security vulnerabilities

1

School of Computer & Information Sciences

COURSE SYLLABUS

Course Name: ISOL633 - Legal, Regulations, Investigations, and Compliance Section – 30 & 31 Summer 2019 – MAIN term – Hybrid Course with Required Residency Residency Session Date: 7/12/19- 7/14/2019 Residency Session Course Site: Seattle, WA

Professor: Dr. Jack A. Hyman Contact Information:

Office Hours: By appointment E-mail: [email protected]

Online Support (IT) and I-Learn Policy:

All members of the University of the Cumberlands’ community who use the University’s computing, information or communication resources must act responsibly. http://www.ucumberlands.edu/it/downloads/terms.pdf

Course Website: Access to the course website is required via the iLearn portal on the University of the Cumberlands website: http://www.ucumberlands.edu/ilearn/

Course Description:

The course examines computer crimes, laws and regulations. It includes techniques for investigating a crime, gathering evidence, and communicating results.

Alignment Matrix Course Objectives/Learner Outcomes: • Recognize the legal aspects of information security systems. • Examine the concept of privacy and its legal protections. • Identify the basic components of the American legal system. • Describe legal compliance laws addressing how public and private institutions protect the security and

privacy of consumer financial information. • Analyze intellectual property laws. • Describe the role of contracts in online transactions and cyberspace. • Identify cybercrime and tort law issues in cyberspace. • Examine the principles requiring governance of information within organizations. • Identify risk analysis and incident response procedures. • Explain the importance of forensic examination in legal proceedings.

Prerequisites: There are no prerequisites for this course. Books and Resources:

Grama, Joanna Lyn. Legal Issues in Information Security, 2nd ed. Burlington, MA: Jones & Bartlett Learning, 2015 You DO NOT need to buy the lab manual for this section!

Course Expectations Course Activities and Experiences:

Students are expected to: • Review any assigned reading material and prepare responses to homework assigned. • Actively participate in activities, assignments, and discussions. • Evaluate and react to each other’s work in a supportive, constructive manner. • Complete specific assignments and exams when specified and in a professional manner. • Utilize learned technologies for class assignments. • Connect content knowledge from core courses to practical training placement and activities.

Academic Integrity: At a Christian liberal arts university committed to the pursuit of truth and understanding, any act of academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty involves the abuse and misuse of information or people to gain an undeserved academic advantage or evaluation. The common forms of academic dishonesty include: • Cheating – using deception in the taking of tests or the preparation of written work, using unauthorized

materials, copying another person’s work with or without consent, or assisting another in such activities.

2

• Lying – falsifying, fabricating, or forging information in either written, spoken, or video presentations. • Plagiarism—using the published writings, data, interpretations, or ideas of another without proper

documentation

Plagiarism includes copying and pasting material from the internet into assignments without properly citing the source of the material. Episodes of academic dishonesty are reported to the Vice President for Academic Affairs. The potential penalty for academic dishonesty includes a failing grade on a particular assignment, a failing grade for the entire course, or charges against the student with the appropriate disciplinary body.

Attendance Policy: When any student has exceeded 20% of the time prescribed for any class, that student will be automatically dropped from that particular class with the grade of “F.” This grade is placed on the official transcript of the student and is treated as a failing grade in calculating the grade point average. The definition of a class absence is a student’s failure to attend class for any reason. Instructors may count three times tardy or leaving early to be equal to one class absence. There are no excused absences, regardless of the reason for the class having been missed. However, faculty will make reasonable provisions to allow students to make up work if the absence is due to a university-sponsored function or a medical or family emergency that is documented in a timely manner. Allowance for students to make up work for other reasons is at each instructor’s discretion. A class absence does not excuse the student from being responsible for course work missed; the student is responsible for contacting the faculty member in order to make up class assignments. The Vice President for Academic Affairs is the authorized agent to consider any exceptions to the above regulations. (Undergraduate Catalog) Residency Attendance: Each student must be in attendance for the entire duration of the required residency weekend. Late arrivals and/or early departures are not permitted. Punctuality is important as each student is required to have the documented in-seat time per USCIS regulations. If a student is not in attendance for the full session, he/she will be counted absent for the entire session, and receive an automatic “F” and will be required to pay the $300.00 make-up fee and attend a residency make-up session.

