Course Description: This course is designed to teach mid-level security practitioners how to engage all functional levels within the enterprise to deliver information system security. To this end, the course addresses a range of topics, each of which is vital to securing the modern enterprise. These topics include inter alia plans and policies, enterprise roles, security metrics, risk management, standards and regulations, physical security, and business continuity. Each piece of the puzzle must be in place for the enterprise to achieve its security goals; adversaries will invariably find and exploit weak links.

Pre-requisite:  Although there are no prerequisites for this course, it is suggested that students take entry level information security or cybersecurity fundamentals course prior to registering for this course.

Course Rationale Effective information security at the enterprise level requires participation, planning, and practice. It is an ongoing effort that requires management and staff to work together from the same script. Fortunately, the information security community has developed a variety of resources, methods, and best practices to help modern enterprises address the challenge. Unfortunately, employing these tools demands a high degree of commitment, understanding, and skill—attributes that must be sustained through constant awareness and training.

Approved Course Texts/Readings:

All Textbook material is embedded in the course. Students will access the material via links in the different sections of the course.

Instructional Methodology:  The course will have both a lecture and lab component:  50% lecture and 50% lab.  Normally, there will be a lecture and lab component each day with the lab occurring at the end of the period. 

The CIS open labs are available for students to work outside of scheduled class time.

Grade Policy:

Grades will be assigned based both on concepts and practical application. An overall grade will be assigned on the following grading scale:

Basis for Grades

Orientation Review (See Schedule)

1 in number

Total Points 100

Students should fill out the student form and submit via Blackboard to receive credit for this assignment. The student form can be electronically signed for this class. The form will be returned during the first week of class.

The Orientation Review will not be re-opened after the scheduled due date.

Lab Assignments

12 in number (see schedule)

Total Points 1200

Application-oriented

It will cover specific programs and can be cumulative.

Open book.

If you complete a lab assignment up to one week after the due date, Dr. MacLeod will deduct 10% from your grade.  If you complete a lab assignment between one week and two weeks late, then Dr. MacLeod will deduct 50% from your grade.  You may not turn in a lab assignment after two weeks from the due date; you will receive a grade of zero (0%) for the assignment.

To prevent the 10% or 50% grade deduction, you must meet the following conditions:

1. You must have experienced an unforeseen and sudden emergency.  Note:  getting behind
   in the course is not an unforeseen emergency.
2. You must present Dr. MacLeod with documented proof of your emergency.
3. You must contact Dr. MacLeod by ACC e-mail of your emergency on or before
    the assignment deadline date.

Project

1 in number (see schedule)

Total points 200

It will cover specific aspects of cybersecurity and can be cumulative

Open book.

Projects turned in up to one week after the due date will receive a 10% grade deduction. Projects turned in between one and two weeks late will receive a 50% grade deduction.  You may not turn in an assignment after two weeks from the due date; you will receive a grade of zero (0%) for the assignment.

To prevent the 10% or 50% grade deduction, you must meet the following conditions:

1. You must have experienced an unforeseen and sudden emergency.  Note:  getting behind
   in the course is not an unforeseen emergency.
2. You must present Dr. MacLeod with documented proof of your emergency.
3. You must contact Dr. MacLeod by ACC e-mail of your emergency on or before
    the assignment deadline date.

Review Exercises

3 in number (see schedule)

Total points 300

Will cover specific chapters and appendices

Open book

Lecture Review Exercises are designed to appraise the student’s coursework knowledge during the given period. The review exercise will be open for one day (24-hour period).

The Review Exercise will not be re-opened after the scheduled due date.

Lecture Exams

3 in number (see schedule)

Total points 300

Will cover specific chapters and appendices

Closed book

Lecture exams are designed to appraise the student’s coursework knowledge during the given period. The lecture exams will be open for one day (24-hour period).

The Lecture Exams will not be re-opened after the scheduled due date.

Final Review Exercise

1 in number (see schedule)

Total points 200

Will cover specific chapters and appendices

Open book

The Final Review Exercise is designed to appraise the student’s knowledge of the topics presented in the course. The final review will be open for one day (24-hour period).

The Final Review Exercise will not be re-opened after the scheduled due date.

Final Exam

1 Exam in 2 Parts (see schedule)

Total points 300

Will cover specific chapters and appendices

Closed book

The Final Exam is designed to appraise the student’s knowledge of the topics presented in the course. Each part of the final exam will be open for one day (24-hour period).

The Final Exam will not be re-opened after the scheduled due date for each part.

Testing Policy

All exams, including final exam parts, have a scheduled date on which the exam is to be completed. Exams are open for one day only. Exams will be taken during the scheduled time based on the course schedule and times as identified by the instructor.

If a student cannot take the exam on the scheduled date, due to documented unforeseen circumstances (i.e.: illness, which requires a doctor’s statement, family emergency, or emergency call out), the student is required to notify the instructor in writing as soon as possible.

The circumstance must meet the following conditions:

1. You must have experienced an unforeseen and sudden emergency.  Note:  getting behind
   in the course is not an unforeseen emergency.
2. You must present Dr. MacLeod with documented proof of your emergency.
3. You must contact Dr. MacLeod by ACC e-mail of your emergency on or before
    the exam deadline date or the exam administration date and time.

The circumstance will be evaluated to determine whether it allows for an exception.

If a student fails to take an exam without an approved exception, the student will receive a grade of zero for that exam and it will be final.  The student will also be required to take all remaining Exams at the Highland Campus testing center.

Retesting & Extra Credit

Dr. MacLeod does not allow retesting or extra credit to raise your grade.

Important Grading Notes

Grades will be posted as they are earned throughout the semester.  You must report (in writing) all grading issues within seven calendar days of the grade being posted.  The grade will be final if you have not reported a grading issue within seven calendar days.

Grades are based on achievement, not effort.

Grade of Zero During Course

During the course, a grade of zero will be given for any assignment not turned in by the due date. The zero is a placeholder to remind the student of what assignments are not completed. Assigned work may not be turned in more than two weeks after the due date; the assignment will receive a final grade of zero (0%).  Exceptions: time-sensitive assignments (orientation review, exam reviews, and exams) and assignments whose due dates are within the last two weeks of the semester. 

Request for assistance on coursework

When assistance is required on assignments, send an email with the following information to the instructor: The course number and “Request for Assistance” in the subject line.  The body of the email will include what troubleshooting steps have been taken and what research has been done by the student.

Course Objectives / Learning Outcomes:

1. Assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures;
2. Critique and assess the strengths and weaknesses of general cybersecurity models, including the CIA triad;
3. Appraise the interrelationships among elements that comprise a modern security system, including hardware, software, policies, and people;
4. Assess how all domains of security interact to achieve effective system-wide security at the enterprise level.;
5. Compare the interrelationships among security roles and responsibilities in a modern information-driven enterprise—to include interrelationships across security domains (IT, physical, classification, personnel, and so on);
6. Assess the role of strategy and policy in determining the success of information security;
7. Estimate the possible consequences of misaligning enterprise strategy, security policy, and security plans;
8. Assess the role of good metrics and key performance indicators (KPIs) in security assessment and governance;
9. Create a good set of information security metrics;
10. Identify and contrast the most common security standards and associated catagories of security controls;
11. Contrast the various approaches to security training and formulate a simple training agenda;
12. Assess the strengths and weaknesses of the certification and accreditation approach to cybersecurity;
13. Evaluate the trends and patterns that will determine the future state of cybersecurity.