CSIS-3313 Information Security Standards, Risk Management, and Compliance
Michael MacLeod
Credit Fall 2024
Section(s)
CSIS-3313-001 (89675)
LEC TuTh 6:00pm - 7:20pm DIL DLS DIL
LAB TuTh 7:20pm - 7:45pm DIL DLS DIL
Course Requirements
Course Description: This course is evaluating the differences between managing information security as opposed to the IT security is an area that is now eventually coming of age. For many years the focus has been mainly on IT security and with the implementation of such security left to the IT department and technical experts. This course focuses on security related to people, processes, information as well as IT. Since then, there has been many developments taking us to where we are today with these early security management standards being transformed in international standards published by ISO/IEC. These standards are being used by hundreds of thousands of organizations using these standards worldwide.
Instructional Methodology: This course will have 75% lecture and 25% laboratory.
Distance Learning: This delivery method uses an online course management system, Blackboard or equivalent. Course materials are located on Blackboard or equivalent, and include but are not limited to PowerPoints, practice tests, schedules, grade book, etc.
The CIS open labs are available for students for work outside of scheduled lab time.
Grade Policy:
Grades will be assigned based both on concepts and practical application.
|
2160-2400 points |
A |
|
1920-2159 points |
B |
|
1680-1919 points |
C |
|
1440-1679 points |
D |
|
1439 points or less |
F |
Basis for Grades
|
Type |
Number |
Points Each |
Total Points |
|
|
|
|
|
|
Assignments Mid-Term Review |
14 Each 1 Each |
100 200 |
1400 200 |
|
Mid-Term Exam |
1 Each |
200 |
200 |
|
Final Review |
1 Each |
300 |
300 |
|
Final Exam |
1 Each |
300 |
300 |
|
|
|
|
|
|
|
|
Total |
2400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Assignments (see schedule)
14 in number
Total Points 1400
Application-oriented
It will cover specific programs and can be cumulative.
Open book.
Mid-Term Review Exercise (see schedule)
1 in number
Total points 200
Will cover specific chapters and appendices.
Open book
The mid-Term Exam Review Exercise is designed to appraise the student’s coursework knowledge during the given period. The review exercise will be open for one day (a 24-hour period).
The Mid-Term Review Exercise will not be re-opened after the scheduled due date.
Final Review Exercise (see schedule)
1 in number
Total points 300
Will cover specific chapters and appendices.
Open book
Final Review Exercise is designed to appraise the student’s knowledge of the topics presented in the course. The final review will be open for one day (24-hour period).
The Final Review Exercise will not be re-opened after the scheduled due date.
Mid-Term Exam (see schedule)
1 in number
Total Points 200
Will cover specific chapters and appendices.
Closed book
The Mid-Term exam is to be completed during the scheduled class times.
The Mid-Term Exam will not be re-opened after the scheduled due date.
Final Exam (see schedule)
1 in number
Total Points 300
Will cover specific chapters and appendices.
Closed book
Final exams are completed during the scheduled class times.
The Final Exam will not be re-opened after the scheduled due date.
Late Assignments
All students are expected to submit all assignments/projects by their established due dates as provided in the course syllabus and/or rubrics.
Students need to familiarize themselves with any specific instructions or requirements, all due dates as well as all assignments and projects for which they are responsible in this course.
Deductions and No Credit:
• Assignments will lose 10%/day for a maximum of 7 days. Beyond 7 days, students will receive.
NO CREDIT for the assignment.
Testing Policy
All exams, including final exam parts, have a scheduled date on which the exam is to be completed. Exams are open for one day only. Exams will be taken during the scheduled time based on the course schedule and times as identified by the instructor.
If a student cannot take the exam on the scheduled date, due to documented unforeseen circumstances (i.e.: illness, which requires a doctor’s statement, family emergency, or emergency call out), the student is required to notify the instructor in writing as soon as possible.
The circumstance must meet the following conditions:
- You must have experienced an unforeseen and sudden emergency. Note: getting behind
in the course is not an unforeseen emergency. - You must present Dr. MacLeod documented proof of your emergency.
- You must contact Dr. MacLeod by ACC e-mail of your emergency on or before
the exam deadline date or the exam administration date and time.
The circumstance will be evaluated to determine whether it allows for an exception.
If a student fails to take an exam without an approved exception, the student will receive a grade of zero for that exam and it will be final. The student will also be required to take all remaining Exams at the Highland Campus testing center.
Retesting & Extra Credit
Dr. MacLeod does not allow retesting or extra credit.
