will be administratively withdrawn
from the course in which they are in violation with a loss of tuition
fees. There are no exceptions.
·
Students are expected to attend all classes and group
meetings (whether online or in person), except when precluded by emergencies,
religious holidays or bona fide extenuating circumstances.
·
Students who, for non-academic reasons beyond their
control, are unable to meet the full requirements of the course should notify
the instructor. Incompletes may be given if a student has ONE AND ONLY ONE
outstanding assignment.
·
A “W” grade will be assigned if a student
withdraws before mid-semester while maintaining a passing grade. Withdrawals
after the mid-semester date will result in a grade of “WF”. Refer to GSU catalog or Registrar’s
office for details.
·
Spirited class participation is encouraged and
informed discussion in class is expected.
This requires completing readings and assignments before class.
·
Unless specifically stated by the instructor, all
exams and lab assignments are to be completed by the student alone.
·
Within group collaboration is allowed on project
work. Collaboration between project
groups will be considered cheating unless specifically allowed by an
instructor.
·
Copy work from the Internet without a proper
reference will be considered plagiarism and subject to disciplinary action as
delineated in the Student Handbook.
·
Any non-authorized collaboration will be considered
cheating and the student(s) involved will have an Academic Dishonesty charge
completed by the instructor and placed on file in the Dean’s office and
the CIS Department. All instructors
regardless of the type of assignment will apply this Academic Dishonesty policy
equally to all students. See excerpt
from the Student Handbook below:
(Abstracted from GSU’s Student Handbook Student
Code of Conduct “Policy on Academic Honesty and Procedures for Resolving
Matters of Academic Honesty” -http://www.gsu.edu/~wwwcam/code/academicconduct/intro.html
)
As members of the academic community, students are expected
to recognize and uphold standards of intellectual and academic integrity. The
University assumes as a basic and minimum standard of conduct in academic
matters that students be honest and that they submit for credit only the
products of their own efforts. Both the ideals of scholarship and the need for
fairness require that all dishonest work be rejected as a basis for academic
credit. They also require that students refrain from any and all forms of
dishonorable or unethical conduct related to their academic work.
Students are expected to discuss with faculty the
expectations regarding course assignments and standards of conduct. Here are some examples and definitions that
clarify the standards by which academic honesty and academically honorable
conduct are judged at GSU.
Plagiarism.
Plagiarism is presenting another person’s work as one’s own.
Plagiarism includes any paraphrasing or summarizing of the works of another
person without acknowledgment, including the submitting of another
student’s work as one’s own. Plagiarism frequently involves a
failure to acknowledge in the text, notes, or footnotes the quotation of the
paragraphs, sentences, or even a few phrases written or spoken by someone else.
The submission of research or completed papers or projects by someone else is
plagiarism, as is the unacknowledged use of research sources gathered by
someone else when that use is specifically forbidden by the faculty member.
Failure to indicate the extent and nature of one’s reliance on other
sources is also a form of plagiarism. Failure to indicate the extent and nature
of one’s reliance on other sources is also a form of plagiarism. Any
work, in whole or part, taken from the Internet or other computer based
resource without properly referencing the source (for example, the URL) is
considered plagiarism. A complete reference is required in order that all
parties may locate and view the original source. Finally, there may be forms of
plagiarism that are unique to an individual discipline or course, examples of
which should be provided in advance by the faculty member. The student is
responsible for understanding the legitimate use of sources, the appropriate
ways of acknowledging academic, scholarly or creative indebtedness, and the
consequences of violating this responsibility.
Cheating on Examinations. Cheating
on examinations involves giving or receiving unauthorized help before, during,
or after an examination. Examples of unauthorized help include the use of
notes, texts, or “crib sheets” during an examination (unless
specifically approved by the faculty member), or sharing information with
another student during an examination (unless specifically approved by the
faculty member). Other examples include intentionally allowing another student
to view one’s own examination and collaboration before or after an
examination if such collaboration is specifically forbidden by the faculty
member.
Unauthorized Collaboration.
Submission for academic credit of a work product, or a part thereof,
represented as its being one’s own effort, which has been developed in
substantial collaboration with assistance from another person or source, or
computer honesty. It is also a violation of academic honesty knowingly to provide
such assistance. Collaborative work specifically authorized by a faculty member
is allowed.
Class Participation: 20% (assigned
on a group basis but adjusted by peer
review scores)
Examinations: 40%
Security and Privacy Policy
Project: 20%
Security issues white paper: 20%
Grade Distribution
Grade Percentage
A 90 - 100
B 80 - 89
C 70 - 79
D 60 - 69
F 0 - 59
Refer
to the class schedule
for the due dates and timing of examinations. Any assignments turned in late are subject to
a 10% per day penalty.
Special Considerations
The course web and/or WebCT site(s) will be use as a
repository for examples of course paper problems, model solutions, examples of
projects, and further required course material that arises during the class.
