MET CS 684 Security Policies and Procedures
PLEASE NOTE: THIS IS THE SYLLABUS TO A
PREVIOUS FACE-TO-FACE OFFERING OF THIS COURSE
IT IS NOT UP-TO-DATE
IN PARTICULAR, THE TEXTBOOKS ARE NOT
NECESSARILY THE ONES CURRENTLY IN USE
THIS OLD SYLLABUS IS LEFT ONLINE TO
PROVIDE A SENSE OF HOW THE COURSE WAS DESIGNED IN THE PAST
SOME ASPECTS REMAIN INTACT
FOR INFORMATION, CALL THE DEPARTMENT FOR
INFORMATION
(617)353-2566
|
Background of the
Instructor
changed if this is red |
Learning Objectives
changed if this is red |
|
Contacting
Eric Braude changed if this is red |
Plagiarism
Warning changed if this is red |
|
Evaluation of Students changed
if this is red |
Policies - Miscellaneous changed
if this is red |
|
Forums: Past and Present
changed if this is red |
Textbooks and Materials
changed if this is red |
|
Home Page
of Eric Braude changed if this is red |
Topics, Class Dates &
Readings changed if this is red |
|
Homework
and Due Dates changed if this is red |
|
This course enables
IT professional leaders to identify emerging security risks and implement
security policies to support organizational goals. Discussion
of methodologies for identifying, quantifying, mitigating and controlling
risks. Students implement IT risk management plans that identify
alternate sites for processing mission-critical applications, and techniques to
recover infrastructure, systems, networks, data and user access. The course
also discusses topics such as disaster recovery, handling information security;
protection of property, personnel and facilities; protection of sensitive and
classified information, privacy issues, and criminal terrorist and hostile
activities.
· Review CIA characteristics – confidentiality, integrity and availability
Information Security Policies and
Procedures: A Practitioner’s Reference by Thomas R. Peltier, Second edition,
Auerbach, ISBN 0-8493-1958-7
Guide to Disaster Recovery Erbschloe, M. (2003) Thomson Course
Technology ISBN 9 780619 131227
Security Policies and Procedures: Principles
and Practices Sari Greene
(2005) Prentice Hall ISBN 0-13-186691-5
Absorbing and
creating security system policies will be expected of all students. To attain excellence, students will be
expected to create original analyses and comparisons. The course grade will be computed from the
following
Weekly
assignments: 35%
Weekly
quizzes: 15%
Class
participation: 20%
Final: 30%
Class
Participation
Students are
required to participate in class or online discussions because this is an
effective and, for many, an enjoyable way to learn. Participation is evaluated as follows.
Make a note of the
substantive comments that you make in class or sent to the class via the class
site. I often ask question of the class
to encourage participation. You are
encouraged to participate in class at all times in any case. At any time prior to one week before the final,
submit these. Each should consist of the
date, the context of the discussion at the time, and a short paragraph of what
you said, a half page at the most. Here
are some context examples.
·
We
were discussing how to obtain buy-in from developers for security policies:
·
Responding
to a comment raised by another student concerning the use of UML inheritance:
·
Responding
to a question put to the class by the professor:
·
Responding
to a question by a student:
You are reminded that
plagiarism is taken very seriously by the
a. Proportion of substantive contributions. This
is the percentage of documented contributions that have significant
content. 75% would be a good
fraction. 95% is definitely excellent
b. Number of substantive contributions. This
counts the number of substantive contributions. In a class of 15, two per class would be
good. Larger classes result necessarily
in proportionately lower contribution per person.
g. Evenness of contributions. This measures the
uniformity of your contributions throughout the semester. A contribution every week would be good in this
respect.
Late homework will not be accepted unless there is a
reason why it was impossible to perform the work in time given work and
emergency conditions. In that case, e-mail the written reason should be
attached to the homework, which will be graded on a pass/fail basis if the
reason is accepted by me.
Click
here for generic information on how grades are allocated and
averaged in all of my classes.
Please cite all
references and uses of the work of other.
All instances of plagiarism must be reported to the College for
action. e-mail,
see or call me if you have any doubts about the proper use of others’ material.
In any case, clearly acknowledge all sources in the context they are used,
including code, of course. See plagiarism
policies for examples and a fuller explanation.
1. Introduction and
Threats to
1A: Introduction
and Threats
1B: An Overview
of Security Responses
Greene Most Helpful: 65 – 72;
Additional: 72 – 81
2. I.T. Enterprise
Security Issues
2A: Common
2B: Specialized
Security Issues
Greene Most Helpful: 387 –
396, 425 – 443
Additional: 397-423 page through: 117-137;
425-455; 463-481
See references to risks via index as
needed
3. Security Policies,
Standards and Procedures
3A: Security
Policies
3B: Security
Standards and Procedures
Greene Most Helpful: 1-25, 35 – 51, 91-106, 185
- 203
4. I.T. Operational
Security Management
4A: Common
Operational Security Management
4B: Specialized
Issues in Operational Security Management
Greene Most Helpful: 311 – 325; Additional: 325-337
5.
5A: An
introduction to business continuity and disaster recovery
5B: Preparing for
I.T. continuity
Greene Most Helpful: 351
- 365
6. Implementation of
Disaster Recovery and Continuing Operations
6A: Recovering
from disasters
6B: Ongoing
Quality
Review for Final
Greene Most Helpful: 365 - 375