Important Grading Notes
Grades will be posted as they are earned throughout the semester. You must report (in writing) all grading issues within seven calendar days of the grade being posted. If you have not reported a grading issue within the seven calendar days, then the grade will be final.
Grades are based on achievement, not effort.
Grade of Zero During Course
During the course, a grade of zero will be given for any assignment not turned in by the due date. The zero is a placeholder to remind the student of assignments not completed. Assigned work may not be turned in more than seven days after the due date; the assignment will receive a final grade of zero (0%). Exceptions: time-sensitive assignments (exam reviews and exams) and assignments whose due dates are within the last seven days of the semester.
Request for assistance on coursework
When assistance is required on assignments, send an email with the following information to the instructor: The course number and “Request for Assistance” in the subject line. The body of the email will include what troubleshooting steps have been taken and what research has been done by the student.
Readings
| Wk. | Cl. | Day | Date | Lecture | Readings |
| 1 | 1 | T | 8/27/24 | Chapter 1 | Information Security Policies, Procedures, and Standards Chapter 1 Introduction |
| 1 | 2 | Th | 8/29/24 | Review Chapter 1 |
|
| 2 | 3 | T | 9/3/24 | Chapter 2 | Chapter 2 Information Security Policy Basics |
| 2 | 4 | Th | 9/5/24 | Review Chapter 2 |
|
| 3 | 5 | T | 9/10/24 | Chapter 3 | Chapter 3 Information Security Policy Framework |
| 3 | 6 | Th | 9/12/24 | Review Chapter 3 |
|
| 4 | 7 | T | 9/17/24 | Chapter 4 | Chapter 4 Information Security Policy Details |
| 4 | 8 | Th | 9/19/24 | Review Chapter 4 |
|
| 5 | 9 | T | 9/24/24 | Chapter 5 | Chapter 5 Information Security Procedures and Standards |
| 5 | 10 | Th | 9/26/24 | Review Chapter 5 |
|
| 6 | 11 | T | 10/1/24 | Chapter 6 | Chapter 6 Information Security policy Projects |
| 6 | 12 | Th | 10/3/24 | Review Chapter 6 |
|
| 7 | 13 | T | 10/8/24 | Chapter 1 | The Risk Assessment Handbook Chapter 1 Introduction |
| 7 | 14 | Th | 10/10/24 | Review Chapter 1 |
|
| 8 | 15 | T | 10/15/24 | ||
| 8 | 16 | Th | 10/17/24 | ||
| 9 | 17 | T | 10/22/24 | Chapter 2 | Chapter 2 Information Security Risk Assessment Basics |
| 9 | 18 | Th | 10/24/24 | Review Chapter 2 |
|
| 10 | 19 | T | 10/29/24 | Chapter 3 | Chapter 3 Project Definition |
| 10 | 20 | Th | 10/31/24 | Review Chapter 3 |
|
| 11 | 21 | T | 11/5/24 | Chapter 4 | Chapter 4 Security Risk Assessment Preparation |
| 11 | 22 | Th | 11/7/24 | Review Chapter 4 |
|
| 12 | 23 | T | 11/12/24 | Chapter 5 | Chapter 5 Data Gathering |
| 12 | 24 | Th | 11/14/24 | Review Chapter 5 |
|
| 13 | 25 | T | 11/19/24 | Chapter 9 | Chapter 9 Security Risk Analysis |
| 13 | 26 | Th | 11/21/24 | Review Chapter 9 |
|
| 14 | 27 | T | 11/26/24 | Chapter 11 | Chapter 11 Security Risk Mitigation |
| 14 | 28 | Th | 11/28/24 | Thanksgiving - No Class | |
| 15 | 29 | T | 12/3/24 | Chapter 14 | Chapter 14 Security Risk Assessment Approaches |
| 15 | 30 | Th | 12/5/24 | Review Chapter 14 |
|
| 16 | 31 | T | 12/10/24 | ||
| 16 | 32 | Th | 12/12/24 |
Course Subjects
| Wk. | Cl. | Day | Date | Lecture | Readings | Assignments | Due Date | Points | Reviews/Exams |
| 1 | 1 | T | 8/27/24 | Chapter 1 | Information Security Policies, Procedures, and Standards Chapter 1 Introduction |
