Course Description

Course Name

Introduction to Information Security Management

Session: VSOS3221

Hours & Credits

3 Credits

Prerequisites & Language Level

Taught In English

  • There is no language prerequisite for courses at this language level.

Overview

Course Objectives:

Information security and privacy management has been an area of interest in the U.S. for the past several years. The notion that security is not only a technical matter began as legislations such as HIPAA, SOX, and LGB increased executives? awareness of information privacy and data integrity. Major attacks against large firms and credit card processors augmented public?s awareness. No longer is information security a big corporation problem but an everyday and everyone?s problem. In addition, social engineering attacks (choicepoint.com) and a number of industrial espionage cases (Intel, Samsung) have illustrated the ?soft side? of information security. The notion that humans are the weakest link and the need for what is now termed the ?human firewall? became prevalent among academic researchers and industry experts. This notion culminated in the creation of ?centers of excellence,? a selected set of universities dedicated to the education and research of information security management.

Although Korea has long excelled in the research and development of technical solutions to security breaches, the idea that security is a managerial and strategic issue has been mostly ignored in academic curriculum and local research. However, recent incidents against major government agencies and private companies (e.g., NH and Hana Bank SK card and in 2013 Korean broadcasting companies) brought the issue to the forefront of the media, increasing public and organizational awareness. Although Korean companies face similar security and privacy challenges as companies in the West, there are also unique aspects to information security management in Korea, such as:

 

  • Korea is one of the most connected countries in the world. Over 94% of the population uses wired and wireless devices on a daily basis. In addition, most Korean homes have Fiber-to-the-house (FTTH) which is highly susceptible to attacks.
  • The use of m-commerce in Korea is also one of the highest in the world.
  • Korea is considered a wealthy country compared to its neighbors and thus a lucrative target for professional cyber criminals.
  • Leading hi-tech companies engage in extensive R&D and are obvious subject of information leakage and industrial espionage.
  • The political climate on the Korean peninsula exposes South Korea to cyber terrorism. Although most people equate cyber terrorism with attacks on major infrastructure (e.g., electricity, water, transportation), cyber terrorists may undertake attacks against private companies. Such attacks can create much financial damage and public panic.
  • Yet, 63.5% of companies in Korea do not have a budget dedicated to information security and only 4.7% have mitigating strategies such as cyber security insurance.


The goal of this class is twofold. First we will discuss security awareness at the individual level and how users could and should defend their computing assets. Subsequently, we will cover business and managerial issues related to information security, privacy and business continuity. Individuals and organizations face similar challenges and the two domains do overlap. Specifically, the course will cover some of the following topics :

 

  • Basic security and privacy awareness, threats, and vulnerabilities
  • A brief description of some technical countermeasures and hands-on practice in information security defense mechanisms
  • Social engineering, dumpster diving and other ?unusual? vulnerabilities
  • Does cyber security matter to your CFO? Information Security risk assessment and the financial impact of security attacks
  • Security policies and strategy: the soft side of security defense
  • The human factor: organizational users as the weakest link and what can be done about it
  • Compliance with information security legislations
  • Business continuity
  • History of hacking and hacker culture

 

 

*Course content subject to change