You are on page 1of 16

Security in the Enterprise

MGT5155|Term:Spring22016
StudentAccess:3.7.201612:00AMEST5.1.201611:59PMEDT|Section:1

Syllabus
CollapseAll

PrintOutline

Syllabus Entry

Instructor Email
YourinstructorsFloridaTechemailaddressislistedhere,butpleaseusetheusethecoursemessaging
systemforcourserelatedmessages.

Instructor
BiswajitPanja

E-mail
bpanja@fit.edu

Phone
7343538849

Office Hours
Officehoursnotset

University Grading Scale


Grade

Quality

EquivalentRange

Points

excellent

90100

good

8089

average

7079

poor

6069

failure

059

incompletecoursework

auditnograde

pass,noeffectonGPA

officialwithdrawal

AU

Attendance
Attendanceisrequiredonaweeklybasis.Studentsareexpectedtoviewtheonlinelecturesintheweekthey
areoffered,andtologontothesiteoftenenoughtoremainabreastofthecommunicationontheMessageBoard
aswellasanyClassNewsorinformationfromtheProfessor.Itistheresponsibilityofthestudenttobeaware
ofeverythinghappeningintheclassonline.

Academic Honesty
AcademichonestyishighlyvaluedinFloridaTech'sonlinecourses.Thestudentmustalwayssubmitworkthat
representsoriginalwordsorideas.Ifanywordsorideasareusedthatdonotrepresentthoseoriginalwordsor
ideas,thestudentmustciteallrelevantsourcesandprovideacleardefinitionoftheextenttowhichsuch
sourceswereused.Wordsorideasthatrequirecitationinclude,butarenotlimitedtoallhardcopyorelectronic
publications,whethercopyrightedornot,andallverbalorvisualcommunicationwhenthecontentofsuch
communicationclearlyoriginatesfromanidentifiablesource.IntheFloridaTechonlinecourse,allsubmissions
toanypublicmeetingbulletinboardorprivatemailboxfallwithinthescopeofwordsandideasthatrequire
citationsifusedbysomeoneotherthantheoriginalauthor.Academicdishonestyinanonlinelearning
environmentcouldinvolve:
Havingatutororfriendcompleteaportionofthestudent'sassignments
Havingareviewermakeextensiverevisionstoanassignment
Copyingworksubmittedbyanotherstudenttoanotherpublicclassmeeting
Usinginformationfromonlineinformationserviceswithoutpropercitation
Anyofthesepracticescouldresultinchargesofacademicdishonesty.ForthecompleteFloridaTechpolicyon
academicdishonesty,cheatingandplagiarismseetheFloridaTechStudentHandbook:
http://www.fit.edu/studenthandbook/

Students with Disabilities


Individualswithdisabilitiesneedingspecialaccommodation(s)shouldcontactRachelDensler.Shemaybe
contactedbyphoneat(321)6748285orbyemailatdisabilityservices@fit.edu

Disaster Statement
SchoolClosure:
BothFloridaTechandtheUniversityAllianceobservenationalholidaysandstudentsarenotrequiredto
participateinclassesonsuchdays.InthecaseofanemergencyclosureofFloridaTechortheUniversity
Alliance,ifclassesarestillabletooperate,theywillcontinue.IntherarecasethattheLearningManagement

Systemisunavailableformaintenancereasons,classeswillresumeasquicklyaspossibleandstudentsshould
checktheUniversityAlliancewebsite(www.floridatechonline.com)regularlyforupdates
Naturaldisaster:

IfanaturaldisasterimpactstheMelbourne,FloridaareaallstudentsshouldchecktheFloridaTechwebsite
www.fit.eduorcall(800)8884348forupdates.
IntheeventthatanaturaldisasteroccursnearthestudentsresidencetheyshouldcontactCustomerService
at:18002809718atthesoonestopportunityandinformthemofthesituation.Theywillmaketheappropriate
contacttoinstructors.Finaldecisionsontheappropriatetimelinetocompletecourserequirementsareatthe
discretionoftheinstructor.

