Skip Navigation
 

ISSC662 - Information Assurance: Capability Maturity and Appraisals

Course Details

Course Code: ISSC662 Course ID: 4098 Credit Hours: 3 Level: Graduate

This course examines the phases, processes, standards, the levels, and the process areas of the INFOSEC Assessment Capability Maturity Model (IA-CMM). The IA-CMM minimizes false indications of quality and maturity by relating the IA-CMM process areas to the INFOSEC Assessment Methodology (IAM). This course appraises the principles and methodologies of the IA-CMM; and applies it to develop an organizational ratings profile to provide a measure of maturity. The ratings profile is used to develop strategies to mature the organizational processes. (Prerequisite: ISSC660)





Prerequisites

Course Schedule

Registration Dates Course Dates Session Weeks
05/27/19 - 11/01/19 11/04/19 - 12/29/19 Fall 2019 Session I 8 Week session
06/24/19 - 11/29/19 12/02/19 - 01/26/20 Fall 2019 Session D 8 Week session
07/29/19 - 01/03/20 01/06/20 - 03/01/20 Winter 2020 Session B 8 Week session
08/26/19 - 01/31/20 02/03/20 - 03/29/20 Winter 2020 Session I 8 Week session

Current Syllabi

  • LO1 - Describe the phases, processes, standards, the levels, and the process areas of the Information Security Assessment Capability Maturity Model (ISA-CMM).
  • LO2 - Comprehend the capability maturity model basis.
  • LO3 - Define organizational risk exposure.
  • LO4 - Develop procedures for media disposal, security configurations, system level Information Assurance (IA), TEMPEST product integration, and zoned equipment compliance.
  • LO5 - Conduct a complete threat, vulnerability, impact, and risk assessment.
  • LO6 - Synthesize risk mitigation strategies based on the analysis of security risk data.
  • LO7 - Evaluate the processes and deliverables of the Information Security Assessment Methodology (ISAM).
  • LO8 - Determine the information security process capability maturity level of an organization.

This course has a strong writing component. The goal is to organize, synthesize, and demonstrate your comprehension of core concepts investigated during this course by applying a combination of the terms, concepts, and details you have learned in a systematic way. As important as "the details" that you analyze and arrange in your writing, however, are the conclusions you draw from those details, and your predictions, responses to, and ultimate interpretation of those details.

All work must be original. Please read and understand the University policy on academic dishonesty. You must credit your sources and provide the appropriate references on your assignments, including any personal writings that you may have submitted in previous courses . All submitted work will use the APA 6th edition style guide format. Also, there will be a TurnItIn classroom available for your use to check your papers and will be required for all Assignments. Instructions on how to access the TurnItIn class will be published in the course Resources area.

Weekly Forum Discussion Assignments: There are eight (8) discussion board assignments during the course. The forum assignments will count as 24% of the final grade. Each discussion activity will consist of one or more threads/topics. The assignments may involve discussion or debate. The questions are designed to allow you to apply what you have learned in each week’s readings to real-world scenarios or hypothetical, but realistic, situations. Post your answers to the questions in each thread prior to 11:59 p.m. ET on Thursday. Please do not be late with this post because your classmates will be relying on you to post on time to give them a post to respond to later in the week. A discussion period will then ensue from Thursday through Sunday. Read your classmates' posts and post at least two (2) follow-up messages to your classmates’ posts in each thread prior to 11:59 p.m. ET on Sunday. Some threads may require you to post more than two replies, so make sure you read the directions carefully. Of course, you may always post more than the required number of replies and you are encouraged to continue participating in the discussion even after you have met the minimum number of posts required. Your discussion board participation will be considered at the end of the semester if your grade is on the borderline. Borderline grades will only be rounded up if you have exceeded the minimum requirements on the discussion board and shown insight and critical thinking in all of your posts and replies. Your follow-up posts must contain substance and should add additional insight to your classmates’ opinions or challenge their opinions. It is never sufficient to simply say, “I agree with what you wrote” or “I really liked your post.” You must use your follow-up posts as a way to continue the discussion at a high level of discourse. Be sure to read the follow-up posts to your own posts and reply to any questions or requests for clarification, including questions posted by your professor. You will be expected to log into the classroom several times each week to participate in the class discussion. Discussion board postings are a large part of your grade and I will be looking for quality and depth in your postings. I will also expect you to list your references at the end of each post. References should be in APA citation format.

