Syllabus for Roster(s):

  • 19Sp BUS 5010-701 (SCPS)
In the UVaCollab course site:   19Sp BUS 5010-701 (SCPS)

Class Weekly Schedule

UVA Weekly Schedule:  Cyber Security Management

Spring 2019

 

Class 1:  16 January        Understanding the threat environment                                ONLINE @ 6 pm

Class 2:  23 January        Cyber and the C-Suite - Technology vs .Mgt Balance         ONLINE @ 6 pm

Class 3:  30 January        Cyber Operations and Security Mgt                                      ONLINE @ 6 pm

Class 4:  6 February        Defense in Depth                                                                      Case Study

Class 5:  13 February      Pen Testing and Vulnerability Assessments                          ONLINE @ 6 pm

Class 6:  20 February      Information Sharing/Cloud Security & Digital Resiliency  ONLINE @ 6 pm

Class 7:  27 February      Cyber Forward  (Internet of Everything)                              ONLINE@ 6 pm

Class 8:   17 October      Draft of Final presentation due ONLINE                             ONLINE @ 6 pm

Final Papers Submitted for Grading - 

 

              

 

Spring 2019 Syllabus

BUS5010 Cyber Security Management

Online Synchronous, Wednesdays, 6 pm

Class Overview and Syllabus

 

General Class Information

 

   Instructor Name and Contact Information:

Dr. James E. Lantzy (Jim)

Jl4dm@virginia.edu

jimlantzy@gmail.com

703.964.7921

 

Subject Area and Catalog Number: BUS5010 Cyber Security Management

 

Year and Term: 2019 Spring Semester

 

Class Title: BUS5010 Cyber Security Management

Level Graduate

 

Credit Type: 3 Credit Hours

 

Class Description

 

This foundation course provides managers with the essential framework needed to design and develop an effective information security program.  Students explore methods used to raise general security awareness, review current industry practices, and develop expertise needed to adapt policies to safeguard proprietary information.  Instruction focuses on key security principles that are critical to protecting information assets and network infrastructure in open access computing environments. The principles of authentication, data integrity, privacy (encryption), access control, trust and non-repudiation are explored in detail.

 

Required Text:

Corporate Computer Security (4th Edition) Paperback  – January 17, 2014 by Randall J. Boyle   (Author),    Raymond R. Panko (Author)

ISBN-13: 978-0133545197  ISBN-10: 0133545199  Edition: 4th

 

Bookstore Information: Please purchase the text online or visit the UVA Bookstore

 

Learning Outcomes:

 

On successful completion, the student will be able to:

 

Understand, open access and limited (traditional) access, perimeter defenses and security, point solutions and life cycle (holistic) security, risk analysis and threat analysis.

 

Identify hacker strategies and attack tools, attack classes, i.e., distributed denial of service tools, backdoor programs, virus types, sniffer programs and Trojan horses.

 

Gain competency in developing strategies and countermeasures for thwarting hacker exploits and tactics.

 

Establish and implement an incident response team to address incursions on enterprise networking operations.

 

How to plan, respond to and survive a hacker attack.

 

Construct and administer a plan for hardening the network’s infrastructure against hacker incursions and security breaches. Focus is on routers, operating systems and firewalls.

 

How to plan and coordinate the implementation of holistic security measures in multiple layers within the IT networking environment.

 

Demonstrate proficiency in developing operating models for security risk assessment and vulnerability assessment.

 

Demonstrate proficiency in understanding how to apply the various options available for IT security architecture to a given set of requirements. Focus is on firewalls, intrusion detection systems, authentication and single sign on systems and vulnerability evaluation tools.

 

How to track vulnerabilities and security incidents through public Web sites and plan for applying vendor related patches and updates in an ongoing basis.

 

Demonstrate proficiency in design and development of security risk analysis models.

 

Assessment Components:

The course will be delivered by synchronous and asynchronous online instruction:  lecture notes, and reports from group collaboration on case studies. PowerPoint presentations supplemented by the text books, white papers articles, and the instructor lead discussions are provided. Interaction with classmates, especially for case study assignments is encouraged.  Additionally, there will be online activities that students must participate.

