CMSC 390IA - Information Security¶
Course Details¶
Course title: CMSC 390IA Information Assurance
Catalog course description:
Information assurance is the practice of managing information-related risks. More specifically, students in this class will learn to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation of data.
Course level student learning objectives (SLOs):
- Understand the need, terminology, and drivers behind information security
- Access control
- Security operations and administration
- Auditing, testing and monitoring
- Planning a response and recovery
- Cryptography
- Networking
- Malicious code
- Government policy
- Hands-on labs with popular security tools
Textbook: Fundamentals of Information Security - 3rd Edition
Instructor¶
- Instructor Name: Paul Vincent Craven
- Office hours are by appointment.
- In person. My office is in the Carver Science building, second floor. Room 333:
- Over Zoom
- In McNeill 110 (Make sure lab is open)
- Instructor Contact Information:
- E-mail: paul.craven@simpson.edu <- Best way to contact me.
- When sending e-mail questions, please include your code (attach it or link to GitHub), and the error you are getting. If you don’t want to do this, please make an appointment instead.
- Office: Carver 333 (Second floor, Carver Science Building) Feel free to drop in.
- Phone: 515-961-1834 <- I rarely answer this.
- E-mail: paul.craven@simpson.edu <- Best way to contact me.
Schedule¶
Class meets Monday/Wednesday/Friday from 2:10 pm until 3:10 pm.
Our final time is Thurs., April 28, 3:15pm - 5:15pm.
Academic Calendar¶
Spring Semester 2022 | Date |
---|---|
Classes Begin | Jan-10 |
Last Day to Add/Drop | Jan-14 |
MLK - No Class | Jan 17 |
Mid-Term Date | Feb-25 |
Mid-Term Grades Due | Mar-02 |
Spring Break | Mar-12-20 |
Last Day to Withdraw | Mar-24 |
Campus Day - No class | Apr-06 |
Easter Recess | Apr-18 |
Honors Convocation Ceremony | Apr-20 |
Research Symposium (No Class) | Apr-21 |
Last Day of Class | Apr-22 |
College Reading Day | Apr-25 |
Spring Final Exam Week | Apr 26-29 |
Commencement | Apr-30 |
All Spring Grades Due | May-03 |
Each lesson takes about one week. As we have fourteen weeks, I think we’ll not get to everything.
Lesson 1: Information Systems Security
Required Readings | Chapter 1: Information Systems Security |
Discussion | Examining IT Security Policies |
Lab | Exploring the Seven Domains of a Typical IT Infrastructure |
Lesson 2: Emerging Technologies Are Changing How We Live
Required Readings | Chapter 2: Emerging Technologies Are Changing How We Live |
Discussion | Examining the Security of Internet of Things (IoT) Devices |
Lesson 3: Risks, Threats, And Vulnerabilities
Required Readings | Chapter 3: Risks, Threats, And Vulnerabilities |
Discussion | Examining Threats and Vulnerabilities to an IT Infrastructure |
Lab | Performing a Vulnerability Assessment |
Lesson 4: Business Drivers of Information Security
Required Readings | Chapter 4: Business Drivers of Information Security |
Discussion | Confidentiality and Compliance Laws |
Lesson 5: Networks and Telecommunications
Required Readings | Chapter 5: Networks and Telecommunications |
Discussion | Understanding the Open Systems Interconnection (OSI) Model |
Lab | Performing Packet Capture and Traffic Analysis |
Lesson 6: Access Controls
Required Readings | Chapter 6: Access Controls |
Discussion | Applying Security Controls |
Lab | Applying User Authentication and Access Controls |
Lesson 7: Cryptography
Required Readings | Chapter 7: Cryptography |
Discussion | Selecting an Appropriate Encryption Solution |
Lab | Using Encryption to Enhance Confidentiality and Integrity |
Lesson 8: Malicious Software and Attack Vectors
Required Readings | Chapter 8: Malicious Software and Attack Vectors |
Discussion | Supply Chain Attacks |
Lab | Assessing Common Attack Vectors |
Lesson 9: Security Operations and Administration
Required Readings | Chapter 9: Security Operations and Administration |
Discussion | Change Management and Configuration Management |
Lab | Implementing an IT Security Policy |
Lesson 10: Auditing, Testing, and Monitoring
Required Readings | Chapter 10: Auditing, Testing, and Monitoring |
Discussion | Security Monitoring |
Lab | Implementing Security Monitoring and Logging |
Lesson 11: Contingency Planning
Required Readings | Chapter 11: Contingency Planning |
Discussion | Responding to an Incident |
Lab | Configurings Backup and Recovery Functions |
Lesson 12: Digital Forensics
Required Readings | Chapter 12: Digital Forensics |
Discussion | Potential for Evidence Storage on Internet of Things (IoT) Devices |
Lab | Performing Incident Response and Forensic Analysis |
Lesson 13: Information Security Standards
Required Readings | Chapter 13: Information Security Standards |
Discussion | Examining Real-World Implementations of Security Standards |
Lesson 14: Information Security Certifications
Required Readings | Chapter 14: Information Security Certifications |
Discussion | Choosing an Appropriate Certification |
Lesson 15: Compliance Laws
Required Readings | Chapter 15: Compliance Laws |
Discussion | Effectiveness of Compliance Laws |
Student Assessment¶
Assignment Submission¶
Assignments must be submitted on-line via Simpson’s Scholar website.
