Apply to USF Now | Graduate Admissions | Events & Workshops | Giving to the Office of Graduate Studies

Graduate Course Proposal Form Submission Detail - ISM6328

Edit function not enabled for this course.

Current Status: Approved, Permanent Archive - 2011-07-20
Campus: Tampa
Submission Type: New
Course Change Information (for course changes only):
Comments: to gc 5/10/11; desc needs rev. confirm concurrence - emailed 6/28/11. cleared 6/29/11; GC approved 7/5/11. To USF Syst 7/5/11; to SCNS 7/13/11. SCNS apprd Effect 8/1/11

  1. Department and Contact Information

    Tracking Number Date & Time Submitted
    2417 2010-12-02
    Department College Budget Account Number
    Information Systems and Decision Sciences BA 0001407000
    Contact Person Phone Email
    Kaushal Chari 8139746768

  2. Course Information

    Prefix Number Full Title
    ISM 6328 Information Security & Risk Management

    Is the course title variable? N
    Is a permit required for registration? N
    Are the credit hours variable? N
    Is this course repeatable?
    If repeatable, how many times? 0

    Credit Hours Section Type Grading Option
    3 C - Class Lecture (Primarily) R - Regular
    Abbreviated Title (30 characters maximum)
    Info Sec & Risk Mgmt
    Course Online? Percentage Online
    C - Face-to-face (0% online) 0




    Course Description

    Introduction of frameworks to assess IT risk and implement IT general controls; development of technical skills to secure computer networks.

  3. Justification

    A. Please briefly explain why it is necessary and/or desirable to add this course.

    Replacing Selected Topics with Permanent number; already listed in program

    B. What is the need or demand for this course? (Indicate if this course is part of a required sequence in the major.) What other programs would this course service?

    This course has been offered three times in the past. Enrolment figures from the three offerings are shown below.

    Summer 2010: 26

    Summer 2009: 19

    Summer 2008: 33

    C. Has this course been offered as Selected Topics/Experimental Topics course? If yes, how many times?

    Yes, 3 or more times

    D. What qualifications for training and/or experience are necessary to teach this course? (List minimum qualifications for the instructor.)

    Ability to support computer lab environment for students. A doctorate in Business/MIS/CS.

  4. Other Course Information

    A. Objectives


    1. To introduce the importance of information security and related business concern.

    2. To make students aware of the major categories of information security threats.

    3. To make students aware of the common information security controls.

    4. To enable students to implement the basic information security controls.

    5. To introduce students to the important legal provisions regarding information security.

    6. To make students aware of the methodological implications for information security arising from these legal provisions.

    7. To provide students with an understanding of the standard methodologies for complying with legal requirements for IT general controls.

    8. To provide basic understanding of IT risk management in organizations.

    B. Learning Outcomes

    Learning Outcomes

    1. Students will demonstrate an understanding of security concerns and issues in organizations.

    2. Students will have the ability to identify major categories of information security threat.

    3. Students will have the ability to apply various kinds of controls to counter common threats.

    4. Students will have the ability to apply best practices related to IT controls to comply with legal requirements.

    5. Students will have the ability to provide solutions to mitigate IT risks.

    C. Major Topics

    The current topics are as follows:

    introduction - Why information security is important, common attacks, security perspectives

    Introduction to computer networking - OSI model, IP addresses, TCP ports, DNS – Wireshark

    Introduction to computer system administration

    Introduction and use of security tools such as firewall, intrusion detection, vulnerability detection


    Software errors

    Introduction to COBIT and IT general controls for Sarbanes Oxley

    Introduction to IT risk management

    D. Textbooks

    The course currently uses instructor’s notes

    E. Course Readings, Online Resources, and Other Purchases

    There are no purchases. All notes are available on Blackboard.

    F. Student Expectations/Requirements and Grading Policy

    Student Expectations/requirements and Grading Policy with Percentages (e.g. 2 Exams and 1 Paper, each work 33%):

    The current deliverables and grading policy is shown in the table below. Students are allowed to work in groups of up to two students for group projects.

    Table 1: Grading policy

    Item Weight Performance Item Weight Performance

    Exam 20% Individual Intrusion detection 05% Group

    Readings 10% Individual Scripting 05% Group

    Narrative report 10% Group UNIX STIG 10% Group

    Vimtutor 05% Individual Software error 05% Group

    What they know 05% Group Business plan 05% Group

    Vulnerability assessment 05% Group IT controls 05% Group

    * 10% of the grade on each deliverable will reflect attention to detail

    G. Assignments, Exams and Tests

    These are shown in the Table above.

    H. Attendance Policy

    Course Attendance at First Class Meeting – Policy for Graduate Students: For structured courses, 6000 and above, the College/Campus Dean will set the first-day class attendance requirement. Check with the College for specific information. This policy is not applicable to courses in the following categories: Educational Outreach, Open University (TV), FEEDS Program, Community Experiential Learning (CEL), Cooperative Education Training, and courses that do not have regularly scheduled meeting days/times (such as, directed reading/research or study, individual research, thesis, dissertation, internship, practica, etc.). Students are responsible for dropping undesired courses in these categories by the 5th day of classes to avoid fee liability and academic penalty. (See USF Regulation – Registration - 4.0101,

    Attendance Policy for the Observance of Religious Days by Students: In accordance with Sections 1006.53 and 1001.74(10)(g) Florida Statutes and Board of Governors Regulation 6C-6.0115, the University of South Florida (University/USF) has established the following policy regarding religious observances: (

    In the event of an emergency, it may be necessary for USF to suspend normal operations. During this time, USF may opt to continue delivery of instruction through methods that include but are not limited to: Blackboard, Elluminate, Skype, and email messaging and/or an alternate schedule. It’s the responsibility of the student to monitor Blackboard site for each class for course specific communication, and the main USF, College, and department websites, emails, and MoBull messages for important general information.

    I. Policy on Make-up Work

    Make ups are allowed only on two grounds: (1) medical emergencies in the immediate family and (2) work-related situations. Some form of documentation is required as evidence of the situation. Exemptions on religious grounds are provided as specified in university procedures.

    J. Program This Course Supports


  5. Course Concurrence Information

    Masters in Accountancy track on auditing

- if you have questions about any of these fields, please contact or