Internet Explorer 7, 8, and 9 are no longer supported. Please use a newer browser.
Concourse works best with JavaScript enabled.
San Jose State University logo

College of Professional and Global Education · School of Information

Information Assurance
MARA 286

  • Spring 2023
  • Section 10
  • 3 Unit(s)
  • 01/25/2023 to 05/15/2023
  • Modified 05/22/2023

Canvas Information: Courses will be available January 25th, 6 am PT.

You will be enrolled in the Canvas site automatically.

Contact Information


Office Hours: by appointment

Course Description and Requisites

An overview of Information Assurance and Risk Management theories, principles, and techniques. Examines the information assurance frameworks and risk management planning structures used to ensure that an organization's information resources and assets are protected.


MARA 200 and MARA 204 for all MARA students. These prerequisites are waived for non-MARA majors.

Letter Graded

Classroom Protocols


Students are expected to participate fully in all class activities. It is expected that students will be open-minded and participate fully in discussions in class and debate in a mature and respectful manner. Use of derogatory, condescending, or offensive language including profanity is prohibited. Disagreement is healthy and perfectly acceptable. Expressing disagreement should always include an explanation of your reasoning and, whenever possible, evidence to support your position. In accordance with San José State University's Policies, the Student Code of Conduct, and applicable state and federal laws, discrimination based on gender, gender identity, gender expression, race, nationality, ethnicity, religion, sexual orientation, or disability is prohibited in any form.

Program Information

Course Workload

Success in this course is based on the expectation that students will spend, for each unit of credit, a minimum of forty-five hours over the length of the course (normally 3 hours per unit per week with 1 of the hours used for lecture) for instruction or preparation/studying or course related activities including but not limited to internships, labs, clinical practica. Other course structures will have equivalent workload expectations as described in the syllabus.

Instructional time may include but is not limited to:
Working on posted modules or lessons prepared by the instructor; discussion forum interactions with the instructor and/or other students; making presentations and getting feedback from the instructor; attending office hours or other synchronous sessions with the instructor.

Student time outside of class:
In any seven-day period, a student is expected to be academically engaged through submitting an academic assignment; taking an exam or an interactive tutorial, or computer-assisted instruction; building websites, blogs, databases, social media presentations; attending a study group; contributing to an academic online discussion; writing papers; reading articles; conducting research; engaging in small group work.

Course Goals

Core Competencies (Program Learning Outcomes) Supported

MARA 286 supports the following core competencies:

  1. D Apply basic concepts and principles to identify, evaluate, select, organize, maintain, and provide access to physical and digital information assets.
  2. G Describe the legal requirements and ethical principles involved in managing physical and digital information assets and the information professional#s role in institutional compliance and risk management.
  3. H Describe current information technologies and best practices relating to the preservation, integrity, and security of data, records, and information.

Course Learning Outcomes (CLOs)

Upon successful completion of the course, students will be able to:

  1. Design, support, and evaluate an Information Assurance (IA) Governance Program for an organization.
  2. Identify and assess information security and privacy risks/vulnerabilities and select and evaluate appropriate technical and business solutions to mitigate the risk for an organization.

Course Materials


Required Textbooks:

  • Andress, J. (2019). Foundation of information security: A straightforward introduction. No Starch Press. Available through the King Library.

Course Requirements and Assignments

Course Grading

Grading will be based on a total accumulation of possible 100 points, distributed as follows:

  • Class Participation and Discussion - 30 points (30% of final grade)
    (Supports CLOs #1-2)
    Participation in weekly discussion boards
    Due: Weekly
  • Assignment #1—20 points (20% of final grade)
    (Supports CLOs #2)
    The Information Assurance/Security Risk Identification, Assessment, Response, Mitigation, and Control Assignment
  • Assignment #2—20 points (20% of final grade)
    (Supports CLOs #1)
    The History and Development of Security Technology Assignment
  • Final Course Assignment - Research Paper—30 points (30 % of final grade)
    (Supports CLOs #1-2)
    Evaluate an organization that has suffered a data breach within the past year.  Describe the breach, what was done after the breach, what you would have done differently, and what recommendations you would make to prevent future breaches.  Students are allowed to evaluate multiple organizations to meet the submission options below.

