SRA 111 Fall 2014 Syllabus

Regardless of the profession in which you work, security, risk, and risk analysis have become more critical. This course relates security planning to study options in the College of IST’s Security and Risk Analysis major: Information & Cyber Security, Enterprise Factors & Risk, and Intelligence Analysis & Modeling. Coverage includes information storage/access/networking risks, legal/ethical issues, criminal/terrorist exploits, and threats from global information/intelligence warfare.

Students will learn management of key risks through judicious application of three control tools: Programs (e.g., security education, training, and awareness), Policies (e.g., laws), and Technologies (e.g., firewalls, intrusion detection systems). Thus, students are exposed to a full spectrum of security activities, methods, methodologies, and procedures.

The stakes are high, as recent exponential growth in digital information parallels our dependence on information. “Security” (i.e., “freedom from harm or danger”) is needed for people (managers/policy makers, end-users/citizens, and related stakeholders), information, and other valuable assets.

Course Objectives

As an introductory course, students without prior experience should be successful while more experienced students will also learn something new. Our specific semester question is, “How do we manage growing threats to personal, enterprise, and national security?”

Students without prior experience should be able to:

  1. Define security, risk, risk analysis, and related terms;
  2. Prioritize personal and information assets, and threat/vulnerability pairs;
  3. Create a personal information security blueprint; and
  4. Describe risk analysis (i.e., critical thinking) and control tools such as policies, education, and technologies (i.e, firewalls, VPNs, access control, and cryptography).

Basic Course Information

Course Title: SRA 111: Introduction to Security and Risk Analysis
Class Section: 3
Class Meetings: MWF 10:10-11a in 110 IST Building
Credits: 3


Name: Marc Friedenberg (please just call me “Marc”)
Twitter: @straymarcs. Follow this account to get notified when I post links that I think you might find interesting (with hashtag #sra111)
Web Site:
Office Location: 101L IST Building
Office Phone: 814–863–0251
Office Hours: Tuesdays, 10a-11:30; Thursdays; 1:30-3p. Because the beginning and end of the semester are usually the busiest, during the first and last two weeks of the semester, office hours will be lengthened to Tuesdays 9a-1p and Thursdays 12:30-4p. I’m also pretty flexible for appointments in person, at the cafe, by Skype or phone, etc. as your schedule allows; please don’t hesitate to contact me to set something up.

Learning Assistant

Sam Vigliotti
Name: Sam Vigliotti
Cell: 724-289-8666
Office Hours: Monday, Wednesday, and Friday, 11a-12p at Reese’s Cafe, and by appointment

Required Text

The Basics of Information Security
Jason Andress, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, Syngess/Elsevier, 2011. ISBN–13: 978–1–59749–653–7.

This book is relatively inexpensive, and even offers digital rentals. A copy of the book is also available on reserve at Pattee Library.

We also participate in Penn State’s Student Newspaper Readership Program, through which you’ll get complimentary access to the Digital New York Times and several other newspapers. You should read the Times every day to stay abreast of current developments relating to security and risk analysis; I’ll also highlight links of interest.


Our course schedule is available as a Google Calendar. You can subscribe to the calendar in the lower-right corner of the calendar page. I strongly recommend using a calendar application if you’re not already using one. For reference, our schedule is also embedded below:


Unless otherwise noted, the assignment submissions are due at 11:55p on the due date. Most assignments are collected within ANGEL, although a few may require a hardcopy addition. Please see the classroom policies on assignments, below.

Score Tracking Table

Assignment CategoryPoints
Class Participation150
Research Project300
PerSEC Lab75
Crypto Game50
Intel Game75

Letter Grade Table

Letter GradeMin. Points

Class Participation

Class participation includes attendance, reading assessment checks (which will be announced in advance), and in-class activities.


Each multiple-choice, true-false, fill-in-the-blank, and short essay quiz builds on previous course material, but is technically not cumulative. See my study tips. Excused students have one week to make up quizzes.

