ABSTRACT
This paper describes case study assignment in risk assessment for a course in information security management. The instructor's approach in the course was to integrate various readings through discussion and assignments. The assignment described in this paper was based on an actual project and used in an information security management course taught in Summer 2010. Readers will benefit from the instructor's description of this assignment, which teaches the art of information security management by creating a hybrid risk assessment process that provides a practical, reusable, scholarly, and realistic exercise. The assignment proved to be a useful, hands-on practice that students were able to satisfactorily complete.
- Chen, L., Longstaff, T. A., and Carley, K. M. 2006. The provision of defenses against internet-based attacks. In Whitman and Mattord, Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA, 105--119.Google Scholar
- Dark, M. A. 2006. Security education, training and awareness from a human performance technology point of view. In Whitman and Mattord, Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA, 86--104.Google Scholar
- Halpert, B. J. 2006. Mobile device security management. In Whitman and Mattord, Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA, 2--7.Google Scholar
- HAVA. 2002. Help America Vote Act of 2002. Public Law 107--252, 107th Congress, USA. DOI= http://www.fec.gov/hava/hava.htm.Google Scholar
- Jefferson, D., Rubin, A. D., Simons, B., and Wagner, D. 2004. A security analysis of the secure, electronic registration and voting experiment (SERVE). U.S. Department of Defense: Federal Voting Assistance Program.Google Scholar
- Jones, Doug W. 2005. Threats to voting systems. NIST Workshop on Threats to Voting Systems (Gaithersburg, MD, October 7, 2005). DOI=http://www.cs.uiowa.edu/~jones/voting/nist2005.shtml.Google Scholar
- Lunt, B. M., et al. 2008. Information Technology 2008 Curriculum Guidelines for Undergraduate Degree Programs in Information Technology. Association for Computing Machinery (ACM), IEEE Computer Society (November 2008). DOI=http://www.acm.org/education/curricula/IT2008%20Curriculum.pdf/view.Google Scholar
- Pipkin, D. L. 2006. Linking business objectives and security directives. In Whitman and Mattord, Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA, 8--16.Google Scholar
- Stoneburner, G., Goguen, A. and Feringa, A. 2002. Risk management guide for information technology systems: Recommendations of the National Institute of Standards and Technology. Gaithersburg, Md: U.S. Dept. of Commerce, National Institute of Standards and Technology. DOI=http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf.Google Scholar
- Whitman, M. 2003. Enemy at the gates: threats to information security," Communications of the ACM. 46, 8, (August 2003), 91--96. Google ScholarDigital Library
- Whitman, M. E. and Mattord, H. J. 2006a. Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA.Google Scholar
- Whitman, M. E. and Mattord, H. J. 2006b. Zen and the art of information systems security---a philosophical, spiritual, and mystical approach to protecting information. In Whitman and Mattord, Readings and Cases in the Management of Information Security, Thomson Course Technology, Boston, MA, 33--44.Google Scholar
Index Terms
- Risk assessment of voting systems for teaching the art of information security
Recommendations
Assessing student performance outcomes in an information security risk assessment, service learning course
CITC5 '04: Proceedings of the 5th conference on Information technology educationThis focus of this paper is on the assessment of student performance in an information security risk assessment, service learning course. The paper provides a brief overview of the information security risk assessment course as background information ...
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Information Security Risk Assessment Using Markov Models
ISECS '10: Proceedings of the 2010 Third International Symposium on Electronic Commerce and SecurityRisk assessment is important in assessing the security states in information security. This paper proposed to use Markov models to assess the risk of information security. The simulation results were shown using different distributions.
Comments