University of Dayton
School of Business Administration
Spring, 2021

MIS 365
Protecting Personal Information Resources in an Interconnected World

FINAL VERSION - PENDING ANY NECESSARY UPDATES OR CORRECTIONS.

Any substantive changes to this document will appear with Light Pink Highlight.

Something interesting to read about grades. 

Get your grades (available on Isidore), and teams. 
Jump to course schedule

This page was last modified on Wednesday April 28, 2021

NOTE:  ALL ASSIGNMENTS ARE DUE AT START OF CLASS ON THE DATE THEY'RE DUE UNLESS OTHERWISE INDICATED.

Link to articles from everybody.

 

INSTRUCTOR:

Dr. David Salisbury

OFFICE:

Miriam Hall, Room 338

PHONE:

9-8085

EMAIL:

salisbury@udayton.edu

WEB PAGES:

http://www.davesalisbury.com/ (professor)
http://www.davesalisbury.com/classtuf/MIS365/  (class syllabus)

http://Isidore.udayton.edu (follow links on Isidore)

TWITTER: @DrDaveSalisbury

CLASS MEETINGS:

T/TH 200-315 – ONLINE VIA ZOOM

OFFICE HOURS:

MW 1100-100 TTH 315-415 ON ZOOM (email usage is encouraged) or by appointment. Hours subject to change due to unforeseen circumstances. Any changes will be communicated to students via email


PLEASE NOTE:  IN THE EVENT YOU ARE TAKING THIS (OR ANY OF MY CLASSES) ONLINE, YOU ARE RESPONSIBLE TO HAVE A FUNCTIONAL INTERNET CONNECTION.  NO ACCOMMODATION WILL BE MADE DUE TO MISSED EMAILS, INABILITY TO STREAM VIDEO/AUDIO, OR TO ACCESS COURSE RESOURCES ON THE ISIDORE WEBSITE.  BY TAKING ANY CLASS ONLINE YOU ARE AGREEING TO THESE TERMS.  THIS STATEMENT WILL APPEAR ON ALL MY SYLLABI REGARDLESS OF NEED.

 

Course Overview

In an increasingly interconnected world, threats to the confidentiality, integrity and availability of valuable information resources are increasingly salient.  This creates particular challenges for the individual who wishes to put online resources to their fullest use.  This course will help students identify threats to confidentiality, integrity and availability of information resources, and how individuals can put in place appropriate controls to protect their personal information.  Further, a critical assessment of the impact of these technologies on various vocations and other pursuits will be introduced.  Some discussion of how these basic concepts apply in organizational membership will also be discussed. 

As part of the course, students will assess current threats to computer information & network security and perform security tests & evaluation on their personal machines.  Students will further research current and emerging threats to information security, and concerns to society that have emerged because of the widespread adoption of online data storage and transmission.  This course is intended to introduce students who have a basic or even limited understanding of computer hardware, software, and operating systems to concepts that will increase their knowledge, proficiency and skills in computer information & network security management controls to be certain that these are commensurate with the level of exposure.

As with all courses in the School of Business Administration at the University of Dayton, this course attempts to advance the University and School mission, to wit:

The School of Business Administration is a learning community committed in the Marianist tradition to educating the whole person and to connecting learning and scholarship with leadership and service in an innovative business curriculum designed to prepare students for successful careers in the contemporary business environment. 

To this end, the information security management course is designed to bring theory designing information systems to be secure into the course, allow you to put this learning into practice by performing a security assessment on a simple system and by preparing for a relevant practitioner certification test, and by doing so contribute to your understanding of how information systems may be designed and built in a secure fashion so you may eventually apply this knowledge in your future coursework and/or careers. 

Course Texts

Some of you may choose to get the books at the UD bookstore.  However, it is anticipated that some will engage in whatever searches are necessary to secure the appropriate books at the lowest cost.  Hence, the ISBN is provided so you may verify that the book you get is the one I'm using.  I am not responsible for books that do not match. 

Meeuwisse, R. (2016) Cybersecurity: Home and Small Business.  Kent, United Kingdom:  CyberSimplicity.  ISBN 978-1-911452-04-1.

Readings available on Isidore

Other materials to be distributed as necessary, either electronically or in class.

A functional laptop computer with appropriate software (note that some software is provided on the server side at links provided by the instructor).

Finally, the following books are not at all required for the course, but are good reads about the concerns in play:

Clark, R. A. and Knake, R. K. (2010). Cyberwar: The Next Threat to National Security and What to do About it. New York: HarperCollins. 