Students must arrange for their own access to the World Wide Web (Internet
access is available free in the GSU labs). All student work submitted in
fulfillment of course requirements is deemed to be granted in the public domain
(copyright-free) for the purposes of use as instructional material or examples
of student work in future courses. The course syllabus provides a general plan
for the course. Deviations may be necessary.
Class Attendance Policy
Roll will not be taken on a regular basis. It is the
student's responsibility to attend sessions (physical or virtual), obtain
assignments, and turn in work on time. Absence from class does not relieve you
of any of these responsibilities. Absences will be considered excused if they
are due to an emergency, religious holidays, or some
other extenuating circumstance. Please notify the instructor in advance if
possible. Unless an absence is excused, students will NOT be allowed to make up
missed work. All students are expected to be prepared to discuss assigned
materials. Individuals may be "cold called" in order to generate
discussion.
Participation:
·
This class is a seminar
class and participation is a must.
·
Visit the Internet sites
before the class meets and be prepared to discuss topics in class.
·
Participation grades are
assigned on a meeting-by-meeting basis.
·
Discussing the content and
issues after reading the articles assigned for the class period,
·
Visiting web sites or
collecting information from other sources that are relevant to class discussion
and posting these within WebCT.
·
Discussing important issues
relevant to the topic under discussion during class.
·
Identifying
questions that were not answered or topics that were not covered (or not
covered thoroughly or easily enough) and, then, identifying and posting sources
that provide answers or more thorough or more easily understood explanations.
·
Presenting your projects in
class.
·
Attendance and classroom /
chat room presence do not count as participation.
·
Participation grades are based on quality and
quantity. Quality weighs more and
innocuous comments such as “ it is interesting,
I agree, or I believe this is correct” are not adequate for getting
participation grades. You should exhibit
a certain depth of understanding or stimulate discussion. Just being logged in and present does not
count for participation grades. Group
contributions and postings (pre, during, and post sessions) comprise the grade
for participation. For individuals in a
group, the individual’s participation score will be the group score
multiplied by the average of the peer
review scores that individual receives from the other members of that
individual’s group.
·
Lack of adequate participation would cause your
semester letter-grade to drop. You
should strive to participate actively from the first week of classes. It is not easy to make up the grades at the
latter part of the course
Discovery learning through
web-enabled collaboration
This course is taught as discovery learning through
web-enabled collaboration. Discovery learning is learning in which learners
actively seek knowledge or principles for solving problems. In discovery
learning, learners recognize pertinent knowledge not because the teacher
identifies it beforehand but because it enables learners to make progress
solving the problem. Learning through web-enabled collaboration means that
students and teacher share a common workspace in which they work together to
solve problems. The learning space in this course is implemented with real-time
(synchronous) discussion coupled with a web-based presentation frame for text
and other objects, as supported by WebCT. Between class sessions, participants'
conversations can continue--in the bulletin board.
Using
synchronous discussion for class sessions fosters discovery learning by (1)
promoting students' consideration of more information and more alternatives for
solving problems and (2) creating a community-of-practice in the class that
promotes student participation rather than passive acquisition of abstract
knowledge. It is beneficial to learn to use more information more adroitly
because of the increasing velocity of business environments. As information
services become a larger component of the economy over the next few decades,
the innovative use of information will likely become the most valued skill. If
"careers…increasingly resemble networks of multiple and simultaneous
commitments with a constant churn of new skills and outmoded roles" (K.
Kelly, New rules for the new economy, Wired, September 1997, p. 154),
then students need to practice being innovative problem solvers, which learning
in synchronous discussion is intended to promote.
Session assignments
Studying
source materials. To access an assignment for a specific session, click
on the topic for that session in the Schedule.
Scan the session's assignment to get an idea of what you are being asked to do.
Then study the sources.
Getting ready for outages. As or
before each class session begins, download files for that session. Downloading
the files will make it possible for you to continue working during class
sessions even if you can't connect. We also have backup chat facilities (WebCT
and the CIS Microsoft Conferencing Server).
We will also occasionally use vClass.
Glossary
An 11,000-entry encyclopedia of
computing definitions is available in TechEncyclopedia. At this site,
enter the term for which you want a definition.
Internet access and email
usage
In this course, studying source materials, preparing
each day's assignment with your group members, and participating in class
discussions require Internet access. If you do not already have it, you can
obtain Internet access from an Internet service provider. All class sessions will
be held on-line in chat through WebCT. You may join class sessions from
elsewhere as soon as you are confident you have adequate Internet access. Some
on-line services do not support adequate connectivity, e.g., some online
services automatically log you out if you do not respond to continuation
messages. It is your responsibility to ensure that the Internet access you are
using for the class is sufficient. Email to you will be through the email
address you provide to the instructor.
