Professional Documents
Culture Documents
MGT5155|Term:Spring22016
StudentAccess:3.7.201612:00AMEST5.1.201611:59PMEDT|Section:1
Syllabus
CollapseAll
PrintOutline
Syllabus Entry
Instructor Email
YourinstructorsFloridaTechemailaddressislistedhere,butpleaseusetheusethecoursemessaging
systemforcourserelatedmessages.
Instructor
BiswajitPanja
E-mail
bpanja@fit.edu
Phone
7343538849
Office Hours
Officehoursnotset
Quality
EquivalentRange
Points
excellent
90100
good
8089
average
7079
poor
6069
failure
059
incompletecoursework
auditnograde
pass,noeffectonGPA
officialwithdrawal
AU
Attendance
Attendanceisrequiredonaweeklybasis.Studentsareexpectedtoviewtheonlinelecturesintheweekthey
areoffered,andtologontothesiteoftenenoughtoremainabreastofthecommunicationontheMessageBoard
aswellasanyClassNewsorinformationfromtheProfessor.Itistheresponsibilityofthestudenttobeaware
ofeverythinghappeningintheclassonline.
Academic Honesty
AcademichonestyishighlyvaluedinFloridaTech'sonlinecourses.Thestudentmustalwayssubmitworkthat
representsoriginalwordsorideas.Ifanywordsorideasareusedthatdonotrepresentthoseoriginalwordsor
ideas,thestudentmustciteallrelevantsourcesandprovideacleardefinitionoftheextenttowhichsuch
sourceswereused.Wordsorideasthatrequirecitationinclude,butarenotlimitedtoallhardcopyorelectronic
publications,whethercopyrightedornot,andallverbalorvisualcommunicationwhenthecontentofsuch
communicationclearlyoriginatesfromanidentifiablesource.IntheFloridaTechonlinecourse,allsubmissions
toanypublicmeetingbulletinboardorprivatemailboxfallwithinthescopeofwordsandideasthatrequire
citationsifusedbysomeoneotherthantheoriginalauthor.Academicdishonestyinanonlinelearning
environmentcouldinvolve:
Havingatutororfriendcompleteaportionofthestudent'sassignments
Havingareviewermakeextensiverevisionstoanassignment
Copyingworksubmittedbyanotherstudenttoanotherpublicclassmeeting
Usinginformationfromonlineinformationserviceswithoutpropercitation
Anyofthesepracticescouldresultinchargesofacademicdishonesty.ForthecompleteFloridaTechpolicyon
academicdishonesty,cheatingandplagiarismseetheFloridaTechStudentHandbook:
http://www.fit.edu/studenthandbook/
Disaster Statement
SchoolClosure:
BothFloridaTechandtheUniversityAllianceobservenationalholidaysandstudentsarenotrequiredto
participateinclassesonsuchdays.InthecaseofanemergencyclosureofFloridaTechortheUniversity
Alliance,ifclassesarestillabletooperate,theywillcontinue.IntherarecasethattheLearningManagement
Systemisunavailableformaintenancereasons,classeswillresumeasquicklyaspossibleandstudentsshould
checktheUniversityAlliancewebsite(www.floridatechonline.com)regularlyforupdates
Naturaldisaster:
IfanaturaldisasterimpactstheMelbourne,FloridaareaallstudentsshouldchecktheFloridaTechwebsite
www.fit.eduorcall(800)8884348forupdates.
IntheeventthatanaturaldisasteroccursnearthestudentsresidencetheyshouldcontactCustomerService
at:18002809718atthesoonestopportunityandinformthemofthesituation.Theywillmaketheappropriate
contacttoinstructors.Finaldecisionsontheappropriatetimelinetocompletecourserequirementsareatthe
discretionoftheinstructor.