Course Withdrawal
Towithdrawpriortothestartofclass,youmustcontactyourUniversityAlliancerepresentative.Onceclass
begins,youmustwithdrawusingtheFloridaTech'sonlinestudentaccountsystem(PAWS).Ifyouareanew
student,PAWSaccessinformationwillbeprovidedpriortoclassstart.Youhavetheprerogativeofdroppinga
courseuntiltheendofthefirstweekofclasseswithoutreceivingagradeof"W".Afterthefirstweek,agradeof
"W"willbeassignedupuntilthefinalpublisheddateforwithdrawing(thelastdayofweeksix).Thatgradewillbe
reflectedonyourtranscript,butnotcalculatedintoyourgradepointaverage.Withdrawalsafterweeksixwill
resultinagradeof"F".Youareresponsibleformaintainingwrittenevidenceofalldrops/withdrawals.Telephone
andemaildrops/withdrawalswillnotbeaccepted.FollowingisatablethatclearlyoutlinesFloridaTech's
withdrawalandrefundpolicies:
WithdrawalPolicy/RefundChart
Week

WithdrawalPermitted

TuitionRefunded

Deadline

Yes

100%

BySundayat11:59PMET

Yes

60%

BySundayat11:59PMET

Yes

40%

BySundayat11:59PMET

Yes

NoRefund

BySundayat11:59PMET

Yes

NoRefund

BySundayat11:59PMET

Yes

NoRefund

BySundayat11:59PMET

No

NoRefundNoWithdrawal

No

NoRefundNoWithdrawal

PAWSisaccessiblethroughtheuniversityportalACCESSFloridaTech.TocontinuetoPAWS
clickhere(opensinnewwindow)

Smarthinking

Smarthinking
SMARTHINKING'sfundamentalobjectivesaretoengageandencouragestudentsinactivelearning,aswellas
toenhancetheirmotivation.Ourtutorsstrivetohelpstudentsdevelopsuccessfullearningskills,ratherthan
simply"givinganswers"or"doinghomework"forthem.Inaprofessionalandsupportiveenvironment,wefocus
onthepowerofhumaninteractionandtheuseoftechnologytoassistastudentcenteredtutoringprocess.
www.smarthinking.com

Course Introduction

CourseDescription
Cybersecuritymustoperatewithinrealworldconstraints.Inthiscourse,studentswillexploreinterconnections
betweensecuritysolutionsandtheenterprise.Topicsincludelegalandregulatoryconsiderations,attackand
trustmodels,risk,andtheeconomicsofsecurity.
CourseObjectives
Aftercompletingthiscourse,youshouldbeableto:
1.Understandtheclassificationandvaluationofinformation
2.Understandtherelevantlegislationandlegalobligationsofsecurityprofessionals
3.Understandriskbasedsecuritydecisionmaking
4.Understandsecurityframeworks
5.Derivetheprocessesusedinsecurityoperations,including:
a.Devicehardening
b.Assetmanagement
c.Vulnerabilityremediation
d.Incidentresponse
e.Computerforensics
6.Attackmodelsandtesting
7.Theimpactofhumanfactorsonsecuritytechnology
Prerequisites
None
CreditHours
3

Course Materials

Course Materials
EnterpriseSecurityArchitecture,ABusinessDrivenApproach.(2005).Sherwood,J.,Clark,A.,&Lynas,D.
CMPBooks.

Grading
Yourgradeinthiscoursewillbeourevaluationofyourperformance.Wewillbasethisevaluationonyour
demonstratedcompetenceonthefollowing:

Assignment

Points

ClassDiscussions(8@20)

160

ShortPapers(4@50)

200

Exam1

200

Exam2

300

CaseStudy

140

Total

1000

GradingScale:(minimumgradecutoffs)
A900ormorepoints
B800899points
C700799points
D600699points
FLessthan600points

Guidelines & Expectations


WeeklySchedule

Week

Module
Number

ModuleTitle

Assignments

DiscussionTopic

Quizor
Exam

Introduction&Overview

Introductions

Information

Information

RiskBasedSecurity

ShortPaper#1

RiskstotheEnterprise

Frameworks

Legislation

ShortPaper#2

CyberLaws

LegalObligations

ReactiveorProactive?

