test page

UNIVERSITY OF WISCONSIN-MILWAUKEE

School of Information Studies

INFOST (781) – Information Security Management

CATALOG DESCRIPTION:

Investigation of key aspects of information security management. The course addresses policy development, risk analysis and management, security information dissemination, education and awareness training, legal compliance, and ethical and legal conduct. 3 credits.

GENERAL DESCRIPTION:

This course prepares the graduate student to understand theoretical underpinnings and develop skills in a work-related context to dynamically interpret the behavioral side of information security in either private, public or government enterprises. The course is designed to engage in the foundations of behavior to provide information security management. The academic engagement will cover the following topics: (i) policy development, (ii) risk analysis and management, (iii) security information dissemination, education and awareness training, (iv) legal compliance, and (v) ethical and legal conduct. Students will be prepared to reflectively address the human factors of information security management.

PREREQUISITES:

Graduate Student Status; InfoSt 583 completed.

TIME EXPECTATIONS:

This course requires a weekly time commitment. General university guidelines indicate that a 3-credit course requires a minimum 144 hour time commitment over the semester. This time commitment represents a minimum of 9-10 hours of work per week per course. Three of these hours are lectures. Students are expected to do an additional 6-7 hours per week of study and work on assignments to achieve the learning goals of this course.

METHOD:

• Lectures, independent reading and research, case studies, discussion, assignments, student presentations, and guest speakers (depending on availability).
• Students requiring special accommodations should contact the instructor as early as possible for accommodations. For detailed information about these accommodations, please visith (http://www4.uwm.edu/secu/docs/faculty/1895R3_Uniform_abus_Policy.pdf).

TEXTBOOKS:

• The Psychology of Information Security Resolving conflicts between security compliance and human behaviour by Leron Zinatullin
• Information Security Policies, Procedures, and Standards by Douglas Landoll
• Assigned readings, audio streams and videos

OBJECTIVES/OUTCOMES:

Upon completion of the course, students will be able to:

1. HUMAN BEHAVIOR: Understand how to prevent or remedy human behavior as a risk to information security in the enterprise.
2. RISK: Critically analyze, evaluate and articulate the diverse aspects of the information security risk to the organization and how to address the issue. Prepare an oral presentation to persuade management of the need to respond to identified security risks.
3. COMPLIANCE: Investigate and discuss a specific sector (such as health care, defense or education) from a legal compliance perspective. Elaborate on the need for policies and social infrastructure to manage and execute compliance.
4. POLICY: Assess, evaluate and compare policies in place and improve or create policies to serve the information security needs. Debate the benefits versus the detriments of security policies and how it may impact individual behaviors, company culture as well as the broader society
5. LEGAL & ETHICAL: Identify and discuss human actions that compromise or violate legal and/or ethical behavior in both the contexts to threaten information security and to prevent information security risk.
6. AWARENESS & EDUCATION: Develop concept frameworks for the most efficient and effective usages of information sharing and dissemination, education campaigns, awareness training programs across various cultural, economic, and generationally diverse groups to maximize positive forward progression and minimize complications and negative impacts.
7. INFOSEC LIFE CYCLE: Explore and evaluate the information security life cycle to secure information, e.g. planning, acquisitions, training and development.

COURSE SCHEDULE:

Bolded objectives mean the focus is specifically on this objective. Unbolded means the objective is relevant and applicable.

COURSE POLICIES:

Rules of academic conduct require that you not use the work of others without clearly indicating it as such. You may not resubmit work that has already been used in fulfillment of the requirement of this or any other course. Academic misconduct may result in a lowered grade, no credit for a given assignment, or removal from the course. It is expected students will consult and appropriately cite the research and professional literature where merited. This means citing a variety of credible sources. Limiting yourself to an online source like Wikipedia as the entirety of your research efforts is unacceptable. Grades will also be reduced for papers that include irrelevant content to “fill up space” with large white spaces, or language that is void of value, just to meet the length specifications for a paper.

Written assignments are due on the specified date, late work is not accepted unless an emergency is involved, then the student must contact the instructor as soon as possible. Papers are to be double-spaced using a 12-point kerned font such as Times New Roman with 1 inch margins. Rely on a commonly used style manual for your submissions (e.g. Turabian, Chicago, APA, MLA). These are available in the Library or UWM Bookstore or may be purchased through online book vendors.

