Syllabus for IAS-554

Policies and Procedures Development and Implementation

COURSE DESCRIPTION

Information technology professionals, whether in the public or private sector, must ensure that their information systems comply with privacy and security laws, regulations, directives, and any organizational policies, procedures, and guidelines. This challenge can be a daunting task and confronts both public and private organizations alike. To meet this charge, they develop and implement security policies and procedures that explicitly define the organization’s security protocols. Security policies are custom-created, dynamic standards of business conduct. While the best practices of the information security field form the basis of any security policy, each organization has unique requirements that shape policies used to manage security.

Students in this course will develop the skills and knowledge needed to access the security posture of an organization and then apply the information gathered during this assessment to inform stakeholders about the challenges inherent to their unique information assurance landscape. They will learn to develop processes and define policies that achieve the targeted level of security for an organization based on the level of risk mitigation required. With respect to securing networks and systems, people are often the weakest link. To address this challenge, students in this course will learn to develop policies and best practices for members of technology groups as well as for system users. Students will develop training documentation for management, technical, and user populations that exposes them to the policies and processes required to secure information technology and to align these with the business objectives of the organization.

COURSE TOPICS

• Policy elements
• Information security framework
• Governance and oversight
• Risk management
• Asset management
• Access control
• Operations security
• Incident management
• Regulatory compliance

COURSE OBJECTIVES

After completing this course, you should be able to:

CO1        Examine an information assurance policy.

CO2        Construct an information assurance framework.

CO3        Examine key stakeholders that maintain effective governance practices.

CO4        Investigate and solve potential information assurance liabilities.

CO5        Support open and appropriate communication practices.

CO6        Critique and improve an incident response practice.

CO7        Appraise current regulatory compliance requirements.

CO8        Develop an effective information assurance policy for an organization. 

COURSE MATERIALS

You will need the following materials to do the work of the course. The required textbook is available from the University’s textbook supplier, MBS Direct.

Required Textbook

• Greene, S. S. (2014). Security Program and Policies: Principles and Practices (2nd ed.). Pearson Education.

ISBN-13: 978-0789751676

COURSE STRUCTURE

Policies and Procedures Development and Implementation is a three-credit, online course consisting of six modules. Modules include an overview, topics, learning objectives, study materials, and activities. Module titles are listed below.

• Module 1:  Information Assurance Policy
  Course objective covered in this module: CO1

• Module 2: Security of Governance
  Course objectives covered in this module: CO1, CO2, CO3
  
• Module 3: Asset Management
  Course objectives covered in this module: CO1, CO4
  
• Module 4: Operations Security
  Course objectives covered in this module: CO1, CO5, CO6
  
• Module 5: Incident Management
  Course objectives covered in this module: CO1,  CO5
  
• Module 6: Business Continuity and Compliance
  Course objectives covered in this module: CO1, CO7, CO8

ASSESSMENT METHODS

For your formal work in the course, you are required to participate in online discussion forums, complete written assignments, complete information assurance policy activities, and complete a two-part final project. See below for details.

Consult the Course Calendar for due dates.

Discussion Forums

Policies and Procedures Development and Implementation has six graded online discussions. There is also an ungraded but required Introductions Forum in Module 1.

Communication with the mentor and among fellow students is a critical component of online learning. Participation in online discussions involves two distinct activities: an initial response to a discussion question and at least two subsequent comments on a classmate's response. Meaningful participation is relevant to the content, adds value, and advances the discussion. Comments such as "I agree" and "ditto" are not considered value-adding participation. Therefore, when you agree or disagree with a classmate, the reading, or your mentor, state and support your agreement or disagreement.

You will be evaluated on the quality and quantity of your participation, including your use of relevant course information and your awareness of and responses to the postings of your classmates. Remember, these are discussions. Responses and comments should be properly proofread and edited, professional, and respectful.

Written Assignments

You are required to complete four written assignments. The written assignments are on a variety of topics associated with the course modules.

Information Assurance Policy Activities

You are required to complete five information assurance policy activities. These activities will help you to build the required parts of your information assurance policy to be completed for the final project. Consult the Course Calendar for due dates.

Final Project

The final project is a culmination of the work completed throughout the course. You are required to design, draft, and finalize an information assurance policy for an organization. Additionally, you will create a presentation of the policy via PowerPoint.

Be sure to reference the Final Project area of the course website for full requirements and details. Consult the Course Calendar for due dates.

GRADING AND EVALUATION

Your grade in the course will be determined as follows:

• Online discussions (6)—20 percent
• Written assignments (4)—30 percent
• Information assurance policy activities (5)—20 percent
• Final project (2 parts)—30 percent

• (Policy)—20 percent
• (Presentation)—10 percent

All activities will receive a numerical grade of 0–100. You will receive a score of 0 for any work not submitted. Your final grade in the course will be a letter grade. Letter grade equivalents for numerical grades are as follows:

To receive credit for the course, you must earn a letter grade of C or higher on the weighted average of all assigned course work (e.g., assignments, discussion postings, projects). Graduate students must maintain a B average overall to remain in good academic standing.

STRATEGIES FOR SUCCESS

First Steps to Success

To succeed in this course, take the following first steps:

• Read carefully the entire Syllabus, making sure that all aspects of the course are clear to you and that you have all the materials required for the course.
  
