Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
MIS 5206 Protecting Information Assets
MIS5206Protection of Information Assets
Week 1
MIS 5206 Protecting Information Assets
Agenda • Course objectives• Textbook and readings• Grading
– Assignments– Participation – Team presentation– Exams
• Class web site “Blog”• Quizzes• Weekly cycle • Typical class session• Case study 1• Course topics• Next time
MIS 5206 Protecting Information Assets
Course Objectives
In this course you will gain an understanding of the importance of, and techniques related to, managing information assets including logical, physical, and environmental security along with disaster recovery and business continuity
The Key subject areas that are covered in the course are:
– Information Security Risk Identification and Management
– Security Threats and Mitigation Strategies
• First half of the course, leading up to the mid-term exam, will focus on Information Security Risk Identification and Management
• Second half of the class will cover the details of security threats and the mitigation strategies used to mange risk
MIS 5206 Protecting Information Assets
Textbook and Readings
MIS 5206 Protecting Information Assets
Textbook
We are using the 2nd Edition as our class textbook. You are welcome to use the new Third Edition. The price difference is significant, but the content is mostly the same.
Chapter Titles are the same (or similar), but the numbering is different E.g. Chapter 1 “Building a Secure Organization” in Second Edition, is Chapter 2 in the newer edition
I will point out differences as we move through the course…
MIS 5206 Protecting Information Assets
Readings
MIS 5206 Protecting Information Assets
Grading
MIS 5206 Protecting Information Assets
Assignments
1. Readings
MIS 5206 Protecting Information Assets
Assignments
1. Readings
We are using the 2nd Edition as our class textbook, but you are welcome to use the new Third Edition. The price difference is significant, but the content is mostly the same.
Chapter Titles are the same (or similar), but the numbering is different E.g. “Building a Secure Organization” is Chapter 1 in Second Edition, and is Chapter 2 in the Third Edition
I will point out differences as we move through the course…
MIS 5206 Protecting Information Assets
Assignments
2. Answers to weekly reading discussion questions
• A paragraph or two of thoughtful analysis is expected for your initial answer to the question
• Post your answer to the weekly class assignment blog
• You must come to class prepared to discuss all of these questions in detail when we meet
Each Sunday you will find a post that includes several discussion questions about the coming week’s readings. You are expected to post your answers to the discussion questions by Tuesday by 11:59 AM
MIS 5206 Protecting Information Assets
Assignments2. Answers to weekly reading
discussion questions
MIS 5206 Protecting Information Assets
Assignments2. Three case studiesI will provide discussion questions for each case (cases 2 & 3 will be posted to the class site). Answer each question in depth as part of your individual preparation, and post your answers to the blog by Tuesday 11:59 AM
i. Individual preparation is done as homework assignments that will prepare you to contribute in group
discussion meetings. It will prepare you to learn from what others say.
To fully benefit from the interchange of ideas about a case’s problem, however, you must possess a
good understanding of the facts of the case and have your own ideas.
Studying the case, doing your homework and answering the questions readies you to react to what
others say. This is how we learn…
MIS 5206 Protecting Information Assets
Assignments2. Three case studies
ii. Group discussions are informal sessions of give and take. Come with your own ideas and leave with better
understanding. By pooling your insights with the group you advance your own analysis. Discussions
within small groups is also helpful for those uncomfortable talking in large classes to express their views
and gain feedback.
iii. Class discussion advances learning from the case, but does not solve the case. Rather it helps develop your
understanding of why you need to gain more knowledge and learn concepts that provide the basis of your
intellectual toolkit you develop in class and apply in practice.
MIS 5206 Protecting Information Assets
Assignments1. Readings2. Answers to questions3. Case study analyses
MIS 5206 Protecting Information Assets
Participation
1. Comment on weekly discussion question answers and comments posted by other students
Read the responses of others to the discussion questions and contribute at least three (3) substantive posts that include your thoughtful comments as you participate in the discussion of the questions with your classmates
Your postings of 3 comments is due by Thursday 11:59am
MIS 5206 Protecting Information Assets
Participation
2. “In the News” articles
Research article you found about a current event in the Information Security arena
Identify, write a summary, post a link to your summary, and be prepared to discuss in class
https://www.theregister.co.uk/security/
http://www.eweek.com/security
https://www.computerworld.com/category/security/
…
https://krebsonsecurity.com/
MIS 5206 Protecting Information Assets
Participation
2. “In the News” articlesResearch article you found about a current event in the Information Security arena
Identify, write a summary, post a link to your summary, and be prepared to discuss in class
An ideal article would be tied thematically to the topic of the week. However, any article you find interesting and would like to share is welcome.
Deadline for posting is by Thursday by 11:59 AM
MIS 5206 Protecting Information Assets
Participation We will often begin with a discussion of “In the News” articles that you have discovered and posted to the class blog. I may ask for volunteers, or I may call on you
We may also start the session with “opening” questions about assigned readings, your answers to online discussion, or the case study
When you are called on, you should summarize the key issues, opportunities, and challenges in the article or question.
Be prepared to answer all the assigned questions
Another important aspect of in-class participation is completion of in-class assignments and contribution to group and team activities
3. During class
MIS 5206 Protecting Information Assets
Participation
2. Research, summarize and discuss “In the News” article in class
1. Comment & participate in discussions of questions on blog site
3. Participate in discussions during class
MIS 5206 Protecting Information Assets
Team presentationDuring Class #7 you will be organized into presentation development and delivery teams
Each team will be assigned a topic, and will follow up by developing a presentation covering the assigned topic
Each team will have a total time of 20 minutes to present, following by a 10 minute questions and answer (Q&A) session afterwards.
