Instructor:

Raymond J. Curts, PhD

Office Hours:  One Hour Prior to Class

Engineering Building, Room 5306

rcurts@gmu.edu

 

Logistics:

          Course Dates:             31 August through 21 December 2015

            Location:                    Arts & Design Building L008

            Meeting Day:             Mondays

            Meeting Time:            7:20 PM – 10:00 PM

            Reference #:               Section 001 - CRN 72852

 

Administrative Support:

                                                Computer Science Department Office

                                                Engineering Building

                                                Room 4300

                                                703-993-1530

 

Course Description:

 

ISA 650 Federal IT Security Policy (3:3:0)

 

Focuses on security policy and its management for information systems having national and international connectivity.  Issues include legal, international, cultural, and local factors.  Students are expected to participate regularly in presenting material, in discussion of recent security issues, and by writing short papers on significant current issues.

Prerequisite(s): ISA 562 – Information Security Theory and Practice


This course provides insight into the Federal Information Security Framework including noteworthy legislation, regulations and compliance issues, as well as commonalities and significant differences between departments and agencies within the Federal Executive Branch (FEB).  The course will be presented as formal lectures complimented by group discussion.  Each topic will be addressed as part of the larger Federal IT Security structure.

 


Textbooks:

Required Reading:

No specific readings prescribed. 

Students will research class topics as appropriate.

Recommended Reading:

Various government legislation, regulations, executive orders, reports, policies, directives, instructions, current news articles and related web sites.

 

Schedule:

 

The course schedule will follow the outline below; however, it may be rearranged as the term progresses to allow for weather closures and one or two guest lecturers from industry as time permits.  Homework is assigned throughout the semester as indicated.  Additional homework, not listed here, may be assigned from time to time.  There is no textbook for this course.  Students are encouraged to consult the recommended readings and Blackboard links for additional information.  All readings are from web accessible documents unless otherwise indicated.

 

Lecture

Date

Topic

Assignments

1

08/31/15

Introduction to the FEB and the Federal Information Security Environment

 

09/07/15

Labor Day – No Class

 

2

09/14/15

Legislation &

Executive Office of the President (EoP)

Law or EoP Article

3

09/21/15

Department of Defense (DoD)

DoD Article

4

09/28/15

Intelligence Community (IC)

IC Article

5

10/05/15

National Institute of Standards (NIST)

NIST Article

 

10/12/15

Columbus Day – No Class

 

6

10/13/15

Tuesday

CNSS,

Department of Homeland Security (DHS)

CNSS or

DHS Article

7

10/19/15

NGA, OMB, Other FEB & Quasi- Government Agencies; MidTerm Review

NGA, or OMB Article

 

10/26/15

Mid-Term Exam

 

8

11/02/15

Compliance,

Paper & Presentation Guidelines

Compliance Article

9

11/09/15

Federal Enterprise Architecture (FEA)

FEA Article

10

11/16/15

Federal Information Security Frameworks,

Federal IT Management Reform

Framework or Reform Article

11

11/23/15

Specific Compliance,

Certification and Accreditation (C&A),

Risk Management Framework (RMF)

C&A / RMF Article

12

11/30/15

Implementation and Contingency Planning,

Final Exam Review

Planning Article

13

12/07/15

Student Research Presentations

Paper & Presentation Due Before Class

Research Paper & Presentation

12/14/15

Final Exam


Attendance Policy

 

Students are expected to attend each class, to complete any required preparatory work (including assignments – see schedule above) and to participate actively in lectures, discussions and exercises.  As members of the academic community, all students are expected to contribute to class discussions regardless of their proficiency with the subject matter.

 

Students are expected to make prior arrangements with the instructor if they know in advance that they will miss a class and to consult with the instructor as soon as possible if they miss any class without prior notice.

 

Departmental policy requires students to take exams at the scheduled time and place, unless there are truly compelling circumstances supported by appropriate, written documentation.  Except in such circumstances, failure to attend a scheduled exam may result in a score of zero (0) for that exam.

 

 

Classroom Conduct

 

Students are expected to be punctual, alert, and prepared for each class.  Be considerate of other students, i.e., be quiet for the duration of the class period, except when you have something to contribute to the entire class.  Please feel free to ask questions and / or offer pertinent comments in class.  If you are confused, more than likely, someone else is too.  If you need extra help, please schedule an appointment with the instructor.  Cell phones have no place in class; either leave them behind or turn them off prior to entering the classroom.  In addition, GMU policy prohibits food of any kind in classrooms.

