IMT 551: Foundations in Organizational Information Assurance (IA)

MSIM

IMT 551
Foundations in Organizational Information Assurance (IA)

UWEO Certificate Program in Information Assurance & Cybersecurity
Information School
University of Washington

Course Description •  Objectives • Course Map
General Responsibilities • University Policies • Course Administration and Policies

Fall 2007
Instructor: Dr. Barbara Endicott-Popovsky  ("Dr. B")

E-mail: endicott@u.washington.edu 
Voice: (206) 284-6123
Cell: (206) 240-0345
Fax: (206) 216-0537

Class meets in MGH 271
Wednesday, 6-9PM

Office Hours: one hour before class and after class (or by appointment)
Office Location: MGH 271

Course Description

Download the course syllabus as a Word document.

The Certificate Program in Information Assurance & Cybersecurity provides students a systematic approach to establishing, managing, and operating a comprehensive and effective information assurance program enterprise-wide. This program identifies and evaluates detailed methodologies for establishing information assurance goals and defining what that means to an organization in terms of policies, planning and practice. It also includes an examination of defense strategies, incident response to system compromise, risk management decision-making, and legal issues.   

Course 1 examines the rationale and methods for securing both physical and electronic components of information systems. Participants learn how vulnerabilities in information systems arise, and gain an understanding of the evolving, threats that systems face. Leading experts from the Pacific Northwest information security community will present best practices for protecting information systems, and students will come to understand the human factors affecting IA policy, plans and audits. Mastery of course material leads to a comprehensive view of information assurance (IA) and improved decision-making capabilities.

Topics include: Concepts, elements, strategies, skills related to the life cycle of information assurance—involving policies, practices, mechanisms, dissemination and validation—that ensure the confidentiality, integrity, and availability of information and information systems. Analysis of the information assurance planning process, including determination and analysis of information assurance organization goals, the threat spectrum, risk, and legal and ethical issues.

The course is designed, in part, to meet the education and training standards described in CNSS 4011 and 4012.

top of page

Objectives

Applying methods learned in the class to real world problems and cases will be emphasized. The breadth and depth of the security experts brought into the classroom as guest lecturers ensures that students are kept current with the latest advances in the field and are exposed to a network of local security professionals who can aid them in career advancement.

Students will:

• Analyze the information assurance (IA) context
  • Demonstrate an understanding of threats, vulnerabilities and strategic countermeasures in a variety of contexts
  • Describe the system services and strategies that implement IA
  • Understand the life cycle for IA in an organizational context
• Analyze and design IA policies and plans
  • Instantiate organizational goals through IA policy and plans
  • Actualize the information assurance life cycle through IA planning
  • Understand the human factors affecting the validity of IA policy and plans
  • Address legal and ethical issues related to IA
• Apply the principles of management
  • Understand the role and responsibilities of a CISO (Chief Information Security Officer)
  • Understand the role of risk management in IA decision making
  • Develop the ability and skills to maintain currency in IA
• Understand and apply the information perspective
  • Appreciate the concepts of information privacy and accountability
  • Understand the relationship between people and IA practices and technology

top of page

Course Map

top of page

General Responsibilities for all Information Assurance Students

Students are trusted with access to the practices, procedures and technologies used to attack and protect valuable information assets and systems. This trust requires an uncompromising commitment to satisfying the highest moral and ethical standards. Adherence to all laws, rules and regulations applicable to the field and practice of information security is critical. This requires more than simple obedience to the law.

We expect that professionals trained by UW will demonstrate sound ethics, honesty and fairness in providing security products and services. The University of Washington expects each student to assume a sense of personal responsibility for assuring the compliance of his or her own behavior and those of their fellow students. The Code of Conduct represents a “zero tolerance” policy. All students enrolled in this course are expected to conduct their activities in a manner that satisfies the highest of ethical standards. Each student must:  

• Conduct activities in accordance with high ethical and moral standards.
• Conduct all activities in accordance with the academic integrity standards posted on the following University of Washington web site: http://www.washington.edu/computing/rules/
• Be aware of, and abide by, the laws of the United States, the individual States, foreign countries and other jurisdictions in which the student may conduct studies, projects, research or other activities.
• Adhere to the spirit of the law as well as its substance
• Always act with personal integrity based on principles of sound judgment
• Neither condone nor ignore any illegal or unethical acts for any reason 

Students should be aware that they may be held personally liable for any improper or illegal acts committed during the course of their education, and that "ignorance of the law" is not a defense. Students may be subject to civil penalties, such as fines, or regulatory sanctions, including suspension or expulsion. Potential penalties for illegal acts under federal sentencing guidelines are severe and may include imprisonment and substantial monetary fines. Existing federal and state laws, as well as the laws of foreign jurisdictions, may impose civil money penalties, permit the issuance of cease and desist orders, or have other consequences.

It is imperative that the University of Washington and its students conduct the University’s academic activities in accordance with the highest possible ethical and legal standards. Every student is responsible for ensuring that his or her personal conduct is above reproach. Violations of the standards described in this Code of Conduct should be made known immediately to the Professor. The University of Washington takes these ethical obligations very seriously. Violations will not be tolerated and will result in disciplinary action appropriate to the violation.