Assignments are not accepted via e-mail.
Grading¶
Grades will be calculated on a percent scale. The percentage is calculated by total points earned, divided by total points possible. If there is an attendance penalty, then that is subtracted next.
Danger
Simpson’s Scholar/Moodle site shows can show the wrong grade, for the two reasons below.
- Scholar will not show any attendance penalty. You can look up your attendance on Scholar.
- If there is a missing grade that hasn’t been set at zero, then Scholar will not show that in the average. For example, if there are 10 assignments, each worth 100 points, but one is missing, Scholar will show your average as 100 instead of 90. I do try to go back and enter zero on missing assignments so Scholar shows the correct grade, but sometimes that isn’t practical.
If you want to calculate your grade, total up your points, divide by the total possible. Then take into account any attendance policy penalty. See the attendance policy.
Appealing an assignment grade: Please do this within a week or two of the grade being posted. Please regularly check for missing assignment grades. After final grades are posted, I’ll only re-examine assignments turned in during finals. I’m not going back to look at early assignments. Turning in tech assignments can be more complex than turning in a paper, so it is critical to notice right away if you are missing a piece.
Appealing your final grade: If you believe your final grade is in error, please go through the effort of calculating the grade yourself. Total up points earned and the total points possible. Calculate the percentage. Check your attendance. Include that information when contacting the instructor.
Grading Scale¶
Grades are not rounded. For example, 92.99% is considered an A-, and 93.00% is an A.
Percent | Grade |
---|---|
100-93% | A |
92-90% | A- |
89-87% | B+ |
86-83% | B |
82-80% | B- |
79-77% | C+ |
76-73% | C |
72-70% | C- |
69-67% | D+ |
66-63% | D |
62-60% | D- |
59-0% | F |
Late-Work/Make-up Work Policy¶
- All work must be turned in on-time.
- Late work is usually not accepted, unless approved ahead of time by the instructor. (If it is just a few minutes or hours late, you might be ok. Depends on when I check.)
- All work must be turned in by the end of the time scheduled for the class final. No extensions beyond this date/time are given unless you have a form filled out and signed for an “incomplete.”
- Extra-credit / make up work is not offered.
- If you need to use the lab for doing work, make sure to understand when the lab is open. The McNeill lab is usually closed on Sunday nights, and if an assignments is due Monday morning that can be bad. Not knowing when the lab is open is not accepted as an excuse.
Attendance/Participation Policy¶
A student may miss three classes unexcused without penalty. After three unexcused absences, a student’s final grade will be lowered 3% for each class missed, not including the original three. So missing five classes will be a 6% penalty on the final grade.
Excused absences are those approved by the Academic Dean, or by prior permission of the instructor. Absences for sporting event functions are normally run through Dean’s office. E-mail me that you will be gone so that I can check you off as excused.
Danger
To be counted as attending class, the student must be present when the instructor takes attendance. Showing up to class 10 minutes late does not count towards attendance. Therefore continually showing up to class late can really hurt a student’s grade. If a student leaving class early with prior permission will be counted as absent.
COVID-19: Absences due to Covid-19 are excused, but you need to let me know, along with health services.
Assignments¶
We will be following the textbook for assignments.
- For each chapter there will be an on-line quiz worth 50 points. There are 15 chapters, but I think we’ll probably only get to 13 or 14 of them.
- For each lab, there will be a lab report worth 100 points. There are 10 labs.
- We may include ad-hoc projects along the way. These will be either 50 or 100 points, depending on the effort.
- The final will be a book report, worth 200 points.
Course Assessment¶
CMSC Major SLO #2: Design computer systems, implement algorithms as part of those systems, and create well-written and documented programs.
Contact Hours and Learning Time¶
CMSC 390IA meets two times per week. Class covers 14 weeks, with one week of break, and one day off for Honor Symposium giving us a total of 25 classes. At 90 minutes per class, that’s 37.5 hours of meeting time.
There are a total of 11 chapters to be read, and quizzes to cover them. Each chapter should take approximately two hours to read, and two hours to do the quiz. This totals 44 hours.
There are 10 labs, 10 lab reports, and 10 lab quizzes. Each lab, report, and quiz should take about 6 hours of work. This should total about 60 hours.
Total time spent on the class should be about 140 hours, or about 10 hours per week.
Policies and Procedures¶
Course Continuity Plan¶
Should the normal instructional activity on the campus be shortened or interrupted by a campus-wide closing, students will receive information from the instructor or other representative of the college about when and if the course might be continued or completed via Internet, telephone, or United States mail.