 

Graded Discussions and Participation Weekly           40 points

Assignments and Case Studies                                   35 points

Final Team Project and Presentation                          25 points

 

Required Technical Resources and Technical Components

 

Technical Specifications: Computer Hardware

  • Operating system: Microsoft Windows 8.1 (64-bit) or Mac OS X 10.10
  • Minimum hard drive free space: 100GB, SSD recommended
  • Minimum processor speed: Intel 4th Gen Core i5 or faster
  • Minimum RAM: 8GB

 

Technical Support Contacts

 

Class Specific Information

 

Class Instruction and Activities:

 

The course will be delivered by instruction, lecture notes and reports from group collaboration on case studies.  PowerPoint presentations supplemented by the textbooks, white papers articles, and the instructor lead discussions will be provided.  Interaction with classmates, especially with on-line discussions is encouraged. This class is structured to build critical thinking skills in the domains of digital resilience and cyber security practices for accounting and business professionals through domain specific curriculum enabling students to immediately apply knowledge in their place of business and lives.

 

  1. Synchronous Online Lectures:
  • Class will be on Wednesday evening at 6 pm ET each week and recorded
  • Students are expected to attend online and participate in each class
  1. Interactive Asynchronous Online Discussions:
  • Weekly graded discussions include initial post and response on two or more peers and due before the start of the next class.
  1. Assignments/Case Studies:
  2. Assignments and interactive case studies will be used as a form of testing the application of the learning
  3. Teaching and Learning:
  • A variety of teaching and learning tools will include readings from the text, instructor supplied supplemental materials and “real world” application from cyber security news in linkedin, twitter, instructor recorded materials and social media.

 

Class Requirements:

Reading Assignments: Students are expected to read all assigned readings before the class in which the topics will be discussed. Students are also encouraged to read as much of the suggested readings as possible to enhance their insight into the course subject matter. The instructor will provide additional materials such as related white papers and reprinted articles during class sessions.

  • Class online attendance is mandatory. If unforeseeable circumstances cause a student to miss more than two classes, that student is expected to discuss the situation in advance with the instructor to make up assignments.
  • All work done outside of class and in conjunction with the course must be typed and double spaced. The instructor reserves the right to impose other formatting instructions as the need arises i.e., footnotes should be included at the end of assignments instead of at the bottom of each page, etc.
  • Work is due when scheduled. No exceptions. Failure to meet deadlines each week with FORUM discussions and assignments will result in reduced grades.
  • Students should be prepared to devote several hours per week to conduct research in support of weekly assignments.
  • Before each class, each student should study the assignment chapters in the text and designated reading materials assigned by the instructor. Each student is expected to participate in classroom and online discussions and case study activity. All online instruction will be recorded.

Course Participation:

  • Weekly interactive discussion forums and collaborative sessions
  • Forums/Discussion Boards 40 points
    • 3 posts required [1 initial and minimum of 2 responses to peers
    • Initial post and responses need to be completed before the next class
    • Each discussion must be properly researched and sourced with supporting links.
  • Assignments/Case Study Assessments 35 points
    • Assignment/Case Study 1
      • Developing a C-Suite Mindset by understanding the threat environment and what is important to the C-Suite and how they prioritize opportunities, risk and apply a cyber security strategy for their organization.
    • Assignment/ Case Study 2
      • Physical Security – performing a physical security review and assessments hands-on activity and industrial controls systems.
    • Understanding the Threat Environment – review of the 2018 World Wide Threat Matrix
    • Social Engineering- a review of the role of Big Data, its role in society and business applications and how to protect your business resources.
    • Access Controls and Biometrics – understanding their uses as safeguards to information and data to enable a flexible and resilient approach to safeguarding assets.
    • Penetration Testing and Vulnerability Assessments – understanding their role, application and techniques in support of critical infrastructure protection planning and information assurance.
    • Understanding the practices of information sharing – governance, best practices, and critical measures through a review of events in the news.
  • Final Project - position paper and presentation - 25 points

Evaluation Standards and Assessments:

Student grades will be determined by class participation, course assignments, examinations, case study work, and other projects.   Students are expected to complete all assigned reading and problems and take all examinations by the assigned dates.  Students will be familiar with and conduct themselves in accordance with the UVA Honor Code.    To get the most out of the class, students should read the chapters and complete assignments on time and stay current with the material.  Also, students should log on the class page frequently to keep current with questions/answers and other postings.