Exam1

ShortPaper#3

IncidentResponse

1
2

3
2
4

5
3
6

SecurityOperations,

AttackModels

ShortPaper#4

InfamousAttacks

10

SecurityTesting

CaseStudy

PenTesting

11

HumanFactors

Part1

Security
Operations,Part2

WeHaveMetthe
Enemy

Exam2

DiscussionBoardRequirements
ForEACHdiscussionquestionyoumustprovideasubstantiveandrelevantresponse(atleast200words)
tothemainquestionANDtoatleasttwo(2)otherstudentscomments(atleast100wordseach)ineither
questionthread
Responsesthatreferenceexternalarticles,webpages,orbooksmustbecitedproperly
YourinitialpostshouldcontainatleastONEexternalresource(beyondthetextbook)
EACHresponsemustnotbebasedonopinion,butratherdemonstratethatyouhavesynthesizedthe
informationyouhavegatheredinordertocometoascholarlyconclusion.Youmustciteevidenceinthe
formofpeerreviewedliteraturetosupportyourconclusion

AllinformationmustbeparaphrasedfromtheoriginalsourceandmustusecitationsinAPAformatto
supporttheparaphrasedinformation
Important!Alackofparticipationinthediscussionboardbyotherstudentsshouldnotserveasahindrance
foryoutoparticipateindiscussion.Intheeventothershavenotengagedindiscussion,youstillneedto
posttherequirednumberofresponses
ShortPapers
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovided(seeweek
duefortopics).Writeasummaryofthepaper,nottoexceedtwopages(singlespaced,12pointfont,1
margins).Summariesshouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovidean
opinionoftheresearch.
CaseStudy
Selectoneoftheareasofsecurityoperations.Provideacritiqueofanexistingprocesswithinanenterpriseand
howitshouldbedoneasopposedtohowitisdonewithinanenterprisesetting.Thisshouldbeintheformatof:
beforeandafterandwhythechangesweremade.Forexample,ifyouwereinchargeofsecurity,howwouldyou
changetheprocessinplaceinyourorganizationandwhy?
Exams
Exam#1willconsistofessayquestionsandcoversWeeks13
Exam#2willconsistofessayquestionsandcoversWeeks48
Examsshouldbetreatedlikeresearchpapers.Answersmustincludeproperlycitedreferences.
ToassistyouinutilizingtheFITLibrary,pleaseviewtheComputerScienceandInformationSystems
"ResearchGuide."

Online Tutoring
Inadditiontoyourprofessorinthisclass,wehavemadearrangementsforyoutoaccessanonlinetutoring
serviceifyouwanttogetextrahelpwithmathandwriting.Whenyouclickonthelinkbelow,youwill
automaticallybeloggedintoawebsiteforthetutoringservice,offeredbySmarthinking.Noaccountsetupis
necessary,andthereisnoadditionalcosttoyouforthisservice.Youwillseeonthatpagethatyouhavethe
optiontoscheduleasessionwithatutor,submitaquestion,orsubmityourwritingforfeedback.
www.smarthinking.com

Week 1

Introduction and Overview


Wediscusstheobjectivesoftheclass,exploreinformationsecurity,identifythepoliciesthatformthesecurity
requirements,defineinformationinenterprise,andexplainclassification.
Aftercompletingthislesson,youshouldbeableto:

Understandtheobjectivesoftheclass
Understandtheworkexpectedfromthestudent
Understandthestudentevaluationprocess
Understandtheconceptoftheenterprise
Defineinformationinthecontextoftheenterprise
Understandinformationclassificationmethodologies
Explainwhyclassificationofinformationisnecessary

Lecture
IntroductionandOverview
Wedefineenterpriseandthemeaningofsecuritywithinthiscontext.

Lecture
Information
Wedefineinformationasitpertainstoenterpriseandexplaininformationclassificationmethodologiesandwhy
theyarenecessary.

