CSS 146: Legal Issues in Information Security

Course Description

This course will focus on an overview of the legal processes involved in implementing and maintaining an e-commerce website. In addition, the course examines security issues involved in maintaining a web or intranet/internet site and potentials for misuse. (3 credits)


  • ITE 145: Fundamentals of Information Systems Security

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Recognize fundamental concepts of information systems security (ISS)
  2. Examine the concept of privacy and its legal protections.
  3. Identify the basic components of the American Legal System.
  4. Describe legal compliance laws addressing how financial institutions protect the security and privacy of consumer financial information.
  5. Describe the main parts of the Health Information Portability and Accountability Act (HIPAA) and how it protects healthcare information.
  6. Describe laws that protect children on the Internet and laws that protect information of children in legal settings.
  7. Describe legal compliance laws that address public and private institutions.
  8. Identify the key components of the Federal Information Security Management Act.
  9. Describe state legal compliance laws addressing public and private institutions.
  10. Analyze intellectual property laws.
  11. Describe the role of contracts in online transactions and cyberspace.
  12. Identify cybercrime and tort law issues in cyberspace.
  13. Examine the principles requiring governance of information within organizations.
  14. Explain the importance of risk management and contingency planning.
  15. Explain the importance of forensics examination in legal proceedings.
  16. Analyze the conception, enforcement and implementation of security policies.
  17. Use risk analysis to develop a response to any given situation that might arise from a violation of security policies.

Course Activities and Grading


Discussions (Weeks 1-7)


Written Assignments (Weeks 1-7)


Lab Assignments (Weeks 1-7)


Quizzes (Weeks 3, 5 & 6)


Project (Week 8)


Final Exam (Week 8)




Required Textbooks

Available through Charter Oak State College's online bookstore

  • Grama, Joanna L (2022). Legal and Privacy Issues in Information Security- with Access Code. 3rd ed., Burlington, MA: Jones & Bartlett. ISBN-13: 9781284220476
    • Note: This is a bundle which includes the textbook and the Access Code required for this course. We discourage students from purchasing “used” materials from other sources due to access codes not working properly.

Course Schedule



Readings and Exercises




Topic: Information Systems Security Overview

  • Readings:
    • Chapter 1 "Information Security Overview"
    • Chapter 2 "Privacy Overview"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 1 Assignments
    • Executive Summary on Risk Analysis
    • Executive Summary on Veterans Affairs (VA) and Loss of Private Information
  • Submit Week 1 Labs
    • Lab 1: Create an IT Infrastructure Asset List & Identify Where Privacy Data Resides
    • Complete Lab 1 Quiz
    • Lab 2: Case Study on U.S. Veteran's Affairs and Loss of Private Information
    • Complete Lab 2 Quiz



Topic: The American Legal System

  • Readings:
    • Chapter 3 "The American Legal System"
  • Read assigned chapter
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 2 Assignment
    • Fourth Amendment
  • Submit Week 2 Lab
    • Lab 3; Case Study on PCI DSS Non-Compliance
    • Complete Lab 3 Quiz



Topic: Security & Privacy of Financial & Health Information

  • Readings:
    • Chapter 4 "Security and Privacy of Consumer Financial Information"
    • Chapter 6 "Security and Privacy of Health Information"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 3 Assignment
    • Privacy Complaint to the Office of Civil Rights (OCR)
  • Submit Week 3 Lab
    • Lab 4: Analysis and Comparison of GLBA and HIPAA
    • Complete Lab 4 Quiz
  • Complete Quiz 1



Topics: Security & Privacy Involving Corporation & Educational Institutions

  • Readings:
    • Chapter 5 "Security and Privacy of Information Belonging to Children and Educational Records"
    • Chapter 7 "Corporate Information Security and Privacy Regulation"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 4 Assignment
    • Protect Children on the Internet
  • Submit Week 4 Lab
    • Lab 5: Case Study on Issues Related to Sharing Consumers' Confidential Information
    • Complete Lab 5 Quiz



Topic: FISMA, Breach Notification & Intellectual Property Laws

  • Readings:
    • Chapter 8 "Federal Government Information Security and Privacy Regulation"
    • Chapter 9 "State Laws Protecting Citizen Information and Breach Notification Laws"
    • Chapter 10 "Intellectual Property Law"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 5 Assignments
    • Analysis of the Breach Notification Law Letter
    • Violation of Copyright Privileges
  • Submit Week 5 Labs
    • Lab 6: Identify the Scope of Your State's Data and Security Breach Notification Law
    • Complete Lab 6 Quiz
    • Lab 7: Case Study on the Digital Millennium Recording Act - Napster
    • Complete Lab 7 Quiz
  • Complete Quiz 2



Topic: Cyberspace Law & Information Security Governance

  • Readings:
    • Chapter 11 "The Role of Contracts"
    • Chapter 12 "Criminal Law and Tort Law in Cyberspace"
    • Chapter 13 "Information Security Governance"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 6 Assignments
    • Organized Cybercrime
    • Executive Summary on Risk Mitigation
  • Submit Week 6 Labs
    • Lab 8: Cyber Stalking or Cyber Bullying Laws to Protect Individuals
    • Complete Lab 8 Quiz
    • Lab 9: Recommend IT Security Policies to Help Mitigate Risk
    • Complete Lab 9 Quiz
  • Complete Quiz 3



Topics: Risk Analysis, Incident Response & Computer Forensics

  • Readings:
    • Chapter 14 "Risk Analysis, Incident Response, and Contingency Planning"
    • Chapter 15 "Computer Forensics and Investigations"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 7 Assignments
    • Executive Summary on Computer Forensic Suites
  • Submit Week 7 Lab
    • Lab 10: Case Study in Computer Forensics - Pharmaceutical Company
    • Complete Lab 10 Quiz



Topics: Course Review and Final Examination

  • Readings:
    • Review all materials from previous weeks in the course.
  • Submit Course Project
    • Document Retention Policy and Litigation Hold Notices
  • Complete Final Exam
  • Complete the Course Evaluation


COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.