You are on page 1of 9

SEC6010 - Planning for Information Security

(3 credits)
Syllabus Effective Date: 1/11/2016
FACULTY MEMBER: Anthony Haddad TERM: (Spring Block I, 2016)
COURSE TITLE: Planning for Information Security
Anthony Haddad
Office Hours
By appointment only
Question or concerns: please discuss in class or email me any question or concern. Expect
email respond in 24 hours or 1 business day during weekday or 48 hours on weekend.

This course requires the student to complete a set of exercises regarding Business
Continuity and Information Security that incorporates research, synthesis, and
evaluation of business research methods.
This course addresses the issues of business continuity planning. It establishes a
foundation for business solutions rather than technological solutions. An increasing
number of regulatory agencies are reviewing internal plans for business continuity and
recover of operations after potentially catastrophic events. Students will be able to
differentiate between business recover and Information Technology recovery and will
understand the importance of each.

This course purpose is to address business continuity, planning and disaster recovery.
The student will examine the nature of risk and its application to business continuity,
threats, and vulnerabilities and assessing risk factors. Further examination into the
legal and regulatory obligations, risk analysis, mitigation and assessment,
vulnerability and threat, emergency preparedness and response, auditing and

The course will consist of assignment on business continuity, analysis and security.
Also, discussion on current and relevant topic, such as evaluating business threats,
vulnerabilities and changes within the environment that causes risk.
A. Teaching Methods:

Resources for this course will consist of lecture, PowerPoint slides, weekly projects,
individual assessments, PowerPoint presentations, group project, Quizzes, Midterm
Exam, and Final Exam. In addition, articles, web-resources, and supplemental
reading will be required for completing this course. Students responsibility in their
learning includes: student-led discussions, participation in group activities,
presentations, peer feedback, self-assessment.
B. Evaluation Procedure and Grading Policy:

Assignments will be graded by rubrics. All assignments are submitted via Blackboard
(BB) under the activity section. All assignment will be graded within 3 business days.
Late assignments will be lowered by 10% or 10 points on a scale of a 100. When an
incomplete is given as a class grade, the highest resulting make-up grade will be a
B (unless there is extenuating justification, such as a serious medical issues or
C. Instructor Polices/Expectations:

Students can expect to devote between 140-145 hours for each 3-credit graduate
course. Time management is critical for success. Manage your time well and prioritize
your workflow is essential to your success.

Grades are determined by the following aspect of each students. Academic

assignments include items such as tests, exams, papers, projects, quizzes, group
activities and presentations that students will complete.
Number of Activities: 7
Learning Outcomes:

1. Evaluate the methodologies, components, cost, security risks, disasters, regulatory

obligation and planning of business continuity and disaster recovery.
2. Examine the theoretical and practical approach to project initiation, risk and threat
assessment on business impact analysis.
3. Appraise practical approach to risk analysis and measurement, vulnerability,
threats, cost and benefit and safeguard to business continuity and disaster recovery.
4. Initiate research on risk mitigation, preparedness and emergency management and
response planning to business continuity and disaster recovery.
5. Evaluate the business disaster and emergency response to business continuity and
disaster recovery planning.

6. Evaluate training, testing and auditing of business continuity and disaster recovery
7. Incorporate all material and findings into a final research study that demonstrate
the ability to integrate and assimilate the theoretical, and practical application of
business continuity and disaster recovery planning.
Week #


Week 1

Book1: Business Continuity & Disaster Recovery Planning

Chapter 1: BCDR Overview
Chapter 2: Legal & Regulatory Obligations
Regarding Data and Information Security.
Appendix D Business Continuity Checklist
Appendix E IT Recovery Checklists
Book2: Risk Analysis & The Security Survey (RASS)
Chapter 16: Business Continuity Planning

Week 2

Book1: Business Continuity & Disaster Recovery Planning

Chapter 3: Project Initiation
Chapter 4: Risk Assessment
Chapter 5: Business Impact Analysis
Book2: Risk Analysis & The Security Survey (RASS)
Chapter 15: Business Impact Analysis
Chapter 17: Plan Documentation

Week 3

Week 4

Book2: Risk Analysis & The Security Survey (RASS)

Chapter 1: The Treatment and Analysis of Risk
Chapter 2: Vulnerability and Threats Identification
Chapter 3: Risk Measurement
Chapter 4: Quantifying and Prioritizing Loss
Chapter 5: Cost / Benefit Analysis
Chapter 6: Risk Analysis Methodologies
Chapter 19: Monitoring Safeguards
Appendix B
Book1: Business Continuity & Disaster Recovery Planning
Chapter 6: Risk Mitigation Strategy Development
Appendix C
Book2: Risk Analysis & The Security Survey (RASS)
Chapter 12: Emergency Management
Chapter 13: Mitigation and Preparedness
Chapter 14: Response Planning