Academic Integrity¶
Simpson’s Statement: In all endeavors, Simpson College expects its students to adhere to the strictest standards of honesty and integrity. In keeping with the College’s mission to develop the student’s critical intellectual skills, while fostering personal integrity and moral responsibility, each student is expected to abide by the Simpson College rules for academic integrity. Academic dishonesty includes (but is not limited to) any form of cheating, plagiarism, unauthorized collaboration, misreporting any absence as college-sponsored or college-sanctioned, submitting a paper written in whole or in part by someone else, or submitting a paper that was previously submitted in whole or in substantial part for another class without prior permission. If the student has any questions about whether any action would constitute academic dishonesty, it is imperative that he or she consult the instructor before taking the action. All cases of substantiated academic dishonesty must be reported to the student’s academic advisor and the Dean for Academic Affairs. For further guidance on these rules and their sanctions, please see the college catalog.
My addition: Students are strongly encouraged to work with one another on homework; however, blatant copying of assignments will be considered cheating.
If I get two assignments that are the same thing, both people will get zeros. Guard your homework carefully, so it is not used as a source for cheating. Don’t e-mail it to a friend so they can ‘use it to learn’ or ‘as a template’. Don’t allow someone to simply read off what you have on your computer screen. By allowing someone to cheat, that will allow the person to get behind in what they understand, and they will never catch up.
A student caught cheating will either get a zero for the assignment, have his/her over-all letter grade reduced, or be flunked from the course. Cheating students may be required to do extra work.
The instructor keeps a database of prior assignments and assignments commonly found on the Internet. The instructor will periodically run scans to look for duplicate assignments. We catch students cheating every. single. year. Don’t do it.
Regardless, cheating is like paying for a gym membership, and then sending someone else to work out for you. It doesn’t make sense. You aren’t going to get stronger that way.
Accommodations for Students with Accessibility Needs¶
I want everyone in this class to be successful. If you have a physical, sensory, learning, or psychological disability that can interfere with your learning, I want you to receive the accommodations to which you are entitled by law. In order for me to do provide accommodations to a student, the student’s disability must be documented with the Student Accessibility Office. I cannot assist a student with accommodations that I don’t know are needed, so if you need something, please make sure that you either contact me or that you ask Simpson’s Student Accessibility Coordinator, to do so on your behalf. If you have any further questions on the policies and services for students with disabilities, please refer to the academic catalog or go to http://simpson.edu/academics/student-accessibility/
Inclusive Explanation Statement¶
In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs, and values expressed by students and staff involved in this course. We support Simpson’s commitment to diversity, and welcome individuals of all ages, backgrounds, citizenships, disabilities, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences.
Sexual and Relationship Misconduct¶
Simpson College strives to create an environment free from sexual or relationship misconduct of any kind; and in which those who have experienced sexual misconduct get the help and support they need. Simpson’s Sexual and Relationship Misconduct Policy outlines expectations the college has students and employees, including faculty. In order to do all that we can to maintain a safe campus community, and in compliance with Federal law, all employees of the college are expected to report knowledge of alleged sexual misconduct to the Title IX Coordinator. Therefore, if you reveal to me, in conversation, writing, class discussion, or in any other manner, that you have experienced sexual misconduct it is my obligation to share that information with the Title IX Coordinator on our campus. Please know that if this is a step that needs to be taken, I will do my best to involve you in that process so that you know what to expect as a result of the communication with the Title IX Coordinator. To learn more about the expectations the college has of you with respect to sexual misconduct, you can find the full policy here:
http://simpson.edu/sexual-and-relationship-misconduct-policy/
Special Covid Additions¶
Thanks to COVID here are some additional elements:
Wearing Facial Coverings in Classrooms is Required¶
To help mitigate the transmission of COVID-19, it is required that all students, faculty, and staff wear masks in classrooms, laboratories, and other similar spaces where in-person instruction occurs. This requirement is for all individuals regardless of COVID-19 vaccination status. The masks must cover both nose and mouth and be worn for the duration of class. Consumption of food or drink will not be allowed inside classroom spaces. Mask requirements (both within the classroom and inside campus buildings) will be linked to Simpson College COVID-19 Color Phases and will be evaluated frequently. Please note that Color Phases are heavily influenced by the vaccination rate on campus. You can find more information at COVID-19 Plan. Non-compliance regarding masks may result in students being asked to leave the class, disciplinary action from the academic dean, or failure of the class as outlined in the Student Handbook Standards of Classroom Behavior.
COVID-19 Health-Relates Class Absences¶
Please evaluate your own health status daily and refrain from attending class if you are ill. Students who miss class due to illness will be given opportunities to access course materials and will not be penalized for not attending class in person. Please work with instructors to either reschedule or electronically/remotely complete exams, labs, and other academic activities as you are able. You are encouraged to seek appropriate medical attention for treatment of illness. In the event of contagious illness, please do not come to class or to campus to turn in work. Notify me by email about your absence as soon as practical so that accommodations can be made. Please note that documentation (a doctor’s note) for medical excuses is NOT required.
Additional Contingency Plans¶
Should the normal instructional activity on the campus be shortened or interrupted by a campus-wide closing, students will receive information from the instructor or other representative of the college about when and if the course might be continued or completed remotely.
Recording Policy¶
Recording: Class meetings may be recorded by the instructor for student use. To respect the class community, there shall be no other audio or video recording of class activities and no sharing or disseminating recordings or images (including screen shots) of class activities without the permission of the instructor and other members of the class.