mgt5155, security in the enterprise, syllabus

8/16/2019 MGT5155, Security in the Enterprise, Syllabus

http://slidepdf.com/reader/full/mgt5155-security-in-the-enterprise-syllabus 1/16

Syllabus

Collapse All Print Outline

Instructor EmailYour instructor’s Florida Tech email address is listed here, but please use the use the course messaging

system for course-related messages.

Instructor

Biswajit Panja

E-mail

[email protected]

Phone

7343538849

Office Hours

Office hours not set

University Grading Scale

Grade Quality Equivalent Range Points

A excelle nt 90-100 4

B good 80-89 3

C average 70-79 2

D poor 60-69 1

F failure 0-59 0

Syllabus Entry

Security in the Enterprise

MGT5155 | Term: Spring 2 2016

Student Access: 3.7.2016 12:00 AM EST - 5.1.2016 11:59 PM EDT | Section: 1



I incomplete course work

AU audit - no grade

P pass, no effect on GPA

W official withdrawal

Attendance Attendance is required on a weekly basis. Students are expected to view the online lectures in the week they

are offered, and to log onto the site often enough to remain abreast of the communication on the Message Board

as well as any Class News or information from the Professor. It is the responsibility of the student to be aware

of everything happening in the class online.

Academic Honesty

Academic honesty is highly valued in Florida Tech's online courses. The s tudent must always submit work that

represents original words or ideas. If any words or ideas are used that do not represent those original words or

ideas, the student must cite all relevant sources and provide a clear definition of the extent to which suchsources were used. Words or ideas that require citation include, but are not limited to all hard copy or electronic

publications, whether copyrighted or not, and all verbal or visual communication when the content of such

communication clearly originates from an identifiable source. In the Florida Tech online course, all submissions

to any public meeting bulletin board or private mailbox fall within the scope of words and ideas that require

citations if used by someone other than the original author. Academic dishonesty in an online learning

environment could involve:

Having a tutor or friend complete a portion of the student's assignments

Having a reviewer make extensive revisions to an assignment

Copying work submitted by another student to another public class meeting

Using information from online information services without proper citation

Any of these practices could result in charges of academic dishonesty. For the complete Florida Tech policy on

academic dishonesty, cheating and plagiarism see the Florida Tech Student Handbook:

http://www.fit.edu/studenthandbook/

Students with Disabilities

Individuals with disabilities needing special accommodation(s) should contact Rachel Densler. She may be

contacted by phone at (321) 674-8285 or by email at [email protected]

Disaster Statement

School Closure:

Both Florida Tech and the University Alliance observe national holidays and students are not required to

participate in classes on such days. In the case of an emergency closure of Florida Tech or the University

Alliance, if classes are st ill able to operate, they will continue. In the rare case that the Learning Management

mailto:[email protected]

http://www.fit.edu/studenthandbook/



System is unavailable for maintenance reasons, classes will resume as quickly as possible and students should

check the University Alliance website (www.floridatechonline.com) regularly for updates

Natural disaster:

If a natural disaster impacts the Melbourne, Florida area all students should check the Florida Tech website

www.fit.edu or call (800) 888-4348 for updates.

In the event that a natural disaster occurs near the student’s residence they should contact Customer Service

at: 1-800-280-9718 at the soonest opportunity and inform them of the situation. They will make the appropriate

contact to instructors. Final decisions on the appropriate timeline to complete course requirements are at the

discretion of the instructor.

