Please note that the specifics of this Course Syllabus are subject to change. Instructors will notify students of any changes and students will be responsible for abiding by them. Even if you print this syllabus, please check the online version often.

Description

SRA 111: Introduction to Security and Risk Analysis (3 credits) - This introductory course spans areas of security, risk, and analysis covering contexts in government agencies and business organizations.

Regardless of profession, security, risk, and risk analysis have become critical aspects of everyday life. This course relates security planning to study options in the College of IST’s Security and Risk Analysis major: Enterprise Factors & Risk, and Intelligence Analysis & Modeling. Coverage includes: information storage/access/networking risks; legal/ethical issues; criminal/terrorist exploits; and threats from global information/intelligence warfare.

Students will learn management of key risks through judicious application of three control “tools”:

• Programs (e.g., security education, training, and awareness)
• Policies (e.g., laws)
• Technologies (e.g., firewalls, intrusion detection systems)

Thus, students will be exposed to a full spectrum of security activities, methods, methodologies, and procedures.

The stakes are high as recent exponential growth in information parallels our dependence on information. “Security” (i.e., “freedom from harm or danger”) is needed for people (managers/policy makers, end-users/citizens, and related stakeholders), information, and other assets deemed valuable.

The semester is organized based on the NIST Cybersecrity Framework and the Intelligence Cycle:

• Unit 1: Identify (Lessons 2-3)
  • Cybersecurity Framework: Identify
  • Intelligence Cycle: Intelligence Community & Cycle
• Unit 2: Protect-- System Security (Lessons 4-6)
  • Cybersecurity Framework: Protect (System Security)
  • Intelligence Cycle: Requirements, Planning, and Collection
• Unit 3: Protect -- Cybersecurity Toolbox (Lessons 7-9)
  • Cybersecurity Framework: Protect (Toolbox)
  • Intelligence Cycle: Processing
• Unit 4: Detect Lessons 10-11
  • Cybersecurity Framework: Detect
  • Intelligence Cycle: Analysis
• Unit 5: Respond and Recover (Lessons 12-14)
  • Cybersecurity Framework: Respond and Recover
  • Intelligence Cycle: Dissemination

Prerequisites

• None

Objectives

SRA 111 is an introductory course taken by students from all experience levels and backgrounds. Students without prior experience should be successful while more experienced students will also learn something new.

Our specific semester question is: “How do we manage growing threats to personal, enterprise, and national security?”

Students without prior experience should be able to:

• Define critical terms related to security and risk analysis issues relating to systems, organizations, and governments
• Describe the Cybersecurity Framework and Intelligence Cycle and the various components of the intelligence community
• Identify threats and vulnerabilities to systems related to the internet and assets protected by the intelligence community
• Compare and contrast concerns for individual users, enterprise, and government
• Summarize the basic terminology and concepts related to security and what constitutes a network-related attack
• Describe national security concerns and and cyber tool/strategies

Instructor

• TBD

Please note that when you compose an email to your instructor, others will likely be listed as "Teachers" from the Canvas interface. This is misleading because only your instructor, possibly TA/LA's listed here, are monitoring your messages. All of your course communications should be limited to those listed here.

Materials

• Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing (5th ed.). Prentice Hall.
  ISBN 978-0134085043
• This resource is currently available for free using your Penn State account. You can access this resource by:
  1. Clicking on this link: https://learning.oreilly.com/library/view/security-in-computing/9780134085074/
  2. Clicking on the “Sign in” link at the top of the page for desktop users or from the menu icon for mobile users
  3. Enter your Penn State email address in the email address field and click “Continue”
  4. Confirm that the pull-down menu says “I’m with: Pennsylvania State University” and click “Sign in with SSO”
  5. Click the link in #1 again to access an electronic version of your textbook

NOTE: We CANNOT confirm appropriateness of other editions (earlier editions, international edition, etc.), but suggest students compare with current edition available in the Pattee Library’s course reserves.

Assignments & Grading

Students are provided multiple opportunities to demonstrate course material proficiency. All assignments are required, grades are not “curved,” and there is no extra credit. Note “problem resolution time limits” below under Grade Distribution and Canvas Grade Book.

• Homework – 35%
• Discussions (10) – 25%
• Quizzes (5) – 40%
• Total – 100%

Course Grading Scale

The following are minimum cutoffs for each grade:

• 93.00% = A
• 90.00% = A-
• 87.00% = B+
• 83.00% = B
• 80.00% = B-
• 77.00% = C+
• 70.00% = C
• 60.00% = D
• less than 60.00% = F

The above cutoffs are never raised; in rare circumstances, the instructor may elect to slightly lower some cutoffs at the end of the semester when assigning grades. Any adjustments will be made uniformly to all students.

Since our policy is uniform consideration, we do not respond to individual requests for special consideration.

Assignments

SRA 111 requires students to demonstrate course material proficiency through the submission of multiple group and individual assignments throughout the semester. Unless otherwise noted, assignments are due no later than the due date specified on Canvas. Submission details will be provided with each assignment. Please reference the schedule section of this Syllabus and the course Calendar for a more in-depth look at due dates, point distributions, etc.

Extra Credit Policy

SRA 111 is structured so that lessons, assignments, and other features of the course are available well in advance of all due dates. Because students will have ample time to complete this required work, there is no opportunity for extra credit in this course.

