mgt5155, security in the enterprise, syllabus
TRANSCRIPT
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 1/16
Syllabus
Collapse All Print Outline
Instructor EmailYour instructor’s Florida Tech email address is listed here, but please use the use the course messaging
system for course-related messages.
Instructor
Biswajit Panja
Phone
7343538849
Office Hours
Office hours not set
University Grading Scale
Grade Quality Equivalent Range Points
A excelle nt 90-100 4
B good 80-89 3
C average 70-79 2
D poor 60-69 1
F failure 0-59 0
Syllabus Entry
Security in the Enterprise
MGT5155 | Term: Spring 2 2016
Student Access: 3.7.2016 12:00 AM EST - 5.1.2016 11:59 PM EDT | Section: 1
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 2/16
I incomplete course work
AU audit - no grade
P pass, no effect on GPA
W official withdrawal
Attendance Attendance is required on a weekly basis. Students are expected to view the online lectures in the week they
are offered, and to log onto the site often enough to remain abreast of the communication on the Message Board
as well as any Class News or information from the Professor. It is the responsibility of the student to be aware
of everything happening in the class online.
Academic Honesty
Academic honesty is highly valued in Florida Tech's online courses. The s tudent must always submit work that
represents original words or ideas. If any words or ideas are used that do not represent those original words or
ideas, the student must cite all relevant sources and provide a clear definition of the extent to which suchsources were used. Words or ideas that require citation include, but are not limited to all hard copy or electronic
publications, whether copyrighted or not, and all verbal or visual communication when the content of such
communication clearly originates from an identifiable source. In the Florida Tech online course, all submissions
to any public meeting bulletin board or private mailbox fall within the scope of words and ideas that require
citations if used by someone other than the original author. Academic dishonesty in an online learning
environment could involve:
Having a tutor or friend complete a portion of the student's assignments
Having a reviewer make extensive revisions to an assignment
Copying work submitted by another student to another public class meeting
Using information from online information services without proper citation
Any of these practices could result in charges of academic dishonesty. For the complete Florida Tech policy on
academic dishonesty, cheating and plagiarism see the Florida Tech Student Handbook:
http://www.fit.edu/studenthandbook/
Students with Disabilities
Individuals with disabilities needing special accommodation(s) should contact Rachel Densler. She may be
contacted by phone at (321) 674-8285 or by email at [email protected]
Disaster Statement
School Closure:
Both Florida Tech and the University Alliance observe national holidays and students are not required to
participate in classes on such days. In the case of an emergency closure of Florida Tech or the University
Alliance, if classes are st ill able to operate, they will continue. In the rare case that the Learning Management
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 3/16
System is unavailable for maintenance reasons, classes will resume as quickly as possible and students should
check the University Alliance website (www.floridatechonline.com) regularly for updates
Natural disaster:
If a natural disaster impacts the Melbourne, Florida area all students should check the Florida Tech website
www.fit.edu or call (800) 888-4348 for updates.
In the event that a natural disaster occurs near the student’s residence they should contact Customer Service
at: 1-800-280-9718 at the soonest opportunity and inform them of the situation. They will make the appropriate
contact to instructors. Final decisions on the appropriate timeline to complete course requirements are at the
discretion of the instructor.
Course Withdrawal
To withdraw prior to the start of class, you must contact your University Alliance representative. Once class
begins, you must withdraw using the Florida Tech's online student account system (PAWS). If you are a new
student, PAWS access information will be provided prior to class start. You have the prerogative of dropping a
course until the end of the first week of classes without receiving a grade of "W". After the first week, a grade of
"W" will be assigned up until the final published date for withdrawing (the last day of week six). That grade will be
reflected on your transcript, but not calculated into your grade point average. Withdrawals after week six will
result in a grade of "F". You are responsible for maintaining written evidence of all drops/withdrawals. Telephone
and e-mail drops/withdrawals will not be accepted. Following is a table that clearly outlines Florida Tech's
withdrawal and refund policies:
Withdrawal Policy / Refund Chart
Week Withdrawal Permitted Tuition Refunded Deadline
1 Yes 100% By Sunday at 11:59 PM ET
2 Yes 60% By Sunday at 11:59 PM ET
3 Yes 40% By Sunday at 11:59 PM ET
4 Yes No Refund By Sunday at 11:59 PM ET
5 Yes No Refund By Sunday at 11:59 PM ET
6 Yes No Refund By Sunday at 11:59 PM ET
7 No No Refund - No Withdrawal
8 No No Refund - No Withdrawal
PAWS is accessible through the university portal ACCESS Florida Tech. To continue to PAWS
click here (opens in new window)
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 4/16
Smarthinking
SMARTHINKING's fundamental objectives are to engage and encourage students in active learning, as well as
to enhance their motivation. Our tutors strive to help students develop successful learning skills, rather than
simply "giving answers" or "doing homework" for them. In a professional and supportive environment, we focus
on the power of human interaction and the use of technology to assist a student-centered tutoring process.
