Basic Course Information
Course Title: SRA 111: Introduction to Security and Risk Analysis
Class Section: 3
Class Meetings: MWF 09:05–09:55a, 205 IST Building
Class Credits: 3
|Our text is The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, Second Edition, Syngress/Elsevier, 2014. ISBN–13: 978–0-12-800744-0. The full text is available through the Penn State Libraries (bookmark this link). Should you wish to purchase a paper version, new copies are available for under $25..We also participate in Penn State’s Student Newspaper Readership Program, through which you’ll get complimentary access to the Digital New York Times and several other newspapers. You should read the Times every day to stay abreast of current developments relating to security and risk analysis; I’ll also highlight links of interest.|
|Name: Marc Friedenberg (please just call me “Marc”)|
|Office Hours: Tuesdays 9–11a; Wednesdays 1:00–2:15p; or by appointment. I’m usually very flexible with timing or if you want to meet by phone, Skype, etc., as well.|
|Twitter: @straymarcs. Follow this account to get notified when I post links that I think you might find interesting (with hashtag #sra111)|
|Web Site: https://straymarcs.net|
|Office Location: 101L IST Building|
|Office Phone: 814–863–0251|
|Name: Vuthika (Kody) Kem|
|Office Hours: Wednesdays, 10-11a, Reese’s Cafe|
Course Description and Overview
Regardless of the profession in which you work or wish to work, security, risk, and risk analysis have become more critical. This course relates security planning to study options in the College of IST’s Security and Risk Analysis major: Information & Cyber Security, Enterprise Factors & Risk, and Intelligence Analysis & Modeling. Coverage includes information storage/access/networking risks, legal/ethical issues, criminal/terrorist exploits, and threats from global information/intelligence warfare.
Students will learn management of key risks through judicious application of three control tools: Programs (e.g., security education, training, and awareness), Policies (e.g., laws), and Technologies (e.g., firewalls, intrusion detection systems). Thus, students are exposed to a full spectrum of security activities, methods, methodologies, and procedures.
The stakes are high, as recent exponential growth in digital information parallels our dependence on information. “Security” (i.e., “freedom from harm or danger”) is needed for people (managers/policy makers, end-users/citizens, and related stakeholders), information, and other valuable assets.
As an introductory course, students without prior experience should be successful while more experienced students will also learn something new. Our specific semester question is, “How do we manage growing threats to personal, enterprise, and national security?”
Students without prior experience should be able to:
- Define security, risk, risk analysis, and related terms;
- Prioritize personal and information assets, and threat/vulnerability pairs;
- Create a personal information security blueprint; and
- Describe risk analysis (i.e., critical thinking) and control tools such as policies, education, and technologies (i.e, firewalls, VPNs, access control, and cryptography).
Assignments and Grading
Your final grade will be based on the following score tracking table and letter grade table:
Score Tracking Table
|Unit Activities (3)||210|
Letter Grade Table
|Letter Grade||Min. Points|
Each multiple-choice, true-false, fill-in-the-blank, and short essay quiz builds on previous course material, but is technically not cumulative. See my study tips. Excused students have one week to make up quizzes.
You’ll be able to take each quiz on ANGEL at your own convenience during the quiz availability period (see the schedule below for additional detail). During the quiz, you’ll be allowed to refer to your own single-sheet (8.5“ x 11”) front-and-back of personally hand-written notes (i.e., no photocopies, printing, etc.). You can’t review any other materials (including the textbook) during the quiz. If I find out that people are cheating, I will be very sad, and very angry.
I try to get graded quizzes back to you within a few days. You’ll get your score on the multiple-choice, true-false, and fill-in-the-blank questions immediately through ANGEL.
Note that we do not have a final exam.
Throughout the semester you’ll be working with a randomly-assigned group of your classmates on a research project video answering a research question of your own choosing. The research project has seven milestones overall, which are designed to help make sure that you and your team are on track. Time at the end of the semester has been set aside for in-class group work, if needed. During the last week of class, we’ll watch the research videos in class and have an opportunity to ask each team questions about their research video.
There are separate activities for each unit (system, enterprise, and national), which will give you an opportunity to practice a skill that we’ve learned in class in a hands-on way. Additional information about each activity will be provided at least one week prior to the deadline.
Class participation includes attendance, in-class activities, and the teaching team’s overall evaluate of your participation in classroom discussion and activities.
Our schedule is available in the following Google Sheet:
Odds and Ends
- I’d like to spend at least five minutes in office hours with every student in the first few weeks of the semester, just so I can get to know you and what you’re looking to get out of the class. Please stop by when you are able.
- The first item in the Lessons tab on ANGEL is a discussion forum entitled “General Discussion.” If you have a question or comment that you think might be relevant to the entire class, you can post it there. You may post anonymously in this discussion forum if you wish.
- I will do everything in my power to help you do well in this course and to master the material. Do not hesitate to call, e-mail, or visit me at any time for help. I’m also always happy to have a detailed discussion about how I think you’re doing in the class, or why you got a certain grade on an assignment. I’m a firm believer that you learn the most from your mistakes, so I encourage you to closely review and think about the feedback I give you.
You are paying a lot of money to be enrolled in this course, so you owe it to yourself to attend every class meeting. I’ll take attendance in every class (via ANGEL). A few other notes:
- Students are permitted four personal absences (you don’t have to be sick, or provide any good reason for missing class, but I will be sad if you don’t have one).
- For each personal absence after the first two, come see me during office hours.
- Please note that job interviews are not counted as excused absences.
- If you’ve used your four personal days but are still sick, send an email to “All Faculty” in ANGEL so we can update the attendance records.
- Penn State’s class attendance policy states that students who opt to miss a class to participate in a University-sanctioned activity are responsible for any work missed during the absence. If you will be missing class as part of a University-sanctioned activity, please complete a class absence form.
- Please plan to arrive a few minutes early and to remain until class is dismissed to help avoid disrupting class discussions or your classmates’ concentration.
- During class, please don’t use computers or mobile devices for things that aren’t related to class.
Late Assignments and Technical Difficulties
You’re responsible for completing your own work and submitting it as directed on the assignment. Since assignments are noted in the syllabus and are given well in advance, I encourage you to complete assignments well before the due date. Late assignments will result in a 10% point reduction per day. Note that assignments will not be accepted after feedback or answers have been provided to the class (typically a few days after the assignment’s due date).
To minimize technical difficulty in submitting work, I strongly suggest using the PSU ITS computer labs. You may use personal computers at your own risk. If you have technical difficulties please come to office hours for help prior to the due date. Plan to complete assignments, since ANGEL has a bad habit of becoming uncooperative at the worst possible times (also, as a proud Mac user it pains me to say that ANGEL seems to like Internet Explorer the most).
Grade Distribution and ANGEL Gradebook
- Student grades are posted in the ANGEL Gradebook, and students are responsible for monitoring their grades there.
- In accordance with the University policy AD 11 on Confidentiality of Student Records, grades or other student records will NEVER be provided by telephone or to third parties.
- Written documentation of any problems related to the assignment of scores must be brought to the attention of the teaching team within one week of the date the scores were first reported to students.
Please review these university policies of interest, which are incorporated here by reference.