Information Security
On this and most weeks, each student will present their topical reading, with handouts for the class, and the instructor will present a lecture based on recent developments since publication of the texts. Make sure the handout provides a full bibliographical citation for your reading.
Security Policy
Legislation and Executive Branch Actions
Homeland Security
Cyberwarfare Cyberterrorism, and Infrastructure Protection
Cybercrime
Encryption
Authentication
Federal ID Cards
Agency-level Security Policies
Summary
Handout: Tod Newcombe, Security Checklist
Discussion Questions, Garson, Chapter 7
1. In the 1980s when mainframe computing was well established, the government produced the "Orange Book" encouraging private systems firms to create more secure software. What was the result of this effort?
2. The Federal Information Security Act of 2002 (FISMA) superceded the Computer Security Act of 1987. What did FISMA set out to accomplish? Why did some within the software industry dislike formal security benchmarks? Did agencies encounter problems implementing the FISMA security changes?
3. What was the Total Information Awareness Project (TIA)? How would it affect private industry, individuals, and the federal government? What was the fate of the TIA?
4. The FBI, to investigate threats and to protect national data infrastructure, created the National Infrastructure Protection Board (NIPB). However, NIPB had two conflicting roles. What was the conflict? Does it still exist?
5. Fears of cyber terrorism have been elevated in the publics' eye. How plausible is a "cyber meltdown?" Why?
6. What safeguards were in place to protect personal information in the public key encryption system (PKI)? How is the federal government ensuring the use of PKI systems?
7. What is e authentication? What criticism has this system received from agencies?
8. As part of Homeland Security, secure and reliable forms of identification are required for all federal employees and contractors. Should all individuals in the U.S. be required to have a national identification card? Why or why not?
9. Security threats within public agencies are not only from viruses. What are some other types of security threats that can be found in a government agency? Are there strategies that can be applied to safeguard the system?
10. What are the basic elements of a comprehensive security policy?
Discussion Questions, Rocheleau, Chapter 7
Information Technology, Training, and Organizational Learning
1. Give five reasons why training investment is worth it in IT.
2. How much should be budgeted for training?
3. How long should typical IT training for a system be? How does an agency answer this question?
4. Which is higher risk - training inside staff or relying heavily on outside consultants?
5. What are some characteristics of good training.
6. What does "informal learning" refer to?
Explore