The abridged syllabus you’re looking for has not been entered yet. We’ve provided a similar abridged syllabus as an example. Check back later for that specific abridged syllabus. The complete syllabus will be available in your Canvas course.

635.775.81 - Cyber Operations, Risk, and Compliance

Information Systems Engineering

Spring 2024

Description

This course provides a solid foundation of potential civil and criminal areas of liability, and certain areas in which compliance and risk management are critical. The overarching theme is detection and reduction of potential legal/cybersecurity risks. We start by exploring the legal and regulatory environment that influences and supports cyber-based activities and programs, focusing on multidisciplinary or integrated views of enterprise risk management. We will address key risk management issues from the legal and cybersecurity aspects and analyze legal/ cybersecurity issues in several of the critical infrastructure sectors, such as the financial services, healthcare and public health, and transportation systems sectors. We also review legal and regulatory compliance issues to address cybersecurity risk management for systems development, acquisition, and operation. This includes material impacting the manner in which the cyber community operates, for example, FITARA (Federal Information Technology Acquisition Reform Act) Enhancement Act of 2017. We then review the authoritative guidance provided by the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The Framework is voluntary for the sixteen critical information sectors and mandatory for the federal government, hence the focus on NIST. Risk management threat detection and avoidance is analyzed from an integrated legal/cybersecurity perspective, including system objectives to avert legal liability and minimize enterprise and human loss. Examples address financial services, healthcare and public health, and transportation (mobile devices and autonomous vehicles) systems, and cyber-physical systems (CPS) or Internet of Things (IoT). The overall constitutional and statutory basis within which all cyber law and policy operates is identified and reviewed.

Instructor

Arthur Reynolds

reynoldsprof@aol.com

Course Structure

The course materials are divided into modules which can be accessed by clicking Modules on the course navigation menu. A module will have several sections including the overview, lectures, readings, discussions, and assignments. You are encouraged to preview all sections of the module before starting. Most modules run for a period of 14 days to afford more time to focus on the discussions and lectures, exceptions are noted in the Course Outline. You should regularly check the Calendar and Announcements for assignment due dates.

Course Topics

Introduction to Course and the Importance of Reasonable Regulations
Sources of Law, Constitutionalism, Regulatory Agencies
Critical Infrastructure, Enterprise Liability and Risk Management
Privacy, 1st Amendment, Health Care, Defamation
4th & 5th Amendments; Cyber Crimes, CFAA & Civil Violations
Intellectual Property, Anti-Trust Overview, Social Media & Sect. 230 of CDA
Cyber Warfare & the Laws of Armed Conflict; Cyber Ethics
Course Conclusion, Closeout, Major Takeaways

Course Goals

The major objective is to provide a firm foundation in the regulatory, legal, and ethical components for operating in the cyber/AI arena, with a focus on risk management.

Course Learning Outcomes (CLOs)

Apply specific course content to enhance critical thinking and analytical skills in the arenas of cyber security and artificial intelligence.
Develop a framework within which to evaluate cyber activities, including hacking, as they relate to waging armed conflict and other ethical implications.
Explain the vital functions of the protection of intellectual property in expanding cyber capabilities.
Explore the concepts of Critical Infrastructure as applied to cyber-sector risk management and apply such concepts to specific scenarios of threat assessments.
Identify the most important anti-competitive laws and guidelines impacting the operation of cyber operations world-wide.
Recognize the major constitutional and legal authorities within the USA upon which cyber security law and regulations are based.

Textbooks

NONE REQUIRED. YOU ARE HOWEVER RESPONSIBLE FOR THE SUBSTANTIAL AMOUNT OF COURSE CONTENT AND RESOURCES POSTED IN THE MODULES, INCLUDING MATERIALS SENT DURING THE CLASS.

Suggested Only

Kosseff, Jeff. Cybersecurity Law. 1^st ed. (2017) Wiley Publishers.

ISBN: 978-1-119-23150-9

Student Coursework Requirements

Each module will contain a graded assignment (e.g. discussion questions and a module summary).
A major paper will address either an important legal opinion in this arena or a detailed international comparative analysis.
A major paper will address Critical Infrastructure risk management coupled with AI aspects.

It is expected that each module will take approximately 7–10 hours per week to complete. Here is an approximate breakdown: reading the assigned materials (approximately 3–4 hours per week) as well as some outside reading, listening to the video and audio recordings (approximately 2–3 hours per week), and writing assignments (approximately 2–3 hours per week).

This course will consist of the following basic student requirements:

Preparation and Participation (30% of Final Grade Calculation)

You are responsible for carefully reading all assigned material and being prepared for discussion.

Post your initial response to the discussion questions by the evening of day 3 for that module week. Posting a response to the discussion question is part one of your grade for module discussions (i.e., Timeliness).

Part two of your grade for module discussion is your interaction (i.e., responding to classmate postings with thoughtful responses) with at least two classmates (i.e., Critical Thinking). Just posting your response to a discussion question is not sufficient; we want you to interact with your classmates. Be detailed in your postings and in your responses to your classmates' postings. Feel free to agree or disagree with your classmates. Please ensure that your postings are civil and constructive. Please note that this component includes your module summaries required for each module, 1-2 page analysis.

100–90 = A—Timeliness [regularly participates; all required postings; early in discussion; throughout the discussion]; Critical Thinking [rich in content; full of thoughts, insight, and analysis].

89–80 = B—Timeliness [frequently participates; all required postings; some not in time for others to read and respond]; Critical Thinking [substantial information; thought, insight, and analysis has taken place].

79–70 = C—Timeliness [infrequently participates; all required postings; most at the last minute without allowing for response time]; Critical Thinking [generally competent; information is thin and commonplace].

Assignments (70% of Final Grade Calculation)

THERE ARE TWO MAJOR ASSIGNMENTS EACH WORTH 35% OF YOUR OVERALL GRADE. DETAILED SPECIFICATIONS AND RUBRICS ARE PROVIDED IN THE CLASSROOM. PLEASE DO NOT BE LATE IN TURNING THESE IN!!

Grading Policy

Assignments are due according to the dates posted in your Canvas course site. Please do not be late!!!!

Please note that the quality of your writing is very important and a major factor in your grade; it rivals content. Strive for lucidity and proper grammar and seek editorial help from the Library. Remember your audience is/are your workplace colleagues (not only myself); hence, strive to meet their needs as if you were briefing them.

We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.

A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.

A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.

EP uses a +/- grading system (see “Grading System”, Graduate Programs catalog, p. 10).

Score Range	Letter Grade
100-98	= A+
97-94	= A
93-90	= A−
89-87	= B+
86-83	= B
82-80	= B−
79-77	= C+
76-73	= C
72-70	= C−
69-67	= D+
66-63	= D
<63	= F

Final grades will be determined by the following weighting:

Item	% of Grade
Preparation and Participation, including all discussions and module summaries.	30%
Assignments (2 @ 35% each)	70%

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.

If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.