 

 

Communications

 

Communication with the instructor on issues relating to an individual student should be conducted using GMU email, or in person, not the public forums on Blackboard.  GMU email is the preferred method for communicating with the instructor (rcurts@gmu.edu).  Email messages from the instructor to all class members will be sent to students' GMU email addresses – if you use another email account as your primary address, you should forward your GMU email to that account.

 

Registered students will be given access to a section of Blackboard for this course.  Blackboard will be used as the primary mechanism (outside of lectures) to disseminate course information, including this syllabus, schedules, announcements, lecture slides, homework, other assignments and scores for homework, the research project and exams.

 

Lecture slides are complements to the lecture process, not substitutes for it - access to lecture slides will be provided in Blackboard as a courtesy to students provided acceptable attendance is maintained.

 

All course materials (lecture slides, assignment specifications, etc.) are published on Blackboard in Adobe® Portable Document Format (PDF).  This allows users of most computing platforms to view and print these files.  Microsoft® Office, MS Visio, or a compatible set of applications is required for the research project and all assignments.

 

The Discussion section of Blackboard is provided for the use of students.  The instructor will NOT monitor Blackboard discussions on a regular basis.  However, GMU email will be answered promptly, usually within 24 hrs.

 

 

Policies & The University Honor Code

 

The homework and all other assignments in this course represent individual work.  As always the GMU Honor Code holds.  Stated in English, do the work yourself.  If you need help, see the instructor.  The most frequent violations of the university honor code and policies include but are not limited to:

 

v  Copying or sharing a file / homework or any portion of a file / homework from / with another student.

v  Sharing or allowing another student to copy your files / homework or any portion of a file / homework.

v  Duplicating or distributing unauthorized copies of copyrighted software programs, lectures, publications or other materials.

v  Unauthorized access or use of university computers, computer systems, or computer networks.

v  Creating, sending or distributing electronic chain letters or Spam.

v  Using a disk containing a virus in a computer lab or computer system, or distributing the virus on the computer network.

v  Using the university computers, computer system, or computer network to view or distribute profanity or objectionable material.

 

 

See: http://www.gmu.edu/academics/catalog/9798/honorcod.html


Homework / Discussion Topics

 

Homework for this course will be independent research oriented.  Students are required to supplement the lecture materials with recent literature.  Prior to each lecture, students are expected to find current literature that is related to IT and the material covered by the lecture, and provide a synopsis of the article(s) to the class during the class period as indicated on the schedule.  Synopses are to be presented during each class period for group discussion.  Literature synopses will be graded upon their relevance to IT, the discussed lecture, quality of the publication from which they are drawn, presentation quality (summary, key points, conclusions) and degree of student understanding of the information presented (determined through question and answer discussions).  All synopsis presentations must be accompanied by a one page (maximum) summary which will be uploaded to Blackboard prior to class.  Summaries shall include the article reference citation in MLA format, a brief article summary, discussion of key points, as well as the student’s personal assessment and conclusions, in the format provided.  Research that indicates new advances in technology, major changes in government policy and / or the impacts of technology / federal policy on the Federal IT, IA or IT Security environment is encouraged.  Each homework submission must relate to both IT / IA / IT security and the lecture topic.

 

Homework is submitted through Blackboard and is due before class on the date specified.  All homework materials (charts, diagrams, text, etc.) may be generated in MS Office and / or Office compatible software as appropriate, and uploaded to Blackboard.  Be sure to include your name in the header of all homework assignments.  The instructor teaches multiple sections.  Therefore, in order to ensure that homework is properly credited all homework files shall use the following naming convention:

 

ISA 650 001 F15 L?? Username.xxxx

 

Where “??” represents the two digit lecture number, “Username” is your student email / Blackboard ID and “xxxx” represents the type of document (.docx, .xlsx, .pptx, .zipx, etc.).  If your submission requires multiple files, combining them into a single Zip file for upload is recommended.  For example, homework for lecture number two, submitted by a student named John Smith, using a Zip format would be labeled:

 

ISA 650 001 F15 L02 JSmith.zip.

 

            All homework is required to be submitted on time in order to receive credit.  Except in VERY EXTRAORDINARY circumstances,

 

LATE HOMEWORK WILL NOT BE ACCEPTED.