Course Withdrawal
Towithdrawpriortothestartofclass,youmustcontactyourUniversityAlliancerepresentative.Onceclass
begins,youmustwithdrawusingtheFloridaTech'sonlinestudentaccountsystem(PAWS).Ifyouareanew
student,PAWSaccessinformationwillbeprovidedpriortoclassstart.Youhavetheprerogativeofdroppinga
courseuntiltheendofthefirstweekofclasseswithoutreceivingagradeof"W".Afterthefirstweek,agradeof
"W"willbeassignedupuntilthefinalpublisheddateforwithdrawing(thelastdayofweeksix).Thatgradewillbe
reflectedonyourtranscript,butnotcalculatedintoyourgradepointaverage.Withdrawalsafterweeksixwill
resultinagradeof"F".Youareresponsibleformaintainingwrittenevidenceofalldrops/withdrawals.Telephone
andemaildrops/withdrawalswillnotbeaccepted.FollowingisatablethatclearlyoutlinesFloridaTech's
withdrawalandrefundpolicies:
WithdrawalPolicy/RefundChart
Week
WithdrawalPermitted
TuitionRefunded
Deadline
Yes
100%
BySundayat11:59PMET
Yes
60%
BySundayat11:59PMET
Yes
40%
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
No
NoRefundNoWithdrawal
No
NoRefundNoWithdrawal
PAWSisaccessiblethroughtheuniversityportalACCESSFloridaTech.TocontinuetoPAWS
clickhere(opensinnewwindow)
Smarthinking
Smarthinking
SMARTHINKING'sfundamentalobjectivesaretoengageandencouragestudentsinactivelearning,aswellas
toenhancetheirmotivation.Ourtutorsstrivetohelpstudentsdevelopsuccessfullearningskills,ratherthan
simply"givinganswers"or"doinghomework"forthem.Inaprofessionalandsupportiveenvironment,wefocus
onthepowerofhumaninteractionandtheuseoftechnologytoassistastudentcenteredtutoringprocess.
www.smarthinking.com
Course Introduction
CourseDescription
Cybersecuritymustoperatewithinrealworldconstraints.Inthiscourse,studentswillexploreinterconnections
betweensecuritysolutionsandtheenterprise.Topicsincludelegalandregulatoryconsiderations,attackand
trustmodels,risk,andtheeconomicsofsecurity.
CourseObjectives
Aftercompletingthiscourse,youshouldbeableto:
1.Understandtheclassificationandvaluationofinformation
2.Understandtherelevantlegislationandlegalobligationsofsecurityprofessionals
3.Understandriskbasedsecuritydecisionmaking
4.Understandsecurityframeworks
5.Derivetheprocessesusedinsecurityoperations,including:
a.Devicehardening
b.Assetmanagement
c.Vulnerabilityremediation
d.Incidentresponse
e.Computerforensics
6.Attackmodelsandtesting
7.Theimpactofhumanfactorsonsecuritytechnology
Prerequisites
None
CreditHours
3
Course Materials
Course Materials
EnterpriseSecurityArchitecture,ABusinessDrivenApproach.(2005).Sherwood,J.,Clark,A.,&Lynas,D.
CMPBooks.
Grading
Yourgradeinthiscoursewillbeourevaluationofyourperformance.Wewillbasethisevaluationonyour
demonstratedcompetenceonthefollowing:
Assignment
Points
ClassDiscussions(8@20)
160
ShortPapers(4@50)
200
Exam1
200
Exam2
300
CaseStudy
140
Total
1000
GradingScale:(minimumgradecutoffs)
A900ormorepoints
B800899points
C700799points
D600699points
FLessthan600points
Week
Module
Number
ModuleTitle
Assignments
DiscussionTopic
Quizor
Exam
Introduction&Overview
Introductions
Information
Information
RiskBasedSecurity
ShortPaper#1
RiskstotheEnterprise
Frameworks
Legislation
ShortPaper#2
CyberLaws
LegalObligations
ReactiveorProactive?
Exam1
ShortPaper#3
IncidentResponse
1
2
3
2
4
5
3
6
SecurityOperations,
AttackModels
ShortPaper#4
InfamousAttacks
10
SecurityTesting
CaseStudy
PenTesting
11
HumanFactors
Part1
Security
Operations,Part2
WeHaveMetthe
Enemy
Exam2
DiscussionBoardRequirements
ForEACHdiscussionquestionyoumustprovideasubstantiveandrelevantresponse(atleast200words)
tothemainquestionANDtoatleasttwo(2)otherstudentscomments(atleast100wordseach)ineither
questionthread
Responsesthatreferenceexternalarticles,webpages,orbooksmustbecitedproperly
YourinitialpostshouldcontainatleastONEexternalresource(beyondthetextbook)
EACHresponsemustnotbebasedonopinion,butratherdemonstratethatyouhavesynthesizedthe
informationyouhavegatheredinordertocometoascholarlyconclusion.Youmustciteevidenceinthe
formofpeerreviewedliteraturetosupportyourconclusion
AllinformationmustbeparaphrasedfromtheoriginalsourceandmustusecitationsinAPAformatto
supporttheparaphrasedinformation
Important!Alackofparticipationinthediscussionboardbyotherstudentsshouldnotserveasahindrance
foryoutoparticipateindiscussion.Intheeventothershavenotengagedindiscussion,youstillneedto
posttherequirednumberofresponses
ShortPapers
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovided(seeweek
duefortopics).Writeasummaryofthepaper,nottoexceedtwopages(singlespaced,12pointfont,1
margins).Summariesshouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovidean
opinionoftheresearch.
