Description

  • This course focuses on the managerial aspects of information assurance which is commonly known as a process – a continuous series (or chain) of projects. Topics covered include access control models, information assurance governance, and information assurance program assessment and metrics. Coverage on the foundational and technical components of information assurance is included to reinforce key concepts.
  • Students will learn how to properly manage security projects by going through the well-established project management, systems analysis and design practices, with special attention to the unique requirements found in security projects. Students will learn also basic skills and knowledge for a preparation of successful Capstone Projects.

Main objectives

  • LO1 Identify and describe basic project management practices and techniques; understand the significance of the project manager’s role in the success of a security project.
  • LO2 Understand the importance, benefits, desired outcomes of security governance and the principal components of security system implementation planning.
  • LO3 Understand three major types of security policy and the process of developing, implementing, and maintaining various types of information security policies.
  • LO4 Understand the role of project management in security and how to plan, staff and manage an organization’s information security program.
  • LO5 Apply risk management methods and tools to a security project.
  • LO6 Recommend a security management model and explain how it can be customized to meet the needs of a particular organization.
  • LO7 Describe the key components and identify suitable strategies for the implementation of a security performance measurement program.
  • LO8 Describe the major components of incident response, disaster recovery and business continuity; define the components of crisis management and business resumption.
  • LO9 Identify the skills and requirements for security positions; discuss and implement security constraints on the general hiring processes.
  • LO10 Identify common control approaches and describe the types of intrusion detection and prevention systems and the strategies on which they are based.

Assessments

  • Ongoing assessment:
    • 01 Midterm Progress Test: 10%
    • Participation in Discussions: 10%
    • 06 Group Reports: 30%
    • Group Project Presentation: 20%
  • Final exam: 30%
  • Completion Criteria: Every on-going assessment component > 0 & Final Exam Score >=4 & Final Result >=5

Course schedule

  1. Introduction
  2. Lecture 1. Introduction to the Security Project Management
    • 1.1 Security Project Management
    • 1.2 Technical Aspects of Implementation
    • 1.3 Nontechnical Aspects of Implementation
    • 1.4 ISS Certification and Accreditation
    • 1.5 Class Discussion: Six Ps in Security Management
  3. Guide: Capstone Project Document for IA Specific Purposes
  4. Review and Discussion: The IA Integrated Model
  5. Guide – Working in Groups: Security Trends
  6. Lecture 2. Governance and Strategic Planning for Security
    • 2.1 The Role of Planning
    • 2.2 Strategic Planning
    • 2.3 Security Governance
    • 2.4 Planning for Security Implementation
  7. Group Report 1: A Chosen Theme for a Security Project
  8. Lecture 3. Security Policy
    • 3.1 Why Policy?
    • 3.2 Enterprise Security Policy
    • 3.3 Issue-Specific Security Policy
    • 3.4 System-specific Security Policy
    • 3.5 Guidelines for Effective Policy Development and Implementation
    • 3.6 A Final Note on Policy
  9. Review and Discussion: Information Assurance Policy Implementation
  10. Lecture 4. Developing the Security Program
    • 4.1 Organizing For Security
    • 4.2 Placing Information Security within an Organization
    • 4.3 Components of the Security Program, Security Roles and Titles
    • 4.4 Implementing Security Education, Training and Awareness Programs
    • 4.5 Project Management in Information Assurance
  11. Group Discussion: Security Project Management Plan
  12. Group Report 2: Security Project Management Plan
  13. Lecture 5. Risk Management: Identifying, Assessing and Controlling Risk
    • 5.1 Risk Management – a Review
    • 5.2 Risk Identification
    • 5.3 Risk Assessment and Risk Appetite
  14. Lecture 5 (cont.)
    • 5.4 Risk Control and Managing Risk
    • 5.5 Recommended Risk Control Practices
  15. Review and Discussion: Security Management and Risk Management
  16. Group Discussion: Security Project Risk Assessment
  17. Group Report 3: Security Project Risk Assessment
  18. Review for Midterm & Midterm Progress Test
  19. Group Discussion: Security Project Risk Management Plan
  20. Group Report 4: Security Project Risk Management Plan
  21. Lecture 6. Security Management Models
    • 6.1 Introduction to Blueprints, Frameworks and Security Models
    • 6.2 Access Control Models
    • 6.3 Security Architecture Models
    • 6.4 Academic Access Control Models
    • 6.5 Other Security Management Models
  22. Group Discussion: Development and Implementation Plan
  23. Lecture 7. Security Management Practices
    • 7.1 Introduction To Security Practices
    • 7.2 Performance Measurement in Security Management
    • 7.3 Trends In Certification and Accreditation
  24. Lecture 8. Review and Discussion: Planning for Contingencies
    • 8.1 Incident Response
    • 8.2 Disaster Recovery
    • 8.3 Business Continuity, Business Resumption and Testing Contingency Plans
    • 8.4 Managing Investigations in the Organization
  25. Lecture 9. Review and Discussion: Personnel and Security
    • 9.1 Introduction to Personnel and Security
    • 9.2 Information Security Professional Credentials
    • 9.3 Employment Policies and Practices
  26. Group Report 5: Development and Implementation Plan
  27. Lecture 10. Review and Discussion: Protection Mechanisms
    • 10.1 Introduction to Protection Mechanisms
    • 10.2 Managing Network Security
    • 10.3 Cryptography
  28. Group Report 6: Validating Documentation
  29. Group Project Presentation
  30. Course Review

Learning materials

  • Michael E. Whitman, Herbert J. Mattord, Management of Information Security, 5th Edition, Cengage Learning, 2017.
  • Tony Campbell, Practical Information Security Management: A Complete Guide to Planning and Implementation, Apress, 2016.
  • Shon Harris, Fernando Maymi, CISSP Exam Guide, 7th Edition, McGraw-Hill Education, 2016.
  • Susan Snedaker, Syngress IT Security Project Management Handbook, Syngress, Elsevier, 2006.
  • Scott Tilley, Harry J. Rosenblatt, Systems Analysis and Design, 11th Edition, Cengage Learning, 2017.
  • Michael E. Whitman, Herbert J. Mattord, Principles of Information Security, 6th Edition, Cengage Learning, 2018 (pdf of 5th Edition).
  • Lecture slides, supplementary materials.