7183T - IT Risk Management and Disaster Recovery (R0)

7/23/13 online.binus.ac.id/cmsol/Content/OtherTypes/ViewSyllabus/SyllabusContentView.aspx?
id=COJY6agj4mEOpFwpmGxzZtUPDTrhqD8IVdMr1UfIbVpTw26h5t
online.binus.ac.id/cmsol/Content/OtherTypes/ViewSyllabus/SyllabusContentView.aspx?id=COJY6agj4mEOpFwpmGxzZtUPDTrhqD8IVdMr1UfIbVpTw26h5tC 1/10
Course Outline

7183T
IT Risk Management and Disaster Recovery
(3 Credits)
Study Program
MTI
Effective Date: 27 Agustus 2012 Revision Revisi 0

1. Course Description
This course will provides a comprehensive suite of knowledge of assessing a company's IT security needs
through policies and procedures development, thorough understanding of network security issue, intrusion
and penetration techniques due to vulnerabilities, web applications review and incident response .
Principles and tools for preventive measures in network, computer and network forensics and application
security as part of risk management will be discussed. As currently IT infrastructure is strategic for business
sustainability and growth, disaster recovery plan is gaining importance in business entity. A strong
knowledge of security risk management should be part of IT professionals and management team. Business
continuity aspects will be discussed as the infra structure disruption will have severe impact to the
operations of the company.
2. Graduate Competency
Each course in the study program contributes to the graduate competencies that are divided into
employability and entrepreneurial skills and study program specific outcomes, in which students need to
have demonstrated by the time they complete their course.
BINUS University employability and entrepreneurial skills consist of planning and organizing, problem
solving and decision-making, self management, team work, communication, and initiative and enterprise.
2.1. Study Program Specific Outcomes
Study Program Specific Outcomes
Graduate will be able to design ICT infrastructure blue print and strategic plan that can be applied
by industry
Graduate will be able to value the transformation of data into knowledge in order to attain business
competitiveness
Graduate will be able to propose ICT solution in any fields based on computational intelligence by
applying state of the art research and development that can increase the value of humanity and
environmental aspect
2.2. Employability and Entrepreneurial Skills
Aspect Key Behaviour
- -
7/23/13 online.binus.ac.id/cmsol/Content/OtherTypes/ViewSyllabus/SyllabusContentView.aspx?id=COJY6agj4mEOpFwpmGxzZtUPDTrhqD8IVdMr1UfIbVpTw26h5t
- -
3. Topics
Introduction to Strategic IT Security and Risk Management
IT Risk Portfolio
Managing Information Security Risk
Methods of IT Risk Analysis Case Study
Building Blocks of IT Security
Electronic Crime and Forensic Computing
Securing the Network
Securing Network Operations, Databases, and Applications
Computer Forensics Tools and Acquisitions
Computer Forensics Analysis and Validation
Disaster Recovery & Business Continuity Preparation Preparation, Operation and Maintenance
Business Continuity Preparation, Operations and Maintenance
4. Learning Outcomes
On succesful completion of this course, students will be able to:
LO1: Analyse the nature of information security and the risk involved.
LO2: Propose the necessary mitigations for probable security events.
LO3: Evaluate results of computer forensics for security risk management.
LO4: To propose disaster recovery methods to recover from security attacks.
LO5: To propose business continuity plan that can mitigate the IT infra structure disruptions.
5. Textbooks and Other Resources
5.1. Textbooks
1. Slay, Jill and Andy Koronios (2006). Security and Risk Management. -. John Wiley & Sons, Inc.
(Wajib). ISBN: 0470805749. Bibli: 200703019.
2. Jordan, Ernie & Luke Silcock (2005). Beating IT Risks. -. John Wiley & Sons, Ltd.. ISBN:
047002190X. Bibli: 200505004.
3. Alberts, Christopher and Audrey Dorofee (2003). Managing Information Security Risks, The
OCTAVE Approach. 1st. Addison Wesley. ISBN: 0321118863. Bibli: 200505005.
4. Peltier, Thomas R. (2001). Information Security Risk Analysis. -. Auerbach. ISBN: 0849308801.
Bibli: 200301120.
5. Whitman, M.E., Mattoro, H.J. (2007). "Principles of Incident Response and Disaster Recovery". -.
Course Technology. ISBN: 9781418836634. Bibli: 201101131.
6. Jone, A, Ashenden D. (2005). "Risk Management For Computer Security. Protecting Your
Network and Information Assets". -. Elsevier Butterworth-Heinemann. ISBN: -. Bibli: -.
7. Bejtlich, Richard. (2006). "Extrusion Detection: Security Monitoring for Internal Intrusions". -.
Addison-Wesley. ISBN: 0321349962. Bibli: 200811066.
8. Nelson, Bill, Phillips, Amelia, Steuart, Christopher (2008). "Guide To Computer Forensics and
Investigations". 3rd Edition. Cengage Learning Asia Pte Ltd.. ISBN: 9781435498839. Bibli:
201006047.
9. Bejtlich, Richard. (2005). The Tao of Network Security Monitoring Beyond Intrusion Detection.
-. Addison-Wesley. ISBN: -. Bibli: -.
10. Carrier, B. (2005). "File System Forensic Analysis". -. Addison Wesley. ISBN: 0321268172. Bibli:
200811064.
11. Jones, Keith J. Bejtlich, Richard. Rose, Curtis W. (2006). "Real Digital Forensic: Computer
Security and Incident Response". -. Addison Wesley. ISBN: 0321240693. Bibli: 200811065.
12. Jones, Robert (2006). "Internet Forensics". 1st Edition. OReilly Media, Inc. ISBN: 059610006x.
Bibli: 200906127.
13. Mandia, Kevin. Prosise, Chris. Pepe, Matt (2003). "Incident Response & Computer Forensics". -.
Mc.Graw-Hill/Osborne. ISBN: -. Bibli: -.
14. Stallings, William. (2005). "Cryptography and Network Security". 4th Edition. Pearson Education.
ISBN: 0132023229. Bibli: 200808032.
5.2. Other Resources
1. -, -
6. Schedule
Week/
Session/
Mode
Related LO Topics References
1
1
F2F
LO1:
Analyze the
nature of inf
ormation
security and
the risk
involved.
Introduction to Strategic IT
S
ecurity and Risk
Management
Introduction Risk
Management
The review of
Information Secu
rity Management
The Introduction of
incident r
esponse management