Verton, D. (2003). Black ice: The Invisible Threat of Cyber-Terrorism. New York: McGraw-Hill/Osborne.

Topics to be Addressed

·         Assessment of security controls for personal information and technology for processing, storing and transmitting same

·         Identification and correction of  information security gaps in their personal information technologies

·         Identify and assess impacts to one’s life and career of the ubiquitous nature of information and information technologies in society

·         Apply knowledge of general phenomena to one’s own major course of study and UD ILG’S, in particular Practical Wisdom and Critical Assessment of our times

Course Procedures

Course Assignments

A large proportion of each student's grade in this course will be assessed on the basis of the student's performance on various assignments that are expected to be completed through the semester. All assignments are to be completed by individuals, unless otherwise stated on the assignment. All assignments for this course are to be made via the World Wide Web, at the URL noted above, or on Isidore. 

Timeliness of Assignment Submission

It is important to submit assignments on time. All assignments are due on the assigned date. Late assignments will not be accepted. You are all going to be in the real world someday, and this is how they do it there. This policy will be strictly enforced, except as mentioned under the excuses section. Please also know that if the first assignment is late, you put yourself severely behind for subsequent assignments.

Please be aware that no excuses except the approved ones noted in this document below will be accepted for assignments not being submitted on time, unless it's really good.

You should also be aware that you are responsible to see that your assignment has been submitted properly. I am not going to be chasing people down to make certain that they have submitted their work. In addition, due to the number of assignments in a class like this, you are also responsible to keep backups of all submitted work in case something gets lost in the shuffle, and you should keep all returned assignments until the end of the semester as proof they were submitted and marked.  Finally, marks which have been posted for one week are final.  Hence, you should keep track regularly of your course marks as posted on the database. 

Finally, to discourage procrastination, I will offer no assistance on class assignments after 5PM on the day before they are due. This policy will be strictly enforced.  If an assignment is due on Wednesday (as an example) the last assistance I will render ends at 5PM on Tuesday. 

Class Attendance and Participation

Class time will be devoted to lectures, case discussion, demonstrations of relevant topics and issues. Contrary to popular belief, my job is not merely to impart information to you, but to help you learn. The mind is not a vessel to be filled, but a fire to be lighted. Your participation is extremely important to the learning process for yourself and the entire class. Consequently, class attendance and participation are strongly encouraged. For your information, I do keep a participation record, and it will influence your mark. Please also note that attendance is not the same as participation. 

The way participation will be tracked is this.  Everybody starts with a C (75%).  You are expected to log in to every class and have your video on (and Isidore offers a way to track this).  Do this and you hold serve (i.e. stay at 75%).  If you say something interesting in class (we'll negotiate and reward this live), you get half a point (up to 15 points for the term).  If you find an interesting article/news story/blog about cybersecurity or information privacy (or something closely related), send it to me and you get a two points (up to 10 points total).  First person to send in an article gets credit - not everybody gets to claim the same article.  Miss a class and you lose 5 points (save for legitimate reasons, negotiated in advance or by policy).  Miss more than 3 classes and you get a zero for participation.   Being online less than 75% of the time during class is a miss. 

Another encouragement to attend is that you are responsible for anything that transpires in class. If you miss an assignment due date or other changes because you were not in class (or don't get it via email), it is your problem.

Classroom Decorum

You should be aware that your actions in the classroom environment should demonstrate intellectual engagement in the course content, and as well respect for your classmates and for your instructor. As such, allowing noise from the background to routinely impinge in the classroom is contra-indicated.  We can mute the mics when we're not talking. 

Further, since this is an online class, there are a few other things.  Cameras are to be on unless circumstances dictate.  Mics too (try to mute them if there are loud noises or you need to cough or something).  Streaming movies/sporting events, etc., during the class is not approved.  I can't really enforce that, but if you're asked to respond for something and take forever to do so, it probably won't help participation.  

Relevant to computer use, engaging in chat sessions, web-browsing, reading your email and other behavior of this type means that you are not paying attention to the material being discussed. Almost invariably this results in disruption to the learning environment as students who have not been paying attention find themselves behind and ask questions that have already been addressed. When you are in the classroom (in whatever form it takes), you are expected to be engaged intellectually.

You should also be aware that being late for classes is no excuse to receive extra time on in-class activities or assignment submission deadlines. To arrive late disrupts the learning environment and, unless there is ample reason (see approved reasons, below) also demonstrates lack of respect for your classmates.  If you are late for class on a day with a required in-class activity you will have less time to complete this. Finally, when assignments are due at the start of class, arriving late to class (i.e. significantly after the assignment has been taken up) is grounds for the assignment due that day to be considered a late submission.

