Course Syllabus

SRA111: Introduction to Security and Risk Analysis CourseSyllabus

LAST UPDATED 1/25/16

Course Info:                                                                               Section//Semester: Section 001//Spring Semester, 2016

Class Meeting Place/Times: 205 IST Bldg, Monday/Wednesday/Friday 9:05 - 9:55 a.m.  

Credits 3 CreditsPrerequisites None

 

MEET YOUR TEACHING TEAM                                                

  

Instructor: Megan Costello, Esq., Lecturer, ISTOffice: 101D IST BldgTel: 814-867-2834 (office)Email: mcostello@ist.psu.eduOffice Hours: Wednesdays, 2:30pm-3:30pm,

LA: Teddy WolfE-Mail: Contact through Canvas onlyOffice Hours: Fridays from 10:00am-11:00am,IST Cafe (and by appointment)  LA: Christina McMahon

101D IST (and by Appointment) E-Mail: Contact through Canvas only

Office Hours: Thursdays from 1:30pm-2:30pm (and by appointment)

 

REQUIRED TEXT                                                                        

 

 

In addition to weekly handouts via our Canvaswebsite, SRA111 requires the following text:

Principles of Information Security, Fifth Edition byMichael E. Whitman and Herbert J. Mattord,Thompson Press, 2015

ISBN-10: 1285448367

ISBN-13: 9781285448367

NOTE: We CANNOT confirm appropriateness ofother editions  (earlier editions, international edition,etc.), but suggest students compare with currentedition available in Pattees’s course reserves.

Former students also suggest amazon.com,textbooks.com, textbookw.com, and chegg.com,among others. Please post newer suggestions in ourCanvas “Community Forum”

 

COURSE DESCRIPTION                                                             

Regardless of profession, security, risk, and risk analysis have become critical aspects of everyday life. This course relatessecurity planning to study options in the College of IST’s Security and Risk Analysis major: Information & CyberSecurity, Enterprise Factors & Risk, and Intelligence Analysis & Modeling. Coverage includes informationstorage/access/networking risks, legal/ethical issues, criminal/terrorist exploits, and threats from global information/intelligencewarfare.

Students will learn management of key risks through judicious application of three control “tools”: Programs (e.g., securityeducation, training, and awareness), Policies (e.g., laws), and Technologies (e.g., firewalls, intrusion detection systems). Thus,students will be exposed to a full spectrum of security activities, methods, methodologies, and procedures.

The stakes are high as recent exponential growth in information parallels our dependence on information. “Security” (i.e.,“freedom from harm or danger”) is needed for people (managers/policy makers, end-users/citizens, and related stakeholders),information, as well as other assets deemed valuable. 

COURSE STRUCTURE AND OBJECTIVES   

The semester will be divided into six discrete, yet interrelated units.

Unit 1: Introduction / The Need for Security

Unit 2: Legal, Ethical and Regulatory Issues of SRA

Unit 3: Risk Assessment and Management

Unit 4: Personal Security

Unit 5: Enterprise Security

Unit 6: National Security

 Course Objectives                                                

SRA111 is an introductory course taken by students from all experience levels and backgrounds. Students without prior

experience should be successful while more experienced-students will also learn something new.

Our specific semester question is:  “How do we manage growing threats to personal, enterprise, and national security?”

Students without prior experience should be able to:

Define security, risk, risk analysis, and related terms,

Prioritize personal and information assets, and threat/vulnerability pairs,

Create a personal information security blueprint, and

Describe risk analysis (i.e., critical thinking), and control tools such as policies, education and technologies (i.e., firewalls,

VPNs, access control, and cryptography).

Course Website on Canvas (Canvas Pilot Program)                                                  

All relevant course-related documentation and information will be posted on Canvas, as part of Penn State's Canvas pilot

program. It will be the primary mode of communication for this course.

To access SRA111 information online: go to the Canvas Websitehttp://psu.instructure.com and logon using your PSU username

and password. All necessary updates and/or changes to the course will be reflected in the online course management system. If

necessary, detailed instructions on how to use the system will be reviewed in class.

CLASS SCHEDULE                                         The Canvas calendar page showcases all up-to-date information regarding course schedule information. In the event that any

major deliverable date needs to be changed, students will be notified in advance. In addition, a tentative weekly course schedule

will be provided on Canvas.

Changes to Class Schedule                                                

Note that the class schedule is tentative. Topics on this class schedule will be covered as time permits. Schedule changes will be

posted to the SRA111 Canvas website and announced in class. Students should anticipate the addition of reading and

other assignments and in-class exercises over the course of the semester, and should periodically check for

updated class schedules.