||||
| 1 | 2 | Th | 8/29/24 | Review Chapter 1 |
Assignment 1 | 9/4/24 | 100 | ||
| 2 | 3 | T | 9/3/24 | Chapter 2 | Chapter 2 Information Security Policy Basics |
||||
| 2 | 4 | Th | 9/5/24 | Review Chapter 2 |
Assignment 2 | 9/11/24 | 100 | ||
| 3 | 5 | T | 9/10/24 | Chapter 3 | Chapter 3 Information Security Policy Framework |
||||
| 3 | 6 | Th | 9/12/24 | Review Chapter 3 |
Assignment 3 | 9/18/24 | 100 | ||
| 4 | 7 | T | 9/17/24 | Chapter 4 | Chapter 4 Information Security Policy Details |
||||
| 4 | 8 | Th | 9/19/24 | Review Chapter 4 |
Assignment 4 | 9/25/24 | 100 | ||
| 5 | 9 | T | 9/24/24 | Chapter 5 | Chapter 5 Information Security Procedures and Standards |
||||
| 5 | 10 | Th | 9/26/24 | Review Chapter 5 |
Assignment 5 | 10/2/24 | 100 | ||
| 6 | 11 | T | 10/1/24 | Chapter 6 | Chapter 6 Information Security policy Projects |
||||
| 6 | 12 | Th | 10/3/24 | Review Chapter 6 |
Assignment 6 | 10/9/24 | 100 | ||
| 7 | 13 | T | 10/8/24 | Chapter 1 | The Risk Assessment Handbook Chapter 1 Introduction |
||||
| 7 | 14 | Th | 10/10/24 | Review Chapter 1 |
Assignment 7 | 10/16/24 | 100 | ||
| 8 | 15 | T | 10/15/24 | 10/16/24 | 200 | Mid-Term Review |
|||
| 8 | 16 | Th | 10/17/24 | 10/18/24 | 200 | Mid-Term Exam |
|||
| 9 | 17 | T | 10/22/24 | Chapter 2 | Chapter 2 Information Security Risk Assessment Basics |
||||
| 9 | 18 | Th | 10/24/24 | Review Chapter 2 |
Assignment 8 | 10/30/24 | 100 | ||
| 10 | 19 | T | 10/29/24 | Chapter 3 | Chapter 3 Project Definition |
||||
| 10 | 20 | Th | 10/31/24 | Review Chapter 3 |
Assignment 9 | 11/6/24 | 100 | ||
| 11 | 21 | T | 11/5/24 | Chapter 4 | Chapter 4 Security Risk Assessment Preparation |
||||
| 11 | 22 | Th | 11/7/24 | Review Chapter 4 |
Assignment 10 | 11/13/24 | 100 | ||
| 12 | 23 | T | 11/12/24 | Chapter 5 | Chapter 5 Data Gathering |
||||
| 12 | 24 | Th | 11/14/24 | Review Chapter 5 |
Assignment 11 | 11/20/24 | 100 | ||
| 13 | 25 | T | 11/19/24 | Chapter 9 | Chapter 9 Security Risk Analysis |
||||
| 13 | 26 | Th | 11/21/24 | Review Chapter 9 |
Assignment 12 | 11/27/24 | 100 | ||
| 14 | 27 | T | 11/26/24 | Chapter 11 | Chapter 11 Security Risk Mitigation |
Assignment 13 | 12/4/24 | 100 | |
| 14 | 28 | Th | 11/28/24 | Thanksgiving - No Class | |||||
| 15 | 29 | T | 12/3/24 | Chapter 14 | Chapter 14 Security Risk Assessment Approaches |
||||
| 15 | 30 | Th | 12/5/24 | Review Chapter 14 |
Assignment 14 | 12/11/24 | 100 | ||
| 16 | 31 | T | 12/10/24 | 12/11/24 | 300 | Final Review | |||
| 16 | 32 | Th | 12/12/24 | 12/13/24 | 300 | Final Exam |
Student Learning Outcomes/Learning Objectives
Course Rationale: To introduce students to a broad range of standards, risk, and compliance topics including standards that can be developed for international companies, risk management and compliance guidelines.
.
Course Objectives / Learning Outcomes: [Instructor may add to but not delete]
- Define a primary (or “recognized”) standard as an established norm or requirements.
- Explain why internal audit may focus on controls and assuring that risks are properly mitigated.
- Identify the compliance functions that focus on the controls needed to manage risk.
- Examine the structured process steps, oversight, and reporting of the identified risks.
- Describe the formal documentation of risks in risk assessment activities.
Office Hours
T Th 12:00 PM - 1:00 PM Zoom Meeting online
NOTE By AppointmentPublished: 09/12/2024 11:22:23