The instructor will assign weekly assignments that will draw upon student’s knowledge and proficiency with security concepts and principles challenge their ability to implement practical cost-effective architecture solutions and collaborate as a team as necessary in the real world. 

Class Schedule:

Schedule of Assignments: *** Please review the schedule posted online

Class Date

Description

Assignments

Session One

 

 

Understanding the threat environment

 

Reading: Chapter 1-2

Other posted info

Weeks 1/2: Online Assignment

Forums: Introductions and Sony or TJX Case for those using version 3 of the text.

 

 

Pick 2 of 3

Session Two:

Technology vs Mgmt Balance

Chapter 2 & Module A

Other posted info

Online Assignment

Forums: FAA Case Study on Cyber Architecture Assessment

Access Controls Exercise

Session

Three:

Access Controls and Biometric Systems

Chapter 5

Other posted info

Week Three: Online Assignment

Forums:  Chinese Cyber Threat

Stewardship in Cyberspace

Session Four:

Online Assignment

Forums: Cyber Legislation

 

Reading Chapter 6

Other posted info

Session

Five:

Networking Concepts

Ref to Module A

Other posted info

 

Online Assignment

Forums: Cyber Operations

Host and Data Security

Session Six:

 

Application Security

Reading Chapter 8

Other posted info

Assignment

Forums:  Wizard of Oz….and Profile of a Hacker

Week 6:  In the news!

Session

Seven:

Future Trends in Information Security

N/A - Use time to work on final Position Paper

Session 8

Term Position  Paper/Final Presentations Due

 

Draft Position Paper due by 6pm

 

Final position papers with edits submitted for grade

 

 

 

Communication & Student Response Time:

You can email me at jl4dm@virginia.edu or jimlantzy@gmail.com  and contact me via text or phone at 703.964.7921

Office Hours – 24x7 – The importance of your success in this class is my priority therefore I do not want to be in your critical path to realizing your fullest potential.  I am also available to SKYPE with you during the week if you text me, email me in advance.  My SKYPE address is jim.lantzy@skype.com

Announcements:

Announcements will be made on a weekly basis outlining the weekly objectives, outcomes and graded materials for the week.

Assignments:

Class Final Decision Brief: Each student [or groups of students – max 4 per group] must select and complete a term project. The instructor will approve the topic. The format of the term paper will use the standards of the APA format. This detailed analysis will focus on understanding the threat environment across industry, government, and academia and the overall mastery of the concepts and principles of this course in information security management and the proficiency in applying the concepts to address real world requirements and situations. This final assessment will allow students to demonstrate mastery around identifying hacker strategies and attack tools; and develop a strategy that includes employee training and technical countermeasures for thwarting hacker exploits and attacks and an overall understanding of the IT Security Management role and threat environment for practicing the principles of good IT Security Management in their place of business.

** Please choose a topic that is IN THE NEWS TODAY – what is a recent problem (please post that link or copy in your paper and then WRITE THE SOLUTION as you see fit.

Suggested decision paper outline (3-5 pages):

•           Executive summary identifying challenge question and recommended decision for action

•           Introduction (purpose, methodology, structure)

•           Formulation of the problem and elaboration

•           Management, measures and techniques relevant to the topic

•           Approach methodology/presentation/body of discussion

•           Conclusions and recommendation

•           References and bibliography

 

Resources:

Supplemental Resources will be supplied online by the professor at time of instruction as needed.

