Information Security and Assurance (MISA)
MISA 501 Assured Business Systems: Managing and Protecting the Information Systems Enterprise 3 Credits (3,0)
This course provides the two major foundation elements for the MSISA program. It first reviews the many ways in which computation, communications and information systems are used to identify and solve problems, recognize opportunities and generate competitive advantage. It then focuses attention on the importance of assuring that those systems achieve the reliable decision support that organizations require. It does this by looking first at the risks to those systems - risks incurred by their builders and designers through poor design or undisciplined use that can present hackers, criminals and one's own employees the opportunity to cause harm. It then uses the concepts of the "enterprise perspective" to demonstrate the various information systems used to lead, manage and operate a variety of organizations, while exploring the need for organizations large or small, public or private, to sustain their own existence through continuity planning and risk management.
MISA 502 Risk Management and Business Continuity 3 Credits (3,0)
Business continuity is the study and practice of making smart risk management decisions that protect and enhance the organization's ability to survive and flourish despite the hazards of the real world. This view of resilience focuses on getting the organization's mission accomplished in part because the organization is flexible enough, responsive enough to meet changing circumstances. Risk management, therefore, is about identifying potential events that could impede the accomplishment of those objectives, and then making cost-effective choices as to whether to absorb, ignore, transfer or mitigate that potential impact. This planning and decision making is an ongoing task that management must perform - well in advance of the occurrence of a hazard, during the event itself, and after the repairs and remediation are complete. While there are many schools of thought about risk, and therefore many categorization schemes about risk, this course takes the perspective that risk is about decision making, and therefore information risk is the fundamental risk that must be managed. The course assesses the different perspectives on information risk -- asset-based, threat-based, process-based, or outcomes-based -- and then looks to the different strategies that can be used to deal with such risks and their potential costs and impacts. Students will then examine the central role that information risk management plays in organizational continuity, and how this dictates the need for effective continuity planning.
MISA 503 Informatics: Security Implications of Cross-Disciplinary Computing 3 Credits (3,0)
Informatics is the study of natural and engineered information systems and how people and organizations use them to leverage what they know to solve problems and create opportunities. Countering the threats and hazards that face a modern information-based organization requires the same kind of interdisciplinary approach. Many "threat actors" are using an informatics frame of mind to consider, plan and conduct their attacks; this course challenges the information systems security and decision support assurance professionals to respond by applying that same informatics paradigm across the range of organizational processes and behaviors, from risk mitigation and management to strategic, tactical and operational planning.
MISA 504 Enterprise Systems Architectures for Information Assurance 3 Credits (3,0)
Protection of information in systems architectures is a complex, multidisciplinary challenge. Maintaining the confidentiality, integrity, and availability of critical information in interconnected, dynamic architectures presents multiple dimensions of risk to the systems architect. It also challenges the architecture team that typically consists of product managers, designers, developers, project, program management as well as sales and marketing to clearly understand the technology, processes and tools needed for the architecture when delivering the architecture design to customers and suppliers. This course examines information assurance challenges in the context of complex systems with interconnected processes, complex product and technology design and enterprise domains. Topics to be covered include systems architectures, information assurance objectives, and systemic risk.
MISA 505 Incident Management and Information Forensics 3 Credits (3,0)
The compromise, theft, or sabotage of information systems vital to the organization's activities and objectives can have a profound effect on an enterprise. Investigating such incidents requires a special form of problem-solving that combines technical, legal and organizational skills and insights to solve the right problem without creating more in its wake. This calls for information systems forensics specialists, people who know how to find and follow the evidence, and managers who know why, when and how to put the forensics process to work in defense of the organization.This course explores system forensics processes and tools, and the implications this has both for the information security professional as well as the organization. The first part of the course includes a study of foundational concepts of the nature of security incidents, forensics techniques, and the evidentiary process. It considers the various roles that forensic specialists play in preparing the organization to deal with incidents including controlling, conducting and reporting on the investigation and resolution of information systems incidents. The second part of the course provides an opportunity for students to apply foundation concepts against sample and potential incidents, drawing from case studies and media reports. Students will consider various types of information systems forensic evidence and apply various tools and forensic analysis skills for incident investigation. Additional topics include communicating investigations and findings to organizational leadership as well as emerging technical frontiers of computer forensics.
MISA 506 Cyber Law, Cyber Compliance, and Information Assurance 3 Credits (3,0)
Virtually every aspect of the way in which organizations collect, generate, use, modify and dispose of information as a part of their daily operations is quite likely the subject of laws, regulations, government policies, or other aspects of modern society. As governments continuously reset the balance between protecting the rights and needs of the individual citizen, vs. the need for business and government to get things done in cost-effective ways, these laws and regulations place dynamic, evolving functional requirements demands on the information systems that organizations must use. This course examines the many different regulatory regimes levied upon organizations by the marketplaces they operate in -- and guides the student in identifying key management considerations that should drive information systems design and operational use. One key fundamental concept emerges: information assurance, in assuring management that all of these compliance issues are effectively dealt with, is in and of itself a risk management decision.
MISA 507 Quality Management for Information Assurance 3 Credits (3,0)
Quality management provides a systems engineering approach that focuses on process design to achieve objectives, without having to rely upon exhaustive testing or inspection of outputs to achieve desired outcomes. This course applies this concept across the life cycle of information in organizations, and the information systems that generate and make that information useful -- including the information systems used to keep the "front-line" systems alive and secure.
