Course Outline for:
ISA 650: Security Policy
and
INFS 790: Information Systems Policy and Administration
Monday 4.30-7.10 pm Room DK 1006 (may change)
Available Monday and Wednesday from 2pm to 4pm in my office, or by appointment at other times
The course focuses on policy aspects of organizational and governmental IT – with particular emphasis on the management of those IS having national and international connectivity. Issues therefore include legal, security, international, cultural, and local factors. Students are expected to participate regularly in presenting material, in discussion of recent problems and issues, by writing short papers on major issues and by writing and presenting a topic dealing with policy.
To examine the laws, regulations and policies affecting businesses and national security and their interrelationships. These, in turn, require companies and governmental offices to implement procedures that result in effective security management both nationally and internationally.
Readings: There are no texts: material will be asssigned from the Web, for example:
Digital Millennium Copyright Act http://www.copyright.gov/legislation/dmca.pdf
HIPAA http://aspe.hhs.gov/admnsimp/pl104191.htm
Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives
http://www.fas.org/irp/crs/RL32357.pdf
E-Government Act of 2002 (contains FISMA) http://csrc.nist.gov/policies/HR2458-final.pdf
NSD 42 http://www.cnss.gov/Assets/pdf/CNSSD-502.pdf
US Patriot Act http://www.epic.org/privacy/terrorism/hr3162.html
Homeland Security Act http://www.dhs.gov/interweb/assetlibrary/hr_5005_enr.pdf
DoD Directive 8500 http://www.dtic.mil/whs/directives/corres/pdf/d85001_102402/d85001p.pdf
The National Strategy to Secure Cyberspace: http://www.whitehouse.gov/pcipb/
Common Criteria http://www.commoncriteriaportal.org/
The IAVA process http://www.cnss.gov/Assets/pdf/cnssi_4013.pdf
NIST SP 800-53 Rev 3 http://csrc.nist.gov/news_events/index.html
The Commonwealth of Virginia Requirements for its Security Management
Grading on a B+ curve
Mid Term Exam = 100
Five Homework-papers = 100 (20 each)
Major Paper = 100
Second Exam = 100
Presentation = 100
Total = 500
Tentative Outline
1. Aug 30 Introduction: General Policy, Security Policy, and the Law
What is Policy? How does it affect national and international Laws? The effect of Treaties? Discuss major paper topic
2. Sept 13 The Structure of Countries and the Legislative Process HW 1 due
The US and EU, their internal laws and the structural relationships
3. Sept 20 Non-Security
Acts affecting Computer Systems (1)
Copyright, patent, trademark, trade secrets, contracting aspects of IS and
international Web issues. Proposed topic
for paper and presentation due
4. Sept 27 Non-Security Acts affecting Computer Systems (2) HW 2 due
Monopoly Issues and Recent Computing Laws for non-Government Organizations, DoJ and the Computing Industry, Sarbanes Oxley, HIPAA
5. Oct 4 Introduction to Security Laws HW 3 due
Critical Infrastructure protection and SCADA Systems
6. Oct 12 NOTE Day change! Mid Term Exam
The Patriot Act and The Homeland Security Act
Problems and inter-relationships. The role of States and major cities
7. Oct 18 International Standards and the Common Criteria HW 4 due
8. Oct 25 Security Management Policy
The changing Role of the FTC as policy watchdog, The DoD IAVA process, the role of the OMB in Privacy/Security Management
9. Nov 1 First student Papers Presented
Directives 8500 and 8100.2 HW 5 due
10. Nov 8 National and State Infrastructure Aspects
Examples: DC and the DHS, NY State and NY City, and the State of Virginia interaction
11. Nov 15 Second Student Papers
The GIG (Global Information Grid) Cloud Computing and Security Problems
12. Nov 22 Third Student Papers
Cyber Warfare and the role of the UN
The UN Charter and international laws on warfare, etc.
13. Nov 29 Review and NewTopics
14. Dec 6 Second one hour Exam
Last updated August 11 2010