Project Development
Class Activity/

Introduction to Project
Go over Research Activity

Class Activity Read Article, Outline

and submit 2 paragraph on the article.
Critical Thinking Skill is very important
1. Project Development
2. Quiz#1 (BCDR Chapters 1)
3. Class Activity /
Class Activity Read Article, Outline
and submit 2 paragraph on the article.
Critical Thinking Skill is very important


Project Development
Quiz#2 (BCDR Chapters 4- 5)

4. Class Activity /
Class Activity Read Article, Outline
and submit 2 paragraph on the article.
Critical Thinking Skill is very important

Project Development
Midterm (All Chapters cover up
to this Point)
a. BCDR- Chapters 1-5
b. RASS Chapters 1-6,
15.16,17 & 19)

3. Class Activity /
Class Activity Read Article, Outline
and submit 2 paragraph on the article.
Critical Thinking Skill is very important

Week 5-

Book1: Business Continuity & Disaster Recovery Planning

Chapter 7: Business Continuity/Disaster Recovery
Plan Development
Chapter 8: Emergency Response and Recovery
Appendix C, D, & E


Project Development
Quiz#3 (BCDR Chapter 6)
(RASS Chapters 12 13)




Class Activity -

Class Activity Read Article, Outline

and submit 2 paragraph on the article.
Week 6

Book1: Business Continuity & Disaster Recovery Planning

Chapter 9: Training, Testing, and Auditing
Chapter 10: BC/DR Plan Maintenance
Appendix F & G

Critical Thinking Skill is very important

1. Submit Project Development
a. Presentation
2. Quiz#4 (BCDR Chapters 7)
3. Class Activity Class Activity Read Article, Outline
and submit 2 paragraph on the article.

Week 7

Final Exam

Critical Thinking Skill is very important

2. Final Exam
BCDR Chapters 6 10)
RASS Chapters (12 14)

3 Research Papers (24 Total Points)

Section 1 Research 1: BC/DR Risk Management
Research Activity 1: (10 Points)

Section 3 Research 2: Analysis the Risk Analysis Methodologies

Research Activity 2 (10 Points)
PowerPoint Presentation

Section 5 Research 3: Computer Security, Data Breeches and Emergency Planning

Research Activity 3 Research: (10 Points)

1 Project Development (10 Points Total)

4 Quizzes (20 Points Total)
6 Class Activity (12 Points Total)
Midterm Exam (10 Points Total)
Final Exam (10 Points Total)

Final Research (10 Points Total)

Class Participation (4 Points Total)

Grading System
Wilmington University Graduate Grading System
Numerical Quality
Equivalent Points
Excellent. The student has demonstrated a quality of work and
4.00 accomplishment far beyond the normal requirements and shows
originality of thought and mastery of material.
Good. The student's achievement exceeds satisfactory
3.33 accomplishment, showing a clearer indication of initiative,
comprehension of material, and the ability to work with concepts.
Lowest Passing Grade. The student's accomplishment, while
1.67 passing in most courses, is deficient. Minimum requirements have
been met but without distinction.
F Less than 74 0.00 Failure.
Failure Due to Absence. Student did not complete a sufficient
amount of work to earn a passing grade
Satisfactory. The student has met expected standards of
0.00 scholarship. This grade signifies acceptable performance of the
course objectives.
Unsatisfactory. The student has not met the minimum course
Incomplete. May be granted with approval from instructor. If
granted, student must complete course work within time
0.00 determined (maximum 60 days following end of course). Failure
to complete course work in determined time will result in a final
grade of "F," unless an additional extension is granted.
Course in Progress. This grade is specific to Practicums,
Internships, and Senior Seminars.
0.00 Audit. Does not yield credit.
0.00 Withdraw. No academic penalty.
0.00 Never Attended. Student failed to withdraw from class.

References used for research need to be peer reviewed/scholarly journals, which
can be found by searching the Wilmington University Library databases . These journals typically have the
following characteristics:
- Articles are reviewed by a panel of experts before they are accepted for
- Articles are written by a scholar or specialist in the field.
- Articles report on original research or experimentation.
- Articles are often published by professional associations.
- Articles utilize terminology associated with the discipline.
Information literacy is a set of skills that help you to find and appropriately apply
information based on the ACRL (Association of College and Research Libraries)
Information Literacy Standards and is intended to raise awareness on how one
effectively interacts with information. Review the to become familiar with
information literacy at Wilmington University.

