MASTER COURSE SYLLABUS

Date:January 2000

Course Number:MIS 660

Course Title:Information Security Management

Instructor(s):Reid

Typical Textbook:Gollman, Computer Security, John Wiley & Sons, Inc., 1999

Catalog Description: Examines management issues associated with the control and audit of information systems. Specific emphasis is on IT controls and their evaluation, computer-based auditing techniques, encryption, and security policies. Recent developments in IT, such as client-server systems and the Internet, and their impact on auditing, control, and security, are also considered.

Prerequisites:MIS 634 or the equivalent

Goals and Objectives:Computing security is increasingly important. This is due in part to the low cost, improved performance and availability of microcomputer hardware and software, low cost networking, and the growth of the Internet. This course is designed to provide students with an understanding of security hardware and software.

The course is divided into multiple phases. The first phase will provide the students with a background on encryption and PKI (Public Key Infrastructure) components that are available and the managerial implications that are associated with local area and wide area networks will be presented.

The final phase will introduce security policies and how the programs are implemented. Legal and ethical issues associated with security will also be presented.

MASTER COURSE SYLLABUS

MIS 660

January 2000

Subject Matter Based on 14 160 minute sessions

1) Background 1 session

a) Is there a security problem?

b) Who is involved in security?

c) Business security requirements

2) Encryption3 sessions

a) Basic encryption/decryption

b) Secure encryption systems

c) Using encryption

3) Malicious Code1 session

a) Viruses, Trojan Horses, Worms and other types of malicious code

b) Protection software

4) Operating Systems2 sessions

a) Protection in Operating Systems

b) Designing Trusted Operating Systems

5) Database Security1 session

6) Network Security2 sessions

a) Lan security

b) VPN (Virtual Private Networks)

c) WAN

d) Internet

7) Administering Security2 sessions

a) Risk analysis

b) Security Policies

8) Legal & Ethical Issues2 sessions

Global Issues:Security and encryption in a global business environment

Technology:Pervasive throughout the course

Examinations:Mid-term and final

Cases:1 applications project

Projects:1 individual project expanding coverage of a specific security element

Final:Final examination

Computer Usage:Demonstration of components, no direct lab assignments

Diversity:Not applicable

Ethics Coverage:Privacy issues