ISA 650: Security Policy

Fall 2008 semester:                 S&T I room 122: Mondays 4.30 to 7.10 PM

Dr. Edgar H. Sibley
Room 359, Science & Tech II
Office Phone: (703) 993-1669
esibley@gmu.edu

Objectives

This course focuses on policy and management aspects of IS, especially security, as it relates to the legal and management aspects of international and national IS.  Students will participate by preparing and presenting material, entering into discussions, and writing a paper.  Reading material is generally current and available on the Web.      Students will be expected to contribute in discussion of policy issues.   

Consultation

Sibley is normally in his office on Mondays and Tuesdays from about 9:30 a.m. and always from 2:00 – 4:15 p.m. on Mondays and Tuesdays.  Other times are available by appointment or by phone.  All changes, grades, and announcements will be made by WebCT or the new GMU system.   

Grading

The elements of the course will be weighted as follows:

Presentation

100

Major Paper

150

Mid-term Exam

100

End-term Exam

100

Total

450

Referenced Material (with revisions as passed by Congress, etc.)

Digital Millennium Copyright Act

http://www.copyright.gov/legislation/dmca.pdf

HIPAA

http://aspe.hhs.gov/admnsimp/pl104191.htm

Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives

http://www.fas.org/irp/crs/RL32357.pdf

E-Government Act of 2002 (contains FISMA)

http://csrc.nist.gov/policies/HR2458-final.pdf

NSD 42

http://www.cnss.gov/Assets/pdf/CNSSD-502.pdf

US Patriot Act

http://www.epic.org/privacy/terrorism/hr3162.html

Homeland Security Act

http://www.dhs.gov/interweb/assetlibrary/hr_5005_enr.pdf  

The National Strategy to Secure Cyberspace:

http://www.whitehouse.gov/pcipb/

Common Criteria

http://www.commoncriteriaportal.org/

GAISP V3.0

http://www.issa.org/gaisp/_pdfs/v30.pdf

GAISP Detailed Principles Cookbook.

//www.issa.org/gaisp/_pdfs/v30.pdf (2003)

Generally Accepted Systems Security Principles (GASSP)

http://www.infosectoday.com/Articles/gassp.pdf

SSE-CMM. The Model. v3.0.

http://www.sse-cmm.org

 

Provisional Outline

Week

Topic

Aug 25

Introduction, Policy, Law, and IT

Sept 8

Intellectual Property Rights and Monopoly Issues

Sept 15

Standards and Common Criterion
Sarbanes Oxley, HIPAA, Gramm, Leach, Bliley, etc.

Sept 22

Privacy, FOIA, and Non-Security Acts Affecting Computer Systems

Sept 29

Computing Laws for NGOs and Software Piracy, etc.

Oct 6

Values, Ethics, Professionalism/Certification, and Computer Crime

Mid-term Exam  (one hour)

Oct 14

International Issues & Cultural Aspects
The Activist and Ethical Role of IS: The Disadvantaged & the Disabled

Major Paper Due

Oct 20

The Patriot Act & The Homeland Security Act

Oct 27

Other Security Acts, DoD Standards

Nov 3

National Infrastructure & Organizational Policy
Computer Safety, Disaster Recovery, etc.

Nov 10

National & State Laws and Directives

Nov 17

CIP, SCADA, and International Issues

Nov 24

Presentations 1

Dec 1

Presentations 2

 

Assignments

The paper must be submitted in a well-known publication format (e.g., AP, APA, MLA, ALA).  You are encouraged to download the EndNotes Program (free to GMU students) which automatically formats references in conjunction with MS Word. Assume that your audience is an intelligent reader with computer knowledge but who is not familiar with your specific paper topic.  Do not use slang or colloquialisms. 

Papers must adhere to the defined 20 page limit using the Times New Roman font of 12 points with 1.5 line spacing and one-inch margins at the sides, top, and .  Papers will be considered late if they are not uploaded by midnight of the date due.  I shall not accept hardcopy in lieu of this.  Late material will be assessed a penalty of 10 % per day. 

The content of assignments is expected to be the original work product of the student.  All sources must be cited appropriately in the context of their usage and according to the style guide chosen.  Quotes and their source must be identified.  The use of the work product of others without attribution constitutes plagiarism and is an Honor Code violation.  Please note that paraphrasing sources can be plagiarism if the sequence of ideas is not your own.  Any student engaging in plagiarism will receive a failing grade for the course, and be the subject of an Honor Code report.  Please refer to the University Honor Code available at http://www.gmu.edu/depts/unilife/honorcode.html for additional information.  To guard against plagiarism and to treat students equitably, assignments may be checked against existing published materials or digital databases available through plagiarism detection services.