Skip to main content

CSS 245: Security Policies and Implementation Issues

Course Description

The course will focus on security policies that can be used to help protect and maintain a network, such as password policy, e-mail policy and Internet policy. Topics also include organizational behavior and crisis management. (3 credits)

Prerequisite

  • ITE 145: Fundamentals of Information Systems Security

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.
  2. Recognize the relationship between business drivers and information systems security policies.
  3. Understand the relationship between regulatory compliance requirements and information system security policies.
  4. Analyze how security policies help mitigate risks and support business processes in various domains of a typical IT infrastructure.
  5. Analyze issues related to security policy implementations and the keys to success.
  6. Describe the components and basic requirements for creating a security policy framework.
  7. Describe how to design, organize, implement, and maintain IT security policies.
  8. Describe the different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of a security policy framework.
  9. Describe the different ISS policies associated with the user domain.
  10. Describe the different ISS policies associated with the IT infrastructure.
  11. Describe the different ISS policies associated with risk management.
  12. Describe the different ISS policies associated with incident response teams (IRTs).
  13. Describe issues related to implementing ISS policies.
  14. Describe issues related to enforcing ISS policies.
  15. Describe the different issues related to defining, tracking, monitoring, reporting, automating, and organizing compliance systems and emerging technologies.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

Assignment(s)

Weight

Discussions

10%

Written Assignments

20%

Lab Assignments

20%

Project

25%

Final Exam (Week 15)

25%

Total

100%

Required Textbooks

(Available through our online bookstore)

  • Johnson, Rob, and Merkow. Security Policies and Implementation Issues - Print Bundle for LMS Integrations. 2nd ed. Sudbury, MA: Jones & Bartlett, 2015. ISBN-13: 9781284116991

Note: This is a Print Bundle which includes the textbook and the Access Code required for this course. Student must purchase these materials “New” from the Charter Oak State College bookstore. Used materials or materials from any other source are not acceptable.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1,2,3

Topic: Information Systems Security Policy Management

  • Readings:
    • Chapter 1, “Information Systems Security Policy Management”
    • Chapter 2, “Business Drivers for Information Security Policies”
    • Chapter 3, “U.S. Compliance Laws and Information Security Policy Requirements”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignment
    • Using Security Policies and Controls to Overcome Business Challenges
  • Submit Week 1 Lab
    • Craft an Organization-Wide Security Management Policy for Acceptable Use
  • Complete Project Part 1: A team member list

2

4,5

Topics: Business Challenges and Security Policy Implementation Issues

  • Readings:
    • Chapter 4, “Business Challenges Within the Seven Domains of IT Responsibility”
    • Chapter 5, “Information Security Policy Implementation Issues”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 2 Assignment
    • Policy Implementation Steps
  • Submit Week 2 Lab
    • Develop an Organization-Wide Policy Framework Implementation Plan
  • Complete Project Part 2: A draft of your research of DOD-specific requirements for an organization’s IT infrastructure and U.S. compliance laws that may affect the firm

3

6,7

Topics: IT Security Policies, Procedures, and Guidelines

  • Readings:
    • Chapter 6, “IT Security Policy Frameworks”
    • Chapter 7, “How to Design, Organize, Implement, and Maintain IT Security Policies”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 3 Assignment
    • Security Policy Frameworks
  • Submit Week 3 Lab
    • Defining an Information Systems Security Policy Framework for an IT Infrastructure
  • Complete Project Part 3: A draft of DoD-compliant Policies, Standards, and Controls

4

8

Topics: IT Security Policy Framework Approaches

  • Readings:
    • Chapter 8, “IT Security Policy Framework Approaches”
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 4 Assignment
    • Security Policy Creation
  • Submit Week 4 Lab
    • Craft a Layered Security Management Policy - Separation of Duties
  • Complete Project Part 4: A bulleted list of DoD-compliant Policies, Standards, and Controls

5

9,10

Topics: User Domain and IT Infrastructure Security Policies

  • Readings:
    • Chapter 9, “User Domain Policies”
    • Chapter 10, “IT Infrastructure Security Policies”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 5 Assignment
    • Create User Policy
  • Submit Week 5 Labs
    • Crafting an Organization - Wide Security Awareness Policy
    • Define a Remote Access Policy to Support Remote Health Care Clinics
  • Complete Project Part 5: A draft of your class project report if you want feedback before submitting your final deliverable

6

11,12

Topics: Data Classification and Handling Policies, Risk Management Policies, and Incident Response Team (IRT) Policies

  • Readings:
    • Chapter 11, “Data Classification and Handling Policies and Risk Management Policies”
    • Chapter 12, “Incident Response Team (IRT) Policies”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 6 Assignment
    • Risk Management in a Business Model
    • Create an Incident Response Policy
  • Submit Week 6 Labs
    • Identify Necessary Policies for Business Continuity - BIA and Recovery Time Objectives
    • Crafting a Security or Computer Incident Response Policy - CIRT Response Team

7

13,14,15

Topics: IT Security Policy Implementation and Enforcement, Compliance Systems and Emerging Technologies

  • Readings:
    • Chapter 13, “IT Security Policy Implementations”
    • Chapter 14, “IT Security Policy Enforcement”
    • Chapter 15, “IT Policy Compliance Systems and Emerging Technologies”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 7 Assignments
    • Policy Monitoring and Enforcement Strategy
    • Automated Policy Compliance Systems
  • Submit Week 7 Labs
    • Assessing and Auditing an Existing IT Security Policy Framework Definition
    • Aligning an IT Security Policy Framework to the Seven Domains of a Typical IT Infrastructure

8

1-15

Topics: Course Review and Final Exam

  • Readings:
    • Review the material from the previous weeks to prepare for Final Exam
  • Complete Project Part 6: Final Report Department of Defense (DoD) Ready
  • Complete Final Exam
  • Complete the Course Evaluation

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.