695.601.81 - Foundations of Information Assurance

Course Structure

The course materials are divided into 14 modules which can be accessed by clicking Modules in the Canvas menu. A module will have several sections including the module-at-a-glance, readings, video lectures and related content, discussions, and assignments. Students should regularly check the Calendar and Announcements for assignment due dates. Module weeks begin on Wednesday and complete on Tuesday.

Course Topics

• Introduction to Information Assurance
• Introduction to the U.S. Critical Infrastructure Sector
• Integrated IA Governance and Metrics
• Toolbox: Authentication, Access Control, & Cryptography 101
• Toolbox: Authentication, Access Control, & Cryptography 102
• Programs and Programming
• The Web-User Side
• Operating Systems
• Networks: Network Security Attacks
• Networks: Security Countermeasures
• Databases and Big Data
• Cloud Computing
• Internet of Things

Course Goals

This multidisciplinary course, which provides an overview of Information Assurance (IA) in an enterprise context, enables the student to develop a foundation for future course work. Information assurance (IA) issues are presented within a context of cyber governance. For example, information technology (IT) or information and communications technologies (ICT) system or "system of systems" is introduced with respect to an enterprise vision and the supporting goals and objectives. This course will also include an introduction to enterprise architecture (EA) or a technical blueprint for enterprise information systems. EA may provide context at a second level of specificity for IA or cybersecurity and privacy. Policy considerations are examined with respect to the technical nature of IA that may be represented by industry and government guidance for systems with cryptographic requirements.  
The course is designed to assist students in learning to assess enterprise IA risk more effectively and to formulate technical recommendations in the areas of IT or ICT systems and "systems of systems." Aspects of IA-related topics to be introduced include network security, cryptography, IT or ICT technology issues, and database security. The course addresses evolving Internet IA architecture issues that affect enterprise IA; security engineering; and the phased transition to a user- or network-centric architecture and a services-based or alternate architecture, e.g., future Internet (FI). Additional topics include access control (systems, hardware and software), communications security, and the proper use of system software (operating system and utilities). The course introduces the social and legal problems of individual privacy in an information processing environment, as well as the computer "crime" potential of such systems and "systems of systems." The commercial aspects of several data encryption algorithms are introduced.

Course Learning Outcomes (CLOs)

• Explain the three components of the NIST Cybersecurity Framework—The Framework Core, Framework Implementation Tiers, and a Framework Profile—and be able to apply the seven steps to establish or improve a cybersecurity program.
• Apply the NIST Risk Management Framework (RMF) to tiered risk management including the six-step process for tier 3: information systems.
• Demonstrate proficiency in assessing enterprise security risk and formulating technical recommendations in the areas of both hardware and software systems, cloud computing security, and big data security and privacy.
• Demonstrate proficiency in assessing tactical or systems security risk and formulating technical recommendations in the areas of both hardware and software systems, cloud computing and big data security and privacy.
• Demonstrate an ability to research, describe and explain a set of key cybersecurity issues that could impact strategic risk for enterprise security.

Textbooks

Charles P. Pfleeger et al, Security in Computing: Fifth Edition, Prentice Hall, 2015.

Required Software

Students choosing to do the project will need to be able to run VirtualBox or another similar virtual machine environment capable of running x86 virtual machines (newer Macs cannot run x86 VMs).

Student Coursework Requirements

The minimum effort expected for a student who plans to demonstrate baseline knowledge will be approximately 10-12 hours per week. The distribution of 10-12 hours per week may vary depending on your baseline knowledge. Here is an example:

You may focus on the suggested reading (approximately 1–3 hours per week), listening to the audio annotated slide presentations (approximately 1-2 hours per week), participating in discussions, assignments, mid-term, final examination, and research paper or course project (6-8 hours per week).

Students who plan to demonstrate more comprehensive knowledge will invest more intellectual effort and more time. You will be fully supported in these endeavors by your instructors. For example, requests for research assistance are welcomed, and this effort is reflected in grading.