PLEASE NOTE: Anyone who is caught violating the appropriate use policies outlined in this syllabus must answer for themselves. As your instructor, I will not provide excuses for unethical or questionable behavior of students who do not first come and discuss their intentions with me, in person, and prior to taking any actions. Students are encouraged to think about computer security vulnerabilities, but should seek guidance and approval before testing any theories they have.

top of page

University Policies

All students are expected to read the following stated University of Washington policies.

Students with Disabilities
To request academic accommodations due to a disability, please contact Disabled Student Services: 448 Schmitz, 206-543-8924 (V/TTY). If you have a letter from DSS indicating that you have a disability which requires academic accommodations, please present the letter to me so we can discuss the accommodations you might need in the class.   

Academic accommodations due to disability will not be made unless the student has a letter from DSS specifying the type and nature of accommodations needed. 

Academic Conduct
The following paragraphs discussing academic integrity, copyright and privacy outline matters governing academic conduct in the iSchool and the University of Washington.  

Academic Integrity
The essence of academic life revolves around respect not only for the ideas of others, but also their rights to those ideas and their promulgation. It is therefore essential that all of us engaged in the life of the mind take the utmost care that the ideas and expressions of ideas of other people always be appropriately handled, and, where necessary, cited.  For writing assignments, when ideas or materials of others are used, they must be cited. The format is not that important–as long as the source material can be located and the citation verified, it’s OK. What is important is that the material be cited.  In any situation, if you have a question, please feel free to ask.  Such attention to ideas and acknowledgment of their sources is central not only to academic life, but life in general. 

Please acquaint yourself with the University of Washington's resources on academic honesty.

Copyright
All of the expressions of ideas in this class that are fixed in any tangible medium such as digital and physical documents are protected by copyright law as embodied in title 17 of the United States Code. These expressions include the work product of both: (1) your student colleagues (e.g., any assignments published here in the course environment or statements committed to text in a discussion forum); and, (2) your instructors (e.g., the syllabus, assignments, reading lists, and lectures).  Within the constraints of "fair use", you may copy these copyrighted expressions for your personal intellectual use in support of your education here in the iSchool.  Such fair use by you does not include further distribution by any means of copying, performance or presentation beyond the circle of your close acquaintances, student colleagues in this class and your family. If you have any questions regarding whether a use to which you wish to put one of these expressions violates the creator's copyright interests, please feel free to ask the instructor for guidance.

Privacy
To support an academic environment of rigorous discussion and open expression of personal thoughts and feelings, we, as members of the academic community, must be committed to the inviolate right of privacy of our student and instructor colleagues.  As a result, we must forego sharing personally identifiable information about any member of our community including information about the ideas they express, their families, life styles and their political and social affiliations.  If you have any questions regarding whether a disclosure you wish to make regarding anyone in this course or in the iSchool community violates that person's privacy interests, please feel free to ask the instructor for guidance.

Knowing violations of these principles of academic conduct, privacy or copyright may result in University disciplinary action under the Student Code of Conduct.

Student Code of Conduct
Good student conduct is important for maintaining a healthy course environment.  Please familiarize yourself with the University of Washington's Student Code of Conduct.

top of page

Class Administration & Policies

EXPECTATIONS:	Attend ALL classes (or coordinate absences with the instructor). Certificate students must attend 8 of the 10 courses. Come to class prepared to participate in discussions. If you are late to class or have to leave early (neither is recommended), you are responsible for getting the class notes from another student. If you are going to have a problem arriving on time, please talk to the instructor, as this is disruptive to the class as a whole.
TEXTS:	REQUIRED TEXTS Krutz, R. L. & Vines, R. D. (2006).  The CISSP and CAP Prep Guide: Platinum Edition.  New York: Wiley Publishing. (ISBN #0-470-00792-3) Solomon, M. G. & Chapple, M. (2005).  Information Security Illuminated.  Boston, MA: Jones and Bartlett Publishers. In addition, related papers and online articles will be assigned in the course schedule. Optional reading sources can be found in this reading list. ENGINEERING NOTEBOOK You will also need an engineering notebook to keep track of your experiments.
TIME:	Class meets Wednesdays, from 6:00pm to 9:00pm, with some time used for in-class projects (i.e., lab). If you are late to class or have to leave early (neither is recommended), you are responsible for getting the class notes from another student. If you are going to have a problem arriving on time, please talk to the instructor, as this is disruptive to the class as a whole.
PARTICIPATION:	As stated on the Grading page, participation is important. Please read the assignments before coming to class. Both the instructor and the other students will presume you have done so.
ASSIGNMENTS:	Assignments are due the date indicated in the syllabus, unless otherwise stated by the instructor. 10% late penalty assessed. No exceptions, unless absence approved in advance.
SUCCESS:	Maintain the pace of the class.
COMPUTER ACCESS:	Students are expected to have access to a personal computer and to acquire the UWICK toolkit to outfit their own systems
COMPUTER SECURITY LAB POLICIES:	Please read and sign this computer security lab policy.

top of page

---

Overview • Schedule 
Assignments & Grading • Readings