Assignment - Initial Assessment: Select an organization of your choosing to perform an abbreviated assessment on and then write a 3-4 page information assurance security plan outline that lays out key considerations for decreasing risk and mitigating assessed vulnerabilities. The outline should contain a brief summary of the assessed challenges, a discussion of key IA considerations, options for addressing assessed risk items, and a recommended mitigation approach for each assessed risk. This assignment is intended to gain an initial application of your IA knowledge and to help you focus on the considerations you might address in your research paper. Further, the selection of a particular organizational network, system or information storage solution will set the stage for the Week 8 risk assessment case study. See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. Due: Week 1. Points: 1%.

Assignment - Research Paper Topic: You must submit a Research Paper Topic in Week 2 of the course. Your topic must be related to Information Security Assurance Capability Maturity and Appraisals and the course objectives. Your topic proposal should include several sentences to explain what your topic is and how it relates to the course material. Use of a thesis statement or brief abstract is very helpful to convey your thoughts and plans for your proposed topic. That topic must be reviewed and approved by the course Professor prior to pursuing the next steps in the Research Paper process. See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. There is also an exemplar provided with the Assignment instructions for your review. Due: Week 2. Points: 5%.

Assignment - Research Paper Outline: You must submit a Research Paper Outline by the end of Week 3 of the course. Your outline will use the topic approved by the professor in Week 2. Your outline should include the standard sections outlined in APA 6th edition style guide (Cover Page, body of outline). Your outline should have standard section headings (Introduction, Discussion, Analysis, Conclusion) and your outline should lay out a thesis / theme statement as part of your Introduction. The outline should also lay out the key points you will use to support your thesis / theme statement as part of your Discussion / Analysis, providing a key point underpinned by 3-4 brief bullets / sentences that describe the point you will be making. Your Conclusion section should list the key summary points that you will make. The intent of the Outline assignment is to organize your key thoughts so that you can write a coherent, supportive, and linked paper that carries the thesis / theme statement through a critical analysis of your topic. Your Research Paper References will be submitted in a separate assignment. See the Writing Expectations contained in the Policies section of the Syllabus for additional guidance. There is also an exemplar provided with the Assignment instructions for your review. Due: Week 3. Points: 5%.

Assignment - Research Paper Annotated References: You must submit a Research Paper Annotated References by the end of Week 4 of the course. You must use a minimum of five (5) sources, beyond the course textbooks. These sources should be from industry articles, journals, academic and professional textbooks, and case studies – seek to use primary or peer reviewed sources in your research. The list of references should be presented in a standard paper structure (cover page, annotated references, reference page) and each reference that you will use in your Research Paper should be briefly summarized in terms of its content, main thoughts, and relevance to Information Assurance Capability Maturity and Appraisals, as well as the thesis / theme of your approved topic. You may not use Wikipedia or Webopedia or any ‘pedias’ as a reference. Your references must be formatted according to APA Guidelines. There is also an exemplar provided with the Assignment instructions for your review. Also, conform to the Writing Expectations contained in the Policies section of the Syllabus. Due: Week 4. Points: 10%.

Assignment - Draft Research Paper: The Draft Research Paper is due at the end of Week 5 of the course (6 - 8 pages not including the Cover Page or the References listing – APA 6th Edition formatting). The draft will count as 15% of the final grade and the final will count as 25% of the final grade. The paper will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance as well as conforming with APA 6th edition style guidelines. The objective of creating a draft research paper includes the desire to review your progress and to provide feedback on key aspects that may require additional research and / or development. As this is a progressive research paper activity, within this draft paper your cost-effective security strategy, underpinned by security metrics, should be assessing and identifying issues associated with your selected research topic discussion. Further, initial insights should be emerging at this point that will turn into recommended mitigation actions in your final research paper. Due: Week 5. Points: 15%.

Assignment - Case Study Outline: The selection of the applied case study topical area and a brief outline of that case study will be completed by the end of Week 6. The objective of this assignment is to first select the type and topic of your applied case study, using the Information Security Assurance Capability Maturity Model (ISA-CMM), Draft Version 3.2 as a basis, and then presenting a 2-3 page outline for that case study, listing the key points that you would anticipate presenting in your case study submission.

Students will select one of the following approaches to complete this assignment:

  1. Conduct an ISA assessment of an organization's IT systems (no identifying information of the organization) and scoped to a section / server farm / basic IT structure and not an enterprise sort of assessment.
  2. Conduct an ISA CMM assessment on one specific area of an IA assessment on an organization.
  3. Conduct an ISA CMM assessment using a specific publication or standard and relate that publication or standard to the ISA CMM.
  4. Conduct an ISA CMM assessment identifying the differences of specific standards with security implications or contrasts between those publications, using the ISA CMM as the basis of comparison.
  5. Conduct an ISA CMM assessment with a focus on a specific part of an information system, breaking it down into different types of networks and requirements meeting legal standards, such different classifications of networks, relating them to the specific sections Of the ISA CMM.

