IFSM 430 - Information Systems and Security
Term 3: 19 Jan - 13 Mar 2004
Kadena
MW 2000-2245
David Wills
http://sensei.ad.umuc.edu/dwills/ifsm430
dwills@ad.umuc.edu
PREREQUISITE: IFSM 300
COURSE DESCRIPTION: A survey covering aspects of establishing and
maintaining a practical information security program. The security
aspects and implications of databases, telecommunications systems, and
software are examined, along with techniques used to assess risks and
discover abuses of systems.
IFSM 430 is a stand alone course in computer and information security
designed to teach students the risks, and vulnerabilities in today's
information systems. It is designed who have the fundamentals of
management information systems, as well as the fundamentals of
hardware, software and communications. Upon completion of the course
students will be well versed in terminology, and understand what
threats can make computer system and its applications vulnerable to
outages and bad data. Students will be instructed in methods,
procedures, barriers, software, and hardware capabilities that can
avoid the potential threats and will understand that people, either
maliciously or accidentally, nature, hardware/software errors, and
power outages are all threats which can keep our management
information system from functioning correctly.
COURSE OBJECTIVES:
- Identify critical information system security measures their
discuss their importance (competence in information technology)
- Identify and discuss the business and organizational issues involving
information systems security (INFOSEC) and other related
considerations (competence in information technology)
- Define and illustrate the terms, techniques, procedures, and methods
associated with INFOSEC. (competence in information technology)
- Apply INFOSEC techniques, procedures, and methods to practical
security problems (competence in information technology)
- Define and design an organizational protection architecture
(competence in information technology)
- Compare and contrast encryption techniques for user privacy and system
confidentiality (competence in information technology, civic
responsibility, international perspective, information literacy)
- Identify legal issues and government regulations related to
information security (competence in information technology, civic
responsibility, international perspective, information literacy)
· Understanding the need for security, potential threats and risks
associated with computer systems security · Learning risk
evaluation, analysis and assessment, and security planning ·
Evaluation of the physical security of valuable computer system
assets, including hardware, software, and data · Examination of
the critical problem of controlling access, including both
physical and data access · Learning to ensure file and data
integrity and security · Understanding the particular problems of
viruses, piracy and hackers · Examination of the critical human
factor
REQUIRED TEXTBOOK:
Pipkin Information Security, HP, 2000.
Stoll The Cuckoo's Egg
EVALUATION:
Paper/presentation 30%
Midterm Exam 35%
Final Exam 25%
Participation 10%
Midterm exam will be based on the Pipkin and Stoll book. "Short answer"
format.
Paper will be 2500-3000 words in HTML to be posted on a web site
(TBD). Topic will be approved by instructor. Will be scanned for plagiarism.
Due: TBD. Presentations from TBD. 20-30 minutes.
Final exam will be based on the papers. "Short answer" format.