CaseStudy
Selectoneoftheareasofsecurityoperations.Provideacritiqueofanexistingprocesswithinanenterpriseand
howitshouldbedoneasopposedtohowitisdonewithinanenterprisesetting.Thisshouldbeintheformatof:
beforeandafterandwhythechangesweremade.Forexample,ifyouwereinchargeofsecurity,howwouldyou
changetheprocessinplaceinyourorganizationandwhy?
Exams
Exam#1willconsistofessayquestionsandcoversWeeks13
Exam#2willconsistofessayquestionsandcoversWeeks48
Examsshouldbetreatedlikeresearchpapers.Answersmustincludeproperlycitedreferences.
ToassistyouinutilizingtheFITLibrary,pleaseviewtheComputerScienceandInformationSystems
"ResearchGuide."
Online Tutoring
Inadditiontoyourprofessorinthisclass,wehavemadearrangementsforyoutoaccessanonlinetutoring
serviceifyouwanttogetextrahelpwithmathandwriting.Whenyouclickonthelinkbelow,youwill
automaticallybeloggedintoawebsiteforthetutoringservice,offeredbySmarthinking.Noaccountsetupis
necessary,andthereisnoadditionalcosttoyouforthisservice.Youwillseeonthatpagethatyouhavethe
optiontoscheduleasessionwithatutor,submitaquestion,orsubmityourwritingforfeedback.
www.smarthinking.com
Week 1
Understandtheobjectivesoftheclass
Understandtheworkexpectedfromthestudent
Understandthestudentevaluationprocess
Understandtheconceptoftheenterprise
Defineinformationinthecontextoftheenterprise
Understandinformationclassificationmethodologies
Explainwhyclassificationofinformationisnecessary
Lecture
IntroductionandOverview
Wedefineenterpriseandthemeaningofsecuritywithinthiscontext.
Lecture
Information
Wedefineinformationasitpertainstoenterpriseandexplaininformationclassificationmethodologiesandwhy
theyarenecessary.
Reading
Ch.1TheMeaningofSecurity
Discussion
PleaseseethediscussionboardfortheWeek1threads.
ThetopicswillbeIntroductionsandInformation.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Week 2
Understandtheconceptofrisk
Understandwhyriskmanagementisthekeystoneofasecurityprogram
Understandthecontinuousnatureofriskassessment
Understandthevarioussecurityframeworks
Understandwhichframeworksapplytoagivenenterprise
Understandhowtheframeworksdiffer
Lecture
RiskBasedSecurity
Weexaminethetypesofdatariskandoutlinetheprocessofriskassessment.
Lecture
Frameworks
Weaddresstheprimarysecurityframeworksinusetodayandwhatpurposeeachserves.
Reading
Ch.2TheMeaningofArchitecture
Ch.3SecurityArchitectureModel
Discussion
PleaseseethediscussionboardfortheWeek2thread.
ThetopicwillbeRiskstotheEnterprise.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Short Paper #1
ShortPaper#1
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET
Week 3
Lecture
Legislation
Wesurveytheconstantlychanginglegallandscapeanddiscusshowtechnologyallowscrimetooccurona
muchlargerscale.
Lecture
LegalObligations
Weanalyzewhycyberlawisbothcriminalandcivilinnature.
Reading
Ch.4CaseStudy
Ch.5ASystemsApproach
Discussion
PleaseseethediscussionboardfortheWeek3thread.
ThetopicwillbeCyberLaws.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Short Paper #2
ShortPaper#2
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET
Week 4
Lecture
SecurityOperations,Part1
Weexplorewhysecurityarchitecturemustbedefined,meettherequirementfamiliesofthesecurityframework
used,andcorrespondtotheauditfunction.