Course Withdrawal

To withdraw prior to the start of class, you must contact your University Alliance representative. Once class

begins, you must withdraw using the Florida Tech's online student account system (PAWS). If you are a new

student, PAWS access information will be provided prior to class start. You have the prerogative of dropping a

course until the end of the first week of classes without receiving a grade of "W". After the first week, a grade of

"W" will be assigned up until the final published date for withdrawing (the last day of week six). That grade will be

reflected on your transcript, but not calculated into your grade point average. Withdrawals after week six will

result in a grade of "F". You are responsible for maintaining written evidence of all drops/withdrawals. Telephone

and e-mail drops/withdrawals will not be accepted. Following is a table that clearly outlines Florida Tech's

withdrawal and refund policies:

Withdrawal Policy / Refund Chart

Week Withdrawal Permitted Tuition Refunded Deadline

1 Yes 100% By Sunday at 11:59 PM ET



4 Yes No Refund By Sunday at 11:59 PM ET



7 No No Refund - No Withdrawal

8 No No Refund - No Withdrawal

PAWS is accessible through the university portal ACCESS Florida Tech. To continue to PAWS

click here (opens in new window)

https://access.fit.edu/

http://www.fit.edu/

http://www.floridatechonline.com/



Smarthinking

SMARTHINKING's fundamental objectives are to engage and encourage students in active learning, as well as

to enhance their motivation. Our tutors strive to help students develop successful learning skills, rather than

simply "giving answers" or "doing homework" for them. In a professional and supportive environment, we focus

on the power of human interaction and the use of technology to assist a student-centered tutoring process.

www.smarthinking.com

Course Description

Cybersecurity must operate within real-world constraints. In this course, students will explore interconnections

between security solutions and the enterprise. Topics include legal and regulatory considerations, attack and

trust models, risk, and the economics of security.

Course Objectives

After completing this course, you should be able to:

1. Understand the classification and valuation of information

2. Understand the relevant legislation and legal obligations of security professionals

3. Understand risk-based security decision making

4. Understand security frameworks

5. Derive the processes used in security operations, including:

a. Device hardening

b. Asset management

c. Vulnerability remediation

d. Incident response

e. Computer forensics

6. Attack models and testing

7. The impact of human factors on security technology

Prerequisites

None

Credit Hours

3

Course Introduction

http://www.smarthinking.com/



Course Materials

Enterprise Security Architecture, A Business-Driven Approach. (2005). Sherwood, J., Clark, A., & Lynas, D.

CMP Books.

Grading

Your grade in this course will be our evaluation of your performance. We will base this evaluation on your

demonstrated competence on the following:

Assignment Points

Class Discussions (8 @ 20) 160

Short Papers (4 @ 50) 200

Exam 1 200

Exam 2 300

Case Study 140

Total 1000

Grading Scale: (minimum grade cutoffs)

A - 900 or more points

B - 800-899 points

C - 700-799 points

D - 600-699 points

F - Less than 600 points

Guidelines & Expectations

Weekly Schedule

WeekModule

NumberModule Title Assignments Discussion Topic

Quiz or

Exam



1

1 Introduction & Overview Introductions

2 Information Information

2

3 Risk-Based Security Short Paper #1 Risks to the Enterprise

4 Frameworks

3

5 Legislation Short Paper #2 Cyber Laws

6 Legal Obligations

4 7Security Operations,

Part 1Reactive or Proactive? Exam 1

5 8Security

Operations, Part 2Short Pape r # 3 Inci dent R espon se

6 9 Attack Models Short Paper #4 Infamous Attacks

7 10 Security Testing Case Study Pen Testing

8 11 Human FactorsWe Have Met the

Enemy…Exam 2

Discussion Board Requirements

For EACH discussion question you must provide a substantive and relevant response (at least 200 words)

to the main question AND to at least two (2) other students’ comments (at least 100 words each) in either

question thread

Responses that reference external articles, web pages, or books must be cited properly

Your initial post should contain at least ONE external resource (beyond the textbook)

EACH response must not be based on opinion, but rather demonstrate that you have synthesized the

information you have gathered in order to come to a scholarly conclusion. You must cite evidence in the

form of peer-reviewed literature to support your conclusion



All information must be paraphrased from the original source and must use citations in APA format to

support the paraphrased information

Important! A lack of participation in the discussion board by other students should not serve as a hindrance

for you to participate in discussion. In the event others have not engaged in discussion, you still need to

post the required number of responses

Short Papers

Select an academic paper from a respected journal or conference proceedings on the topic provided (see weekdue for topics). Write a summary of the paper, not to exceed two pages (single-spaced, 12 point font, 1”

margins). Summaries should capture the critical thought or new idea, evaluate the references, and provide an

opinion of the research.