www.smarthinking.com
Course Description
Cybersecurity must operate within real-world constraints. In this course, students will explore interconnections
between security solutions and the enterprise. Topics include legal and regulatory considerations, attack and
trust models, risk, and the economics of security.
Course Objectives
After completing this course, you should be able to:
1. Understand the classification and valuation of information
2. Understand the relevant legislation and legal obligations of security professionals
3. Understand risk-based security decision making
4. Understand security frameworks
5. Derive the processes used in security operations, including:
a. Device hardening
b. Asset management
c. Vulnerability remediation
d. Incident response
e. Computer forensics
6. Attack models and testing
7. The impact of human factors on security technology
Prerequisites
None
Credit Hours
3
Course Introduction
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 5/16
Course Materials
Enterprise Security Architecture, A Business-Driven Approach. (2005). Sherwood, J., Clark, A., & Lynas, D.
CMP Books.
Grading
Your grade in this course will be our evaluation of your performance. We will base this evaluation on your
demonstrated competence on the following:
Assignment Points
Class Discussions (8 @ 20) 160
Short Papers (4 @ 50) 200
Exam 1 200
Exam 2 300
Case Study 140
Total 1000
Grading Scale: (minimum grade cutoffs)
A - 900 or more points
B - 800-899 points
C - 700-799 points
D - 600-699 points
F - Less than 600 points
Guidelines & Expectations
Weekly Schedule
WeekModule
NumberModule Title Assignments Discussion Topic
Quiz or
Exam
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 6/16
1
1 Introduction & Overview Introductions
2 Information Information
2
3 Risk-Based Security Short Paper #1 Risks to the Enterprise
4 Frameworks
3
5 Legislation Short Paper #2 Cyber Laws
6 Legal Obligations
4 7Security Operations,
Part 1Reactive or Proactive? Exam 1
5 8Security
Operations, Part 2Short Pape r # 3 Inci dent R espon se
6 9 Attack Models Short Paper #4 Infamous Attacks
7 10 Security Testing Case Study Pen Testing
8 11 Human FactorsWe Have Met the
Enemy…Exam 2
Discussion Board Requirements
For EACH discussion question you must provide a substantive and relevant response (at least 200 words)
to the main question AND to at least two (2) other students’ comments (at least 100 words each) in either
question thread
Responses that reference external articles, web pages, or books must be cited properly
Your initial post should contain at least ONE external resource (beyond the textbook)
EACH response must not be based on opinion, but rather demonstrate that you have synthesized the
information you have gathered in order to come to a scholarly conclusion. You must cite evidence in the
form of peer-reviewed literature to support your conclusion
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 7/16
All information must be paraphrased from the original source and must use citations in APA format to
support the paraphrased information
Important! A lack of participation in the discussion board by other students should not serve as a hindrance
for you to participate in discussion. In the event others have not engaged in discussion, you still need to
post the required number of responses
Short Papers
Select an academic paper from a respected journal or conference proceedings on the topic provided (see weekdue for topics). Write a summary of the paper, not to exceed two pages (single-spaced, 12 point font, 1”
margins). Summaries should capture the critical thought or new idea, evaluate the references, and provide an
opinion of the research.
Case Study
Select one of the areas of security operations. Provide a critique of an existing process within an enterprise and
how it should be done as opposed to how it is done within an enterprise setting. This should be in the format of:
before and after and why the changes were made. For example, if you were in charge of security, how would you
change the process in place in your organization and why?
Exams
Exam #1 will consist of essay questions and covers Weeks 1–3
Exam #2 will consist of essay questions and covers Weeks 4–8
Exams should be treated like research papers. Answers must include properly cited references.
To assist you in utilizing the FIT Library, please view the Computer Science and Information Systems
"Research Guide."