ASSIGNMENT DESCRIPTIONS

Discussion & Participation (50 points):

Participation will be based on your regular and substantive weekly contributions for the first 10 units. Students are expected to engage in the online discussion on a weekly basis to interact with class members — to share findings, raise questions and insert new subtopics. Each week absent from the discussion will lower the student’s participation grade by 5 points.

Midterm (50 points & Final (50 points)

Midterm: Units 1 - 6 are due as indicated on the CALENDAR page.

Final: Units 7 - 10 are due after week 14 on the CALENDAR page.

Assignments will be questions and/or reading reactions on the assigned readings.

Oral -- Position Presentation (50 points)

TECHNICAL:

• Prepare a final class virtual video presentation of between 8 - 10 minutes.
• You have to use one of the following platforms: YouTube, Vimeo, your web space on SOIS or Techsmith's Screencast.com or get written permission for another platform.
• Use Camtasia Relay or a good smartphone, or a videocam, or similar video presentation technology. Note: You many not just add audio to a Powerpoint.
• Save your video to your chosen site (e.g. Youtube, Vimeo, Screencast, Dropbox, or your web space with SOIS) and Email the instructor the link to the presentation. It has to be shareable with the class. It is your choice to list the presentation as public or keep the link private.
• Do short test runs of recording to avoid issues such as: crackling and popping sounds, a humming sound in the background, or you bumping the mic, a voice that is too soft or too loud.
• Exude professionalism. Informality often sounds incompetent

WHAT?

Focus on one of the following:

• Training - Develop a training video that would serve the enterprise to change behavior.
• Awareness - Present a video to improve awareness of an important security issue. Ensure it empowers the audience to change behavior.
• Leadership - Present an issue to the enterprise leadership to persuade them to do differently. The "do differently" could be to hire a specific security-related position. It could be to address a vulnerability. It could be to provide infrastructure and effectively support the person on team to change behavior. It could be to purchase equipment and/or software and/or tools to avoid risk, or to mitigate risk, or to respond to an event (disaster recovery).

If you are addressing leadership, do a thorough analysis on paper of your approach, so that you can be systematic and to the point. The most common weakness in a presentation is to take forever to get to the point. Some of the following might help you in this process: clarify the context, like

• what is the problem and why
• what are the risks, - the impact (in concrete terms [e.g financial, morale, legal, ethical, employee retention, time loss, branding, etc.) of not addressing this matter
• where the risk is most critical.
• persuade (if needed) how to prevent or maximally mitigate the threat.>Speak to what you will do should the security event happen.

Fieldwork Paper (100 points):

You are to fieldwork research paper do an analysis of a company on either COMPLIANCE, or POLICY. Research the topic, understand best practices, and do an assessment of the company and evaluate how they got to their current status. Clarify if they are a standard to other companies and why or if improvements are recommended. Make sure that you change names and places and any identifying information to protect the image of the company. Consider HR issues, management styles, awareness, political will, financial priorities, etc. in their company history, their current commitments and future plans. The final paper is to be at minimum 7 pages double-spaced with at least 12 references in the bibliography. You have to go beyond the ability to gather sources and synthesize the findings. Your own reflection is essential. It is your voice in your work that has to become clear.

Plagiarism Policy: If you are found guilty of plagiarism, depending on the case, you risk getting a failing grade for the course.

GRADING SCALE:

UWM AND SOIS ACADEMIC POLICIES

UWM pages/links which contain university policies affecting all UWM students. http://www.uwm.edu/Dept/SecU/SyllabusLinks.pdf

Panther Planner and Undergraduate Student Handbook useful to undergrads http://www4.uwm.edu/dos/student-handbook.cfm

For graduate students, there are additional guidelines from the Graduate School (http://www.graduateschool.uwm.edu/students/current/), including those found in the Graduate Student and Faculty Handbook: http://www.graduateschool.uwm.edu/students/policies/expanded/.

SOIS policies affecting all SOIS students: http://www4.uwm.edu/sois/resources/formpol/policies.cfm