CONTACTING THE TEACHING TEAM                                        We have a large group of students this semester and we want to make SRA111 as efficient, engaging and enriching as possible.

Your questions and feedback are very important to the teaching team. To ensure that we are able to address your needs to the

best of our ability, please reference this segment of the syllabus often regarding contacting the teaching team.

FIRST, RE-READ THE SYLLABUS!

This syllabus is your guiding document throughout the semester with regard to all policies and procedures in SRA111. If you have

any questions or concerns in SRA111, it's important to start by re-reading the syllabus. More often than not, this document

contains the answer you are looking for!

If after you've read the Syllabus you still need clarification, please utilize the following methods of contacting the teaching team:

General Questions                                                   

Do you have a general question about SRA111, or about our deliverables or content? If so, these types of questions generally

benefit the class as a whole. (After all, if you're confused about something, there are probably a few other students that could

benefit from the same answer as well!) If so, utilize the following contact options:

➾Question Cafe

The Question Café is a forum on our SRA111 Canvas portal for general student questions. We created this forum so

everyone in the class can see your question and the corresponding answer from the teaching team. If you have general

questions about SRA111, please try to direct these to the Question Café.

Likewise please subscribe to the Questions Cafe for important announcements, questions, and updates.

➾Class Discussion Board

The Class Discussion Board is available for you to post information and questions relevant to SRA111. Feel free to share

relevant articles about Security and Risk in the news, Career Tips, etc.  

Likewise, please subscribe to the Class Discussion Board for important announcements, questions, and updates.

Private Questions                                                       

If you have a question that is private to you or your group, do not utilize the Question Café or the Class DiscussionBoards. Instead, utilize the following contact options:

➾Message the Teaching Team via Canvas

Our Course is taught via the Canvas portal. As such, you must utilize Canvas for all correspondence with theteaching team.

Be sure to send your message to the entire teaching team (Professor Costello AND our LAs) so we are able to easily

reference and respond to your messages.

➾Visit Office Hours

Regular office hours for the teaching team will be announced early into the semester. Unless otherwise noted, once these

office hours are announced, the teaching team will be available during this time period on a weekly basis to answer any

questions or concerns you may have about SRA111.

Special Note: Questions Directly Before/After Class Periods

Students often have questions related to personal performance, grades, and other issues directly before or after class. Thesetimes are -- by far -- the busiest times (aside from class time) for the teaching team. Unfortunately, this short timeframe does notgive us enough time to adequately address these types of student issues or questions.

If you have a question directly before or after class regarding SRA111 that needs attention, you will be asked to fill out a meetingrequest form. We will review these requests and get back to your inquiry as soon as possible. If needed, we will arrange for ameeting with you during office hours regarding your specific question or issue.

COURSE EVALUATION                                          

Grade Assignments                     Students are guaranteed the following grade assignments if they meet the cutoff points listed below:

Cutoff: Grade

93.00% and above  A

90.00% - 92.99% A-

87.00% - 89.99% B+

83.00% - 86.99%. B

80.00% - 82.99% B-

77.00% - 79.99% C+

70.00% - 76.99% C

60.00% - 69.99% D

less than 60.00% F

The above cutoffs are never raised; in rare circumstances, the instructor may elect to slightly lower some cutoffs at the end of thesemester when assigning grades. Any adjustments will be made uniformly to all students.

Since our policy is uniform consideration, we do not respond to individual requests forspecial consideration.

Grading Rubric:          Students are provided multiple opportunities to demonstrate course material proficiency. All assignments are required,grades are not “curved,” and there is no extra credit. Note “problem resolution time limits” below under Grade Distribution

and Canvas Grade Book.

Course Requirements:    Quizzes - 40%

Team Research Video (total, 30%)

Milestone 1- 4%

Milestone 2- 4%

Milestone 3- 5%

Milestone 4- 6%

Milestone 5- 7%

Milestone 6- 4%

Homeworks- (total, 20%)

HW1: Student Intro - 1%

HW2: Case Conficker- 2%

HW3: PerSec Lab- 5%

HW4: CryptoGame 5%

HW5: Intel Analysis Game- 7%

In Class Activities- 10%

---------------------------------------------------

Total - 100%

ASSIGNMENTS                                          SRA111 requires students to demonstrate course material proficiency through the submission of multiple team and individual

assignments throughout the semester. Unless otherwise noted, assignments are due no later than the due date specified on

Canvas. Submission details will be provided with each assignment. Please reference the schedule section of this Syllabus and

the course Calendar for a more in-depth look at due dates, point distributions, etc.

Extra Credit Policy:   SRA111 is structured so that lessons, assignments, and other features of the course are available well in advance of all due

dates. Because students will have ample time to complete this required work, there is no opportunity for extra credit in this

course.