Submission options are an 8-10 page APA formatted paper, 16-20 PowerPoint slides (notes required in slides) with a separate APA formatted reference page, or a Podcast that is 16-20 minutes long with a separate APA formatted reference page (Podcast can be audio only).  Please have a minimum of eight references to support your research, regardless of the submission option chosen.


Assignments will be accepted after five days past the due date unless arrangements have been made otherwise between the student and instructor before the due date.  Late assignments submitted after the assignment deadline will receive a 10% point reduction for each day for up to 5 days based on the total point value of the assignment. No points will be awarded after 5 days late.

Discussion board postings will not be accepted for credit after the module's discussion has ended.

All course materials must be completed by the last day of the class unless the student and the instructor, in compliance with University guidelines, have agreed upon other arrangements.

NOTE: Students should provide their initial discussion board posts by the first Thursday of each module by 11:59 pm (Pacific Time), to leave ample time for follow-up discussion. Please participate early and actively in the required discussions.

Details for all the discussions and assignments will be provided in Canvas.

Assignments Due

Unless otherwise noted, each module begins on Monday and ends on Sunday. Assignments will be due by 11:59 pm (Pacific Time) on the due date.

Grading Information

The standard SJSU School of Information Grading Scale is utilized for all iSchool courses:

97 to 100A
94 to 96A minus
91 to 93B plus
88 to 90B
85 to 87B minus
82 to 84C plus
79 to 81C
76 to 78C minus
73 to 75D plus
70 to 72D
67 to 69D minus
Below 67F


In order to provide consistent guidelines for assessment for graduate level work in the School, these terms are applied to letter grades:

  • C represents Adequate work; a grade of "C" counts for credit for the course;
  • B represents Good work; a grade of "B" clearly meets the standards for graduate level work or undergraduate (for BS-ISDA);
    For core courses in the MLIS program (not MARA, Informatics, BS-ISDA) — INFO 200, INFO 202, INFO 204 — the iSchool requires that students earn a B in the course. If the grade is less than B (B- or lower) after the first attempt you will be placed on administrative probation. You must repeat the class if you wish to stay in the program. If - on the second attempt - you do not pass the class with a grade of B or better (not B- but B) you will be disqualified.
  • A represents Exceptional work; a grade of "A" will be assigned for outstanding work only.

Graduate Students are advised that it is their responsibility to maintain a 3.0 Grade Point Average (GPA). Undergraduates must maintain a 2.0 Grade Point Average (GPA).

University Policies

Per University Policy S16-9 (PDF), relevant university policy concerning all courses, such as student responsibilities, academic integrity, accommodations, dropping and adding, consent for recording of class, etc. and available student services (e.g. learning assistance, counseling, and other resources) are listed on the Syllabus Information web page. Make sure to visit this page to review and be aware of these university policies and resources.

Course Schedule





January 25–29

Course Overview; Course Learning Objectives and Outcomes.


January 30-February 5

Introduction to Information Security


February 6-12

The Need for Security


February 13-19

Information Security Management


February 20-26

Risk Management

Assignment #1

Due: Feb 22 (11:59 PM Pacific Time)


February 27–March 5

Incident Response and Contingency Planning


March 6–12

Legal, Ethical, and Professional Issues in Information Security


March 13-19

Security and Personnel


March 20-26

Security Technology: Access Controls, Firewalls, and VPNs


March 27 - April 2

Spring Recess


April 3–9

Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools

Assignment #2

Due: April 4 (11:59 PM Pacific Time)


April 10 –16



April 17– 23

Implementing Information Security


April 24-April 30

Information Security Maintenance


May 1–7

Security Terms and Trends Overview


May 8-15

Course Review/Reflections/Conclusions

Final Assignment

Due: May 15 (11:59 PM Pacific Time)