MIS5206 Protection of Information Assets Week 1

MIS 5206 Protecting Information Assets

MIS5206Protection of Information Assets

Week 1


Agenda • Course objectives• Textbook and readings• Grading

– Assignments– Participation – Team presentation– Exams

• Class web site “Blog”• Quizzes• Weekly cycle • Typical class session• Case study 1• Course topics• Next time


Course Objectives

In this course you will gain an understanding of the importance of, and techniques related to, managing information assets including logical, physical, and environmental security along with disaster recovery and business continuity

The Key subject areas that are covered in the course are:

– Information Security Risk Identification and Management

– Security Threats and Mitigation Strategies

• First half of the course, leading up to the mid-term exam, will focus on Information Security Risk Identification and Management

• Second half of the class will cover the details of security threats and the mitigation strategies used to mange risk


Textbook and Readings


Textbook

We are using the 2nd Edition as our class textbook. You are welcome to use the new Third Edition. The price difference is significant, but the content is mostly the same.

Chapter Titles are the same (or similar), but the numbering is different E.g. Chapter 1 “Building a Secure Organization” in Second Edition, is Chapter 2 in the newer edition

I will point out differences as we move through the course…


Readings


Grading


Assignments

1. Readings


Assignments

1. Readings

We are using the 2nd Edition as our class textbook, but you are welcome to use the new Third Edition. The price difference is significant, but the content is mostly the same.

Chapter Titles are the same (or similar), but the numbering is different E.g. “Building a Secure Organization” is Chapter 1 in Second Edition, and is Chapter 2 in the Third Edition

I will point out differences as we move through the course…


Assignments

2. Answers to weekly reading discussion questions

• A paragraph or two of thoughtful analysis is expected for your initial answer to the question

• Post your answer to the weekly class assignment blog

• You must come to class prepared to discuss all of these questions in detail when we meet

Each Sunday you will find a post that includes several discussion questions about the coming week’s readings. You are expected to post your answers to the discussion questions by Tuesday by 11:59 AM


Assignments2. Answers to weekly reading

discussion questions


Assignments2. Three case studiesI will provide discussion questions for each case (cases 2 & 3 will be posted to the class site). Answer each question in depth as part of your individual preparation, and post your answers to the blog by Tuesday 11:59 AM

i. Individual preparation is done as homework assignments that will prepare you to contribute in group

discussion meetings. It will prepare you to learn from what others say.

To fully benefit from the interchange of ideas about a case’s problem, however, you must possess a

good understanding of the facts of the case and have your own ideas.

Studying the case, doing your homework and answering the questions readies you to react to what

others say. This is how we learn…


Assignments2. Three case studies

ii. Group discussions are informal sessions of give and take. Come with your own ideas and leave with better

understanding. By pooling your insights with the group you advance your own analysis. Discussions

within small groups is also helpful for those uncomfortable talking in large classes to express their views

and gain feedback.

iii. Class discussion advances learning from the case, but does not solve the case. Rather it helps develop your

understanding of why you need to gain more knowledge and learn concepts that provide the basis of your

intellectual toolkit you develop in class and apply in practice.


Assignments1. Readings2. Answers to questions3. Case study analyses


Participation

1. Comment on weekly discussion question answers and comments posted by other students

Read the responses of others to the discussion questions and contribute at least three (3) substantive posts that include your thoughtful comments as you participate in the discussion of the questions with your classmates

Your postings of 3 comments is due by Thursday 11:59am


Participation

2. “In the News” articles

Research article you found about a current event in the Information Security arena

Identify, write a summary, post a link to your summary, and be prepared to discuss in class

https://www.theregister.co.uk/security/

http://www.eweek.com/security

https://www.computerworld.com/category/security/

…

https://krebsonsecurity.com/


Participation

2. “In the News” articlesResearch article you found about a current event in the Information Security arena

Identify, write a summary, post a link to your summary, and be prepared to discuss in class

An ideal article would be tied thematically to the topic of the week. However, any article you find interesting and would like to share is welcome.

Deadline for posting is by Thursday by 11:59 AM


Participation We will often begin with a discussion of “In the News” articles that you have discovered and posted to the class blog. I may ask for volunteers, or I may call on you

We may also start the session with “opening” questions about assigned readings, your answers to online discussion, or the case study

When you are called on, you should summarize the key issues, opportunities, and challenges in the article or question.

