Course Syllabus

Please note that the specifics of this Course Syllabus are subject to change. Instructors will notify students of any changes and students will be responsible for abiding by them. Even if you print this syllabus, please check the online version often.

Description

SRA 311: Risk Analysis in a Security Context (3 credits) - Assessment and mitigation of security vulnerabilities for people, organizations, industry sectors, and the nation.

Welcome to SRA 311! This class might very well be the most important class you take in pursuit of your SRA degree. It is the class employers look for (and hope you do well in). It is the class that should put all of your lower-division classes into perspective. And, it is the course that should prepare you to tackle more senior level courses in the years ahead.

SRA 311 is a critical thinking course. You will learn the vocabulary and philosophy of risk. You will learn the right questions to ask in order to complete a risk assessment, make a risk communication or to evaluate alternative mitigation options. You will learn techniques and methodologies to help you answer these questions. The successful SRA 311 student will leave the course able to speak intelligently about security risk analysis.

Prerequisites

  • SRA 231
  • Completing SRA 111, SRA 211, and SRA 221 is also helpful.

Objectives

Students completing SRA 311 with a passing grade should be able to:

  • Define the following terms and phrases: security, risk, analysis, risk analysis, risk management, risk assessment, risk communication, risk control, vulnerability, threat, consequence, countermeasure, mitigation, benefits, costs, return on investment, protector, defender, attacker, asset, value, utility, detect, defend, devalue, deter, dissuade, delay, defeat, probability, possibility, uncertainty, confidence, susceptibility (and others).
  • Describe the eight elements of thought and the nine intellectual standards and apply them to appraising real risk analysis products.
  • Articulate the nine basic questions of risk (and all associated subquestions) and explain how risk analysis fits into this scheme.
  • Explain and apply a number of analysis methodologies to realistic risk analysis problems, including but not limited to fault tree analysis, event tree analysis, divergent convergent thinking, pros/cons, multicriteria decision analysis, hierarchical holographic modeling (and others).
  • Produce a risk study consisting of a scoping statement, system definition, threat assessment, vulnerability assessment, and consequence assessment.
  • Communicate actionable recommendations about risk and what can be done about it.
  • Explain the difference between “risk analysis” and a “risk analysis methodology” and discuss the strengths and weaknesses of different analytical techniques.
  • Explain the guiding principles of risk analysis.

Instructor

  • TBD

Please note that when you compose an email to your instructor, others will likely be listed as "Teachers" from the Canvas interface. This is misleading because only your instructor, possibly TA/LA's listed here, are monitoring your messages. All of your course communications should be limited to those listed here.

Materials

  • There are no required textbooks for this course.
  • Supplemental readings will be suggested throughout the semester.

Assignments & Grading

Grading Policy

There are four types of assignments in SRA 311 – Multiple Choice Quizzes, Core Module Assignments, Elective Module Assignments, and a Risk Analysis Project.

  1. Multiple Choice Quizzes
    Each multiple choice quiz consists of ten (10) items with four answer choices. The aim of multiple choice quizzes is to assess your retention core course content. Each question has only one correct answer. Each question is graded as full credit (100%) or no credit (0%). Students have only 20 minutes to complete each multiple choice quiz. Multiple choice quizzes must be completed in one sitting, and each student is only allowed one submission. NOTE: Multiple Choice Quizzes are to be completed INDEPENDENTLY.
  2. Core Module Assignments
    Each module has a corresponding written assignment. The aim of core module assignment is to increase the depth of your understanding of core module content. Each part of each item in a core module assignment is graded as full credit (100%), partial credit (50%), or no credit (0%). Core Module Assignments are to be completed INDEPENDENTLY.
  3. Elective Module Assignments
    The final portion of SRA 311 provides students an opportunity to choose and explore contemporary topics in risk analysis that interest them most. The aim of elective modules is to allow students to dig deeper into topics that interest them. A variety of options will be provided for students to choose from. Each part of each item in a core module assignment is graded as full credit (100%), partial credit (50%), or no credit (0%). Elective Module Assignments are to be completed INDEPENDENTLY.
  4. Risk Analysis Project
    No risk analysis course would be complete without a semester-long risk analysis project. The aim of this project is to put your new skills to work in the process of studying a security-related risk of contemporary and/or personal interest. The risk analysis project is divided into three parts with due dates as noted in the syllabus. The Risk Analysis Project is to completed in GROUPS OF 4-5 STUDENTS. Grading for the risk analysis project is loose - the instructor will coach and iterate with student groups to make the project as good as possible.
  5. Student-Instructor Interaction
    To ensure each student is maximally successful in this course, we conduct private student-instructor interaction via the Canvas Inbox. Here, the instructor will discuss core content with students personally, ask questions probing student knowledge, and review performance on assignments. Bonus points are awarded to students based on the quality of this interaction.
  6. Final grades are based on a tally of the following assignments:

