Additional/Readings Required/Optional

Papers for Presentation on Feb 26:

These articles are all from Security & Privacy Magazine, IEEE

[1] Embedding Information Security into the Organization
Johnson, M.E.; Goetz, E. Page(s): 16-24
Full Text: PDF (279 KB) 

Presenter: Emily Ecoff (presentation slides)


[2] I'll Buy That! Cybersecurity in the Internet Marketplace
Pfleeger, S.L.; Libicki, M.; Webber, M. Page(s): 25-31
Full Text: PDF (220 KB)

Presenter: Anusha Kamineni (presentation slides)


[3] A Coherent Strategy for Data Security through Data Governance
Trope, R.L.; Power, E.M.; Polley, V.I.; Morley, B.C., Page(s): 32-39
Full Text: PDF (237 KB)

Presenter : Barry Sebasta (presentation slides)


[4] What Anyone Can Know: The Privacy Risks of Social Networking Sites
Rosenblum, D., Page(s): 40-49
Full Text: PDF (245 KB)

Presenter: Thema Ameyaw (presentation slides)


[5] Cyberinsurance in IT Security Management
Baer, W.S.; Parkinson, A., Page(s): 50-56
Full Text: PDF (242 KB)  

Presenter: Alan Lee (presentation slides)

[6] Digital rights management, spyware, and security
Felten, E.W.; Halderman, J.A.;
Volume 4,  Issue 1,  Jan.-Feb. 2006 Page(s):18 - 23
Full Text: PDF(424 KB) 

Presenter: Annie Howard (presentation slides)


[7] The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information
Otto, P.N.; Anton, A.I.; Baumer, D.L.;
Security & Privacy Magazine, IEEE
Volume 5,  Issue 5,  Sept.-Oct. 2007 Page(s):15 - 23
Full Text: PDF(266 KB) 

Presenter: Luai Hasnawi (presentation slides)

The following are required for HW2

  1. M. Whitman, "Enemy At the Gate: Threats to Information Security" , Communications of the ACM, Vol 46, No.8, AUgust, 2003, (Threats1.pdf)

  2. Ghi Paul IM, Richard L. Baskerville, "A Longitudinal Study of Information Systems Threat Categories: The Enduring Problem of Human Error.", The Database Advances in Information Systems, Vol. 36, No. 4, 2005. (Threats2.pdf)

The following are required for HW1

  1. W. Victor Maconachy, Corey D. Schou, Daniel Ragsdale and Don Welch, "A Model for Information Assurance:An Integrated Approach, " in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 5-6 June, (IA_Integrated.pdf)

  2. Jan Eloff, Mariki Eloff D, "Information security management: a new paradigm," Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, Pages: 130 - 136, 2003. (SecManParadigm2.pdf)

Final Presentation (April 22)

[1] FIPS PUB 199: Standards for Security Categorization of Federal Information and Information Systems (link) & Guide to Mapping Types of Information and Information Systems to Security Categories (NIST 800-60)

Presenter: Luai Hasnawi


[2]  Computer Security Incident Handling Guide (Chapters 4, 5, 6 and 8)   (NIST 800-61)
Presenter: Emily Ecoff


[3] Security Considerations in the Systems Development Life Cycle  (NIST 800-64)
Presenter: Alan Lee


[4] Performance Measurement Guide for Information Security NIST 800-55)
Presenter: Barry Sebasta


[5] Security Guide for Interconnecting Information Technology Systems (NIST 800-47)
Presenter: Anusha Kamineni

[6] Guidelines on Active Content and Mobile Code (NIST 800-28)
Presenter: Annie Howard


[7] Integrating IT Security into the Capital Planning and Investment Control Process (NIST 800-65)
Presenter: Thema Ameyaw