Course Outline for:

ISA 650: Security Policy


INFS 790: Information Systems Policy and Administration

Monday 4.30-7.10 pm Room DK 1006 (may change)

Instructor: Dr. Edgar H. Sibley. Office: Engineering [level 5] 5355

Available Monday and Wednesday from 2pm to 4pm in my office, or by appointment at other times

Prerequisite: ISA or INFS graduate standing

The course focuses on policy aspects of organizational and governmental IT – with particular emphasis on the management of those IS having national and international connectivity. Issues therefore include legal, security, international, cultural, and local factors. Students are expected to participate regularly in presenting material, in discussion of recent problems and issues, by writing short papers on major issues and by writing and presenting a topic dealing with policy.


To examine the laws, regulations and policies affecting businesses and national security and their interrelationships. These, in turn, require companies and governmental offices to implement procedures that result in effective security management both nationally and internationally.


Readings: There are no texts: material will be asssigned from the Web, for example:

Digital Millennium Copyright Act


Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives

E-Government Act of 2002 (contains FISMA)

NSD 42

US Patriot Act

Homeland Security Act

DoD Directive 8500

The National Strategy to Secure Cyberspace:

Common Criteria

The IAVA process

NIST SP 800-53 Rev 3

The Commonwealth of Virginia Requirements for its Security Management

Grading on a B+ curve

Mid Term Exam              = 100

Five Homework-papers      = 100 (20 each)

Major Paper                    = 100

Second Exam                  = 100

Presentation                   = 100

Total                             = 500

Tentative Outline

1. Aug 30     Introduction: General Policy, Security Policy, and the Law

What is Policy? How does it affect national and international Laws? The effect of Treaties? Discuss major paper topic

2. Sept 13     The Structure of Countries and the Legislative Process HW 1 due

The US and EU, their internal laws and the structural relationships

3. Sept 20     Non-Security Acts affecting Computer Systems (1)
Copyright, patent, trademark, trade secrets, contracting aspects of IS and international Web issues. Proposed topic for paper and presentation due

4. Sept 27     Non-Security Acts affecting Computer Systems (2) HW 2 due

Monopoly Issues and Recent Computing Laws for non-Government Organizations, DoJ and the Computing Industry, Sarbanes Oxley, HIPAA

5. Oct 4        Introduction to Security Laws HW 3 due

Critical Infrastructure protection and SCADA Systems

6. Oct 12 NOTE Day change! Mid Term Exam

The Patriot Act and The Homeland Security Act

Problems and inter-relationships. The role of States and major cities

7. Oct 18      International Standards and the Common Criteria HW 4 due

8. Oct 25      Security Management Policy

The changing Role of the FTC as policy watchdog, The DoD IAVA process, the role of the OMB in Privacy/Security Management

9. Nov 1       First student Papers Presented

Directives 8500 and 8100.2 HW 5 due

10. Nov 8      National and State Infrastructure Aspects

Examples: DC and the DHS, NY State and NY City, and the State of Virginia interaction

11. Nov 15    Second Student Papers

The GIG (Global Information Grid) Cloud Computing and Security Problems

12. Nov 22    Third Student Papers

Cyber Warfare and the role of the UN

The UN Charter and international laws on warfare, etc.

13. Nov 29    Review and NewTopics     

14. Dec 6      Second one hour Exam

Last updated August 11 2010