Reading
Ch.6MeasuringReturnonInvestmentinSecurityArchitecture
Ch.8ManagingtheSecurityArchitectureProgramme
Discussion
PleaseseetheDiscussionBoardfortheWeek4thread.
ThetopicwillbeReactiveorProactive?
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Midterm Exam
MidtermExam
10essayquestions
CoversWeeks13
120minutestocompletetheexam
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
DueSundayat11:59p.m.ET
Week 5
Lecture
SecurityOperations,Part2
Weexplainwhysecurityoperationsareacomplexprocessandmustbemonitoredcontinuouslyinorderto
surviveanauditandmaintainasecureenterprise.
Reading
Ch.9ContextualSecurityArchitecture
Ch.10ConceptualSecurityArchitecture
Discussion
PleaseseethediscussionboardfortheWeek5thread.
ThetopicwillbeIncidentResponse.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Short Paper #3
ShortPaper#3
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET
Week 6
Attack Models
Wevediscussedtheimportanceofcontinuousmonitoring,butforwhatarewemonitoring?Howdoweknowif
wereunderattack?Wewillexploredetectionandattackingasystemconsciouslyandhowtoconductwhatif
analysis.
Aftercompletingthismodule,studentsshouldbeableto:
Beabletoexplainredteam/blueteamexercises
Understandflawhypothesistesting
Understandsocialengineering
Lecture
AttackModels
Weidentifysomeofthenumerouswaysenterprisesecuritycanbeevaluatedandredesigned.
Reading
Ch.11LogicalSecurityArchitecture
Ch.12PhysicalSecurityArchitecture
Discussion
PleaseseethediscussionboardfortheWeek6thread.
ThetopicwillbeInfamousAttacks.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Short Paper #4
ShortPaper#4
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET
Week 7
Security Testing
Anenterpriseisonlyassecureasitsweakestpoint.Thisweek,wediscussusingsecuritytestingtoensure
systemsareassecureaspossible.
Aftercompletingthismodule,studentsshouldbeableto:
Understandthevarioustypesofsecuritytesting
Understandwhentoperformsecuritytesting
Understandwhenitisappropriatetohaveoutsidetestresources
Lecture
Lecture
SecurityTesting
Weexplorethevarioustypesofsecuritytesting,determinewhentoperformsecuritytesting,anddiscusswhen
itisappropriatetohaveoutsidetestresources.
Reading
Ch.13ComponentSecurityArchitecture
Ch.14SecurityPolicyManagement
Discussion
PleaseseethediscussionboardfortheWeek7thread.
ThetopicwillbePenTesting.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Assignment
CaseStudy:
Selectoneoftheareasofsecurityoperations.Provideacritiqueofanexistingprocesswithinanenterprise,and
howitshouldbedoneasopposedtohowitisdonewithinanenterprisesetting.Thisshouldbeintheformatof:
Beforeandafter
Whythechangesweremade
Forexample,ifyouwereinchargeofsecurity,howwouldyouchangetheprocessinplaceinyourorganization
andwhy?
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET
Week 8
Human Factors
Whydontpeopleusesecurityfeaturesavailabletothem?Whatexactlyistheconceptoftransparency?How
cansecurityusersbehelpfulandproactive?Wewilldiscovertheanswerstothesequestionsthisweek.
Aftercompletingthismodule,studentsshouldbeableto:
Understandwhysecurityfeaturesarenotused
Understandtheconceptoftransparency
Understandhowtobeahelpfulhelpdesk
Lecture
HumanFactors
Examineshowhumaninteractionswithtechnologyaffectsecuritymeasures.
Reading
Ch.15OperationalRiskManagement
Ch.16AssuranceManagement
Ch.17SecurityAdministrationandOperations
Discussion
PleaseseethediscussionboardfortheWeek8thread.
ThetopicwillbeWeHaveMettheEnemy
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET
Exam
FinalExam
10essayquestions
CoversWeeks48
120minutestocompletetheexam
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
DueSundayat11:59p.m.ET
UniversityAllianceOnlineisadivisionofBiskEducation,Inc.2015Bisk
Education.Allrightsreserved.Company,products,servicenamesmaybe
trademarksoftheirrespectiveowners.