What Every Public Manager Should Know About

Summer 2008 Richard Woodruff

PAD 6600-003

WHAT EVERY PUBLIC MANAGER SHOULD KNOW ABOUT

INFORMATION SYSTEMS SECURITY

Syllabus, Part 1: Overview

Purpose, Content, and Process. This course is designed to give managers who do not routinely have information systems security (ISS) duties within their core responsibilities a better understanding of the elements of this increasingly important area within most modern organizations. This will allow managers to better understand the resource requirements and what is accomplished with them, as well as to appreciate the benefit to all of properly implemented and appropriately administered information systems security.

In order to cover this topic in the space of one semester, it will be necessary that each individual sub-topic will be addressed briefly, yet in enough depth that the student should end the course with a good grounding in the area. This will facilitate the student’s ability to ask the right questions and know when to seek expert assistance when confronted with these subjects in the course of their primary employment.

Readings. The required text, Whitman and Mattord MANAGEMENT OF INFORMATION SECURITY (Boston, MA; Thompson Course Technology, 2nd Ed. 2008) gives a good basic treatment of the general areas of interest that will be covered in the context of an expanded case study. The additional documents that the student has downloaded from the Internet (but not necessarily printed out) will complement the text by demonstrating a source which students can utilize for basis of the formation of necessary documentation within their organization should the need arise.

BlackBoard. Approximately 4 hours of work will be posted to the class section of the CU Denver Web Site utilizing the BlackBoard system

Evaluation. Student performance will be evaluated on the basis of classroom attendance and participation; article written analysis and classroom presentation; a mid-term exam; and a writing project on a topic of the student’s choosing, with approval by the instructor. The approximate weight given to each aspect will be:

Written Analysis and Presentation of Article15%

Mid Term Examination25%

Research Paper and Presentation40%

BlackBoard (Web Based) Assignments10%

Attendance and Participation10%

Faculty. Mr. Richard Woodruff earned his Master Degree from WebsterUniversity in Computer Resources and Information Management. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Project Management Professional (PMP). He has over 22 years of experience in the intelligence and security fields, specializing in the arena of information systems security.

Syllabus, Part 2(A): Meeting Topics and Reading Assignments

DateTopic and Reading

20 Jun 08A. TOPIC:Intro to course content, process, and readings.

(1)Introduction to the Management of Information Security

(2)Submit Article Title

B. READING:(1) Whitman and Mattord chp. 1

21 Jun 08A. TOPIC(S):(1) Planning for Security

(2) Planning for Contingencies

(3)Information Security Policy

(4)Developing the Security Program

(5)Submit Research Paper Topic and Outline.

B. READING:(1) Whitman and Mattord chp. 2, 3, 4, 5

22 Jun 08A. TOPIC(S):(1) Security Management Models and Practices

(2) Risk Management: Identifying and Assessing Risk

(3) Risk Management: Controlling Risk.

B. READING:(1) Whitman and Mattord chp. 6, 7, 8.

C. ACTIVITY:(1) Presentation of Articles

19 Jul 08A. TOPIC(S)(1) Protection Mechanisms

(2) Personnel and Security

B. READING:(1) Whitman and Mattord chp. 9 and 10

C. ACTIVITY:(1) Mid Term Examination (Chapters 1-8)

20 Jul 08A. TOPIC(S):(1) Law and Ethics

(2) Security in the Systems Development Process

B. READING:(1) Whitman and Mattord chp. 11 and 12

C. ACTIVITY:(1) Presentation of Research Paper

Summer 2008Richard Woodruff

PAD 6600-003

WHAT EVERY PUBLIC MANAGER SHOULD KNOW ABOUT

INFORMATION SYSTEMS SECURITY

Article Critical Analysis Assignment

Purpose. The subject of information systems security is a process, not a destination. While it may not be your main focus in your professional pursuits, you should possess an appreciation of the challenges faced by those you may lead who do some of these duties on a regular basis. While the text will give us a good grounding in the basics, it is noted that even though published in 2008, one of its significant references is no longer valid. For that reason, we will supplement our studies with the review and critical analysis of a current article of interest and benefit to you, and through your labors, to the class as a whole.