After drafting their presentation, each team should schedule to meet with Prof. Lanter outside of class (in his office or via WebEx) between Class 9 and Class 12 to gain feedback for improving their presentation..
Team presentations will be made during Class 14 and Class 15. The presentation should be submitted in digital and hardcopy formats to Prof. Lanter before their presentation in class.
Teams not presenting are responsible for asking thoughtful and insightful questions at the end of each presentation.
MIS 5206 Protecting Information Assets
Exams There will be two in-class exams given during the semester. Together these exams are weighted 25% of each student’s final grade
The exams will consist of multiple-choice, and possibly fill in the blank or short answer questions. You will have a fixed time (e.g. 90 minutes) to complete the exam
The Midterm Exam will occur during Class 7’s and the Final Exam will occur during class time of finals week
The exams will be cumulative, but mostly focused on the course materials since the beginning of last exam
Expect important concepts highlighted in class to appear on both exams
MIS 5206 Protecting Information Assets
Class Web Site Also Know As (AKA) “Class Blog”
http://community.mis.temple.edu/mis5206sec701fall17/ http://community.mis.temple.edu/mis5206sec001fall17/
MIS 5206 Protecting Information Assets
Class Web Site – “INSTRUCTOR”
MIS 5206 Protecting Information Assets
Introductions - Instructor
MIS 5206 Protecting Information Assets
Class Web Site – “SYLLABUS”
MIS 5206 Protecting Information Assets
Class Web Site – “SYLLABUS”
MIS 5206 Protecting Information Assets
Class Web Site – “SYLLABUS”
MIS 5206 Protecting Information Assets
Class Web Site – “SYLLABUS”
MIS 5206 Protecting Information Assets
Class Web Site – “SCHEDULE”
MIS 5206 Protecting Information Assets
Class Web Site – “DELIVERABLES”
MIS 5206 Protecting Information Assets
Example of Questions and Answers
MIS 5206 Protecting Information Assets
Example of Questions and Answers
MIS 5206 Protecting Information Assets
Weekly Quizzes
– Quiz consists of practice exam questions
– Test taking tip provided before each quiz
– Grades for quizzes do not count
– Taking the quizzes counts toward participation score
– Each quiz includes additional terminology, acronyms and material for you to research and study on your own
MIS 5206 Protecting Information Assets
Weekly cycle
Section 001
Section 701
MIS 5206 Protecting Information Assets
Typical class session (starting Class 2)
1. In the News
2. Discussions / Lecture / Presentations
3. Quiz
MIS 5206 Protecting Information Assets
Agenda Course objectivesTextbook and readingsGrading
AssignmentsParticipation Team presentationExams
Class web site “Blog”QuizzesWeekly cycle Typical class session• Case study 1• Course topics• Next time
MIS 5206 Protecting Information Assets
Case Study Group Discussion
MIS 5206 Protecting Information Assets
Case study: “Snowfall and a stolen laptopDiscussion topic 1 (20 minutes)
Discuss the questions below with the others on your team, then have one team member neatly print answers to these two questions for display to the class:
• You are Ash Rao, Dean of the Saunders College of Business. On Sunday evening, instead of spending a few hours reviewing documents in preparation for some important meetings this week, you had an unpleasant surprise when that a thief entered your house and stole your laptop – presumably while you were shoveling the front walk!! Well, at least Dave Ballard saw the email you sent from your Blackberry.
• Given everything you know about yourself (Ash Rao) what would be the ideal way for this unpleasant situation to be handled?
MIS 5206 Protecting Information Assets
Case study: “Snowfall and a stolen laptopDiscussion topic2(20 minutes)
1. Take turns and briefly introduce yourself to your group2. Discuss the question below with the others on your team, then have one team
member neatly print answers to these two questions for display to the class:
– You are Dave Ballard, Network Administrator at the RIT Saunders College of Business (COB). On Sunday evening COB Dean, Ash Rao informed you that his Rochester NY house was broken into and his laptop stolen. Poor Ash! You delivered a laptop to his office the next morning at 9:30.
– Given everything you know about yourself (Dave Ballard) and Ash Rao from reading the case, how effective was your response to this incident? What else could you have done?
Return to the class WebEx
MIS 5206 Protecting Information Assets
Case study: “Snowfall and a stolen laptopClass Discussion
Who else at RIT is concerned with this stolen laptop incident?
What are their concerns?
MIS 5206 Protecting Information Assets
Let’s review the risksRisk Impact Frequency
MIS 5206 Protecting Information Assets
Case Study epilogue and wrap-up
Rochester Institute of Technology (RIT)
Saunders College of Business
MIS 5206 Protecting Information Assets
We will revisit this case as we progress through course topics
MIS 5206 Protecting Information Assets
For next time…
1. Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain the nature of the vulnerabilities
2. Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose
3. What is quantitative information security risk analysis? Provide an example of a measurement used in quantitative information security risk analysis. What challenges are involved in calculating such a measurement?
Chapter 2 in the Vacca 3rd edition
MIS 5206 Protecting Information Assets
Agenda Course objectivesTextbook and readingsGrading
AssignmentsParticipation Team presentationExams
Class web site “Blog”QuizzesWeekly cycle Typical class sessionCase study 1Course topicsNext time
MIS 5206 Protecting Information Assets
Protecting Information AssetsWeek 1