Online Tutoring
In addition to your professor in this class, we have made arrangements for you to access an online tutoring
service if you want to get extra help with math and writing. When you click on the link below, you will
automatically be logged in to a website for the tutoring service, offered by Smarthinking. No account setup is
necessary, and there is no additional cost to you for this service. You will see on that page that you have the
option to schedule a session with a tutor, submit a question, or submit your writing for feedback.
www.smarthinking.com
Introduction and Overview
We discuss the objectives of the class, explore information security, identify the policies that form the security
requirements, define information in enterprise, and explain classification.
After completing this lesson, you should be able to:
Week 1
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 8/16
Understand the objectives of the class
Understand the work expected from the student
Understand the student evaluation process
Understand the concept of the enterprise
Define information in the context of the enterprise
Understand information classification methodologies
Explain why classification of information is necessary
Lecture
Introduction and Overview
We define enterprise and the meaning of security within this context.
LectureInformation
We define information as it pertains to enterprise and explain information classification methodologies and why
they are necessary.
Reading
Ch. 1 The Meaning of Security
DiscussionPlease see the discussion board for the Week 1 threads.
The topics will be “Introductions” and “Information.”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Risk-Based Security and Frameworks
As threats evolve, so do t he risks. This week, we examine risk management and assessment, and we discuss
frameworks.
After completing this module, students should be able to:
Week 2
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 9/16
Understand the concept of risk
Understand why risk management is the keystone of a security program
Understand the continuous nature of risk assessment
Understand the various security frameworks
Understand which frameworks apply to a given enterprise
Understand how the frameworks differ
Lecture
Risk-Based Security
We examine the types of data risk and outline the process of risk assessment.
Lecture
Frameworks
We address the primary security frameworks in use today and what purpose each serves.
Reading
Ch. 2 The Meaning of Architecture
Ch. 3 Security Architecture Model
Discussion
Please see the discussion board for the Week 2 thread.
The topic will be “Risks to the Enterprise.”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Short Paper #1
Short Paper #1
Select an academic paper from a respected journal or conference proceedings on the topic provided by your
instructor.
Write a summary of the paper, not to exceed two pages, single-spaced, 12 point font, 1” margins. Summaries
should capture the critical thought or new idea, evaluate the references, and provide an opinion of the research.
Click the Submit Assignment button below to upload your assignment to Turnitin
Due Sunday at 11:59 p.m. ET
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 10/16
Legislation and Legal Obligations
We live in a world where laws govern what we do. This week, you will examine what the law means to cyber
applications, explore the various issues associated with creating cyberlegislation, and review some legal
terminology found in security case law.
After completing this module, students should be able to:
Understand local, state, and federal cyber laws
Understand the issues associated with cyberlegislation creation
Understand the issues associated with cyber enforcement
Understand the term “best effort”
Understand the term “industry standard”
Understand contractual requirements
Understand lawful and unlawful intercept
Lecture
Legislation
We survey the constantly changing legal landscape and discuss how technology allows crime to occur on a
much larger scale.
Lecture
Legal Obligations
We analyze why cyber law is both criminal and civil in nature.
ReadingCh. 4 Case Study
Ch. 5 A Systems Approach
Discussion
Please see the discussion board for the Week 3 thread.
The topic will be “Cyber Laws.”
Your initial post is due Wednesday at 11:59 p.m. ET
Week 3
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 11/16
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Short Paper #2
Short Paper #2
Select an academic paper from a respected journal or conference proceedings on the topic provided by your
instructor.
Write a summary of the paper, not to exceed two pages, single-spaced, 12 point font, 1” margins. Summaries
should capture the critical thought or new idea, evaluate the references, and provide an opinion of the research.
Click the Submit Assignment button below to upload your assignment to Turnitin
Due Sunday at 11:59 p.m. ET
Security Operations, Part 1
Why is documenting the process of security important to maintaining the system? How do you keep the
enterprise running securely? We explore asset management, configuration management, device hardening, and
why security architectures are created.
After completing this module, students should be able to:
Explain asset management as it relates to security
Explain configuration management
Understand the concept of device hardening
Understand how the security architecture is derived
Lecture
Security Operations, Part 1
We explore why security architecture must be defined, meet the requirement families of the security framework
used, and correspond to the audit function.
Reading
Ch. 6 Measuring Return on Investment in Security Architecture
Ch. 8 Managing the Security Architecture Programme
Week 4
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 12/16
Discussion
Please see the Discussion Board for the Week 4 thread.
