ISM 3323 – Information Security Management

Summer Semester, 2019

UNIVERSITY OF WEST FLORIDA - DEPARTMENT OF MANAGEMENT & MIS
COURSE SYLLABUS

INSTRUCTOR: Randy Reid, PhD, CISA, CISSP, Network+, Security+, A+

Office: Bldg. 76A - Rm. 321
Office Hours: by appointment
Phone: 474-2701
E-mail: rcreid@uwf.edu

Course Pre-requisites: ISM3011 (or COP2120)

Required Textbooks:
Management of Information Security, 6th Edition, Michael E. Whitman, Herbert J. Mattord
ISBN-10: 137-10206 ISBN-13: 978-1-337-10206-3, Course Technologies 2018
There will be multiple pdf readings handed out in class.

Information security in the modern organization is both a management and a technology issue.
Technology can not address all of the security issues alone. The focus of this course is an in-depth
study of management and control of the security function of the information systems in business
organizations as opposed to the implementation of security technology. Topic areas include IT controls
and their evaluation, computer-based auditing techniques, encryption, risk analysis, contingency
planning, and perimeter controls. Recent developments in IT such as nomadic computing and Internet
and their impact on IT security management will also be explored. Security is a growing problem that
has important economic consequences for which management will be held accountable.

Course Objectives:
Define security management as it relates to the business model.
Understand of and the uses of risk analysis.
Gain the knowledge necessary to communicate with security administrators and technicians and
participate in design, development, implementation, use, and maintenance of security systems.
Understand Public Key Infrastructure and the associated cryptographic tools.
Develop an understanding of contingency planning and disaster recovery.
Make informed decisions in regards of the administering of a security infrastructure.

Teaching Methods and Class Structure:

This course is offered online via eLearning. It is therefore essential that you secure and maintain
consistent and reliable use of the Internet throughout the summer term in order to participate in the
course. If you have a question about how to gain access to eLearning/Canvas, or experience a technical
problem in relationship to eLearning/Canvas at any point in time throughout the term please contact
the ITS Help Desk at (850) 474-2075.
If this is your first online course at the University of West Florida, please visit the UWF Online
Campus.
Important Note: Working with technology when facing due dates and deadlines can be a little tricky as
we can never know if/when a glitch in the system may causes trouble. Computers and networks are
known to experience technical issue. Hence, waiting till the last minute before a deadline to complete a
task is very risky and may prove to be a very unpleasant experience if you face a glitch in the system.
Please plan accordingly and give yourself enough time to complete an assigned task before getting too
close to its deadline. Keep in mind that there is usually noting that anyone can do to resolve a last
 ISM 3323 – Information Security Management
Summer Semester, 2019

minute technical problem that you may encounter when trying to submit your work just before the
deadline. Please be wise and manage your time effectively and efficiently to avoid negative
consequences of missing a deadline when submitting your work electronically.
All readings and assigned materials are to be completed prior to class period. The instructor will
supplement the text with current events articles and discussion. Students should also be reading
articles in the popular computer press to increase their knowledge of the area and to provide a better
background to the class material.

PowerPoint Slides
The slides used in class are available in pdf format and will be posted in eLearning prior to class. You
will need Adobe reader or similar software to read the pdf file. Adobe reader (free) can be downloaded
at http://www.adobe.com/products/acrobat/readermain.html

PROJECTS:

INDIVIDUAL RESEARCH PROJECT

Each individual will write a research paper on an aspect of security management. Topics in this area include but
not limited to such things as compliance, policies, privacy, or business continuity planning. An email to the
instructor with the topic and a 1 paragraph description of the topic. The CCERP-JCERP Template and Style
Guide for Authors is located in the admin section of the eLearning web site and is a complete guide on how the
paper should be formatted.

PENALTY FOR LATE PROJECTS

All projects are due by the due date indicated when the project is made. Late project s will be accepted
only in very exceptional situations, and permission should be secured in advance.
A. Late assignments will be assessed up to a 20% penalty
a. No assignments will be accepted more than 2 weeks after the due date
b. An incorrectly named or posted assignment is considered to be late
B. Under exceptional circumstances (e.g. emergencies), the penalty may be reduced at the discretion
of the instructor if an appropriate request is made in writing by the student. Any documentary
evidence supporting the request must also be included.

INDIVIDUAL RESEARCH PAPER:

Each individual will write a research paper on an aspect of security management. Topics in this
area include but not limited to such things as compliance, policies, privacy, or business continuity
planning. An email to the instructor with the topic and a 1 paragraph description of the topic.

The CCERP-JCERP Template and Style Guide for Authors is located in the admin section of the
eLearning web site and is a complete guide on how the paper should be formatted.
All of the components should be in a single file using the student’s email name as the file name.