WebCT use
The course relies on WebCT use for
the publication of student work, asynchronous (bulletin board) and synchronous
(chat) class discussions, access to class discussion logs, and testing of
performance. For directions for using WebCT, see Using WebCT. To get your WebCT ID and password, follow the instructions at http://webct.gsu.edu/students/login.html.
Discussion in class
sessions
WebCT creates a log of class sessions. To view or
save the log for a prior session, see Using WebCT.
The experience of chat in synchronous discussion. The class
discussion in chat may proceed quickly, and there may be multiple conversations
occurring in parallel. This means that a specific question may not be answered
immediately, especially if answering or commenting on it would move the
discussion away from major themes for that class session. Oftentimes, a
question will be answered later in the discussion. And, if you are disconnected
momentarily, that will be when it seems your question was answered. So, if you
have unanswered questions after a session, scan the discussion log for that
class session to see if it was answered there. If the answer to your question
does not appear in the discussion log, post it on the bulletin board or ask it
in the next class session.
Class Guests
For some class sessions, one or more guests will join
the discussion. They will have the opportunity to introduce themselves, e.g.,
they could enter links to their resume and other information about their
organization. These guests will be knowledgeable about Information Security and
Privacy. These people can be subject matter resources for us and respond to
questions from us pertaining to the class discussion.
Any
persons wishing to be guests should send e-mail to mailto:cstucke@gsu.edu indicating which class(es) interests them and their
areas of expertise.
Team Assignment and Peer
Appraisal
All course assignments and lab exercises will be
team-executed in groups of five. These groups should function as a self-managed
team and adopt the rules and practices of this organizational work structure.
Participation in the course assignments/lab exercises should be relatively
equal among the group members, with each member monitoring both one's own level
and quality of participation and that of the other members of the group.
Self-managed teams are free to make decisions about their own processes,
including matters such as who will serve on the team. If the majority of the
team decides, for whatever reason, to alter the membership of the group, this
change will go into effect immediately. (Please inform the instructor, in
writing, about this decision and include this document in the project
documentation for your team). Individuals who are no longer with that team will
need to join another group, and assume the consequences of being assessed
accordingly by their original group, or else, for the current assignment and
the current assignment only, proceed on their own.
Consonant
with the concepts and principles of self-managed teams, peer appraisals will be
part of the overall grading/evaluation of individual performance. In the best
managed teams, consensus on the relative contributions of each of the team
members will be derived through assessment of documented facts and records,
evaluation of team output, and evaluation of team processes. See specific
details in the peer
appraisal form.
Security and Privacy Policy
Study
Within this, each group will identify the security and privacy policies for two organizations (no confidential information, please). Compare these to each other and to best practices templates (SANS, etc.). You should indicate the means of implementing components of these plans (processes, hardware/software, outsourcing, etc.). As we go through the course topics in our sessions, you should be familiar with how your selected organizational policies handled the relevant areas (encryption, privacy, access, etc.). You should record the results of your comparison and analysis in a 10 - 15 page paper along with the original policies.
Deliverables: Security and privacy
policy study in electronic form
Security Issues Term Paper
Choose
an area of information security management, ethics, or privacy that interests
you and research it through the electronic media and the library. Discuss the
topic with your instructor early in the term for counsel and approval. Write
about a ten page (or more), single-spaced paper on the subject. A bibliography
of references must be included.
Your goal should be to address a
managerially significant issue and to propose an action plan to address it. Examples of interesting topics
might be: "The Viability of Encryption for Transactional Systems",
“Security Aspects of Peer-to-Peer Computing”, “The Impact of
Wireless on Corporate (or Home) Networks”, “Instant Messaging
(Virtual Groupware, Huge Distraction from Business Work, and/or Security
Vulnerability)”, “The GPS, fingerprint-reading cell phone as the
universal identification device and its use in commercial products”,
“Business Opportunities for and Privacy Implications of RFID”, “An accounting view of Information
Security and Privacy”, “The Liberty Alliance Project(http://www.projectliberty.org/
) and Its Implications for Business”, “GRID Computing Architecture
as Business Continuity Platform”.
Sample Abstract: After defining and describing
cryptographic techniques in common use in commercial applications today, this
paper examines the risk-cost tradeoff for businesses thinking of encrypting
their transactional data. The paper estimates the costs of encrypting even a
small part of large volume transactions and points out the circumstances under
which it might be economically viable. An action plan for security managers
includes a suggestion that client-server applications working with sensitive
payroll data over public telecomm lines use RSA signature encryption.
Deliverable: 1 ten-fifteen page plus term paper in
electronic form and a PowerPoint presentation to be used when you deliver your
paper in session (online).
Final Exam
No final
exam is needed to fulfill the learning objectives of this course. The projects
cover the intellectual material of the course and the other course assignments
and class participation evaluate both context and other student capabilities.
The
instructor is appreciative to Dr. Ram Sriram, Dr. Detmar Straub, Dr.