Reading
Ch.1TheMeaningofSecurity

Discussion
PleaseseethediscussionboardfortheWeek1threads.
ThetopicswillbeIntroductionsandInformation.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Week 2

Risk-Based Security and Frameworks


Asthreatsevolve,sodotherisks.Thisweek,weexamineriskmanagementandassessment,andwediscuss
frameworks.
Aftercompletingthismodule,studentsshouldbeableto:

Understandtheconceptofrisk
Understandwhyriskmanagementisthekeystoneofasecurityprogram
Understandthecontinuousnatureofriskassessment
Understandthevarioussecurityframeworks
Understandwhichframeworksapplytoagivenenterprise
Understandhowtheframeworksdiffer

Lecture
RiskBasedSecurity
Weexaminethetypesofdatariskandoutlinetheprocessofriskassessment.

Lecture
Frameworks
Weaddresstheprimarysecurityframeworksinusetodayandwhatpurposeeachserves.

Reading
Ch.2TheMeaningofArchitecture
Ch.3SecurityArchitectureModel

Discussion
PleaseseethediscussionboardfortheWeek2thread.
ThetopicwillbeRiskstotheEnterprise.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Short Paper #1
ShortPaper#1
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET

Week 3

Legislation and Legal Obligations


Weliveinaworldwherelawsgovernwhatwedo.Thisweek,youwillexaminewhatthelawmeanstocyber
applications,explorethevariousissuesassociatedwithcreatingcyberlegislation,andreviewsomelegal
terminologyfoundinsecuritycaselaw.
Aftercompletingthismodule,studentsshouldbeableto:
Understandlocal,state,andfederalcyberlaws
Understandtheissuesassociatedwithcyberlegislationcreation
Understandtheissuesassociatedwithcyberenforcement
Understandthetermbesteffort
Understandthetermindustrystandard
Understandcontractualrequirements
Understandlawfulandunlawfulintercept

Lecture
Legislation
Wesurveytheconstantlychanginglegallandscapeanddiscusshowtechnologyallowscrimetooccurona
muchlargerscale.

Lecture
LegalObligations
Weanalyzewhycyberlawisbothcriminalandcivilinnature.

Reading
Ch.4CaseStudy
Ch.5ASystemsApproach

Discussion
PleaseseethediscussionboardfortheWeek3thread.
ThetopicwillbeCyberLaws.
YourinitialpostisdueWednesdayat11:59p.m.ET

Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Short Paper #2
ShortPaper#2
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET

Week 4

Security Operations, Part 1


Whyisdocumentingtheprocessofsecurityimportanttomaintainingthesystem?Howdoyoukeepthe
enterpriserunningsecurely?Weexploreassetmanagement,configurationmanagement,devicehardening,and
whysecurityarchitecturesarecreated.
Aftercompletingthismodule,studentsshouldbeableto:
Explainassetmanagementasitrelatestosecurity
Explainconfigurationmanagement
Understandtheconceptofdevicehardening
Understandhowthesecurityarchitectureisderived

Lecture
SecurityOperations,Part1
Weexplorewhysecurityarchitecturemustbedefined,meettherequirementfamiliesofthesecurityframework
used,andcorrespondtotheauditfunction.

Reading
Ch.6MeasuringReturnonInvestmentinSecurityArchitecture
Ch.8ManagingtheSecurityArchitectureProgramme

Discussion
PleaseseetheDiscussionBoardfortheWeek4thread.
ThetopicwillbeReactiveorProactive?
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Midterm Exam
MidtermExam
10essayquestions
CoversWeeks13
120minutestocompletetheexam
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
DueSundayat11:59p.m.ET

Week 5

Security Operations, Part 2


Thisweek,wewillexamineincidenceresponse,eventmanagement,andcomputerforensics.
Aftercompletingthismodule,studentsshouldbeableto:
Understandtheelementsofincidentresponse
Understandtheconceptofeventmanagement
Understandtheconceptofcontinuousmonitoring
Understandtheconceptofcomputerforensics

Lecture
SecurityOperations,Part2
Weexplainwhysecurityoperationsareacomplexprocessandmustbemonitoredcontinuouslyinorderto
surviveanauditandmaintainasecureenterprise.