MISA 523 Information Advantage -- Defensive: Countering Self-Deception and External Deceptions 3 Credits (3,0)
Defending the image and reputation of an organization, and assuring the value of the business intelligence it gathers and creates, is critical to protecting and enhancing that organization's competitive advantage within the marketplace. As such, leaders must effectively manage information and mitigate the risk of deception within internal and external environments. Managing the perception of an organization's image and reputation requires a proactive approach given advances in technology and globalization. Perception management topics will include a comprehensive review of threats, risk analysis, control techniques, and managerial/crisis issues. This course also offers defensive skills, tools and processes necessary to eliminate or counter the negative ramifications of erroneous information, corrupt practices and espionage. From a management perspective learners will explore strategic methods designed to protect intelligence and maintain an information advantage.
MISA 531 Secure Information Systems Design 3 Credits (3,0)
Designing information systems with security and assurance goals in mind provides an important foundation to deploy secure solutions and support ongoing assurance in systems operations. Approaches that, in contrast, minimize the gathering of security requirements during design stages can be expected to result in substantial effort to engineer security into an existing system as the system is deployed. Adoption of secure design practices enables a much more efficient path to the deployment of secure systems. Secure design is an important concern for business analysts as they identify functional requirements, as well as to developers as they transform requirements and design elements into a working system. IT management strives to implement and deploy the system using secure systems design principles. But most importantly, it is as the business owners and operational managers assume functional ownership of deployed systems, and use it as they strive to build a resilient enterprise, that secure information systems design principles realize their greatest payback.
MISA 532 Integrated Threat Warning and Attack Assessment for Enterprise Information Systems 3 Credits (3,0)
Virtually every organization large or small faces a non-stop demand to be connected -- with competitors and customers, with regulators and suppliers, and especially with its own shareholders, stakeholders and employees. The sheer volumes of data exchanged and their complexity and sophistication are growing faster than ever before, which makes it even more difficult for organizations to detect, isolate and characterize potential hazards, and separate the accidents or non-deliberate from potentially hostile actions. Faced with this ever-increasing volume of more complex information interchange, organizations must use more powerful and sophisticated techniques to help sift suspicious network activity from routine traffic. Some of the most promising of these increasingly sophisticated monitoring techniques employ aspects of machine learning. This course provides the foundational knowledge for appropriately deploying those techniques. Topics include security risks and vulnerabilities, mobile systems, social networks, and ways to enhance system security.
MISA 533 Product and Systems Safety and Reliability: Issues for Information Assurance 3 Credits (3,0)
Technical risk is created whenever computing systems are integrated with products and services, as a computing failure cascades into the failure of the product or service that relies upon the technology. The management of cascading technical risks becomes more urgent, and therefore challenging, in the realm of safety-critical systems, where failure could potentially result in significant damage, physical losses, or loss of life. Ever-increasing reliance on computerization for the control of physical assets such as vehicles and production facilities creates an increased need to address product and systems safety and reliability. Information assurance principles can and should be applied throughout such environments to ensure continuous, reliable system function.
MISA 534 Aviation / Aerospace Issues for Information Security 3 Credits (3,0)
During the past decade, airlines have made substantial investments in information technology solutions. These solutions extend throughout the airline's environment and contribute to improved operational efficiency, safety, and customer satisfaction. Securing these investments and protecting the information that these systems manage requires knowledge, leadership, and an effective information security system. The introduction of advanced e-enabled airplanes and systems will provide an increased level of operational efficiency for the airlines. However, this means increased interaction with many information systems that are outside the traditionally defines airline security perimeter. This course provides an overview of information security for the air transport industry and for airline operators. It outlines the requirements for an information security framework, discusses how digital airplanes influence airline, airport and air transport system information security and describes a general information security strategy for aviation and airlines.
MISA 541 International Considerations for Information Assurance and Protection 3 Credits (3,0)
Globalization of information resources within enterprises and across the world via the Internet increases systems complexity, including the distribution of system users, data, and architecture across national boundaries. Increasing global distribution of information presents substantial assurance challenges. The resulting information systems environment is multi-national, and therefore under the scope of multiple political and legal jurisdictions, may support users from numerous national and organizational cultures, and may be subject to a wide variety of threats to local users and system components. Management is faced with significant obstacles to ensuring physical and cyber security of systems resources and the protection of information assets in an environment of sometimes limited transparency. Recognition of emerging risks and appropriate enterprise response across a global environment has become a functional requirement for organizations of all sizes that seek to build the most efficient and effective information systems regardless of the physical location of people, processes, and computing resources.
MISA 543 Assured Strategic Messaging: Keeping the Message Intact and Effective 3 Credits (3,0)
This course studies the role and impact of communication in achieving organizational goals through effective messaging. The communication strategy will focus on proven, effective strategies for understanding stakeholder information needs and translating them into clear and differentiated messaging. Specific attention will be placed on the following topics: identifying key internal and external audiences, developing communication goals and objectives, devising appropriate messaging, and creating a plan to reach designated stakeholders that uses the most efficient communication strategies and tactics. In addition, the course will explore industry trends, including the technological convergence of communication modes (voice, video and data), enterprise wide connectivity, distributed network environments, and the Internet.
MISA 544 The High-Reliability Enterprise Model 3 Credits (3,0)
Reliable and resilient enterprises are those that are built to withstand negative forces and events, which can also make them more agile, better suited to take advantage of unforeseen opportunities. This course demonstrates that the development of secure and reliable products and services, and the continuous operation of critical internal systems, is best achieved in an organizational environment that prioritizes information assurance. Organizational approaches to the implementation of standards, best practices, and quality principles are essential considerations and provide the foundation that enables and promotes the building of reliable, trustworthy systems. Dimensions of information quality, overall quality management, process maturity, and others combine to set an organizational tone that supports assurance objectives and drive enterprises to the effective management of enterprise risks.