Introduction to Strategic IT S
ecurity and Risk Management
Introduction to Strategic IT S
ecurity and Risk Management
-
Enterprise Security Risk Manag
ement, http://www.asisonline.org/educ
ation/docs/CSORT_ESRM_whitepap
er_2010-04.pdf
-
-
Slay, Jill, Koronios, Andy (20
06), chapter 1
Jone, A, Ashenden D.(2005), ch
apter 1 s/d 6
Whitman, Michael E., Mattord,
Herbert J.(2007), chapter 1
1
2
LO2:
Propose the
IT Risk Portfolio IT Risk Portfolio
IT Risk Portfolio
Online necessary
mit
igations for
probable
security
events.
Classification of IT
Risk Port
folio.
IT Risk Management
Portfolio
The role of IT Risk
Portfolio

-
Risk Management Guide for Info
rmation Technology Systems,
http://csrc.nist.gov/publicati
ons/nistpubs/800-30/sp800-30.p
df
-
-
Jordan, Ernie, Silcock, Luke (
2005), chapter 3
Jone, A, Ashenden D.(2005), ch
apter 11,12,13,14,15,16,17
Herbert J.(2007), chapter 2&3
2
3
Online
LO2:
Propose the
necessary
mit
igations for
probable
security
events.
Managing Information
Security
Risk
The IS Security
Management
Security Risk
Process Cycle
Network Security
Management

Managing Information Security
Risk
Managing Information Security
Risk
-
Strategies for managing inform
ation security risks,
http://www.zurichna.com/intern
et/zna/SiteCollectionDocuments
/en/media/inthenews/strategies
formanaginginformationsecurity
risks.pdf
Tugas Personal 1 - 7183T
-
Alberts, Christopher J., Dorof
ee, Audrey J.(2003), chapter 1
3
4
Online
LO2:
Propose the
necessary
mit
igations for
probable
security
events.
Methods of IT Risk
Analysis
Security Monitoring
Case
Case study
discussion.