• Take time to read the entire Online Student Handbook. The Handbook answers many questions about how to proceed through the course, and how to get the most from your educational experience at Thomas Edison State University.
  
• Familiarize yourself with the learning management systems environment—how to navigate it and what the various course areas contain. If you know what to expect as you navigate the course, you can better pace yourself and complete the work on time.
  
• If you are not familiar with web-based learning be sure to review the processes for posting responses online and submitting assignments before class begins.

Study Tips

Consider the following study tips for success:

• To stay on track throughout the course, begin each week by consulting the Course Calendar. The Course Calendar provides an overview of the course and indicates due dates for submitting assignments, posting discussions, and scheduling and taking examinations.
  
• Check Announcements regularly for new course information.

ACADEMIC INTEGRITY

Thomas Edison State University is committed to maintaining academic quality, excellence, and honesty. The University expects all members of its community to share the commitment to academic integrity, an essential component of a quality academic experience.

Students at Thomas Edison State University are expected to exhibit the highest level of academic citizenship. In particular, students are expected to read and follow all policies, procedures, and program information guidelines contained in publications; pursue their learning goals with honesty and integrity; demonstrate that they are progressing satisfactorily and in a timely fashion by meeting course deadlines and following outlined procedures; observe a code of mutual respect in dealing with mentors, staff, and other students; behave in a manner consistent with the standards and codes of the profession in which they are practicing; keep official records updated regarding changes in name, address, telephone number, or e-mail address; and meet financial obligations in a timely manner. Students not practicing good academic citizenship may be subject to disciplinary action including suspension, dismissal, or financial holds on records.

All members of the University community are responsible for reviewing the Academic Code of Conduct Policy in the University Catalog and online at www.tesu.edu.

Academic Dishonesty

Thomas Edison State University expects all of its students to approach their education with academic integrity—the pursuit of scholarly activity free from fraud and deception. All mentors and administrative staff members at the University insist on strict standards of academic honesty in all courses. Academic dishonesty undermines this objective. Academic dishonesty can take the following forms:

• Cheating
• Gaining or providing unauthorized access to examinations or using unauthorized materials during exam administration
• Submitting credentials that are false or altered in any way
• Plagiarizing (including copying and pasting from the Internet without using quotation marks and without acknowledging sources)
• Forgery, fabricating information or citations, or falsifying documents
• Submitting the work of another person in whole or in part as your own (including work obtained through document sharing sites, tutoring schools, term paper companies, or other sources)
• Submitting your own previously used assignments without prior permission from the mentor
• Facilitating acts of dishonesty by others (including making tests, papers, and other course assignments available to other students, either directly or through document sharing sites, tutoring schools, term paper companies, or other sources)
• Tampering with the academic work of other students

Plagiarism

Thomas Edison State University is committed to helping students understand the seriousness of plagiarism, which is defined as using the work and ideas of others without proper citation. The University takes a strong stance against plagiarism, and students found to be plagiarizing are subject to discipline under the academic code of conduct policy.

If you copy phrases, sentences, paragraphs, or whole documents word-for-word—or if you paraphrase by changing a word here and there—without identifying the author, or without identifying it as a direct quote, then you are plagiarizing. Please keep in mind that this type of identification applies to Internet sources as well as to print-based sources. Copying and pasting from the Internet, without using quotation marks and without acknowledging sources, constitutes plagiarism. (For information about how to cite Internet sources, see Online Student Handbook > Academic Standards > Citing Sources.)

Accidentally copying the words and ideas of another writer does not excuse the charge of plagiarism. It is easy to jot down notes and ideas from many sources and then write your own paper without knowing which words are your own and which are someone else’s. It is more difficult to keep track of each and every source. However, the conscientious writer who wishes to avoid plagiarizing never fails to keep careful track of sources.

Always be aware that if you write without acknowledging the sources of your ideas, you run the risk of being charged with plagiarism.

Clearly, plagiarism, no matter the degree of intent to deceive, defeats the purpose of education. If you plagiarize deliberately, you are not educating yourself, and you are wasting your time on courses meant to improve your skills. If you plagiarize through carelessness, you are deceiving yourself.

For examples of unintentional plagiarism, advice on when to quote and when to paraphrase, and information about writing assistance and originality report checking, click the links provided below.

Examples of Unintentional Plagiarism

When to Quote and When to Paraphrase

Writing Assistance at Smarthinking

Originality Report Checking at Turnitin

Disciplinary Process for Plagiarism

Acts of both intentional and unintentional plagiarism violate the Academic Code of Conduct.

If an incident of plagiarism is an isolated minor oversight or an obvious result of ignorance of proper citation requirements, the mentor may handle the matter as a learning exercise. Appropriate consequences may include the completion of tutorials, assignment rewrites, or any other reasonable learning tool in addition to a lower grade for the assignment or course. The mentor will notify the student and appropriate dean of the consequence by e-mail.

If the plagiarism appears intentional and/or is more than an isolated incident, the mentor will refer the matter to the appropriate dean, who will gather information about the violation(s) from the mentor and student, as necessary. The dean will review the matter and notify the student in writing of the specifics of the charge and the sanction to be imposed.

Possible sanctions include:

• Lower or failing grade for an assignment
• Lower or failing grade for the course
• Rescinding credits
• Rescinding certificates or degrees
• Recording academic sanctions on the transcript
• Suspension from the University
• Dismissal from the University