The topic will be “Reactive or Proactive?”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Midterm Exam
Midterm Exam
10 essay questions
Covers Weeks 1-3
120 minutes to complete the exam
Answers must include properly cited references and should be treated like a research paper
Due Sunday at 11:59 p.m. ET
Security Operations, Part 2This week, we will examine incidence response, event management, and computer forensics.
After completing this module, students should be able to:
Understand the elements of incident response
Understand the concept of event management
Understand the concept of continuous monitoring
Understand the concept of computer forensics
Lecture
Security Operations, Part 2
We explain why security operations are a complex process and must be monitored continuously in order to
survive an audit and maintain a secure enterprise.
Reading
Week 5
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 13/16
Ch. 9 Contextual Security Architecture
Ch. 10 Conceptual Security Architecture
Discussion
Please see the discussion board for the Week 5 thread.
The topic will be “Incident Response.”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Short Paper #3
Short Paper #3
Select an academic paper from a respected journal or conference proceedings on the topic provided by your
instructor.
Write a summary of the paper, not to exceed two pages, single-spaced, 12 point font, 1” margins. Summaries
should capture the critical thought or new idea, evaluate the references, and provide an opinion of the research.
Click the Submit Assignment button below to upload your assignment to Turnitin
Due Sunday at 11:59 p.m. ET
Attack Models
We’ve discussed the importance of continuous monitoring, but for what are we monitoring? How do we know if
we’re under attack? We will explore detection and attacking a system consciously and how to conduct “what if”
analysis.
After completing this module, students should be able to:
Be able to explain red team/blue team exercises
Understand flaw hypothesis testing
Understand social engineering
Lecture
Attack Models
Week 6
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 14/16
We identify some of the numerous ways enterprise security can be evaluated and redesigned.
Reading
Ch. 11 Logical Security Architecture
Ch. 12 Physical Security Architecture
Discussion
Please see the discussion board for the Week 6 thread.
The topic will be “Infamous Attacks.”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Short Paper #4
Short Paper #4
Select an academic paper from a respected journal or conference proceedings on the topic provided by your
instructor.
Write a summary of the paper, not to exceed two pages, single-spaced, 12 point font, 1” margins. Summaries
should capture the critical thought or new idea, evaluate the references, and provide an opinion of the research.
Click the Submit Assignment button below to upload your assignment to Turnitin
Due Sunday at 11:59 p.m. ET
Security Testing
An enterprise is only as secure as its weakest point. This week, we disc uss using security testing to ensuresystems are as secure as possible.
After completing this module, students should be able to:
Understand the various types of security testing
Understand when to perform security testing
Understand when it is appropriate to have outside test resources
Lecture
Week 7
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 15/16
Security Testing
We explore the various types of security testing, determine when to perform security testing, and discuss when
it is appropriate to have outside test resources.
Reading
Ch. 13 Component Security Architecture
Ch. 14 Security Policy Management
Discussion
Please see the discussion board for the Week 7 thread.
The topic will be “Pen Testing.”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
Assignment
Case Study:
Select one of the areas of security operations. Provide a critique of an existing process within an enterprise, and
how it should be done as opposed to how it is done within an enterprise setting. This should be in the format of:
Before and after
Why the changes were made
For example, if you were in charge of security, how would you change the process in place in your organization
and why?
Click the Submit Assignment button below to upload your assignment to Turnitin
Due Sunday at 11:59 p.m. ET
Human Factors
Why don’t people use security features available to them? What exactly is the concept of transparency? How
can security users be helpful and proactive? We will discover the answers to these questions this week.
After completing this module, students should be able to:
Week 8
8/16/2019 MGT5155, Security in the Enterprise, Syllabus
http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 16/16
University Alliance Online ® is a division of Bisk Education, Inc. © 2015 Bisk
Education. All rights reserved. Company, products, service names may be
trademarks of their respective owners.
Understand why security features are not used
Understand the concept of transparency
Understand how to be a helpful help desk
Lecture
Human Factors
Examines how human interactions with technology affect security measures.
Reading
Ch. 15 Operational Risk Management
Ch. 16 Assurance Management
Ch. 17 Security Administration and Operations
Discussion
Please see the discussion board for the Week 8 thread.
The topic will be “We Have Met the Enemy…”
Your initial post is due Wednesday at 11:59 p.m. ET
Your response to peers' posts is due Sunday at 11:59 p.m. ET
ExamFinal Exam
10 essay questions
Covers Weeks 4-8
120 minutes to complete the exam
Answers must include properly cited references and should be treated like a research paper
Due Sunday at 11:59 p.m. ET