UNIVERSITY OF ALBERTA SCHOOL OF BUSINESS
DEPARTMENT OF ACCOUNTING, OPERATIONS AND INFORMATION SYSTEMS MIS 427
Information System Security Management Fall 2018
COURSE SYLLABUS
Instructor: Jim Kiddoo Section: Lec A1
Email: [email protected] Class: Tues & Thurs
Office Hours: By Appointment Time: 11:00-12:20pm
Location: BUS B-05
This course covers the main aspects of IT security from a manager's point of view. Managers in any field need to be aware of security and have a grasp on what can be done to monitor and improve it. This is a field that literally changes on a daily basis and as the world becomes more and more interconnected there isn't a business or government on earth that doesn't have some sort of electronic entry into their private infrastructure. We will examine how these resources can be protected in both a proactive and reactive way. The Course addresses the key aspects of security including the following as well as others:
• Identifying targets- Who is attacked and why
• Examining outcomes- Lost revenue, repair costs, reputation, law suites, etc
• Challenges implementing security- Cultural, lost functionality, Freedom
• Policy Creation and enforcement- When is Big brother too much?
• Auditing and Forensics- Monitoring for attempts and breaches and then tracking them down
• Business Continuity- Keeping things running
• Entry points into your network- both physical and virtual
• Latest methods of Attacking
This course takes a managers approach in dealing with the planning and implementing from a high level. There is some technical information covered but deals more with general information instead of vendor specific settings. The assignments will revolve around identifying targets and how they can be exploited.
This course is not only for MIS students but any student who wants to be in a manager's role in any company and is involved in maintaining and increasing revenues as well as reputation. Technology is everywhere and even if you think you are not a target you can become an easy way into bigger and better targets. Managers need to be aware what has to be done to ensure the successful securing of technology in business today.
LEARNING OBJECTIVES
This course incorporates the Learning Goals of the BCom Program, in particular Critical Thinking, and Written Communication. The purpose of this course is not to turn you into an immediate IT security consultant. Rather it is to give you the basic understanding that will help you navigate IT security situations in both your professional and personal lives. At the end of this course, you will have developed the following course specific skills or knowledge:
a. You should understand the basic rules and principles that govern IT security
b. You should be able to avoid some of the more common problems associated with these areas.
c. You should be able to identify and clearly articulate IT Security issues and problems, identify
the relevant area in the security world, and apply your knowledge to propose solutions or areas to expand in.
Materials
Supplementary resource materials: URL: https://eclass.srv.ualberta.cawith articles, software, case studies, and exercises, etc.
Pre-requisites
You must have completed the introductory information systems course MIS 311 and have some experience with using computers. If you lack such pre-requisites, you should discuss your situation with the instructor prior to enrolling in this course.
Format
The format of the course will consist of lectures, group discussions, case studies, web-casts, scheduled lab sessions, a final exam, several small assignments, 2 larger assignments and class participation.
Week 1 & 2- Introduction, Group Organization, Anatomy of an Attack
Week 3- Identifying Targets, who and why (Industries, specific companies, size of
companies, terrorism, government, backdoors or zombies to attack other targets and the fun and challenging hack)
Week 4- Examining the outcomes of successful attempts (Repair costs, Lost Revenue, Reputation, Law suites, physical damage chain reactions with other businesses)
Week 5- Challenges implementing security (Cultural changes, training, Cost, Lost functionality, Balancing Security with ease of Use)
Week 6- Policy Creation and enforcement (big Brother)
Week 7- Auditing and Forensics (creating reports for internal use or outside authorities, auditing running systems and finding the trail of compromises)
Week 8 - Disaster Recovery and Business Continuity Planning (How to plan and prepare for after a physical or cyber threat has affected your Business)
Week 9 - Points of Access (ways to penetrate systems e.g. Online monitoring, monitoring network traffic wired and wireless, scanning computer network Ports, server penetration) Week 10 -Detection & Protection (which general tools can be used to detect and protect) Week 11- Updates on the latest attempts and what they look like (examination of recent breaches and attempts that affect different industries, Should include recent Case studies.
Week12- Presentation (Revolves around address a security IT plan for a business from Policy to training to implementation to maintaining)
Week 13 - Used to balance out over run or guest speakers
Date Tentative Topic Presenter
Week 1 -Group Setup
-Assignment intro
Jim Kiddoo
Week 2 Identify Targets Jim Kiddoo
Week 3 Examine Outcomes Jim Kiddoo
Week 4 Implementation
challenges
Jim Kiddoo
Week 5 Policy Creation and
Enforcement
Jim Kiddoo
Week 6 Auditing and
Forensics
Jim Kiddoo
Week 7 Disaster Recover and
Business Continuity
Jim Kiddoo
Week 8 Points of Entry Jim Kiddoo
Week 9 Detect and Protect Jim Kiddoo
Week 10 Latest Attempts Jim Kiddoo
Week 11-Fall Term Class Break – NO Class
Week 12 Presentations Jim Kiddoo
Week 13 Presentations Jim Kiddoo
Week 14 Review Jim Kiddoo
Grading
1. Assignment #1 -10%
2. Assignment #2- 20%
3. In class exercises- 20%
4. G r o u p A s s i g n m e n t ( G a m e o f w a r ) - 20%
5. Final Exam- 30%