CMSC 390IA - Information Security

Course Details

  • Course title: CMSC 390IA Information Assurance

  • Catalog course description:

    Information assurance is the practice of managing information-related risks. More specifically, students in this class will learn to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation of data.

  • Course level student learning objectives (SLOs):

    • Understand the need, terminology, and drivers behind information security
    • Access control
    • Security operations and administration
    • Auditing, testing and monitoring
    • Planning a response and recovery
    • Cryptography
    • Networking
    • Malicious code
    • Government policy
    • Hands-on labs with popular security tools

  • Textbook: Fundamentals of Information Security - 3rd Edition

Instructor

Schedule

Class meets Monday/Wednesday/Friday from 2:10 pm until 3:10 pm.

Our final time is Thurs., April 28, 3:15pm - 5:15pm.

Academic Calendar

Spring Semester 2022 Date
Classes Begin Jan-10
Last Day to Add/Drop Jan-14
MLK - No Class Jan 17
Mid-Term Date Feb-25
Mid-Term Grades Due Mar-02
Spring Break Mar-12-20
Last Day to Withdraw Mar-24
Campus Day - No class Apr-06
Easter Recess Apr-18
Honors Convocation Ceremony Apr-20
Research Symposium (No Class) Apr-21
Last Day of Class Apr-22
College Reading Day Apr-25
Spring Final Exam Week Apr 26-29
Commencement Apr-30
All Spring Grades Due May-03

Each lesson takes about one week. As we have fourteen weeks, I think we’ll not get to everything.

Lesson 1: Information Systems Security

Required Readings Chapter 1: Information Systems Security
Discussion Examining IT Security Policies
Lab Exploring the Seven Domains of a Typical IT Infrastructure

Lesson 2: Emerging Technologies Are Changing How We Live

Required Readings Chapter 2: Emerging Technologies Are Changing How We Live
Discussion Examining the Security of Internet of Things (IoT) Devices

Lesson 3: Risks, Threats, And Vulnerabilities

Required Readings Chapter 3: Risks, Threats, And Vulnerabilities
Discussion Examining Threats and Vulnerabilities to an IT Infrastructure
Lab Performing a Vulnerability Assessment

Lesson 4: Business Drivers of Information Security

Required Readings Chapter 4: Business Drivers of Information Security
Discussion Confidentiality and Compliance Laws

Lesson 5: Networks and Telecommunications

Required Readings Chapter 5: Networks and Telecommunications
Discussion Understanding the Open Systems Interconnection (OSI) Model
Lab Performing Packet Capture and Traffic Analysis

Lesson 6: Access Controls

Required Readings Chapter 6: Access Controls
Discussion Applying Security Controls
Lab Applying User Authentication and Access Controls

Lesson 7: Cryptography

Required Readings Chapter 7: Cryptography
Discussion Selecting an Appropriate Encryption Solution
Lab Using Encryption to Enhance Confidentiality and Integrity

Lesson 8: Malicious Software and Attack Vectors

Required Readings Chapter 8: Malicious Software and Attack Vectors
Discussion Supply Chain Attacks
Lab Assessing Common Attack Vectors

Lesson 9: Security Operations and Administration

Required Readings Chapter 9: Security Operations and Administration
Discussion Change Management and Configuration Management
Lab Implementing an IT Security Policy

Lesson 10: Auditing, Testing, and Monitoring

Required Readings Chapter 10: Auditing, Testing, and Monitoring
Discussion Security Monitoring
Lab Implementing Security Monitoring and Logging

Lesson 11: Contingency Planning

Required Readings Chapter 11: Contingency Planning
Discussion Responding to an Incident
Lab Configurings Backup and Recovery Functions

Lesson 12: Digital Forensics

Required Readings Chapter 12: Digital Forensics
Discussion Potential for Evidence Storage on Internet of Things (IoT) Devices
Lab Performing Incident Response and Forensic Analysis

Lesson 13: Information Security Standards

Required Readings Chapter 13: Information Security Standards
Discussion Examining Real-World Implementations of Security Standards

Lesson 14: Information Security Certifications

Required Readings Chapter 14: Information Security Certifications
Discussion Choosing an Appropriate Certification

Lesson 15: Compliance Laws

Required Readings Chapter 15: Compliance Laws
Discussion Effectiveness of Compliance Laws

Student Assessment

Assignment Submission

Assignments must be submitted on-line via Simpson’s Scholar website.

Assignments are not accepted via e-mail.

Grading

Grades will be calculated on a percent scale. The percentage is calculated by total points earned, divided by total points possible. If there is an attendance penalty, then that is subtracted next.

Danger

Simpson’s Scholar/Moodle site shows can show the wrong grade, for the two reasons below.