    Course Grading Breakdown
    Grading Category Percentage of Final Grade
    Risk Analysis Project 40%
    Core Module Assignments 40%
    Elective Module Assignments 10%
    Mulitple Choice Quizzes 10%
    Student-Instructor Interaction (5%EC) 5%
    TOTAL 105%

Course Grading Scale

The following are minimum cutoffs for each grade:

  • 93.00% = A
  • 90.00% = A-
  • 87.00% = B+
  • 83.00% = B
  • 80.00% = B-
  • 77.00% = C+
  • 70.00% = C
  • 60.00% = D
  • less than 60.00% = F

Grading Philosophy

Routine course work is graded on a three-tier basis: Full Credit (100%), Partial Credit (50%), and No Credit (0%). For example, items on the module assignments are each graded according to this rubric. Items on the multiple choice quizzes are grades as full credit or no credit. Specific guidance on what it means to get full credit, partial credit, or no credit will be provided for each assignment. IMPORTANT NOTE: a 50% does NOT mean you only got 50% correct, nor does 100% indicate you got a perfect score. For the purposes of this course, 50% indicates PARTIAL credit and 100% earns FULL credit.

Early/Late Work

Work is due during by the end of the week it is assigned. For the purpose of this class, a "week" begins on Monday at midnight and ends on Sunday at 11:59pm. Work will not be accepted after the due date/time. Thus, the window for submitting work due in a given week is from midnight on Monday morning beginning the week to 11:59pm on the Sunday evening ending the week. If you miss a deadline by a few minutes, send your work IMMEDIATELY by email to the instructor with a reason for why it is late; whether it will be accepted will be on a case-by-case basis.

Course Policies

Student Groups

The entire class will self-select into groups of 4-5 students each before the end of the second week of class. Groups of more than 5 persons will not be allowed for any reason. Group composition will be decided by the students. Groups will collectively complete the risk analysis project.

Official Course Communication

All official course communications must be sent through the Canvas. Details for all quizzes and assignments will be posted in Canvas. While discussion forums will be used for unofficial communication and class-wide discussion of course materials, official communications will take place only via the Canvas Inbox.

The instructor will make every attempt to respond to all emails sent via Canvas within twenty-four (24) hours. The instructor will check email and engage with students online at least once a day after 10:00 pm ET. If you would like to make an appointment to speak or engage with the instructor at a particular time, send a Canvas message with your request.

Academic Integrity

Penn State and the College of Information Sciences and Technology are committed to maintaining Penn State's policy on Academic Integrity in this and all other courses. We take academic integrity matters seriously and expect you to become a partner to the University/College standards of academic excellence.

For more information, please review these policies and procedures:

WARNING: In addition to other policies, using any material in any media format - from “answer sites” (such Course Hero, Chegg, and all others) and/or other type of sources - is considered CHEATING and will not be tolerated. Sanctions range from failure of the assignment or course to dismissal from the University. Contact your instructor with questions related to this topic.

University Policies

Review current information regarding various Penn State policies (such as copyright, counseling, psychological services, disability and military accommodations, discrimination, harassment, emergencies, trade names, etc.) on the University Policies page.

Resources

Find extensive information and links to many Penn State and IST resources (including the Penn State libraries, video conferencing tools, technology and software, writing and research help, and much more) on the Resources page.

Technical Requirements

Standard World Campus computer technical specifications are assumed for this course. Please test your computer for requirements. In addition, a webcam and a headset with a microphone are REQUIRED for the course. These may be used for virtual meetings, virtual office hours, interactions with classmates and your instructor, and group presentations - which are all conducted with virtual meeting tools. No special software is required.

Schedule

The following schedule outlines the topics covered in this course, along with the associated time frames, readings, activities, and assignments. All due dates reflect Eastern Time (ET). Specifying the time zone ensures that all students have the same deadlines, regardless of where they live.

Course Summary:

Date Details