Grade Disputes

If you believe that you have received a grade for a particular deliverable in error, it is your responsibility to provide the instructor (in writing) the following information:

1. The grade and assignment in question
2. Why you feel this grade was given in error
3. Your proposed solution for this grade

Your memo will be reviewed and you will be provided with feedback concerning a decision.

Any grade disputes received 1 week after grades have been posted for a particular assignment will not be accepted.

Late Assignment Policy

Students are responsible for completing their own work and submitting their deliverables as directed on all assignments. All assignments must be completed on time to be eligible for full credit.

Advice for SRA 111 students: make sure to start working early on all assignments! Since assignments are noted in the syllabus and are given well in advance, students are encouraged to complete assignments well before their due dates. Students will not be penalized for submitting work earlier than the assigned deadline.

Late assignments, if permitted in writing by the instructor, will result in an automatic 20% point reduction. Please note that any assignments received 1 week after the assigned due date will not be accepted and will not be eligible for credit.

Working in Groups

• Group Assignments
  • Group work is a mandatory aspect of SRA 111. Students will be randomly assigned to groups towards the beginning of group coursework and will be required to work on group assignments for the duration of the semester..
  • All group members are expected to make themselves available outside of class to work on group deliverables. Each individual is expected to contribute to every deliverable, be respectful of alternative views, be considerate of others, and work collaboratively to complete tasks.
• Group Conflicts
  • In the event that an issue may arise where an individual is impacting the group’s ability to complete assignments, the group must first work to resolve the issue together. If the group is unable to resolve the issue to all members’ satisfaction, the issue can then be escalated to the instructor.
  • To escalate an issue, groups should provide a written explanation of the issue and a description of how the group attempted to address the problem. In the unlikely event a group member is unable to continue working in a group, that group member will be required to complete the project on his or her own.

• Individual Assignments
  • In addition to teamwork, students will be required to submit individual assignments. Assignments requiring individual submissions will be noted in class and on Canvas.

General Assignment Descriptions

Quizzes

• There will be five quizzes given at the completion of Units 1, 2, 3, 4, 5 based on material covered during each unit. Each will consist primarily of objective multiple-choice questions, but may also include true & false, short answer and/or essay questions.
• Topics discussed during all class sessions will be tested on the quizzes. The slides on which instructor presentations are based will contain most, but not all of the material for which students will be responsible. Similarly, students are responsible for material contained in all assigned readings.
• The dates for unit quizzes indicated on the class schedule are subject to change; any changes will be announced and posted to the course Canvas website.
• Each multiple choice/short answer quiz builds on previous course material, but is technically not "comprehensive." Unless stated otherwise, quizzes are open book and open notes.

Make-Up Quizzes

• Students typically have one-week to complete assignments, so make-up quizzes are NOT available. If an approved university excuse interferes with a student submission, a comprehensive make-up quiz will be offered finals week as an alternative. In general, the earlier a student notifies the instructor the more options are available.

Homework

• As we progress through SRA 111, we will encounter several graded homework assignments that correspond with our unit topics. The instructions for each homework assignment will detail whether it is an individual or group-based assignment.

Course Policies and Expectations

• All relevant course-related documentation and information will be posted on Canvas. It will be the primary mode of communication for this course. All necessary updates and/or changes to the course will be reflected in the online course management system. If necessary, detailed instructions on how to use the system will be reviewed.

Contacting The Teaching Team

Your questions and feedback are very important to the teaching team. To ensure that we are able to address your needs to the best of our ability, please reference this segment of the syllabus often regarding contacting the teaching team.

First: Re-read the Syllabus

This syllabus is your guiding document throughout the semester with regard to all policies and procedures in SRA111. If you have any questions or concerns in SRA111, it's important to start by re-reading the syllabus. More often than not, this document contains the answer you are looking for!

If after you've read the Syllabus you still need clarification, please utilize the following methods of contacting the teaching team:

General Questions 

Do you have a general question about SRA 111, or about our deliverables or content? If so, these types of questions generally benefit the class as a whole. (After all, if you're confused about something, there are probably a few other students that could benefit from the same answer as well!) If so, utilize the following contact options:

• The Question Café is a forum on our SRA 111 Canvas for general student questions. We created this forum so everyone in the class can see your question and the corresponding answer from the teaching team. If you have general questions about SRA 111, please try to direct these to the Question Café. Likewise, please subscribe to the Questions Café for important announcements, questions, and updates.

Private Questions 

If you have a question that is private to you or your group, do not utilize the Question Café or the Class Discussion Boards. Instead, utilize the following contact options:

• Message the Teaching Team via Canvas: Our course is taught via the Canvas portal. As such, you must utilize Canvas for all correspondence with the teaching team. Be sure to send your message to the entire teaching team so we are able to easily reference and respond to your messages.
• Visit Office Hours: Regular office hours for the teaching team will be announced early into the semester. Unless otherwise noted, once these office hours are announced, the teaching team will be available during this time period on a weekly basis to answer any questions or concerns you may have about SRA 111.

SRA111 is for Educational Purposes ONLY

This course discusses a variety of security-related issues including a number of common exploits and attacks. This goes without saying, but the lectures and materials are for educational purposes only. As a general precaution: You should never use the Internet to practice attacks (and controls), even to a “safe” remote host. Searching for vulnerabilities in systems without permission can be a crime with serious penalties, so do not try this at home.

No Legal Advice

Although SRA 111 discusses many basic issues (including legal issues) throughout the course of the semester, this course is meant for educational purposes only. It is not meant to serve as legal advice in any capacity. If you require legal advice, contact Student Legal Services.