Disability Accommodations:

University of the Cumberlands accepts students with certified disabilities and provides reasonable accommodations for their certified needs in the classroom, in housing, in food service or in other areas. For accommodations to be awarded, a student must submit a completed Accommodations Application form and provide documentation of the disability to the Disability Services Coordinator (Mr. Jacob Ratliff, Boswell Campus Center, Student Services Office Suite, [email protected]). When all paperwork is on file, a meeting between the student and the Coordinator will be arranged to discuss possible accommodations before accommodations are formally approved. Students must then meet with the Coordinator at the beginning of each semester before any academic accommodations can be certified for that term. Certifications for other accommodations are normally reviewed annually.

Student Responsibilities:

• The only authorized electronic means of academic, administrative, and co-curricular communication between University of the Cumberlands and its students is through the UCumberlands email system (i.e. Webmail). Each student is responsible for monitoring his/her University email account frequently. This is the primary email account used to correspond with you directly by the University; imperative program information is sent to this email account specifically from campus and program office.

• Students should check for e-mail and class announcements using iLearn (primary) and University of the Cumberlands webmail (secondary).

• Students are expected to find out class assignments for missed classes and make up missed work. • Students are expected to find out if any changes have been made in the class or assignment schedule. • Written work must be presented in a professional manner. Work that is not

submitted in a professional manner will not be evaluated and will be returned as unacceptable. o There is a craft to writing. Spelling, grammar, punctuation and diction (word usage) are all

tools of that craft. Writing at the collegiate level will show careful attention to these elements of craft. Work that does not exhibit care with regard to these elements will be considered as inadequate for college writing and graded accordingly.

• Students are expected to take the examinations on the designated dates. If you are unable to take the exam on the scheduled date and know in advance, you are to make arrangements with your professor before the designated date. If you miss the exam, you must have a legitimate reason as determined by your professor.

Deadlines and Dues Dates:

Recognizing that a large part of professional life is meeting deadlines, it is necessary to develop time management and organizational skills. Failure to meet the course deadlines may result in penalties. Keep in mind that all deadlines are set using Eastern Standard Time (EST). Late assignments will NOT be accepted.

3

Writing Expectations:

Learning outcomes for candidates’ writing competencies include clarity of thought, discernment in planning and organization, and integration of evidence and criteria.

• The instructor expects that students will have knowledge of appropriate forms of documentation and use it where appropriate. APA format is required and style of notation to credit all sources that are not your own.

• There is a craft to writing. Spelling, grammar, punctuation and diction (word usage) are all tools of that craft. Writing at the collegiate level will show careful attention to these elements of craft. Work that does not exhibit care with regard to these elements will be considered as inadequate for college writing and graded accordingly.

• All assignments, unless otherwise instructed, should be submitted in APA format. Participation Policy: Study after study has linked successful academic performance with good class participation. Those who

assume positions of responsibility must “show up” in order to be effective. Therefore, students are expected to actively participate in intelligent discussion of assigned topics in all areas (Discussion Board Activities, Synchronous Sessions, Forums, Shared Papers, etc.) to help process course material and/or to demonstrate understanding of course content. Point adjustments will be taken for non-participation.

Academic Appeals: Both undergraduate and graduate students have the right to challenge a grade. If discussions with the course instructor and department chair do not lead to a satisfactory conclusion, students may file a formal written appeal with the Vice President for Academic Affairs, who will forward the appeal to the chair of the Academic Appeals Committee. This formal written appeal must be filed by the end of the 4th week of classes in the next regular term following the term in which the course in question was taken. The Academic Appeals Committee then gathers information from the student, the instructor, and any other relevant parties. The Committee will deliver its recommendation on the complaint to the Vice President for Academic Affairs. After reviewing this recommendation and concurring or amending it, the Vice President for Academic Affairs will inform the student and instructor of the disposition of the complaint no later than the last day of classes of the term in which the complaint was filed. Records of all actions regarding academic grade appeals, including their final disposition, are maintained by the Vice President for Academic Affairs and the Academic Appeals Committee. (Undergraduate Catalog/Graduate Catalog)