This assignment will be due at the end of Week 6. The outline should be between 2-3 pages long (not counting the Cover and Reference pages) and will follow a conventional paper format (Cover page, Body of Paper with outline items that address the introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. Due: Week 6. Points: 10%.

Assignment - Final Research Paper: The Final Research Paper is due at the end of Week 7 of the course (10 - 12 pages not including the Cover Page or the References listing – APA 6th Edition formatting). The final will count as 20% of the final grade. The paper will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance as well as conforming with APA 6th edition style guidelines. The objective of creating the final research paper includes the finalization of your research paper development process, describing and defending a cost-effective security strategy, and basing those upon meaningful security program metrics in order to identify information security responses and outcomes that are effective. As this is the culmination of the progressive research paper activity, you should provide your cost-effective security strategy, underpinned by security metrics, assessing and identifying issues associated with your selected research topic discussion. Further, gained insights from your research and reflection should result in recommended mitigation actions for your selected information security system. Due: Week 7. Points: 20%.

Assignment - Applied Case Study: The applied case study assignment will use the Information Security Assurance Capability Maturity Model (ISA-CMM), Draft Version 3.2 as a basis for selecting a case study topic and approach.

Students will select one of the following approaches to complete this assignment:

  1. Conduct an ISA assessment of an organization's IT systems (no identifying information of the organization) and scoped to a section / server farm / basic IT structure and not an enterprise sort of assessment.
  2. Conduct an ISA CMM assessment on one specific area of an IA assessment on an organization.
  3. Conduct an ISA CMM assessment using a specific publication or standard and relate that publication or standard to the ISA CMM.
  4. Conduct an ISA CMM assessment identifying the differences of specific standards with security implications or contrasts between those publications, using the ISA CMM as the basis of comparison.
  5. Conduct an ISA CMM assessment with a focus on a specific part of an information system, breaking it down into different types of networks and requirements meeting legal standards, such different classifications of networks, relating them to the specific sections Of the ISA CMM.

This case study will be due at the end of Week 8. The paper should be between 7-8 pages long (not counting the Cover and Reference pages) and will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. There is a TurnItIn requirement with the case study; please see the log in instructions for TurnItIn in the Resources section. Please establish an account for this course using those procedures so that you are prepared to access TurnItIn when your paper is ready for submission. A similarity score of 15% or below is the objective for your paper. Due: Week 8. Points: 10%.

See Appendix A – Grading Rubric for Grading Criteria on assignments listed above.

NameGrade %
Forums Week 1 Forum
Week 2 Forum Week 3 Forum
Week 4 Forum Week 5 Forum
Week 6 Forum Week 7 Forum
Week 8 Forum Projects
Week 1 Assignment: Initial Assessment Week 2 Assignment: Research Paper Topic
Week 3 Assignment: Research Paper Outline Week 4 Assignment: Research Paper Annotated References
Week 5 Assignment: Draft Research Paper Week 6 Assignment: Case Study Outline
Week 7 Assignment: Final Research Paper Week 8 Assignment: Applied Case Study

Blackley, J. A., Peltier, J., & Peltier, T. (2003) Information security fundamentals, 1st Edition. Boca Raton, FL. Auerbach Publications.

Selected Bibliography

Web Resources for Information Assurance: Capability Maturity & Appraisals

Information Security Assurance Training and Rating Program. Retrieved from http://www.isatrp.org/

Information Assurance – NSA/CSS. Retrieved from http://www.nsa.gov/ia/index.shtml

Application of the NSA InfoSEC Assessment Methodology. Retrieved from http://www.sans.org/reading_room/whitepapers/auditing/application-nsa-infosec-assessment-methodology_1045

Risk Management Guide for Information Technology Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Book Title:Information Technology Risk Management in Enterprise Environments (Ebook available through the APUS Online Library)
ISBN:9780471762546
Publication Info:John Wiley & Sons, Inc.
Author:Kouns, Jake / Minoli, Daniel
Unit Cost:$94.16
Book Title:REFERENCE ONLY- Information Security Fundamentals, 2nd edition-This text will be REQUIRED in ISSC661 and ISSC680. This text will be used as a reference only for the other courses in the ISSC program.
ISBN:9781439810620
Publication Info:Auerbach Publications
Author:Thomas R. Peltier
Unit Cost:$79.95

Previous Syllabi

Not current for future courses.