I reserve the right to take corrective action if these issues create problems.

Please know that the intent of these policies is not to be unreasonable; it's an odd time in the life of the academy, and we're all going to have to live with a bit of grace.  Further, there are emergency situations in which constant availability via electronic communication may be necessary. In this case, simply notify the instructor of the situation and a reasonable accommodation can be made.

Reading Assignments

While there is not a large amount of material to be covered through this course, it is rather easy to fall behind. Please ensure that you stay current in your readings -- it is expected that you will have read in advance the material to be covered in class on a given day, and be able to discuss it.

Communication with the instructor

While I am around a lot, I am not in perpetually. Consequently, much interaction with me will be through e-mail (salisbury@udayton.edu).  You should also note that I intend to communicate with you via email as well; hence, it is important that you check your email often, and clean out old messages so that you do not exceed your email quota (which would result in the message "bouncing"). 

Grading Scale and Course Components

The grading scale and grading components are presented below. If you make any of the cut-offs, you will receive that mark. For example, if you earn 930 points, you will receive an "A" for the course, or if you receive 885 points, you will receive a "B+" for the course.

MIS 365 Grading Scale

Grade Assignment

Grade Components

(A)
(A-)
(B+)
(B)
(B-)
(C+)
(C)
(C-)
(D)
(F)

>=930
>=900 <930
>=870 <900
>=830 <870
>=800 <830
>=770 <800
>=730 <770
>=700 <730
>=600 <700
<600 (failure)

Individual Assignments/Exercises
Research Project
Class Participation
Lowest Exam Score
Highest Exam Score

Total Points

225
250
125
175
225

1000



Since the marks in my classes over the long term tend to look like a normal curve, I tend not to force an artificial curve. On the odd chance that there is a curve it will be applied only on the overall grade in all sections I teach. Thus, no question of curving will be entertained until after the final. In addition, no extra credit assignments will be offered; if you are unable to perform well on what has already been assigned, I don’t wish to burden you with extra work.  Finally, I encourage you that if you are in trouble, try to demonstrate an effort to improve and ask for help. Do not fail in silence.

Examination Procedures

The examinations will contain case-based questions, objective-style questions, and problem-solving questions. Exams will be based on the required text, on the in-class material associated with computer software, and on the other readings assigned by the instructor. Please note this carefully: There will be NO make-up examinations, save for university-approved reasons. If you must miss an examination, be prepared to document a university-approved reason. Job interviews, site visits and incarceration due to over-exuberant St. Patrick's Day participation are examples of reasons that are NOT university-approved.

Academic Dishonesty

I refer you to the UD Honor Pledge:

I understand that as a student of the University of Dayton, I am a member of our academic and social community; I recognize the importance of my education and the value of experiencing life in such an integrated community.  I believe that the value of my education and degree is critically dependent upon the academic integrity of the University community, and so in order to maintain our academic integrity, I pledge to:

In doing this, I hold myself and my community to a higher standard of excellence, and set an example for my peers to follow.  Instructors shall make known, within the course syllabus, the expectations for completing assignments and examinations at the beginning of each semester. Instructors shall discuss these expectations with students in a manner appropriate for each course.

I will vigorously pursue the prosecution of academic dishonesty. It is understood and that students often learn and work together; consequently you may be asking questions or getting help from others. Be very clear, however, that there is a reasonably obvious distinction between getting help and getting one's work done by somebody else. In instances where such misconduct is proven, I will invoke University of Dayton policy to the fullest extent, which is to say that, at minimum I will assign a zero to the relevant assignment, and, in more serious instances will assign the letter grade of "F" in the course. Please consult the most recent edition of the "Student Handbook" for further information on Student Code of Conduct and Academic Policies.

Intellectual Property Rights

The advent of websites such as Course Hero forces your instructor to issue a reminder regarding the intellectual property rights of various persons or organizations, including but not limited to your instructor, any guest speakers and course text author's rights. You should be aware that ALL assignments, examinations, worksheets, problems, projects, documents, recordings, or other materials distributed or used in this course cannot be reproduced, distributed, or transmitted in any form or by any means, including but not limited to scanning, photographing, copying, uploading, or other electronic methods, without the prior written permission of the instructor or copyright holder.  Any violation of this notice may result in a charge of academic dishonesty, academic penalties, other University disciplinary action, and/or legal recourse.

Acceptable Excuses for Rescheduling Exams, Late Assignments, etc.

Note: It is conceivable there are other acceptable excuses that I've not anticipated, but you must receive permission from me personally in advance.