Methods of IT Risk Analysis
Methods of IT Risk Analysis
-
-, -
-
Alberts, Christopher J., Dorof
ee, Audrey J.(2003), chapter 3
Bejtlich, Richard (2006), chap
ter 1&2
4
5
Online
LO2:
Propose the
necessary
mit
igations for
probable
security
events.
Building Blocks of IT
Security
IT Security
Architecture

-
-, -
-
Tugas Kelompok 1 - 7183T
06), chapter 2
Bejtlich, Richard (2006), chap
ter 3,4,5,9,10
5
6
PC
LO2:
Propose the
necessary
mit
igations for
probable
security
events.
Electronic Crime and
Forensic
Computing
E-commerce crime
Electronic crime

Electronic Crime and Forensic
Computing - Part 1
Computing - Part 2
Computing
-
-, -
-
-
06), chapter 5
6
7
CC
LO2:
Propose the
necessary
mit
igations for
probable
security
events.
Securing the network
Introduction to
Network Securi
ty
Incident Response
System
Disaster recovery
System

-
-, -
-
-
7
8
Online
LO3:
Evaluate
results of
compu
ter forensics
Securing network
Operations, D
atabases, and Applications.
Network security
Securing network Operations, D
Securing network Operations, D
-
for security
ris
k
management.
Computer Forensic
Computer
Investigation

-, -
-
Nelson, Bill, Phillips, Amelia
, Steuart, Christopher (2010),
chapter 1,2,4
8
9
Online
LO3:
Evaluate
results of
compu
ter forensics
for security
ris
k
management.
Computer Forensics
Tools and
Acquisitions
Hardware
Software
Forensic Tools

Computer Forensics Tools and
Acquisitions
Computer Forensics Tools and
Acquisitions
-
-, -
-
chapter 5,6,7
9
10
Online
LO3:
Evaluate
results of
compu
ter forensics
for security
ris
k
management.
Computer Forensics
Analysis
and validation.
Computer Forensic
analysis
Computer Forensic
Investigatio
n

Computer Forensics Analysis
and validation.
Computer Forensics Analysis
and validation.
-
-, -
-
Tugas Kelompok 2 - 7183T
chapter 9, 11
10
11
Online
LO4: To
propose
disaster
recov
ery methods
to recover
from se
curity
attacks.
Disaster Recovery &
Business C
ontinuity Preparation
Prepar
ation, Operation and
Maintenan
ce
Data preparation in
Business C
ontinuity
Disaster Recovery & Business C
ontinuity Preparation Prepar
ation, Operation and Maintenan
ce
Disaster Recovery & Business C
ontinuity Preparation Prepar
ation, Operation and Maintenan
ce
-
-, -
-
Business continuity

-
Herbert J.(2007), chapter 7-8
10
12
F2F
LO 5: To
propose
business cont
inuity plan
that can
mitigate
the IT infra
structure
disrupt
ions
Business Continuity
Preparatio
n, Operations and
Maintenance
BC plan
implementation
unfolds
the methods used to
continuous
ly improve the BC
process
the steps taken to
maintain th
e BC plan