The best papers will be considered for submission to the student track of Conference on
Cybersecurity Education, Research & Practice 2019 conference. The conference is scheduled for
11-12 October in Kennesaw Ga. Selected papers will be submitted for support to include
conference registration, travel, lodging and meals. The Research paper is due 11:30 pm Sunday 28
July
 ISM 3323 – Information Security Management
Summer Semester, 2019

TESTS [MIDTERM/ FINAL]:

1) There will be two examinations.
2) Each of the tests is over the material that is covered in the book and in class. The second test is not
cumulative by design but may contain some material that was covered by the first test.
3) Examinations will be taken on the scheduled test window and must be proctored.
4) There will be no make-up examinations.
5) Proctoring options:
Option I – Face-to-face on-campus examination session:
The midterm exam has been scheduled for Tue June 25th 1:00-3:00 or Wed June 26th 6:00-8:00 in
Bldg. 76 room 105
The final exam has been scheduled for Tue Aug 6th 1:00-3:00 or Wed Aug 7th 6:00-8:00, both are in
Bldg. 76 room 105.
Option II – Online proctored session using Proctor U system:
You may make arrangements to take the Midterm or Final through UWF online Proctor U system
to take the final exam at your convenience sometime within the exam availability period during
the week of final examinations – subject to working hours and scheduling restrictions imposed
by Proctor U.
The midterm exam availability period starts at 9:00am Mon June 24th till 9:00pm Wed June 26th
The final exam availability period starts at 9:00am Mon Aug 5th till 9:00pm Wed Aug 7th
You will NOT be allowed to take the exam outside this window of availability under any
circumstances.
.
You are strongly encouraged to schedule your examination session through Proctor U well in
advance by visiting http://www.proctoru.com/uwf. Please note that Proctor U has its own set of
requirements about scheduling. It is your responsibility to visit http://www.proctoru.com/uwf as
soon as possible and make sure that you abide by all the scheduling requirements to avoid
unpleasant consequences. Please note that you will be responsible for any and all fees involved
with taking the final exam via Proctor U. You are also responsible for ensuring that the video/audio
hardware/software and setup on your computer is compatible with Proctor U if you wish to take the
exam using this facility.
Quizzes:
A. There is 2 quizzes, one the readings and the other is on encryption techniques.
B. Both quizzes are composed of multiple choice questions.
C. Both quizzes are closed notes, closed book.
D. Evaluation Procedures:
A. All of the quizzes will be on-line and not formally proctored.
B. The quizzes will be “graded” upon completion and the student’s score will be available
C. The student will be able to see the multiple choice questions that were missed after the
quiz window closes.
E. Every quiz is expected to be completed during its respective window as shown in the course
schedule in order to keep up with the course pace
F. The instructor will usually not permit a student to make up a quiz once the quiz window is
closed.
G. Readings Quiz Window: 9:00am Tue 11 Jun – 11:30pm Thurs. 13 June
H. Encryption Quiz Window: 9:00am Tue 9 July – 11:30pm Thurs. 11 July
 ISM 3323 – Information Security Management
Summer Semester, 2019

Selected Readings:
There will be a number readings posted in eLearning throughout the semester. They will be discussed
during the and there will a quiz covering all of the readings. Additional details will be distributed later
in the semester. The Readings quiz will be taken on-line, the Quiz Window is: 9:00am Tue 11 Jun –
11:30pm Thurs. 12 June.

Grading Procedures:
The course grades will be determined using the following weights:
Exams (2) 30% each
Research Project 20%
Security Readings Quiz 10%
Encryption Quiz 10%
Total 100%

All the scores for quizzes, homework, and the midterm and final exam will be posted on eLearning. It is your
responsibility to closely monitor your scores throughout the semester and contact me if you have a
question/concern in a timely manner.

The following course average scores will be utilized to determine course letter grades. There is no
"curve" or "scale" - this is it!

FINAL GRADE ASSIGNMENT:

A 90 - 100
B+ 88 - 89.9 B 83 - 87.9 B- 80 - 82.9
C+ 78 - 79.9 C 70 - 77.9
D 60 - 66.9 F below 60

Notes:
1) The instructor reserves the right to lower the grading scale but it will not be raised.
2) Scores on graded work will not be distributed of unsecured media channels.
EMAIL:
I will be using the group mail facility available for this class to send out timely information to the
class. Email will only be sent to the student’s UWF account. Make sure that the email address
that you have listed is current and that you check your email regularly during the term.

SOCIAL MEDIA
I do not connect with students on any social media until they have graduated.