Process. Your article must be from a professional or academic journal (a “peer reviewed” publication) not a trade magazine. It should be of interest to you, and perhaps related to a situation you have previously encountered or are facing now in your professional life. It should also relate to one of the major areas we are studying in the text. If you have difficulty coming up with ideas, contact me and we can discuss issues that might be of interest. You will create a summary and critique of the article (3-5 pages, double-spaced, TNR 12, 1” margins). You will cover such topics as, but not limited to, the subject of the article, the key concepts covered, and the author’s perspective on the subject. You will conclude with a critical analysis of whether you agree or disagree with the premise of the article, supported with graduate level reasoning and real life examples if possible.

Preparation Timetable. No later than 13 June you will send me a rough draft of your work. I will return it with comment within 72 hours of its receipt. Then, please sent me your final version at least 72 hours prior to the day you will be presenting it in class so that I can post it to the class web site and your fellow students can benefit from a degree of familiarity with the product for our class discussion following your oral presentation of the paper.

Please be sure to contact me if you have any questions regarding this assignment and how it is to be accomplished.

Summer 2008Richard Woodruff

PAD 6600-003

WHAT EVERY PUBLIC MANAGER SHOULD KNOW ABOUT

INFORMATION SYSTEMS SECURITY

Research Paper

Topics. The major work product of this course will be your research paper. The topic of the paper is chosen by you, with my approval. It should be related to information system security. It can be a matter of personal interest related to the text or NIST documentation we will be utilizing, an issue related to your work environment, or an area of interest which you would like to explore more fully than the time in class allows. If you have difficulty coming up with a topic, please contact me and we can brainstorm some potential ideas for a subject.

Purpose and Method. The goal of this assignment is to present a product worthy of publication in a peer-reviewed journal in this field. Your project will demonstrate your ability to research your topic in a scholarly, graduate level manner. You will find, read, understand, and utilize a variety of sources, and cite them correctly in your paper. Your paper will take one of two forms: either an in-depth research paper on a topic of interest or posing a question as your topic and coming to a conclusion based on your critical opinion of the research you perform.

Evaluation. While a quick review of academic and professional periodicals will show a variety of standards, for the purposes of this course we will adhere to the following to set a level playing field for all. The body of your paper should require 10 to 15 pages to properly address your topic in a critical, graduate-level manner. You should cite an adequate number of references, based on your review of similar papers in peer-reviewed journals. References can be appropriate primary sources, or secondary sources from scholarly or professional (peer reviewed) journals. All papers will adhere to APA 5th Ed. format, with 1” margins on all sides, double-spaced, and 12 TNR font. Evaluation criteria will include level of effort, appropriate description, analysis, and conclusion of the subject of the paper, clear communication (organization of paper, grammar, and spelling), and appropriate sourcing of references. The final version of the paper is due no later than the last regularly scheduled class meeting and will be turned in in Word 2003 format in both hard and soft copy. While rough drafts will not be accepted for review, you are strongly encouraged to have your paper reviewed by a classmate, co-worker, or other trusted party who can help you catch errors you may overlook after working with the paper for an extended period of time. This is to be an original work. No plagiarism will be tolerated and the use of a previously submitted paper will not be allowed.

Prospectus: No later than the 22nd of June, please turn in a research prospectus, consisting of a statement one paragraph to one page in length, double-spaced, describing: 1) your topic; (2) if you are utilizing the in-depth research or the question and critical evaluation form; (3) one complete citation and summary of one of your journal articles that will be a reference and which you found helpful in beginning to research your subject. I will email you comments on the prospectus no later than one week after I receive it. You are welcome to submit a rough draft of the prospectus prior to its due date. The prospectus will be worth approximately 10% of the total points possible on the paper. Keep your timeline in mind – the 22nd of June allows slightly less than one month for completion of the project. Earlier submissions may be to your benefit.