I’ll offer an optional, outside-of-class review session prior to each quiz, where I will be available to answer any questions you have about the material.

I try to get graded quizzes back to you within a few days. You’ll get your score on the multiple-choice, true-false, and fill-in-the-blank questions immediately through ANGEL.

Note that we do not have a final exam.

Quizzes will be administered in our classroom, during the normal class time, and be taken on ANGEL.

You will be allowed to bring to the quiz a single-sheet (8.5“ x 11”) front-and-back of personally hand-written notes (i.e., no photocopies, printing, etc.).

Detailed information about the research video milestones, PerSEC Lab, Crypto Game, and Intel Game will be provided later in the semester.

Class Policies


You are paying a lot of money to be enrolled in this course, so you owe it to yourself to attend every class meeting. I’ll take attendance in every class (via ANGEL). A few other notes:

  • Students are permitted four personal absences (you don’t have to be sick, or provide any good reason for missing class, but I will be sad if you don’t have one).
  • For each personal absence after the first two, come see me during office hours.
  • If you’ve used your four personal days but are still sick, send an email to “All Faculty” in ANGEL so we can update the attendance records.
  • Penn State’s class attendance policy states that students who opt to miss a class to participate in a University-sanctioned activity are responsible for any work missed during the absence. If you will be missing class as part of a University-sanctioned activity, please complete a class absence form.
  • Please plan to arrive a few minutes early and to remain until class is dismissed to help avoid disrupting class discussions or your classmates’ concentration.
  • During class, please don’t use computers or mobile devices for things that aren’t related to class.


Individual vs. group assignments

All assignments (quizzes, projects, etc.) are considered individual assignments and not group assignments unless I clearly specify otherwise. If you are having problems, get in touch with me as soon as possible (seriously, I don’t mind at all).

Late assignments

You’re responsible for completing your own work and submitting it as directed on the assignment. Since assignments are noted in the syllabus and are given well in advance, I encourage you to complete assignments well before the due date. Late assignments will result in a 10% point reduction per day. Note that assignments will not be accepted after feedback or answers have been provided to the class (typically a few days after the assignment’s due date).

Technical difficulties

To minimize technical difficulty in submitting work, I strongly suggest using the PSU ITS computer labs. You may use personal computers at your own risk. If you have technical difficulties please come to office hours for help prior to the due date. Plan to complete assignments, since ANGEL has a bad habit of becoming uncooperative at the worst possible times (also, as a proud Mac user it pains me to say that ANGEL seems to like Internet Explorer the most).

Grade Distribution and ANGEL Gradebook

  1. Student grades are posted in the ANGEL Gradebook, and students are responsible for monitoring their grades there.
  2. In accordance with the University policy AD 11 on Confidentiality of Student Records, grades or other student records will NEVER be provided by telephone or to third parties.
  3. Written documentation of any problems related to the assignment of scores must be brought to the attention of the teaching team within one week of the date the scores were first reported to students.

Odds and Ends

  • I’d like to spend at least five minutes in office hours with every student in the first few weeks of the semester, just so I can get to know you and what you’re looking to get out of the class. Please stop by when you are able.
  • The first item in the Lessons tab on ANGEL is a discussion forum entitled “General Discussion.” If you have a question or comment that you think might be relevant to the entire class, you can post it there. You may post anonymously in this discussion forum if you wish.
  • I will do everything in my power to help you do well in this course and to master the material. Do not hesitate to call, e-mail, or visit me at any time for help. I’m also always happy to have a detailed discussion about how I think you’re doing in the class, or why you got a certain grade on an assignment. I’m a firm believer that you learn the most from your mistakes, so I encourage you to closely review and think about the feedback I give you.

University Policies

Please review these university policies of interest, which are incorporated here by reference.

Last Modified Sep 7, 2014 @ 11:37 am