Grading:

A+

98-100

A

94-97

A-

90-93

B+

87-89

B

82-86

B-

79-81

C+

75-78

C

71-74

C-

68-70

F

67 and Below

 

 

UVa Policies

SCPS Grading Policies: Courses carrying a School of Continuing and Professional Studies subject area use the following grading system: A+, A, A-; B+, B, B-; C+, C, C-; D+, D, D-; F.  S (satisfactory) and U (unsatisfactory) are used for some course offerings. For noncredit courses, the grade notation is N (no credit). Students who audit courses receive the designation AU (audit). The symbol W is used when a student officially drops a course before its completion or if the student withdraws from an academic program of the University. Please visit www.scps.virginia.edu/audience/students/grades for more information.

 

  • : Students are expected to attend all class sessions. Instructors establish attendance and participation requirements for each of their courses. Class requirements, regardless of delivery mode, are not waived due to a student's absence from class. Instructors will require students to make up any missed coursework and may deny credit to any student whose absences are excessive. Instructors must keep an attendance record for each student enrolled in the course to document attendance and participation in the class.

 

University Email Policies: Students are expected to check their official UVa email addresses on a frequent and consistent basis to remain informed of University communications, as certain communications may be time sensitive. Students who fail to check their email on a regular basis are responsible for any resulting consequences.

 

Mid-Term and End-of-Class Evaluations:Students may be expected to participate in an online mid-term evaluation.  Students are expected to complete the online end-of-class evaluation. As the semester comes to a close, students will receive an email with instructions for completing this. Student feedback will be very valuable to the school, the instructor, and future students. We ask that all students please complete these evaluations in a timely manner. Please be assured that the information you submit online will be anonymous and kept confidential.

 

University of Virginia Honor System:All work should be pledged in the spirit of the Honor System at the University of Virginia. The instructor will indicate which assignments and activities are to be done individually and which permit collaboration. The following pledge should be written out at the end of all quizzes, examinations, individual assignments and papers:  “I pledge that I have neither given nor received help on this examination (quiz, assignment, etc.)”.  The pledge must be signed by the student. For more information, visit www.virginia.edu/honor.

 

Special Needs: It is the policy of the University of Virginia to accommodate students with disabilities in accordance with federal and state laws. Any SCPS student with a disability who needs accommodation (e.g., in arrangements for seating, extended time for examinations, or note-taking, etc.), should contact the Student Disability Access Center (SDAC) and provide them with appropriate medical or psychological documentation of his/her condition. Once accommodations are approved, it is the student’s responsibility to follow up with the instructor about logistics and implementation of accommodations. Accommodations for test taking should be arranged at least 14 business days in advance of the date of the test(s). Students with disabilities are encouraged to contact the SDAC: 434-243-5180/Voice, 434-465-6579/Video Phone, 434-243-5188/Fax. Further policies and statements are available at www.virginia.edu/studenthealth/sdac/sdac.html

For further policies and statements about student rights and responsibilities, please visit www.scps.virginia.edu/audience/students

Graduate:

Students must earn a B- or better in all courses required for the graduate certificate to be awarded. Should a grade fall below a B-, the student has the option of retaking the course in order to complete the requirements and be awarded the certificate.  

 

Case Study Descriptions:

 

Case Study 1 – The C-Suite and You! 

 

The C-Suite has been evolving over the last 50 plus years and plays a key stakeholder role in all facets of business let along, cyber strategy today. To aid in our discovery, I would like you to do a quick interview with a C-Suite officer that you know or would like to get to know better in your area of industry, government, academia and understanding their priorities for overseeing the business of an organization and how they interact with matters of cyber security. 

 

http://www.cio.com/article/2368970/careers-staffing/143712-7-New-Faces-of-the-C-suite.html (Links to an external site.)Links to an external site.

 

Please form this assignment and your questions however you deem most important.  There are only three rules:

 

1) Establish your GOAL for this interview:  I would like to know what?

