The successful student will fulfill the following learning objectives:

 

CO-1: Explain how to access risk and its impact on access control:

CO-2: Describe Access Control Policies, Standards, Procedures, and Guidelines

CO-3: Define Unauthorized Access and Security Breeches

CO-4: Discuss Human Nature, Organizational Behavior and Social Engineering

CO-5: Describe Access Control for Information Systems

CO-6: Identify Planning Considerations for Physical Security and Access Control

CO-7: Implement Access Control Systems

CO-8: Identify Access Control Solutions for Remote Worker

CO-9: Discuss Public key infrastructure, Encryption and Cryptography

CO-10: Describe the Elements of Information Assurance

The grading will be based on 6 graded assignments, 4 Peer Discussion Forum postings, an individual project proposal paper with acknowledgement, outline, presentation and final project proposal, as well as one open book quiz.

 

1. There will be Case Assignments (5 cases worth 5% and the last case worth 10%) counting a total of 35% of the final grade. The assignments will follow each of the major milestones of the course. These assignments will be problems/cases based on the text. They are a combination of assignments and or case study based problems. They are selected to provide the student with information to understand the concepts discussed. Assignments should be prepared in Microsoft Word and uploaded into the student folder by the due date. Any diagrams to support your paper should be incorporated within the Word document as part of the document.
2. There will be 4 graded Peer Discussions. For graded forums, answers should be 3-4 paragraphs with a topic sentence that restates the question and supporting sentences using the terms, concepts, and theories from the required readings. Each answer should be a minimum of 250 - 400 words (about 6 to 8 good sentences). You may attack, support, or supplement other students’ answers using the terms, concepts, and theories from the required readings. All responses should be a courteous paragraph that contains a topic sentence with good supporting sentences. You must respond to at least 2 of your classmates with value added comments for full credit consideration throughout the graded week. You may respond multiple times with a continuous discussion with points and counter points. The key requirement is to express your idea and then support your position using the terms, concepts and theories from the required readings to demonstrate to me that you understand the material. The Forum postings will count as 20% (5% for each graded discussion posting) of the final grade.
3. There will be a Course Access Control Project (15%) with Project Acknowledgement (2%), Project outline (4%), and Presentation (4%), all totaling 25% of your final grade. There will 1 one hour long and non-proctored quiz in Week 3 which counts as 10% of the final grade. It will be a combination of multiple-choice and true-false and will be open book and open note.

All assignments, Forum question responses, and the quiz are due by 12:00 midnight Eastern Time Sunday of the week assigned.

Project Paper (Proposal Acknowledgement, Outline, PowerPoint Presentation, and Paper) Topics:
Week 2: Project Proposal Acknowledgement due

Week

4: Project Proposal Outline due

Week 7: PowerPoint Presentation due

Week 8: Project Proposal Final report and Revised Presentation (if revision required)

 

Course Project (15%)
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:

• The ability to discern when a risk assessment should be performed and carrying out the task
• Understanding user or customer access requirements, whether remote or local
• Using a layered security approach to establish and maintain access controls
• Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel

Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.

Required Source Information and Tools

You will require the following resources to complete this project:

• Text sheet: Integrated Distributors Incorporated (provided in Week 1)
• A computer with:

• Access to the Internet
• Microsoft Office Suite—Word, PowerPoint, and Visio or any other comparable editing, presentation, and drawing software

Introduction

User identification, authentication, and authorization are essential in developing, implementing, and maintaining a framework for information system security. The basic function of an information system security framework is to ensure the confidentiality and the integrity, as well as the availability of systems, applications, and data. Certain information security implementation and management knowledge is required of network administrators, IT service personnel, management, and IT security practitioners, such as information security officers, security analysts, and domain administrators.

You are provided with the text sheet named “Integrated Distributors Incorporated” (Project.TS1.doc) to complete this project. You play the dual role of an IT architect and IT security specialist working for Integrated Distributors Incorporated (IDI), a multi-national organization with offices in several countries. Your instructor for this course plays the role of the chief information officer (CIO). Your peers play the role of selected technology staff. Each of the organization’s locations is operating with different information technologies and infrastructure—IT systems, applications, and databases. Various levels of IT security and access management have been implemented and embedded within their respective locations.

Your goals as the IT architect and IT security specialist are to:

• Develop solutions to the issues that the specified location of IDI is facing.
• Develop plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability.
• Assess risks and vulnerabilities with operating IT facilities in the disparate locations where IDI now functions and develop mitigation plans and implementation methods.
• Analyze the strengths and weaknesses in the current systems of IDI.
• Address remote user and Web site user’s secure access requirements.
• Develop a proposed budget for the project—consider hardware, software, upgrades/replacements, and consulting services.
• Prepare detailed network and configuration diagrams outlining the proposed change to be able to present it to the management.
• Develop and submit a comprehensive report addressing the learning objectives and your solutions to the issues within the scenario.
• Prepare a 10- to 15-slide PowerPoint presentation that addresses important access control, infrastructure, and management aspects from each location.

Name	Grade %
Discussions	20.00%
Week 1: Introduction and Privacy	5.00%
Week 3: Security Breaches	5.00%
Week 5: Biometric Methods	5.00%
Week 7: PKI and Encryption	5.00%
Assignments	30.00%
Assignment 1 - Due Week 1	5.00%
Assignment 2 - Due Week 2	5.00%
Assignment 3	5.00%
Assignment 4	5.00%
Assignment 5	5.00%
Week 6: Case Study	5.00%
Labs	20.00%
Week 1 Lab Assignment	2.86%
Week 2 Lab Assignment	2.86%
Week 3 Lab Assignment	2.86%
Week 4 Lab Assignment	2.86%
Week 6 Lab Assignment	2.86%
Week 7 Lab Assignment	2.86%
Week 8 Lab Assignment	2.86%
Quiz	5.00%
ISSC 364 Quiz	5.00%
Project	25.00%
Project Proposal Acknowledgement	2.00%
Week 4: Project Outline	4.00%
Week 7: Project Presentation	4.00%
Week 8: Final Project	15.00%