Be prepared to answer all the assigned questions

Another important aspect of in-class participation is completion of in-class assignments and contribution to group and team activities

3. During class


Participation

2. Research, summarize and discuss “In the News” article in class

1. Comment & participate in discussions of questions on blog site

3. Participate in discussions during class


Team presentationDuring Class #7 you will be organized into presentation development and delivery teams

Each team will be assigned a topic, and will follow up by developing a presentation covering the assigned topic

Each team will have a total time of 20 minutes to present, following by a 10 minute questions and answer (Q&A) session afterwards.

After drafting their presentation, each team should schedule to meet with Prof. Lanter outside of class (in his office or via WebEx) between Class 9 and Class 12 to gain feedback for improving their presentation..

Team presentations will be made during Class 14 and Class 15. The presentation should be submitted in digital and hardcopy formats to Prof. Lanter before their presentation in class.

Teams not presenting are responsible for asking thoughtful and insightful questions at the end of each presentation.


Exams There will be two in-class exams given during the semester. Together these exams are weighted 25% of each student’s final grade

The exams will consist of multiple-choice, and possibly fill in the blank or short answer questions. You will have a fixed time (e.g. 90 minutes) to complete the exam

The Midterm Exam will occur during Class 7’s and the Final Exam will occur during class time of finals week

The exams will be cumulative, but mostly focused on the course materials since the beginning of last exam

Expect important concepts highlighted in class to appear on both exams


Class Web Site Also Know As (AKA) “Class Blog”

http://community.mis.temple.edu/mis5206sec701fall17/ http://community.mis.temple.edu/mis5206sec001fall17/

http://community.mis.temple.edu/mis5206sec701fall17/

http://community.mis.temple.edu/mis5206sec001fall17/


Class Web Site – “INSTRUCTOR”


Introductions - Instructor


Class Web Site – “SYLLABUS”








Class Web Site – “SCHEDULE”


Class Web Site – “DELIVERABLES”


Example of Questions and Answers


Example of Questions and Answers


Weekly Quizzes

– Quiz consists of practice exam questions

– Test taking tip provided before each quiz

– Grades for quizzes do not count

– Taking the quizzes counts toward participation score

– Each quiz includes additional terminology, acronyms and material for you to research and study on your own


Weekly cycle

Section 001

Section 701


Typical class session (starting Class 2)

1. In the News

2. Discussions / Lecture / Presentations

3. Quiz


Agenda Course objectivesTextbook and readingsGrading

AssignmentsParticipation Team presentationExams

Class web site “Blog”QuizzesWeekly cycle Typical class session• Case study 1• Course topics• Next time


Case Study Group Discussion


Case study: “Snowfall and a stolen laptopDiscussion topic 1 (20 minutes)

Discuss the questions below with the others on your team, then have one team member neatly print answers to these two questions for display to the class:

• You are Ash Rao, Dean of the Saunders College of Business. On Sunday evening, instead of spending a few hours reviewing documents in preparation for some important meetings this week, you had an unpleasant surprise when that a thief entered your house and stole your laptop – presumably while you were shoveling the front walk!! Well, at least Dave Ballard saw the email you sent from your Blackberry.

• Given everything you know about yourself (Ash Rao) what would be the ideal way for this unpleasant situation to be handled?


Case study: “Snowfall and a stolen laptopDiscussion topic2(20 minutes)

1. Take turns and briefly introduce yourself to your group2. Discuss the question below with the others on your team, then have one team

member neatly print answers to these two questions for display to the class:

– You are Dave Ballard, Network Administrator at the RIT Saunders College of Business (COB). On Sunday evening COB Dean, Ash Rao informed you that his Rochester NY house was broken into and his laptop stolen. Poor Ash! You delivered a laptop to his office the next morning at 9:30.

– Given everything you know about yourself (Dave Ballard) and Ash Rao from reading the case, how effective was your response to this incident? What else could you have done?

Return to the class WebEx


Case study: “Snowfall and a stolen laptopClass Discussion

Who else at RIT is concerned with this stolen laptop incident?

What are their concerns?


Let’s review the risksRisk Impact Frequency


Case Study epilogue and wrap-up

Rochester Institute of Technology (RIT)

Saunders College of Business


We will revisit this case as we progress through course topics


For next time…

1. Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain the nature of the vulnerabilities

2. Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose

3. What is quantitative information security risk analysis? Provide an example of a measurement used in quantitative information security risk analysis. What challenges are involved in calculating such a measurement?

Chapter 2 in the Vacca 3rd edition


Agenda Course objectivesTextbook and readingsGrading

AssignmentsParticipation Team presentationExams

Class web site “Blog”QuizzesWeekly cycle Typical class sessionCase study 1Course topicsNext time


Protecting Information AssetsWeek 1

Documents

MIS5206 Protection of Information Assets Week 1