2) No more than 5 questions [you may use less] and you must include the sources for your questions and why you chose those questions for your case study interview.

3) Did you achieve your objectives in support of your goal?  Do you agree or disagree with the information you collected; How do you intend to apply it in either this course or in the future?

 

These interviews can be performed anonymously; the results will set the stage for you and crafting your own vision and understanding throughout this semester in this course.

 

Case Study 2 – Addressing Physical Security

 

This week is on understanding the environments around us and Physical Security Measures - this is true at the local, state, federal levels in government as well as industry, academia both here in the US and abroad.

 

The person who is most likely to govern this in an institution is the Chief Security Officer (CSO).  The principles they follow include these steps [at a very high level]:

 

Task 01/01: Identify assets to determine their value loss impact and criticality.

 

Task 01/02: Assess the nature of the threats so that the scope of the problem can be determined.

 

Task 01/03: Conduct a physical security survey in order to identify the vulnerabilities of the organization.

 

Task 01/04: Perform a risk analysis so that appropriate countermeasures can be developed.

 

Question/Goal for this week:1) Independently - choose 1 building on campus [library, science center, cafeteria, dorm, gymnasium] 2) Understanding at a very high level of the tasks associated above - I want you to create "YOUR OWN" list of 3-5 steps in your customized physical assessment. Please plan on using at least 90 minutes for this hands-on campus exercise.  You should as have noted above -1) identify what assets you are trying to protect [students, faculty, resources, pizza, athletic equipment, computers,] 2) Assess the nature of any threats - sit outside and survey the environment and how people interact - is there anything unusual?  Are they using their access cards appropriately?  3) write up your own 3-5 steps of a customized physical security review and then follow it - you are the investigator (CSO!), 4) Finalize your thoughts - in one good succinct paragraph.  Post your 1) assessment steps here and what your findings are - use 3 good paragraphs max. and include your assessment tool [either one you found in your research or a customized one you developed].

 

 

Assignments:

Note – Assignments will be provided closer to the delivery of this class to ensure they are current and connected with real world instances.

 

Case Study Analysis Recommended Approach:

A case study analysis requires you to investigate a business problem, examine the alternative solutions, and propose the most effective solution using supporting evidence.

Preparing the Case

Before you begin writing, follow these guidelines to help you prepare and understand the case study:

  1. Read and examine the case thoroughly
    • Take notes, highlight relevant facts, underline key problems.
  2. Focus your analysis
    • Identify two to five key problems
    • Why do they exist?
    • How do they impact the organization?
    • Who is responsible for them?
  3. Uncover possible solutions
    • Review course readings, discussions, outside research, your experience.
  4. Select the best solution
    • Consider strong supporting evidence, pros, and cons: is this solution realistic?

Drafting the Case

Once you have gathered the necessary information, a draft of your analysis should include these sections:

  1. Introduction
    • Identify the key problems and issues in the case study.
    • Formulate and include a thesis statement, summarizing the outcome of your analysis in 1–2 sentences.
  2. Background
    • Set the scene: background information, relevant facts, and the most important issues.
    • Demonstrate that you have researched the problems in this case study.
  3. Alternatives
    • Outline possible alternatives (not necessarily all of them)
    • Explain why alternatives were rejected
    • Constraints/reasons
    • Why are alternatives not possible at this time?
  4. Proposed Solution
    • Provide one specific and realistic solution
    • Explain why this solution was chosen
    • Support this solution with solid evidence
    • Concepts from class (text readings, discussions, lectures)
    • Outside research
    • Personal experience (anecdotes)
  5. Recommendations
    • Determine and discuss specific strategies for accomplishing the proposed solution.
    • If applicable, recommend further action to resolve some of the issues
    • What should be done and who should do it?

Finalizing the Case

After you have composed the first draft of your case study analysis, read through it to check for any gaps or inconsistencies in content or structure: Is your thesis statement clear and direct? Have you provided solid evidence? Is any component from the analysis missing?

When you make the necessary revisions, proofread and edit your analysis before submitting the final draft.