A key focus of the grading for this course is to achieve successful applied research in a mutually agreed IA topic or a course project (40% of Final Grade Calculation). Other components of the course grade include student discussions and assignments (30% of Final Grade Calculation) and two examinations: mid-term (15% of Final Grade Calculation) and final examination (15% of Final Grade Calculation).

The discussions, assignments and exams for the course are open-book. A key aspect of open-book is attribution, e.g., footnotes and/or endnotes. For example, key issues require attribution. Captions for figures/tables require attribution. Definitions in an annotated glossary should have attribution.

Each discussion, assignment, mid-term, final examination, and research paper or course project submission should include your name and the assignment title.

Student Posts for Discussions: Introduction 

Post your topic to the discussions by Saturday evening of that module week (Wednesday- Tuesday), and responses to your peer's posts by Tuesday evening. Posting updates for a discussion topic and responses to discussion topics are part one of your grade for class discussions (i.e., Timeliness).

1. Day 1–4 (Wednesday-Saturday) - initial student response is posted.
2. Day 1–7 (Wednesday-Tuesday) - follow-on student responses are posted.

A key part of your grade for class discussion is your interaction (i.e., responding to classmate postings with thoughtful responses) with at least two classmates for each discussion question (i.e., Critical Thinking). Just posting your update to a discussion topic is not sufficient; interaction with your classmates is expected. Be detailed in your postings and in your responses to your classmates' postings. Feel free to agree or disagree with your classmates. Please ensure that your postings are civil and constructive. Positive thinking is appreciated. The references listed for each of the course modules present supporting or contrasting views of concepts that may be discussed in the texts or may supplement the texts. For example, in some cases, these references present a detailed discussion of topics not treated in depth or only touched upon in the course text. Please title your initial discussion thread with your name followed by the discussion name (i.e., First name Last name – Module 2 Discussion).

A student’s initial post should be a couple paragraphs to a couple pages in length.

Demonstration of Knowledge: Evaluation

Evaluation of preparation and participation is based in part on your contribution to the assignment. Preparation and participation are based on two dimensions: 1) demonstration of knowledge and 2) a rubric:

1. Dimension 1: Demonstration of knowledge
   1. We appreciate a thorough demonstration of knowledge.
   2. For example, a structured response with headings could include: Introduction, Context (a suggested set of authoritative and standards documents that provide criteria or metrics to analyze cases and literature), Cases, Analysis, Conclusions, Matters for Consideration, and References.  

Note: We supply a suggested set of context documents in the Strategic Requirements Section. 

2. Dimension 2: Rubric

100–98 =A+; 97-94 = A; 93-90 = A-: —Timeliness [regularly participates]; Critical Thinking [rich in content; full of thoughts, insight, and analysis]. 

89–87 = B+; 86-83 = B; 82-80 = B-: —Timeliness [frequently participates]; Critical Thinking [substantial information; thought, insight, and analysis has taken place]. 

79–70 = C—Timeliness [infrequently participates]; Critical Thinking [generally competent; information is thin and commonplace].  

Note: Comprehensive Demonstration of Knowledge Example: A comprehensive and/or in-depth demonstration of knowledge is encouraged. For example, if the term IPsec (Internet Protocol Security) is used, an integrated context could be provided by NIST (National Institute of Standards and Technology) cybersecurity guidance: 

• NIST: Special Publication 800-57, Part 3-Rev. 1: Recommendation for Key Management: Part 3- Application Specific Key Management Guidance, January 2015, Section 2: Public Key Infrastructure (PKI); Section 3: Internet Protocol Security (IPsec); and Section 4: Transport Layer Security (TLS); and NIST: Special Publication 800-63-3: Digital Identity Guidelines, March 2, 2020. 

Grading Policy

Assignments are due according to the dates posted in your Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. We will usually post grades about one week after assignment due dates.

We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.

A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.

A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. 

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. 
 
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.