 

            All homework assignments are completed by the student and presented to the instructor as partial fulfillment of course requirements.  As such the instructor and the University reserve the right to use student coursework as classroom examples for this class, future courses / classes, and other educational purposes as appropriate.
Research Paper

 

Students shall be organized into groups; the number and size of the groups depends upon enrollment.  Each group shall prepare a 10 page (minimum) research paper on a topic assigned by the instructor.  Research papers shall be double spaced with 1” margins and Times New Roman 12 point font.  Page requirements are exclusive of title page, table of contents, abstract, index, bibliography, appendices and other such ancillary material.  It is the responsibility of the individual group / student to analyze the topic and provide a meaningful summary, discussion, conclusions, recommendations and, where appropriate, propose effective information technology policy-based solutions.  Keep in mind that finding fault is easy – and, it has been done numerous times before by many researchers.  The hard (and more interesting) part is developing a workable solution.

 

Research papers are intended to be an in-depth look at some issue relevant to course material.  As such they should provide insight well beyond what has been discussed in class, books, journals, newspapers, magazines, web sites, blogs or other media.  Research papers are NOT to be a summary nor a restatement of previously covered ground.  On the contrary, they should add to the body of knowledge in the area of Federal IT Policy or some closely related issue as assigned.

 

 

Class Presentation

 

Each group shall prepare a short classroom presentation summarizing their research paper.  Classroom presentations shall include approximately 10 - 15 slides and a 20 - 30          minute synopsis of the research paper followed by 5 - 10 minutes for questions and answers.  The actual length of the presentations depends upon the number of groups / enrollment.  Each member of the group must participate in the presentation.  Students should be prepared to field questions as time permits.  Presentations will be graded on the degree to which a systematic approach to problem solving was followed and on the extent to which the conclusions and proposed solutions were researched and substantiated.  The instructor’s grading will be supplemented by peer grading.

 

 

If you are concerned or confused about some aspect of this project,

discuss it with the instructor

WELL BEFORE

 it is due and in time to make adjustments as necessary.

 

 

As with homework, all research papers and classroom presentations are completed by the student and presented to the instructor as partial fulfillment of course requirements.  As such the instructor and the University reserve the right to use student coursework as classroom examples for this class, future courses / classes, and other educational purposes as appropriate.

 

Exams

 

In accordance with department policy, students who arrive more than 15 minutes late for any exam will not be permitted to take the exam and will automatically receive a grade of zero for the exam.  Makeup exams are very rarely given.  Requests for a delayed exam due to multiple tests (>2) in one day will ONLY be considered if the proper forms are completed and in the instructor's hands well before the scheduled exam date.

 

Exams are intended to test the students’ knowledge of the materials discussed in the readings and lectures.  Consequently, each test may include one or two Short Answer and / or Essay questions, plus Completion, True/False, Multiple Choice, Multiple Response and Matching type questions.

 

 

Quizzes & Exercises

 

Exercises and quizzes may be conducted in selected class sessions throughout the semester.  Quizzes and exercises will not be announced in advance.  Any student who misses an exercise or quiz due to an unexcused absence will receive zero (0) for that exercise


Grading

 

Grades will be awarded in accordance with the GMU Graduate Grading System as follows:

 

Numeric Grade

Grade

Quality Points

Pass / Fail

97%

-

100%

A+

4

Satisfactory / Passing

94%

-

96%

4

Satisfactory / Passing

90%

-

93%

A-

3.67

Satisfactory / Passing

87%

-

89%

B+

3.33

Satisfactory / Passing

83%

-

86%

3

Satisfactory / Passing

80%

-

82%

B-

2.67

Satisfactory* / Passing

70%

-

79%

2

Unsatisfactory / Passing

0%

-

69%

0

Unsatisfactory / Failing

 

* Although a B- is a satisfactory grade for a course at this level, students must maintain a 3.00 average in their degree program and present a 3.00 GPA on the courses listed on the graduation application.

 

 

Raw scores may be adjusted (i.e., a curve may be applied) by the instructor to calculate final grades.  Grades will be assigned as follows:

 

15% - Homework / Quizzes / Participation

20% - Mid Term Exam

20% - Final Exam

25% - Research Paper

20% - Research Presentation

 

Note that homework, quizzes and class participation account for 15% of your grade.  Failure to submit homework on time, skipping class, or failing to participate in classroom discussions and exercises will have a significant negative impact on your final grade.

 

 

If you have any questions or concerns related to any aspect of this course and/or related requirements, discuss them with the Instructor

Well BEFORE

they become an issue.