Syllabus for CYB-422

CYBERSECURITY POLICIES, PROGRAMS, AND COMPLIANCE

COURSE DESCRIPTION

Cybersecurity Policies, Programs, and Compliance examines the application of cybersecurity frameworks, standards, and best practices to enterprise-level policies, plans, and programs. The course also explores formulating security policies and plans, assessing regulatory and ethical aspects of cybersecurity, developing performance metrics for cybersecurity programs, and planning audits of compliance practices and processes.

COURSE TOPICS

• Information security strategy
• Information security policies
• Risk assessment and management
• Data protection
• Security audit and compliance (HIPAA, PCI-DSS, FISMA, FERPA, SOX, and GLBA)
• Information security metrics

COURSE OBJECTIVES

After completing this course, you should be able to:

CO1        Develop an information security strategy.

CO2        Examine information security policies, policy governance, and ethical aspects.

CO3        Evaluate risk management objectives and response recommendations.

CO4        Analyze data protection requirements and implementation.

CO5        Examine security compliance management and auditing.

CO6        Prepare information security metrics and key performance indicators.

COURSE MATERIALS

You will need the following materials to complete your coursework. Some course materials may be free, open source, or available from other providers. You can access free or open-source materials by clicking the links provided below or in the module details documents. To purchase course materials, please visit the University's textbook supplier.

Required Textbook

• Andress, J., & Leary, M. (2016). Building a practical information security program. Cambridge, MA: Syngress.

ISBN-13: 978-0128020425

COURSE STRUCTURE

Cybersecurity Policies, Programs, and Compliance is a three-credit, online course consisting of six modules. Module titles are listed below.

• Module 1: Security Programs and Information Security Strategy
  Course objectives covered in this module: CO1
  
• Module 2: Security Organization Structure and Policies
  Course objectives covered in this module: CO2
  
• Module 3: Risk Management Objectives and Response
  Course objectives covered in this module: CO3
  
• Module 4: Data Protection
  Course objectives covered in this module: CO4
  
• Module 5: Security Compliance Management and Auditing
  Course objectives covered in this module: CO5
  
• Module 6: Information Security Metrics
  Course objectives covered in this module: CO6

ASSESSMENT METHODS

For your formal work in the course, you are required to participate in online discussion forums, complete written assignments, take module quizzes, take a proctored midterm examination, and complete a final project. See below for details.

Consult the Course Calendar for due dates.

Promoting Originality

One or more of your course activities may utilize a tool designed to promote original work and evaluate your submissions for plagiarism. More information about this tool is available in this document.

Discussion Forums

You are required to participate in six discussion forums. The discussion forums are designed to encourage you to discuss the module topics with your classmates. In order to successfully complete the discussion forums, you need to address all items included in the forum, reply to peers thoughtfully, add value to the discussion, and apply ideas, insights, or concepts from scholarly sources, assigned readings, lectures, course materials, or other relevant sources. Replies such as “Good post” or “I agree” will not count toward your grade; your post should add value to the class.

There is also an ungraded but required Introductions Forum in Module 1.

Written Assignments

You are required to complete six written assignments. The written assignments are on a variety of topics associated with the course modules. You can refer to the Evaluation Rubrics folder in Moodle for grading rubrics for each of the written assignments.

Quizzes

You are required to take six quizzes, one per module. All quiz questions are true/false or multiple choice, and you may use any materials that you like in taking the quizzes. There is no time limit for taking each quiz.

Most students find that quiz-taking is an excellent way to be sure they are mastering basic concepts and terminology. You will be able to take each quiz an unlimited number of times, and the gradebook will record your most recent score.

This arrangement will allow you to go back and reread portions of the text that you need to review and then take the quiz again for further practice.

Midterm Examination

The midterm exam is two hours long and covers material from Modules 1, 2, and 3. It is closed-book and contains essay questions. The exam tests students’ knowledge of topics in information security programs and strategy, security organization structure and policies, and risk management objectives and response.

For a list of key concepts that may appear on your exam, refer to the exam study guide available in the Examinations section of the course website.

In addition to the exam study guide, a practice midterm exam is available. The practice exam is ungraded, and you may take it as many times as you'd like for additional review. The practice exam contains questions that are similar to those on the graded exam and provides feedback, so it is an effective way of preparing for the exam. In the Examinations section of the course website, click on the Practice Midterm Exam link to begin.

For the midterm, you are required to use the University's Online Proctor Service (OPS). Please refer to the Examinations and Proctors section of the Online Student Handbook (see General Information area of the course website) for further information about scheduling and taking online exams and for all exam policies and procedures. You are strongly advised to schedule your exam within the first week of the semester.

Statement about Cheating

You are on your honor not to cheat during the exam. Cheating means:

• Looking up any answer or part of an answer in an unauthorized textbook or on the Internet, or using any other source to find the answer.
• Copying and pasting or in any way copying responses or parts of responses from any other source into your online test. This includes but is not limited to copying and pasting from other documents or spreadsheets, whether written by yourself or anyone else.
• Plagiarizing answers.
• Asking anyone else to assist you by whatever means available while you take the exam.
• Copying any part of the exam to share with other students.
• Telling your mentor that you need another attempt at the exam because your connection to the Internet was interrupted when that is not true.

If there is evidence that you have cheated or plagiarized in your exam, the exam will be declared invalid, and you will fail the course.

Final Project

You are required to complete a final project for this course. Please see the Final Project section of the course website for further details. A grading rubric for the final project can be found in the Evaluation Rubrics folder.

GRADING AND EVALUATION

Your grade in the course will be determined as follows:

• Online discussions (6)—15 percent
• Written assignments (6)—35 percent
• Module quizzes (6)—10 percent
• Midterm exam (proctored, Modules 1–3)—20 percent
• Final project—20 percent

All activities will receive a numerical grade of 0–100. You will receive a score of 0 for any work not submitted. Your final grade in the course will be a letter grade. Letter grade equivalents for numerical grades are as follows:

To receive credit for the course, you must earn a letter grade of C or better (for an area of study course) or D or better (for a course not in your area of study), based on the weighted average of all assigned course work (e.g., exams, assignments, discussion postings).

STRATEGIES FOR SUCCESS

First Steps to Success

To succeed in this course, take the following first steps:

• Read carefully the entire Syllabus, making sure that all aspects of the course are clear to you and that you have all the materials required for the course.
  
• Take time to read the entire Online Student Handbook. The Handbook answers many questions about how to proceed through the course, how to schedule exams, and how to get the most from your educational experience at Thomas Edison State University.
  
• Arrange to take your examination(s) by following the instructions in this Syllabus and the Online Student Handbook.
  
• Familiarize yourself with the learning management systems environment—how to navigate it and what the various course areas contain. If you know what to expect as you navigate the course, you can better pace yourself and complete the work on time.
  
• If you are not familiar with web-based learning be sure to review the processes for posting responses online and submitting assignments before class begins.

Study Tips

Consider the following study tips for success:

• To stay on track throughout the course, begin each week by consulting the Course Calendar. The Course Calendar provides an overview of the course and indicates due dates for submitting assignments, posting discussions, and scheduling and taking examinations.
  
• Check Announcements regularly for new course information.

ACADEMIC POLICIES

To ensure success in all your academic endeavors and coursework at Thomas Edison State University, familiarize yourself with all administrative and academic policies including those related to academic integrity, course late submissions, course extensions, and grading policies.

For more, see:

• University-wide policies
• Undergraduate course policies and regulations
• Graduate academic policies
• Nursing student policies
• Academic code of conduct