Grade Disputes:    If you believe that you have received a grade for a particular deliverable in error, it is your responsibility to provide the instructor (in

writing) the following information:

1. the grade and assignment in question

2. why you feel this grade was given in error; and

3. your proposed solution for this grade.

I will review your memo and provide you feedback concerning my decision.

Any grade disputes received 1 week after grades have been posted for a particular

assignment will not be accepted 

Late Assignment Policy: Students are responsible for completing their own work and submitting their deliverables as directed on all assignments. Allassignments must be completed on time to be eligible for full-credit.

Advice for SRA111 students: make sure to start working early on all assignments! Since assignments are noted in thesyllabus and are given well in advance, students are encouraged to complete assignments well before the due date. Students willnot be penalized for submitting work earlier than the assigned deadline.

Late assignments, if permitted in writing by the instructor, will result in an automatic 20% point reduction. Pleasenote that any assignments received 1 WEEK after the assigned due date will not be accepted and will not be eligiblefor credit.

Working in Teams:   ➾Team Assignments

Group work is a mandatory aspect of SRA111. Students will self-select teams based on video topic interest and will berequired to work on several deliverables as a team.

While time may be made available during class, all team members are expected to make themselves available outside ofclass to work on team project(s). Each individual is expected to contribute to the project, be respectful of alternative views,be considerate of others, and work collaboratively to complete tasks.

➾Group Conflicts

In the event that an issue may arise where an individual is impacting the group’s ability to complete assignments, the groupmust first work to resolve the issue together. If the group is unable to resolve the issue to all members’ satisfaction, theissue can then be escalated to the instructor.

To escalate an issue, groups should provide a written explanation of the issue and a description of how the groupattempted to address the problem. In the unlikely event a team member is unable to continue working on a team, that teammember will be required to complete the project on his or her own.

➾Individual Assignments

In addition to teamwork, students will be required to submit individual assignments. Assignments requiring individualsubmissions will be noted in class and on Canvas.

GENERAL ASSIGNMENT DESCRIPTIONS                                   

➾Quizzes

There will be six quizzes given at the completion of Units 1, 2, 3, 4, and 5, & 6 based on material covered during each unit.Each will consist primarily of objective multiple-choice questions, but may also include true & false, short answer and/oressay questions. 

Topics discussed during all class sessions will be tested on the quizzes. The slides on which instructor presentations arebased will contain most, but not all of the material for which students will be responsible. Similarly,students are

responsible for material contained in all assigned readings.

The dates for unit quizzes indicated on the class schedule are subject to change; any changes will be announced in classand posted to the course Canvas website.

Unless otherwise noted by the instructor in advance: all quizzes are closed book and closed note. Students who arrive lateto a quiz or who utilize any materials (including but not limited to: laptops, smart devices, and cellphones) during a quiz willbe asked to leave the testing area and will receive a zero (0) on his or her quiz. No exceptions. Please see our "academicintegrity" section for more information.

➾Make-Up Quizzes

Because students are permitted to drop the lowest quiz grade in SRA111,make-up quizzes are NOT available.

➾Team Research Video Project

The team research video projects are video presentations limited to 5 minutes in length that require research by all classteams. The project is divided into several milestones and result in a final presentation configured as an online video report.Videos should enable other users to gain a deeper understanding of an important topic in security and risk analysis.

Students will be given the opportunity to self-select groups at the beginning of the semester, by area of interest, on a first-come-first served basis. The instructor reserves the right to make changes to groups at any time. 

➾Homework

As we progress through SRA111, we will encounter several graded homework assignments that correspond with our unittopics. The instructions for each homework assignment will detail whether it is an individual or team-based assignment.

➾In-Class Activities

We will have several in-class activities throughout the semester. These activities are designed to offer some “hands-on”learning opportunities, additional subject enrichment, and to provide a real-world perspective to SRA-related issues. Pleasenote that these in class activities  may be unannounced. Students should always come to class prepared and ready todiscuss the topics and readings covered during class time. Because in-class activities require students to be present tocontribute to the overall class discussion, make up in-class activities are not available.

Please note that not all in-class activities will be announced in advance, and no make ups will be available.

ATTENDANCE AND PARTICIPATION     

Prepared attendance is expected for all classes, quizzes and group activities. The primary method by which we will assessattendance will be through a variety of in-class activities that will be randomly distributed (both announced and unannounced)throughout the semester. Please see the “In Class Activities” section of the syllabus for more general information on these typesof assignments.

Penn State’s class attendance policy (Links to an external site.)  states that students who opt to miss a class to participatein a University-sanctioned activity are responsible for any work missed during the absence.  If you will be missing class aspart of a University-sanctioned activity, please complete and submit a class absence form (Links to an external site ) to theteaching team prior to the University-sanctioned activity.