Links to Support: Orientation to I-Learn: Student training course on I-Learn, https://ucumberlands.blackboard.com/webapps/portal/frameset.jsp Book Store: http://cumber.bncollege.com/webapp/wcs/stores/servlet/BNCBHomePage?storeId=50059&catalogId=10001& langId=-1 Library: http://www.ucumberlands.edu/library/

Course Assignments and Evaluation Evaluation Method: Graded work will receive a numeric score reflecting the quality of performance. Relative weights assigned to

graded work are as follows: Course Evaluation

Discussion Forums (2) – 4% Quizzes (3) – 12% Midterm Exam (1) – 20% Reflection Paper (1) – 4% Group Project – 40%

• Team Assignment #1, Research Proposal -3% • Team Assignment #2, Annotated Bibliography – 12% • Team Assignment #3, Course Paper – 20% • Group Presentation, 5%

Final Exam (1) – 20%

Grading Scale: Graded work will receive a numeric score reflecting the quality of performance as given above in evaluation methods. The overall course grade will be determined according to the following scale: A= 90 – 100 (90% - 100%) B= 80 – 89 (80% - 89%) C = 70 – 79 (70% - 79%) F < 69 (Below 69%)

Syllabus Disclaimer: This syllabus is intended as a set of guidelines for this course and the professor reserves the right to make modifications in content, schedule, and requirements as necessary to promote the best education possible within conditions affecting this course. Any changes to the syllabus will be discussed with the students.

4

Unit Unit Topics Reading Assignments Due** #1

5/6/2019- 5/19/2019

Fundamental Concepts: • Information Security Overview • Privacy Overview

Chs. 1, 2 Lab #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Resides Lab #2 Case Study on U.S. Veterans Affairs and Loss of Privacy Information

DISCUSSION FORUM #1

#2 5/20/2019- 6/2/2019

Fundamental Concepts: • The American Legal System

Ch. 3 Lab # 3 Case Study on PCI DSS Noncompliance: CardSystems Solutions

Quiz #1 (Chapters 1-3)

#3 6/3/2019- 6/16/2019

Laws Influencing Information Security: • Security and Privacy of Consumer

Financial Information • Security and Privacy of

Information Belonging to Children and Educational Records

• Security and Privacy of Health Information

Chs. 4-6 Lab #4 Analyzing and Comparing GLBA and HIPAA Lab #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information

Team Assignment #1 of 3

#4 6/17/2019- 6/30/2019

Laws Influencing Information Security: • Corporate Information Security

and Privacy Regulation • Federal Government Information

Security and Privacy Regulations

Chs. 7, 8

QUIZ #2 (Chapter 4-8) Team Assignment #2 of 3

#5 7/1/2019- 7/14/2019

Laws Influencing Information Security: • State Laws Protecting Citizen

Information and Breach Notification Laws

• Intellectual Property Law

Chs. 9, 10 Lab #6 Identifying the Scope of Your State’s Data and Security Breach Notification Law Lab #7 Case Study on Digital Millennium Recording Act: Napster

MIDTERM EXAM DUE ON 7/14/2019 @

5:30 PM EST (Covers Chapters 1-10)

**** RESIDENCY WEEKEND **** Case Study Presentation & Team Assignment #3 of 3 Due (Sunday)

Midterm Exam is ALSO due on 7/12/2019 as your ***ENTRY TICKET***

#6

Laws Influencing Information Security: • The Role of Contracts

Chs. 11, 12 Lab #8 Cyberstalking or Cyberbullying and Laws to Protect Individuals

5

• Criminal Law and Tort Law Issues in Cyberspace

Discussion Forum #2 Reflection Paper

#7

Security and Privacy in Organizations: • Information Security Governance • Risk Analysis, Incident Response,

and Contingency Planning

Chs. 13, 14 Lab #9 Recommending IT Security Policies to Help Mitigate Risk Lab #10 Case Study on Computer Forensics: Pharmaceutical Company QUIZ #3 (Chapters 11-14)

#8

Security and Privacy in Organizations: • Computer Forensics and

Investigations Final evaluations

Ch. 15 FINAL EXAMINATION Covers Entire Course (1-15)

*ALL DUE DATES AND ASSIGNMENTS SUBJECT TO CHANGE