Information Security Overview
INFM 202

Dr. Gerry Benoit
E-mail
Office: Online
Office Hours: Virtual office hours. By appointment - just send me an email with times/dates and we'll have a zoom session.

About the course:

This is a new edition of the course.  The main contents provide an overview, a framework for people new to cybersecurity.

For those interested in deep dives, the readings include technical details; there's an optional video set, too, on individual topics.  

Fundamentals of network security, compliance, and operational security; threats and vulnerabilities; application, data, and host security; access control and identity management; and cryptography. Students will be provided with an opportunity to gain hands-on experience using typical cybersecurity solutions.

Expectations

Students are expected to participate fully in all class activities. It is expected that students will be open-minded and participate fully in discussions in class and debate in a mature and respectful manner. Use of derogatory, condescending, or offensive language including profanity is prohibited. Disagreement is healthy and perfectly acceptable. Expressing disagreement should always include an explanation of your reasoning and, whenever possible, evidence to support your position. In accordance with San José State University's Policies, the Student Code of Conduct, and applicable state and federal laws, discrimination based on gender, gender identity, gender expression, race, nationality, ethnicity, religion, sexual orientation, or disability is prohibited in any form.

Course Workload

Success in this course is based on the expectation that students will spend, for each unit of credit, a minimum of forty-five hours over the length of the course (normally 3 hours per unit per week with 1 of the hours used for lecture) for instruction or preparation/studying or course related activities including but not limited to internships, labs, clinical practica. Other course structures will have equivalent workload expectations as described in the syllabus.

Instructional time may include but is not limited to:
Working on posted modules or lessons prepared by the instructor; discussion forum interactions with the instructor and/or other students; making presentations and getting feedback from the instructor; attending office hours or other synchronous sessions with the instructor.

Student time outside of class:
In any seven-day period, a student is expected to be academically engaged through submitting an academic assignment; taking an exam or an interactive tutorial, or computer-assisted instruction; building websites, blogs, databases, social media presentations; attending a study group; contributing to an academic online discussion; writing papers; reading articles; conducting research; engaging in small group work.

SLOs and PLOs

This course supports Informatics SLO 5: Demonstrate understanding of the fundamentals of network security, compliance, and risk mitigation by evaluating and applying cybersecurity solutions to specific organizational security problems.

SLO 5 supports the following Informatics Program Learning Outcomes (PLOs):

• PLO 1 Apply technology informatics skills to solve specific industry data and information management problems, with a focus on usability and designing for users.
• PLO 3 Demonstrate strong understanding of security and ethics issues related to informatics, user interface, and inter-professional application of informatics in specific fields by designing and implementing appropriate information assurance and ethics and privacy solutions.

Upon successful completion of the course, students will be able to:

1. Recognize and describe information security threats and vulnerabilities.
2. Understand and evaluate information systems security controls.
3. Use current techniques, skills, and tools necessary to protect and safeguard information resources.

Textbooks

Required Textbooks:

• Wilson, D. C. (2021). Cybersecurity. The MIT Press. Available through Amazon: 0262542544.

Recommended Textbooks:

• Ciampa, M. (2021). CompTIA security+ guide to network security fundamentals (7th ed.). Cengage. Available through Amazon: 0357424379

Formal assignments for this course are as follows:

• Labs (CLO#1-3)

Students are to complete lab assignments. Lab assignments provide students a real-life look at the use of various tools and systems that are used to mitigate network attacks. Students must have access to Infosec to complete lab assignments.

• Discussion Posts (CLO#1-2)

Students will participate in the discussion board by providing ideas and/or opinions relating to assigned readings and lectures, and current events. Discussion board participation cannot be made-up once the discussion has been completed.

• Exam (CLO#1-2)

Students will complete a comprehensive exam at the end of the semester.

The standard SJSU School of Information Grading Scale is utilized for all iSchool courses:

In order to provide consistent guidelines for assessment for graduate level work in the School, these terms are applied to letter grades:

• C represents Adequate work; a grade of "C" counts for credit for the course;
• B represents Good work; a grade of "B" clearly meets the standards for graduate or undergraduate (for BS-ISDA) level work;
  For core courses in the MLIS program (not MARA, Informatics, or BS-ISDA) — INFO 200, INFO 202, INFO 204 — the iSchool requires that students earn a B in the course. If the grade is less than B (B- or lower) after the first attempt you will be placed on administrative probation. You must repeat the class if you wish to stay in the program. If - on the second attempt - you do not pass the class with a grade of B or better (not B- but B) you will be disqualified.
  
• A represents Exceptional work; a grade of "A" will be assigned for outstanding work only.

Graduate Students are advised that it is their responsibility to maintain a 3.0 Grade Point Average (GPA). Undergraduates must maintain a 2.0 Grade Point Average (GPA).

Per University Policy S16-9 (PDF), relevant university policy concerning all courses, such as student responsibilities, academic integrity, accommodations, dropping and adding, consent for recording of class, etc. and available student services (e.g. learning assistance, counseling, and other resources) are listed on the Syllabus Information web page. Make sure to visit this page to review and be aware of these university policies and resources.

Course Activities

Readings & Activities support LOCs 1-3 are a combination of a small introductory guidebook, Duane Wilson’s Cybersecurity, Cambridge: MIT Press, and a series of online readings that go much further into depth. Wilson's guidebook will provide a framework of the main themes and many details (as you’ll see, the field of cybersecurity is packed with abbreviations and silly phrases). To this framework, we have a series of much more detailed readings (free pdfs). You’re not expected to learn all these phrases, details, and the various subspecialties. But you should be able to get a feeling from these readings of the specialities in the larger concept of cybersecurity and find areas of cybersecurity that may be important to you for personal or professional reasons.

Optionally because some students may benefit from brief video presentations on specialty topics, we have a list of videos from Prof Messers's online training. [I don't know if he's a real professor or not, but the brief videos may be useful.] If there's a topic that interests you, then feel free to watch the videos.

It’s important, too, to get a feeling of how you might further your interests in cybersecurity. There are a lot of online training courses - some may be free, most are pretty costly - and getting certified by a recognized industry standard group is difficulty and time-consuming. CompTIA+ Security suggests at least two days/week of study for at least two months to pass its security certificate test. Given that our course is four weeks and most students don't have a lot of networking administration experience, the emphasis is on our understanding the main trends/risks and focusing on one that interests you.

Graded Work

• Discussion Participation [10%] - each week there are topics posted and you're encouraged to share your experiences, questions/answers
• Two brief online quizzes [30% each] - focusing on the main ideas of the week; can retake two times
• White Paper Final - a 2-3 page brief and accurate account of some aspect of cybersecurity - imagine you need to present a 20 min presentation at work and turn in a well-written review of a theme. The writing should be focused, indeed dry, technical presentation of an issue, common (or perhaps your own office's) activities around this topic, and conclude with 2-3 suggestions for action to address the concern. [30%]