Information Security Management Sample Syllabus

This syllabus is here for historical reasons only.

Webster University

COMP 5200 G1 Information Security Management
Summer 2005
Wednesdays 5:30-9:30 p.m.
1 June—27 July
WingHaven Campus, Rm. 312

Instructor: Scott Granneman

Instructor, Washington University in St. Louis &Webster University
Author, Don't Click on the Blue E!: Switching to Firefox (O'Reilly: 2005) & Hacking Knoppix (Wiley & Sons: 2005)
Columnist for SecurityFocus & Linux Magazine
Professional Blogger for The Open Source Weblog
Senior Consultant in Internet Services, Bryan Consulting
Contact Info
scott at granneman dot com

Course Objectives

After completing the course, students will be able to:

Learning Outcomes

As a result of completing this course, students will be able to:


Effective & well-honed verbal & written skills at the graduate level.

Required Texts & Resources

Whitman & Mattord. Management of Information Security. Thomson Course Technology (2004). ISBN: 0-619-21515-1
Recommended NIST publications
SP 800-12An Introduction to Computer Security: The NIST Handbook (HTML or 1.7 MB PDF)
SP 800-26Security Self-Assessment Guide for Information Technology Systems (1.5 MB PDF or 922 kb Word Doc)
SP 800-30Risk Management Guide for Information Technology Systems (480 kb PDF)
SP 800-34Contingency Planning Guide for Information Technology Systems (1.9 MB PDF)


Your grade will be based on the following factors:

Grades will be based on an average of the above as follows:

94-100 A
89-93 A-
86-88 B+
83-85 B
79-82 B-
76-78 C+
73-75 C
69-72 C-
66-68 D+
63-65 D
59-62 D-
0-58 F

Projects and papers will be graded for correctness and completeness. All assignments turned in to me must be neatly typed and printed with letter-quality type. Students failing to present the information completely, neatly, and in the prescribed format will receive minimal credit for their work. Students should double-check assignments for spelling and grammar before submitting them.

Accommodation of disabilities: If you have a disability that might affect your ability to complete the required assignments, please contact me during the first week of class to discuss an accommodation.

Academic Integrity

The University is committed to high standards of academic conduct and integrity. Students will be held responsible for violations of academic honesty. Academic dishonesty includes the following and any other forms of academic dishonesty:

  1. Cheating: Using or attempting to use crib sheets, electronic sources, stolen exams, unauthorized study aids in an academic assignment, or copying or colluding with a fellow student in an effort to improve one's grade.
  2. Fabrication: Falsifying, inventing, or misstating any data, information, or citation in an academic assignment, field experience, academic credentials, job application or placement file.
  3. Plagiarism: Using the works (i.e. words, images, other materials) of another person as one's own words without proper citation in any academic assignment. This includes submission (in whole or in part) of any work purchased or downloaded from a Web site or an Internet paper clearinghouse.
  4. Facilitating Academic Dishonesty: Assisting or attempting to assist any person to commit any act of academic misconduct, such as allowing someone to copy a paper or test answers.

In most cases, the instructor will address issues of academic dishonesty within the confines of the student's course. The instructor may decide an appropriate consequence, including the following options: a written warning; the assignment of a written research project about the nature of plagiarism and academic honesty; a reduced grade or partial credit on the assignment; requiring the student to repeat the assignment; or issuing a failing grade to the student of the course.

If a student receives an unsatisfactory grade in a course as a result of academic dishonesty, existing academic policies may lead to probation or dismissal. In extreme cases, a dishonesty violation may warrant consideration for dismissal, suspension, or other disciplinary action. These disciplinary actions require a formal judicial process as outlined in the Student Handbook.


It is paramount that we respect each other online in our email listserv. Follow this simple rule: disagree with the idea, but not the person. In other words, it's OK to say "That's a bad idea, because …", and it's not OK to say "You're a bad/stupid/inconsiderate person, because …". If you have an issue with a classmate's behavior online, please bring it to me privately by emailing me at scott at granneman dot com. If you'd like to find out more, please feel free to read The Core Rules of Netiquette, by Virginia Shea.



Topic: Introductions
Date: Wednesday, 1 June 2005

InfoSec Management 0: Overview (150 kb PDF, 64 kb PowerPoint)


Topics: InfoSec Management & Planning
Date: Wednesday, 8 June 2005

InfoSec Management 1: Introduction (585 kb PDF, 573 kb PowerPoint)
InfoSec Management 2: Planning (1.1 MB PDF, 1.1 MB PowerPoint)

Readings for this class:

  • Chapter 1: Introduction to the Management of Information Security
  • Chapter 2: Planning for Security


Topics: Planning for Contingencies & InfoSec Policy
Date: Wednesday, 15 June 2005

InfoSec Management 3: Contingencies (1.1 MB PDF, 1.2 MB PowerPoint)
InfoSec Management 4: Policy (1.5 MB PDF, 1.7 MB PowerPoint)

Readings for this class:

  • Chapter 3: Planning for Contingencies
  • Chapter 4: Information Security Policy


Topics: Security Programs, Models, & Practices
Date: Wednesday, 22 June 2005

InfoSec Management 5: Program (2.4 MB PDF, 2.7 MB PowerPoint)
InfoSec Management 6: Models (945 kb PDF, 886 kb PowerPoint)

Readings for this class:

  • Chapter 5: Developing the Security Program
  • Chapter 6: Security Management Models and Practices


Topics: Midterm Exam (chapters 1-6)
Date: Wednesday, 29 June 2005


Topics: Identifying, Assessing, & Controlling Risk
Date: Wednesday, 6 July 2005

InfoSec Management 7: Risk Management ID (2.5 MB PDF, 1.9 MB PowerPoint)
InfoSec Management 8: Risk Management Control (950 kb PDF, 849 kb PowerPoint)

Readings for this class:

  • Chapter 7: Risk Management: Identifying and Assessing Risk
  • Chapter 8: Risk Management: Assessing and Controlling Risk


Topics: Protection Mechanisms & Personnel and Security
Date: Wednesday, 13 July 2005

InfoSec Management 9: Protection (2.8 MB PDF, 2.4 MB PowerPoint)
InfoSec Management 10: Personnel (302 kb PDF, 387 kb PowerPoint)

Readings for this class:

  • Chapter 9: Protection Mechanisms
  • Chapter 10: Personnel and Security


Topics: Law and Ethics & InfoSec Project Management
Date: Wednesday, 20 July 2005

Readings for this class:

  • Chapter 11: Law and Ethics
  • Chapter 12: Information Security Project Management


Topic: Final Exam (chapters 7-12) & Goodbyes
Date: Wednesday, 27 July 2005

WebSanity Top Secret