Additional Learning Support for Students

The University of Dayton and your instructor are committed to providing equal access to its educational opportunities for all our students, including those in need of accommodation due to disability.  Students who believe they have such need are invited to meet with your instructor privately to discuss specifics.  Formal disability-related accommodations are determined by the Office of Student Learning Support using specific guidelines.  As a consequence, it is important that a student needing accommodation be registered with SLS and notify your instructor of your eligibility for such accommodation with a signed SLS Self-Identification Form.  With this, and in consultation with the SLS, your instructor will devise the appropriate accommodation(s) for your need.

Even if you do not have special needs per se, you may find resources provided by the Office of Student Learning Support helpful, with a variety of services to assist you in achieving academic success at the university, including study skills classes and workshops, tutoring and consultations, et cetera. 

Four Easy Ways to Raise Your Grade

Changes to the Syllabus

Since the main objective of this class is for you to learn relevant and useful stuff. I reserve the right to alter the syllabus as necessary to meet this goal. Any such changes will be announced, in class, and will be explained.

Finally

I took this position because I enjoy teaching. I genuinely care about you and your progress in the class. If you have a problem, complaint, comment, concern, etc., please schedule an appointment or drop in during open office hours.Schedule--Subject to review and change. 
Assignment links will be added soon.

Schedule--Subject to review and change.
Assignments are stored in Isidore resources.

 

Class Date Anticipated Topics Class Slides, Reading Chapter Assignments & Due Dates

January

T
19

Course Introduction & Overview
Brief History of IT & IS Security

Salisbury, Miller & Turner (2011)

R
21

   

T
26

Some very basic stuff about IT and Networks  

R
28

Understanding Cyber Risk Meeuwisse - 1

February

T
2
Identifying where your risk lies Meeuwisse - 2
R
4
Discussion of how Assignment 1 works  

T
9

Who are the cyber-criminals?

Meeuwisse - 3

R
11

Discussion closing out 1 and introducing 2 Individual Assignment 1 DUE
(Environment of your system and information) 

T
16

Security Preparation & Training
Discussion of Assignment 3
Meeuwisse – 4

R
18

  Individual Assignment 3 - Proposed Topics (5, ranked) DUE (Research and assess a breach)

T
23

One-day mini break - no class

R
25

Basic methods of cyber-defense

Meeuwisse - 5
Individual Assignment 2  DUE
(Impact of a breach of C, I, A on your devices)

March

T
2

Combating social engineering attacks (e.g. phishing)
Discussion of Major Research Topics (what this is about)
Meeuwisse – 6

R
4

  Major Research Paper Proposed Topics  DUE
T
9

Review & Catchup
 
R
11
Midterm Exam

T
16

How do I know if I've been breached? Meeuwisse – 7

R
18

   

T
23

Cybersecurity in Small Business Meeuwisse - 8

R
25

  Major Research Paper Extended Abstract DUE

T
30

Day on Vulnerability & Patch Scanning (needed for Assignment 4)

Demo will be on a Windows box, but the package pretty much works the same.
The difference will be in removing or updating selected packages). 

1-2 students take 20 minute meeting about major research paper.

April

R
1

Presentation day - Individual Assignment 3

Individual Assignment 3 -Presentations slide decks DUE
Papers 
DUE FRIDAY, April 2 NLT 5PM

T
6

Keeping devices secure

Meeuwisse – 9

1-2 students take 20 minute meeting about major research paper.

R
8

Recovering from a breach/attack

Meeuwisse – 10
Indivudual Assignment 4 DUE - Security assessment – technical controls on devices

1-2 students take 20 minute meeting about major research paper.

T
13
Advanced persistent threats
Reviewing the Basics
Meeuwisse – 11
1-2 students take 20 minute meeting about major research paper.

R
15

Work day on Projects

I will be available on Zoom (just working) for anybody with questions.

T
20

Current Events (Not Petya, SamSam and others as examples) Read Wired article on NotPetya.
1-2 students take 20 minute meeting about major research paper.

R
22

Stander Symposium - No class (you can work on your projects if you'd like).

I will be available on Zoom (just working) for anybody with questions during class time.

T
27

Presentation Day Research Project Presentations (will be done via video conference) and slide decks DUE

R
29

Review and catch-up Research Project Final Deliverables (papers) DUE
Individual Assignment 5 DUE - Correcting and updating device and procedural controls.

Final Examination (from UD Spring 2021 Final Exam Schedule)

Tuesday, May 4 at 1220 PM

You will take the final on Isidore, while connected to me via Zoom (for proctoring and answering any questions).