DISABILITY COMPLIANCE:
The University of West Florida supports an inclusive learning environment for all students. If there are
aspects of the instruction or design of this course that hinder your full participation, such as time-
limited exams, inaccessible web content, or the use of non-captioned videos and podcasts, reasonable
accommodations can be arranged. Prior to receiving accommodations, you must register with Student
Accessibility Resources. Appropriate academic accommodations will be determined based on the
documented needs of the individual. For information regarding the registration
process, www.uwf.edu/sar, e-mail sar@uwf.edu or call 850.474.2387.
 ISM 3323 – Information Security Management
Summer Semester, 2019

Here is my attempt to summarize the main points. If you have additional questions, please do not
hesitate to ask me or other campus experts.
1. The office of Disabled Student Services in Bldg 21, Room 130; Phone: 474-2387, email:
sdrc@uwf.edu.
2. A student with special needs has an obligation to inform me of her/ his needs in a timely manner.
For example, student can’t mention it casually at the start of an exam that they have special needs.
3. The Office of Disabled Student Services will evaluate the case to determine if the student qualifies
for special accommodation. If so, this office will determine what special accommodation is needed.
4. There is no waiver for essential requirements of this courses only appropriate accommodation.

Expectations for Academic Conduct/Plagiarism Policy

Taking and giving help: ALL Students are responsible for understanding the Academic Misconduct
Process. The Student Code of Conduct sets forth the rules, regulations and expected behavior of
students enrolled at the University of West Florida. Violations of any rules, regulations, or behavioral
expectations may result in a charge of violating the Student Code of Conduct. It is the student’s
responsibility to read the Student Code of Conduct and conduct themselves accordingly. You may
access the current Student Code of Conduct at http://www.uwf.edu/judicialaffairs. Excellent examples
are available in the Pace Library tutorial at
http://library.uwf.edu/Tutorials/module_plagiarism/default.htm.
In General:
--- All assignments are to be done independently;
--- If, on a rare occasion, you decide to seek help, it must be for a general difficulty and not for a
specific solution to a problem or task or homework;
--- Similarly, if a student approaches you for help you may explain general ideas but you may not tell
him/her the solution to the problem/task/homework.
If you have a question or concern in this area ASK before you act.

As members of the University of West Florida, we commit ourselves to honesty. As we strive for
excellence in performance, integrity – both personal and institutional – is our most precious asset.
Honesty in our academic work is vital, and we will not knowingly act in ways to erode that integrity.
Accordingly, we pledge not to cheat, nor to tolerate cheating, nor to plagiarize the work of others. We
pledge to share community resources in ways that are responsible and that comply with established
policies of fairness. Cooperation and competition are means to high achievement and are encouraged.
Indeed, cooperation is expected unless our directive is to individual performance. We will compete
constructively and professionally for the purpose of stimulating high performance standards. Finally,
we accept adherence to this set of expectations for academic conduct as a condition of membership in
the UWF academic community.
 ISM 3323 – Information Security Management
Summer Semester, 2019

Tentative Class Schedule

Week Text Topic Additional Topic Area

Material Assignments
1 Course Introduction Parkerian Hexad
May 13-19 Ch 1: Introduction to Nomadic Computing
Ch 1
Management of
Information Security.
2 Ch 2 The Need for security Malware
May 20 - 26
3 Law and Ethics
May 27 – June 2 Ch 3
4 Ch 4 Planning for Security Social Engineering
June 3 - 9
5 Risk Management: Readings Quiz Window: 9:00am Tue
Ch 5
June 10 - 16 11 Jun – 11:30pm Thurs. 13 June
6 Security Technology Biometrics
June 17 - 23 Ch 6
Access controls Research Topic Due
7 Security Technology Firewalls
June 24 – June 30 Ch 7
IDS systems
ProctorU or similar In Lab option (rm. 105/bldg. 76)
Midterm
9:00am Mon June 24th till Tue June 25th 1:00-3:00
Window
9:00pm Wed June 26th Wed June 26th 6:00-8:00
8 Ch 8 Cryptography
July 1 - 7
Ch 8 Cryptography

9 Ch 9 Physical Security Encryption Quiz Window: 9:00am Tue

July 8 - 14 9 July – 11:30pm Thurs. 11 July
10 Ch 10 Implementing Info
July 15 - 21 Security
11 Security and Personnel Research Paper Due 28 July 11:30
July 22 - 28 Ch 11
pm
12 Ch 10 Information Security
July 29 – Aug 4 Maintenance
Final ProctorU or similar In Lab option (rm. 105/bldg. 76)
Aug 5 – 9 Window 9:00am Mon Aug 5th till Tue Aug 6th 1:00-3:00
9:00pm Wed Aug 7th Wed Aug 7th 6:00-8:00

All times listed are Central Daylight Savings Time