Case Study

Select one of the areas of security operations. Provide a critique of an existing process within an enterprise and

how it should be done as opposed to how it is done within an enterprise setting. This should be in the format of:

before and after and why the changes were made. For example, if you were in charge of security, how would you

change the process in place in your organization and why?

Exams

Exam #1 will consist of essay questions and covers Weeks 1–3

Exam #2 will consist of essay questions and covers Weeks 4–8

Exams should be treated like research papers. Answers must include properly cited references.

To assist you in utilizing the FIT Library, please view the Computer Science and Information Systems

"Research Guide."

Online Tutoring

In addition to your professor in this class, we have made arrangements for you to access an online tutoring

service if you want to get extra help with math and writing. When you click on the link below, you will

automatically be logged in to a website for the tutoring service, offered by Smarthinking. No account setup is

necessary, and there is no additional cost to you for this service. You will see on that page that you have the

option to schedule a session with a tutor, submit a question, or submit your writing for feedback.

www.smarthinking.com

Introduction and Overview

We discuss the objectives of the class, explore information security, identify the policies that form the security

requirements, define information in enterprise, and explain classification.

After completing this lesson, you should be able to:

Week 1

https://grad.floridatechonline.com/Scripts/ThirdPartyRedirect.ashx?tool=smartthinking

http://libguides.lib.fit.edu/content.php?pid=105872



Understand the objectives of the class

Understand the work expected from the student

Understand the student evaluation process

Understand the concept of the enterprise

Define information in the context of the enterprise

Understand information classification methodologies

Explain why classification of information is necessary

Lecture

Introduction and Overview

We define enterprise and the meaning of security within this context.

LectureInformation

We define information as it pertains to enterprise and explain information classification methodologies and why

they are necessary.

Reading

Ch. 1 The Meaning of Security

DiscussionPlease see the discussion board for the Week 1 threads.

The topics will be “Introductions” and “Information.”

Your initial post is due Wednesday at 11:59 p.m. ET

Your response to peers' posts is due Sunday at 11:59 p.m. ET

Risk-Based Security and Frameworks

As threats evolve, so do t he risks. This week, we examine risk management and assessment, and we discuss

frameworks.

After completing this module, students should be able to:

Week 2



Understand the concept of risk

Understand why risk management is the keystone of a security program

Understand the continuous nature of risk assessment

Understand the various security frameworks

Understand which frameworks apply to a given enterprise

Understand how the frameworks differ

Lecture

Risk-Based Security

We examine the types of data risk and outline the process of risk assessment.

Lecture

Frameworks

We address the primary security frameworks in use today and what purpose each serves.

Reading

Ch. 2 The Meaning of Architecture

Ch. 3 Security Architecture Model

Discussion

Please see the discussion board for the Week 2 thread.

The topic will be “Risks to the Enterprise.”



Short Paper #1

Short Paper #1

Select an academic paper from a respected journal or conference proceedings on the topic provided by your

instructor.

Write a summary of the paper, not to exceed two pages, single-spaced, 12 point font, 1” margins. Summaries

should capture the critical thought or new idea, evaluate the references, and provide an opinion of the research.

Click the Submit Assignment button below to upload your assignment to Turnitin

Due Sunday at 11:59 p.m. ET



Legislation and Legal Obligations

We live in a world where laws govern what we do. This week, you will examine what the law means to cyber

applications, explore the various issues associated with creating cyberlegislation, and review some legal

terminology found in security case law.


Understand local, state, and federal cyber laws

Understand the issues associated with cyberlegislation creation

Understand the issues associated with cyber enforcement

Understand the term “best effort”

Understand the term “industry standard”

Understand contractual requirements

Understand lawful and unlawful intercept

Lecture

Legislation

We survey the constantly changing legal landscape and discuss how technology allows crime to occur on a

much larger scale.