Reading

Ch.9ContextualSecurityArchitecture
Ch.10ConceptualSecurityArchitecture

Discussion
PleaseseethediscussionboardfortheWeek5thread.
ThetopicwillbeIncidentResponse.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Short Paper #3
ShortPaper#3
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET

Week 6

Attack Models
Wevediscussedtheimportanceofcontinuousmonitoring,butforwhatarewemonitoring?Howdoweknowif
wereunderattack?Wewillexploredetectionandattackingasystemconsciouslyandhowtoconductwhatif
analysis.
Aftercompletingthismodule,studentsshouldbeableto:
Beabletoexplainredteam/blueteamexercises
Understandflawhypothesistesting
Understandsocialengineering

Lecture
AttackModels

Weidentifysomeofthenumerouswaysenterprisesecuritycanbeevaluatedandredesigned.

Reading
Ch.11LogicalSecurityArchitecture
Ch.12PhysicalSecurityArchitecture

Discussion
PleaseseethediscussionboardfortheWeek6thread.
ThetopicwillbeInfamousAttacks.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Short Paper #4
ShortPaper#4
Selectanacademicpaperfromarespectedjournalorconferenceproceedingsonthetopicprovidedbyyour
instructor.
Writeasummaryofthepaper,nottoexceedtwopages,singlespaced,12pointfont,1margins.Summaries
shouldcapturethecriticalthoughtornewidea,evaluatethereferences,andprovideanopinionoftheresearch.
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET

Week 7

Security Testing
Anenterpriseisonlyassecureasitsweakestpoint.Thisweek,wediscussusingsecuritytestingtoensure
systemsareassecureaspossible.
Aftercompletingthismodule,studentsshouldbeableto:
Understandthevarioustypesofsecuritytesting
Understandwhentoperformsecuritytesting
Understandwhenitisappropriatetohaveoutsidetestresources

Lecture

Lecture
SecurityTesting
Weexplorethevarioustypesofsecuritytesting,determinewhentoperformsecuritytesting,anddiscusswhen
itisappropriatetohaveoutsidetestresources.

Reading
Ch.13ComponentSecurityArchitecture
Ch.14SecurityPolicyManagement

Discussion
PleaseseethediscussionboardfortheWeek7thread.
ThetopicwillbePenTesting.
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Assignment
CaseStudy:
Selectoneoftheareasofsecurityoperations.Provideacritiqueofanexistingprocesswithinanenterprise,and
howitshouldbedoneasopposedtohowitisdonewithinanenterprisesetting.Thisshouldbeintheformatof:
Beforeandafter
Whythechangesweremade
Forexample,ifyouwereinchargeofsecurity,howwouldyouchangetheprocessinplaceinyourorganization
andwhy?
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DueSundayat11:59p.m.ET

Week 8

Human Factors
Whydontpeopleusesecurityfeaturesavailabletothem?Whatexactlyistheconceptoftransparency?How
cansecurityusersbehelpfulandproactive?Wewilldiscovertheanswerstothesequestionsthisweek.
Aftercompletingthismodule,studentsshouldbeableto:

Understandwhysecurityfeaturesarenotused
Understandtheconceptoftransparency
Understandhowtobeahelpfulhelpdesk

Lecture
HumanFactors
Examineshowhumaninteractionswithtechnologyaffectsecuritymeasures.

Reading
Ch.15OperationalRiskManagement
Ch.16AssuranceManagement
Ch.17SecurityAdministrationandOperations

Discussion
PleaseseethediscussionboardfortheWeek8thread.
ThetopicwillbeWeHaveMettheEnemy
YourinitialpostisdueWednesdayat11:59p.m.ET
Yourresponsetopeers'postsisdueSundayat11:59p.m.ET

Exam
FinalExam
10essayquestions
CoversWeeks48
120minutestocompletetheexam
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
DueSundayat11:59p.m.ET

UniversityAllianceOnlineisadivisionofBiskEducation,Inc.2015Bisk
Education.Allrightsreserved.Company,products,servicenamesmaybe
trademarksoftheirrespectiveowners.