  • Scholar will not show any attendance penalty. You can look up your attendance on Scholar.
  • If there is a missing grade that hasn’t been set at zero, then Scholar will not show that in the average. For example, if there are 10 assignments, each worth 100 points, but one is missing, Scholar will show your average as 100 instead of 90. I do try to go back and enter zero on missing assignments so Scholar shows the correct grade, but sometimes that isn’t practical.

If you want to calculate your grade, total up your points, divide by the total possible. Then take into account any attendance policy penalty. See the attendance policy.

Appealing an assignment grade: Please do this within a week or two of the grade being posted. Please regularly check for missing assignment grades. After final grades are posted, I’ll only re-examine assignments turned in during finals. I’m not going back to look at early assignments. Turning in tech assignments can be more complex than turning in a paper, so it is critical to notice right away if you are missing a piece.

Appealing your final grade: If you believe your final grade is in error, please go through the effort of calculating the grade yourself. Total up points earned and the total points possible. Calculate the percentage. Check your attendance. Include that information when contacting the instructor.

Grading Scale

Grades are not rounded. For example, 92.99% is considered an A-, and 93.00% is an A.

Percent Grade
100-93% A
92-90% A-
89-87% B+
86-83% B
82-80% B-
79-77% C+
76-73% C
72-70% C-
69-67% D+
66-63% D
62-60% D-
59-0% F

Late-Work/Make-up Work Policy

  • All work must be turned in on-time.
  • Late work is usually not accepted, unless approved ahead of time by the instructor. (If it is just a few minutes or hours late, you might be ok. Depends on when I check.)
  • All work must be turned in by the end of the time scheduled for the class final. No extensions beyond this date/time are given unless you have a form filled out and signed for an “incomplete.”
  • Extra-credit / make up work is not offered.
  • If you need to use the lab for doing work, make sure to understand when the lab is open. The McNeill lab is usually closed on Sunday nights, and if an assignments is due Monday morning that can be bad. Not knowing when the lab is open is not accepted as an excuse.

Attendance/Participation Policy

A student may miss three classes unexcused without penalty. After three unexcused absences, a student’s final grade will be lowered 3% for each class missed, not including the original three. So missing five classes will be a 6% penalty on the final grade.

Excused absences are those approved by the Academic Dean, or by prior permission of the instructor. Absences for sporting event functions are normally run through Dean’s office. E-mail me that you will be gone so that I can check you off as excused.

Danger

To be counted as attending class, the student must be present when the instructor takes attendance. Showing up to class 10 minutes late does not count towards attendance. Therefore continually showing up to class late can really hurt a student’s grade. If a student leaving class early with prior permission will be counted as absent.

COVID-19: Absences due to Covid-19 are excused, but you need to let me know, along with health services.

Assignments

We will be following the textbook for assignments.

  • For each chapter there will be an on-line quiz worth 50 points. There are 15 chapters, but I think we’ll probably only get to 13 or 14 of them.
  • For each lab, there will be a lab report worth 100 points. There are 10 labs.
  • We may include ad-hoc projects along the way. These will be either 50 or 100 points, depending on the effort.
  • The final will be a book report, worth 200 points.

Course Assessment

CMSC Major SLO #2: Design computer systems, implement algorithms as part of those systems, and create well-written and documented programs.

Contact Hours and Learning Time

CMSC 390IA meets two times per week. Class covers 14 weeks, with one week of break, and one day off for Honor Symposium giving us a total of 25 classes. At 90 minutes per class, that’s 37.5 hours of meeting time.

There are a total of 11 chapters to be read, and quizzes to cover them. Each chapter should take approximately two hours to read, and two hours to do the quiz. This totals 44 hours.

There are 10 labs, 10 lab reports, and 10 lab quizzes. Each lab, report, and quiz should take about 6 hours of work. This should total about 60 hours.

Total time spent on the class should be about 140 hours, or about 10 hours per week.

Policies and Procedures

Course Continuity Plan

Should the normal instructional activity on the campus be shortened or interrupted by a campus-wide closing, students will receive information from the instructor or other representative of the college about when and if the course might be continued or completed via Internet, telephone, or United States mail.

Academic Integrity

Simpson’s Statement: In all endeavors, Simpson College expects its students to adhere to the strictest standards of honesty and integrity. In keeping with the College’s mission to develop the student’s critical intellectual skills, while fostering personal integrity and moral responsibility, each student is expected to abide by the Simpson College rules for academic integrity. Academic dishonesty includes (but is not limited to) any form of cheating, plagiarism, unauthorized collaboration, misreporting any absence as college-sponsored or college-sanctioned, submitting a paper written in whole or in part by someone else, or submitting a paper that was previously submitted in whole or in substantial part for another class without prior permission. If the student has any questions about whether any action would constitute academic dishonesty, it is imperative that he or she consult the instructor before taking the action. All cases of substantiated academic dishonesty must be reported to the student’s academic advisor and the Dean for Academic Affairs. For further guidance on these rules and their sanctions, please see the college catalog.