Snedaker, Susan. Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd
Edition. Syngress Publishing, 09/2013. VitalBook file.
F., Broder, J., Tucker, Gene. Risk Analysis and the Security Survey, 4th Edition. Elsevier
Butterworth Heinemann, 12/2011. VitalBook file.

University Policies:
You should be familiar with these university policies:

Wilmington University Academic Integrity Policy

Academic Integrity
For more information, see the academic integrity documents on the Web page

Wilmington University Attendance Policy


Regular attendance in class is required by Wilmington University and by me. For

more information, see the attendance policy document on the Web page

Attendance to the lectures and labs is mandatory and 5% percent of your final
grade depends on your class participation and attendance. Furthermore, it is
unlikely that youll be able to complete the assignments and pass the exams
without regular attendance. Since many quizzes will be unannounced, you may
miss a quiz if you miss a class. Also, you are responsible for completing all work
by the assigned due date. Be in class and be on time.
Please inform the instructor in advance, preferably by email, if you will be
absent from a class or lab session.
I will periodically send email messages to the class. I will send this email to your
Wilmington University Web Email account. You are required to read this email
daily (not including holidays and weekends). (If you are not on campus every day
and are unable to read your email from home, please let me know immediately and
well work something out).
The Wilmington University Web Email system will allow you to forward your
email to another account and if you read your mail somewhere else more
frequently, I encourage you to forward your Wilmington University email there.
To read your Wilmington University email, go to
and you can log in to web mail using your Rowan userid or username and
password. After you log in you can also forward your email to your home account
if you prefer.

Classroom Decorum
** It is important that all students promote a healthy, engaging and respecting
learning environment.
Bring all required material (book, flash/USB drives, etc.) to class.
Complete reading and assignments by due dates.
Be on time and stay for the entire class.
Stay in the classroom during lectures and labsany deviation, you will be
mark absent.
Notify me before leaving the classroom or lab (restroom, etc.)
Absolutely, No eating or drinking in the classroom or lab.

Refrain from using all personal electronic (phone, tablets, etc.) in class or

Policy on laptops in class:

You may use your laptop in class if you are doing something directly relevant to
the current class activity: eBooks, taking notes, testing a sample program, etc.
Please do not use your laptop to play games, read email, or check Facebook during
class. Show respect for your teacher, your classmates, and your own learning by
closing all recreational programs during class time. If laptop is use for anything
else, you will no longer be permitted to bring or use your laptop in lecture or

Acceptable Use Policies

Wilmington University has policies about acceptable use of its computers and
networks by faculty, staff, and students. By registering for and taking this course,
you are agreeing explicitly to abide by them.

Students Accommodation Statement

Your academic success is important. If you have a documented disability that may
have an impact upon your work in this class, please contact me. Students must
provide documentation of their disability to the Office of Disability Services in
order to receive official University services and accommodations. The Office of
Disability Services can be reached at (302) 356-6774. The Center is located at the
Office of Disability Services 320 N. DuPont Hwy, New Castle, DE 19720. The
staff is available to answer questions regarding accommodations or assist you in
your pursuit of accommodations. We look forward to working with you to meet
your learning goals.
To be fair to all students, I'm setting a uniform policy for the semester: unless
a student has an accommodation letter, all work will be turned in by the
scheduled end of the class period. As part of that, I'll give all quizzes as the
last activity for the class meeting.

Wilmington University Student Success Network

The Wilmington University Student Success Network powered by Starfish
((302) 3566995)) is designed to make it easier for you to connect with the
resources you need to be successful at Wilmington University. Throughout the
term, you may receive email from the Student Success Network regarding your
academic performance. Please pay attention to these emails and consider taking the

recommended actions. Utilize the scheduling tools to make appointments at your

convenience including tutoring. Additional information about SSN may be found at

Class Withdrawal Policy

Drop/add ends the evening of Monday, September 7, 2015. Until then, you can
easily drop and add courses (assuming there is room) to adjust your course
schedule. A dropped course will not show up on your transcript. Please review the
academic calendar for details.
During the first half of the semester, please review the academic calendar for
details. A student may withdraw from a class by filling out the appropriate form
and obtaining the instructor's signature. A grade of ``W'' is received on your
The Wilmington University policy on withdrawing after that date is that it will be
approved only in extenuating circumstances beyond the control of the student, such
as serious illness. In addition, please review the academic calendar for details., the
department chair must also sign the withdrawal form. A grade of ``FA'' or ``NA,'' as
determined by the instructor, is received on your transcript.
No withdrawal forms will be signed after November 20, 2015 please review the
academic calendar for details., except for extremely unusual exceptional
circumstances, as determined by the instructor. In addition, after November 20,
2015, the department chair and dean must also both sign the withdrawal form. A
grade of ``FA'' or ``NA,'' is received, as determined by the instructor.