Business Continuity Preparatio
n, Operations and Maintenance
Business Continuity Preparatio
n, Operations and Maintenance
-
-, -
-
-
Herbert J.(2007), chapter 9-10
7. Evaluation
Assessment Activity Weight
Learning Outcomes
Employability &
Entrepreneurial Skills
1 2 3 4 5 6 1 2 3 4 5 6
Attendance (F2F + PC +
CC)
10% - - - - - - - - - - - -
Discussion Forum Activity 10% - - - - - - - - - - - -
Personal Assignment 30% x x x x x - - - - - - -
Team Assignment 20% x x x x x - - - - - - -
Final Exam 30% x x x x x - - - - - - -
8. Class Policies
Some policies and requirements of the course:
Onsite Class Online Class
Student must attend class and participate
in classroom discussions
The ringing, beeping, buzzing of cell
phones, watches, and/or pagers during
class time are extremely rude and
disruptive to your fellow students and to
the class flow. Please turn all cell phones,
watches, and pagers off or change into
silent mode prior to the start of class
Student must active in classroom
discussion forum, responding to lecturer's
questions and discussing with classmates
Student must active in team room,
especially discussing team assignment
Student must read learning material and other references before class, reading/case will be
distributed before class, team/group and group discussion/presentation will be notified
before class
Student must complete and submit all personal assignment and team assignment
Do not rely on handout distributed by lecturer, student can use other references
Achieve a satisfactory average grade on assignments and examinations
Penalty for cheating and plagiarism will be extremely severe. If you are not sure about
certain activities, consult the instructor. Standard academic honesty procedure will be
followed and active cheating and plagiarism automatically results FAIL in the final grade
9. Submission and Collection of Assignment
All assignments must be typed not hand-written and must be submitted with your name and student
ID typed on coverpage.
Assignment is due exactly at the prescribed time. Late assignments will be accepted, but 20% penalty will
apply for each day of lateness, unless approved in advance.
Any questions or complaints regarding the grading of an assignment or report must be raised within one
week after the score or the grade assignment is available (not when you pick it up).
All assignments and reports should be your original work/concept.
10. General Information
Students are required to be familiar with the Bina Nusantara University, and abode by its terms and
conditions.
Copying of Copyright Material by Student
A condition of acceptance as a student is the obligation to abide by the University's policy on the
copying of copyright material. This obligation covers photocopying of any material using the
University's photocopying machines, the recording off air, and making subsequent copies, of radio
or television broadcasts, and photocopying textbooks. Students who flagrantly disregard University
policy and sopyright requirements will be liable to disciplinary action under the Code of Conduct.
Academic Misconduct
Please refer to the Code of Conduct for definitions and penalties for Academic Misconduct,
plagiarism, collusion, and other specific acts of academic dishonesty.
Academic honesty is crucial to a student's credibility and self esteem, and ultimately reflects the
values and morals of the University as a whole. A student may work together with one or a group of
students discussing assignment content, identifying relevant references, and debating issues relevant
to the subject. Academic investigation is not limited to the views and opinions of one individual, but
is built by forming opinion based on past and present work in the field. It is legitimate and
appropriate to synthesize the work of others, provided that such work is clearly and accurately
referenced.
Plagiarism occurs when the work (including such things as text, figures, ideas, or conceptual
structure whether verbatim or not) created by another person or persons is used and presented as
one's own creation, unless the source of each quotation or piece of borrowed material is
acknowledged with an appropriate citation.
Encouraging or assisting another person to commit plagiarism is a form of improper collusion and
may attract the same penalties.
To prevent Academic Miscondut occuring, students are expected to familiarize themselves with the
University policy, the Subject Outline statements, and specific assignment guidelines. Students
should also seek advice from Subject Leaders on acceptable academic conduct.
Guidelines to Avoid Plagiarism
Whenever you copy more than a few words from any source, you must acknowledge that source by
putting the quote in quotation marks and providing the name of the author. Full details must be
provided in your bibliography.
If you copy a diagram, statistical table, map, etc., you must acknowledge the source. The
recommended way is to show this under the diagram. If you quote any statistics in your text, the
source should be acknowledged. Again full details must be provided in your bibliography.
Whenever you use the ideas of any other author you should acknowledge those, using the APA
(American Psychological Association) style of referencing.
Students are encouraged to co-operate, but collusion is a form of cheating. Students may use any
sources (acknowledged of course) other than the assignments of fellow students. Unless your
Subject Leader informs you otherwise, the following guideline should be used:
Students may work together in obtaining references, discussing the content of the
references and discussing the assignment, but when they wirte, they must write alone.
Referencing for Written Work
Referencing is necessary to acknowledge others' ideas, avoid plagiarism, and allow readers to
access those others' ideas. Referencing should:
1. Acknowledge others' ideas;
2. Allow readers to find the source;
3. Be consistent in format and
4. Acknowledge the source of the referencing format.
To attain these qualities, the school recommends use of the Harvard or American Psychological
Association style of referencing, both of which use the author/date.

Prepared by,

@Prepared by
Subject Matter Expert
Checked by,

@Checked by
Deputy Director of BINUS
Online Learning
Approved by,

@Approved by
Head of Graduate Program in
Information Technology

7183T - IT Risk Management and Disaster Recovery (R0)

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

7183T - IT Risk Management and Disaster Recovery (R0)

Caricato da

Copyright:

Formati disponibili

7/23/13 online.binus.ac.id/cmsol/Content/OtherTypes/ViewSyllabus/SyllabusContentView.aspx?

Potrebbero piacerti anche