UNIVERSITY OF WISCONSIN-MILWAUKEE
School of Information Studies
INFOST (781) – Information Security Management
CATALOG DESCRIPTION:
Investigation of key aspects of information security management. The course addresses policy development, risk analysis and management, security information dissemination, education and awareness training, legal compliance, and ethical and legal conduct. 3 credits.
GENERAL DESCRIPTION:
This course prepares the graduate student to understand theoretical underpinnings and develop skills in a work-related context to dynamically interpret the behavioral side of information security in either private, public or government enterprises. The course is designed to engage in the foundations of behavior to provide information security management. The academic engagement will cover the following topics: (i) policy development, (ii) risk analysis and management, (iii) security information dissemination, education and awareness training, (iv) legal compliance, and (v) ethical and legal conduct. Students will be prepared to reflectively address the human factors of information security management.
PREREQUISITES:
Graduate Student Status; InfoSt 583 completed.
TIME EXPECTATIONS:
This course requires a weekly time commitment. General university guidelines indicate that a 3-credit course requires a minimum 144 hour time commitment over the semester. This time commitment represents a minimum of 9-10 hours of work per week per course. Three of these hours are lectures. Students are expected to do an additional 6-7 hours per week of study and work on assignments to achieve the learning goals of this course.
METHOD:
TEXTBOOKS:
OBJECTIVES/OUTCOMES:
Upon completion of the course, students will be able to:
COURSE SCHEDULE:
Bolded objectives mean the focus is specifically on this objective. Unbolded means the objective is relevant and applicable.
Week
1
2
3
4
5
6
7
8
9
10
11
12
Topics
Introduction
Objectives
Ch1 - Zinatullin: Introduction; Readings: Social Engineering
▶ ASSIGNMENTS: Participate in unit discussion
Risk Management
Ch2 - Zinatullin: Risk Management
Ch3 - Zinatullin; The Complexity of Risk Management
▶ ASSIGNMENTS: Participate in unit discussion
Communication
Ch4 - Zinatullin: Stakeholders & Communication
Readings: Lines of Communication; Awareness Training; Education
▶ ASSIGNMENTS: Participate in unit discussion
Governance and Policy
Ch5 - Zinatullin: Information Security Governance
Ch1 - Landoll: Introduction
Ch2 - Landoll: Information Security Policy Basics
Ch3 - Landoll: Information Security Policy Framework
▶ ASSIGNMENTS: Participate in unit discussion
Policy Management
Ch4 - Landoll: Information Security Policy Details
Ch5 - Landoll: Information Security Procedures and Standards
Ch6 - Zinatullin: Problems with Policies
▶ ASSIGNMENTS: Participate in unit discussion
Decision Making
Ch7 - Zinatullin: Decision Making from a Managerial Perspective
Ch8 - Zinatullin: User Decision Making
▶ ASSIGNMENTS: Participate in unit discussion
▶ MIDTERM
Security and Usability
Ch9 - Zinatullin: Security and Usability
▶ ASSIGNMENTS: Participate in unit discussion
Security Culture
Ch10 - Zinatullin: Security Culture
Readings: Ethical Aspects
▶ ASSIGNMENTS: Participate in unit discussion
Compliance
Ch 11 - Zinatullin: Psychology of Compliance
Readings: Legal Compliance
▶ ASSIGNMENTS: Participate in unit discussion
Changing the Culture
Ch12 - Zinatullin: Changing the Approach to Security
▶ ASSIGNMENTS: Participate in unit discussion
Case Studies I
Ch6 - Landoll: Information Security Policy Projects
▶ ASSIGNMENTS: Oral Presentations
Case Studies I
▶ ASSIGNMENTS: Submission of Fieldwork Paper
▶ Final Exam
COURSE POLICIES:
Rules of academic conduct require that you not use the work of others without clearly indicating it as such. You may not resubmit work that has already been used in fulfillment of the requirement of this or any other course. Academic misconduct may result in a lowered grade, no credit for a given assignment, or removal from the course. It is expected students will consult and appropriately cite the research and professional literature where merited. This means citing a variety of credible sources. Limiting yourself to an online source like Wikipedia as the entirety of your research efforts is unacceptable. Grades will also be reduced for papers that include irrelevant content to “fill up space” with large white spaces, or language that is void of value, just to meet the length specifications for a paper.
Written assignments are due on the specified date, late work is not accepted unless an emergency is involved, then the student must contact the instructor as soon as possible. Papers are to be double-spaced using a 12-point kerned font such as Times New Roman with 1 inch margins. Rely on a commonly used style manual for your submissions (e.g. Turabian, Chicago, APA, MLA). These are available in the Library or UWM Bookstore or may be purchased through online book vendors.
ASSIGNMENT DESCRIPTIONS
Discussion & Participation (50 points):
Participation will be based on your regular and substantive weekly contributions for the first 10 units. Students are expected to engage in the online discussion on a weekly basis to interact with class members — to share findings, raise questions and insert new subtopics. Each week absent from the discussion will lower the student’s participation grade by 5 points.
Midterm (50 points & Final (50 points)
Midterm: Units 1 - 6 are due as indicated on the CALENDAR page.
Final: Units 7 - 10 are due after week 14 on the CALENDAR page.
Assignments will be questions and/or reading reactions on the assigned readings.
Oral -- Position Presentation (50 points)
TECHNICAL:
WHAT?
Focus on one of the following:
If you are addressing leadership, do a thorough analysis on paper of your approach, so that you can be systematic and to the point. The most common weakness in a presentation is to take forever to get to the point. Some of the following might help you in this process: clarify the context, like
Fieldwork Paper (100 points):
You are to fieldwork research paper do an analysis of a company on either COMPLIANCE, or POLICY. Research the topic, understand best practices, and do an assessment of the company and evaluate how they got to their current status. Clarify if they are a standard to other companies and why or if improvements are recommended. Make sure that you change names and places and any identifying information to protect the image of the company. Consider HR issues, management styles, awareness, political will, financial priorities, etc. in their company history, their current commitments and future plans. The final paper is to be at minimum 7 pages double-spaced with at least 12 references in the bibliography. You have to go beyond the ability to gather sources and synthesize the findings. Your own reflection is essential. It is your voice in your work that has to become clear.
Plagiarism Policy: If you are found guilty of plagiarism, depending on the case, you risk getting a failing grade for the course.
GRADING SCALE:
UWM AND SOIS ACADEMIC POLICIES
UWM pages/links which contain university policies affecting all UWM students. http://www.uwm.edu/Dept/SecU/SyllabusLinks.pdf
Panther Planner and Undergraduate Student Handbook useful to undergrads http://www4.uwm.edu/dos/student-handbook.cfm
For graduate students, there are additional guidelines from the Graduate School (http://www.graduateschool.uwm.edu/students/current/), including those found in the Graduate Student and Faculty Handbook: http://www.graduateschool.uwm.edu/students/policies/expanded/.
SOIS policies affecting all SOIS students: http://www4.uwm.edu/sois/resources/formpol/policies.cfm