"University Excused" Absences

If a “University Excused Absence” prevents you from attending class, it is important that you email the entire teaching team from

Canvas ( to Professor Costello and all LAs) prior to any university excused-absences that may interfere with assignment

completion. 

Students who are absent from the university for a "university excused" absence should plan to complete and submit

assignments BEFORE departure (if the date due for the assignment occurs during their period of absence).

What Constitutes a University Excused Absence?

Serious illness or injury ( a medical excuse from your healthcare provider may be required)

University-approved curricular or extra-curricular activity

Emergency Military Service (excluding regular pre-scheduled activities)

Extreme family emergency or death (note: weddings, graduations, or similar festivities are NOT valid excuses)

Religious holiday or event (notify instructor at the beginning of the semester)

**please note that job fairs and other on-campus career events are not considered university excused absences**

Responsibilities if You Miss Class:If you are unable to attend class, you are still responsible for information covered in class and any assignments due that day.

Participation:Participation in the classroom is expected, as is the timely completion and submission of all out- of-class assignments.

Tardiness:Tardiness is not accepted in SRA111 and excessive tardiness will have an impact on your overall grade. Please plan to arrive a

few minutes early and to remain until class is dismissed to help avoid disrupting class discussions or your classmates’

concentration.

Please note that if you arrive AFTER a quiz or in-class activity has started, you will not be permitted to take these

assessments nor will you be able to re-schedule these assessments with the teaching team.

Additional Policies    Special Note: Make-Up Work

No make-up work will be given without prior approval by the instructor and valid written documentation supporting the

request. This includes all homework assignments and in-class activities.

In-Class Technology PolicyThere will be times when computer use during class will be both encouraged and necessary to complete in-class

activity assignments. Otherwise, smartphones, classroom computers or laptop computers may not be used for any purpose

unrelated to class work or class discussion.

The instructor reserves the right to require all classroom computers to be turned off if this policy is not respected. Likewise,

continued electronic use against course policy can have a negative impact on a student's participation grade.

No Legal Advice

No Legal Advice

Although SRA111 discusses many basic issues (including legal issues) throughout the course of the semester, this course is

meant for educational purposes only. It is not meant to serve as legal advice in any capacity. If you require legal advice, contact

Student Legal Services (Links to an external site.).

Pennsylvania State University Policies Related to this Course   Academic Integrity

According to the Penn State Principles and University Code of Conduct:

Academic integrity is a basic guiding principle for all academic activity at Penn State University, allowing the pursuit of scholarly

activity in an open, honest, and responsible manner. In according with the University’s Code of Conduct, you must not engage in

or tolerate academic dishonesty. This includes, but is not limited to cheating, plagiarism, fabrication of information or citations,

facilitating acts of academic dishonesty by others, unauthorized possession of examinations, submitting work of another person,

or work previously used without informing the instructor, or tampering with the academic work of other students.

Any violation of academic integrity will be investigated, and where warranted, punitive action will be taken. For every incident

when a penalty of any kind is assessed, a report must be filed This form is used for both undergraduate and graduate courses.

This report must be signed by both the instructor and the student, and then submitted to the Senior Associate Dean.

Affirmative Action & Sexual Harassment

The Pennsylvania State University is committed to a policy that all persons shall have equal access to programs, facilities,

admission, and employment without regard to personal characteristics not related to ability, performance, or qualifications as

determined by University policy or by Commonwealth or Federal authorities. Penn State does not discriminate against any person

because of age, ancestry, color, disability or handicap, national origin, race, religious creed, gender, sexual orientation, or veteran

status. Direct all inquiries to the Affirmative Action Office, 211 Willard Building.

Americans With Disabilities Act:

IST welcomes persons with disabilities to all of its classes, programs, and events. If you need accommodations, or have

questions about access to buildings where IST activities are held, please contact us in advance of your participation or visit. If you

need assistance during a class, program, or event, please contact the member of our staff or faculty in charge.

An Invitation to Students With Learning Disabilities

It is Penn State’s policy to not discriminate against qualified students with documented disabilities in its educational programs. If

you have a disability-related need for modifications in your testing or learning situation, your instructor should be notified during

the first week of classes so that your needs can be accommodated. You will be asked to present documentation from the Office

of Disability Services (located in 116 Boucke Building, 863-1807) that describes the nature of your disability and the

recommended remedy. You may refer to the Nondiscrimination Policy in the Student Guide to University Policies and Rules.

 

▸▸▸This syllabus is subject to change. Changes, if any, will be announced via email and/or anannouncement in Canvas. Students will be held responsible for all changes◂◂◂