Lecture

Legal Obligations

We analyze why cyber law is both criminal and civil in nature.

ReadingCh. 4 Case Study

Ch. 5 A Systems Approach

Discussion


The topic will be “Cyber Laws.”


Week 3




Short Paper #2

Short Paper #2


instructor.





Security Operations, Part 1

Why is documenting the process of security important to maintaining the system? How do you keep the

enterprise running securely? We explore asset management, configuration management, device hardening, and

why security architectures are created.


Explain asset management as it relates to security

Explain configuration management

Understand the concept of device hardening

Understand how the security architecture is derived

Lecture


We explore why security architecture must be defined, meet the requirement families of the security framework

used, and correspond to the audit function.

Reading

Ch. 6 Measuring Return on Investment in Security Architecture

Ch. 8 Managing the Security Architecture Programme

Week 4



Discussion

Please see the Discussion Board for the Week 4 thread.

The topic will be “Reactive or Proactive?”



Midterm Exam

Midterm Exam

10 essay questions

Covers Weeks 1-3

120 minutes to complete the exam

Answers must include properly cited references and should be treated like a research paper


Security Operations, Part 2This week, we will examine incidence response, event management, and computer forensics.


Understand the elements of incident response

Understand the concept of event management

Understand the concept of continuous monitoring

Understand the concept of computer forensics

Lecture


We explain why security operations are a complex process and must be monitored continuously in order to

survive an audit and maintain a secure enterprise.

Reading

Week 5



Ch. 9 Contextual Security Architecture

Ch. 10 Conceptual Security Architecture

Discussion


The topic will be “Incident Response.”



Short Paper #3

Short Paper #3


instructor.





Attack Models

We’ve discussed the importance of continuous monitoring, but for what are we monitoring? How do we know if

we’re under attack? We will explore detection and attacking a system consciously and how to conduct “what if”

analysis.


Be able to explain red team/blue team exercises

Understand flaw hypothesis testing

Understand social engineering

Lecture

Attack Models

Week 6



We identify some of the numerous ways enterprise security can be evaluated and redesigned.

Reading

Ch. 11 Logical Security Architecture

Ch. 12 Physical Security Architecture

Discussion


The topic will be “Infamous Attacks.”



Short Paper #4

Short Paper #4


instructor.





Security Testing

An enterprise is only as secure as its weakest point. This week, we disc uss using security testing to ensuresystems are as secure as possible.


Understand the various types of security testing

Understand when to perform security testing

Understand when it is appropriate to have outside test resources

Lecture

Week 7



Security Testing

We explore the various types of security testing, determine when to perform security testing, and discuss when

it is appropriate to have outside test resources.

Reading

Ch. 13 Component Security Architecture

Ch. 14 Security Policy Management

Discussion


The topic will be “Pen Testing.”



Assignment

Case Study:

Select one of the areas of security operations. Provide a critique of an existing process within an enterprise, and

how it should be done as opposed to how it is done within an enterprise setting. This should be in the format of:

Before and after

Why the changes were made

For example, if you were in charge of security, how would you change the process in place in your organization

and why?



Human Factors

Why don’t people use security features available to them? What exactly is the concept of transparency? How

can security users be helpful and proactive? We will discover the answers to these questions this week.


Week 8



University Alliance Online ® is a division of Bisk Education, Inc. © 2015 Bisk

Education. All rights reserved. Company, products, service names may be

trademarks of their respective owners.

Understand why security features are not used

Understand the concept of transparency

Understand how to be a helpful help desk

Lecture

Human Factors

Examines how human interactions with technology affect security measures.

Reading

Ch. 15 Operational Risk Management

Ch. 16 Assurance Management

Ch. 17 Security Administration and Operations

Discussion


The topic will be “We Have Met the Enemy…”



ExamFinal Exam

10 essay questions

Covers Weeks 4-8

120 minutes to complete the exam

Answers must include properly cited references and should be treated like a research paper


mgt5155, security in the enterprise, syllabus

Documents