My addition: Students are strongly encouraged to work with one another on homework; however, blatant copying of assignments will be considered cheating.

If I get two assignments that are the same thing, both people will get zeros. Guard your homework carefully, so it is not used as a source for cheating. Don’t e-mail it to a friend so they can ‘use it to learn’ or ‘as a template’. Don’t allow someone to simply read off what you have on your computer screen. By allowing someone to cheat, that will allow the person to get behind in what they understand, and they will never catch up.

A student caught cheating will either get a zero for the assignment, have his/her over-all letter grade reduced, or be flunked from the course. Cheating students may be required to do extra work.

The instructor keeps a database of prior assignments and assignments commonly found on the Internet. The instructor will periodically run scans to look for duplicate assignments. We catch students cheating every. single. year. Don’t do it.

Regardless, cheating is like paying for a gym membership, and then sending someone else to work out for you. It doesn’t make sense. You aren’t going to get stronger that way.

Accommodations for Students with Accessibility Needs

I want everyone in this class to be successful. If you have a physical, sensory, learning, or psychological disability that can interfere with your learning, I want you to receive the accommodations to which you are entitled by law. In order for me to do provide accommodations to a student, the student’s disability must be documented with the Student Accessibility Office. I cannot assist a student with accommodations that I don’t know are needed, so if you need something, please make sure that you either contact me or that you ask Simpson’s Student Accessibility Coordinator, to do so on your behalf. If you have any further questions on the policies and services for students with disabilities, please refer to the academic catalog or go to http://simpson.edu/academics/student-accessibility/

Inclusive Explanation Statement

In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs, and values expressed by students and staff involved in this course. We support Simpson’s commitment to diversity, and welcome individuals of all ages, backgrounds, citizenships, disabilities, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences.

Sexual and Relationship Misconduct

Simpson College strives to create an environment free from sexual or relationship misconduct of any kind; and in which those who have experienced sexual misconduct get the help and support they need. Simpson’s Sexual and Relationship Misconduct Policy outlines expectations the college has students and employees, including faculty. In order to do all that we can to maintain a safe campus community, and in compliance with Federal law, all employees of the college are expected to report knowledge of alleged sexual misconduct to the Title IX Coordinator. Therefore, if you reveal to me, in conversation, writing, class discussion, or in any other manner, that you have experienced sexual misconduct it is my obligation to share that information with the Title IX Coordinator on our campus. Please know that if this is a step that needs to be taken, I will do my best to involve you in that process so that you know what to expect as a result of the communication with the Title IX Coordinator. To learn more about the expectations the college has of you with respect to sexual misconduct, you can find the full policy here:

http://simpson.edu/sexual-and-relationship-misconduct-policy/

Special Covid Additions

Thanks to COVID here are some additional elements:

Wearing Facial Coverings in Classrooms is Required

To help mitigate the transmission of COVID-19, it is required that all students, faculty, and staff wear masks in classrooms, laboratories, and other similar spaces where in-person instruction occurs. This requirement is for all individuals regardless of COVID-19 vaccination status. The masks must cover both nose and mouth and be worn for the duration of class. Consumption of food or drink will not be allowed inside classroom spaces. Mask requirements (both within the classroom and inside campus buildings) will be linked to Simpson College COVID-19 Color Phases and will be evaluated frequently. Please note that Color Phases are heavily influenced by the vaccination rate on campus. You can find more information at COVID-19 Plan. Non-compliance regarding masks may result in students being asked to leave the class, disciplinary action from the academic dean, or failure of the class as outlined in the Student Handbook Standards of Classroom Behavior.

COVID-19 Health-Relates Class Absences

Please evaluate your own health status daily and refrain from attending class if you are ill. Students who miss class due to illness will be given opportunities to access course materials and will not be penalized for not attending class in person. Please work with instructors to either reschedule or electronically/remotely complete exams, labs, and other academic activities as you are able. You are encouraged to seek appropriate medical attention for treatment of illness. In the event of contagious illness, please do not come to class or to campus to turn in work. Notify me by email about your absence as soon as practical so that accommodations can be made. Please note that documentation (a doctor’s note) for medical excuses is NOT required.

Additional Contingency Plans

Should the normal instructional activity on the campus be shortened or interrupted by a campus-wide closing, students will receive information from the instructor or other representative of the college about when and if the course might be continued or completed remotely.

Recording Policy

Recording: Class meetings may be recorded by the instructor for student use. To respect the class community, there shall be no other audio or video recording of class activities and no sharing or disseminating recordings or images (including screen shots) of class activities without the permission of the instructor and other members of the class.