Syllabus: Access Control, Authentication, and Public Key Infrastructure
University of the Cumberlands
School of Computer and Information Sciences
ITS 630 – Organization Leadership and Decision Making
Course Summary
Course Number and Name
ITS 630 – Organization Leadership and Decision Making
Course Term and Delivery
Fall IG, 2018
Asynchronous Online Course
Course Instructor
Dr. Greg Gleghorn
Email: [email protected]
Catalog Course Description
One of the most important skills a business leader needs to have concerning technology involves effective decision making and governance. This class will consist of a case study approach presenting different scenarios that require decisions to be made on technology issues that are relevant to today’s business environment. Students will develop the skills for understanding the components and elements of these technology decisions, and assess associated risks. This course will draw upon a cross section of technology, finance, security, project management, leadership, and other aspects of effective decision making.
Course Objectives
Course Competencies/ Learning Objectives
Course Learning Objectives
Major Instructional Areas
Assessment Method
Develop IT strategy for business value.
DB Posts, assignments, quizzes, exams
Understand business metrics.
DB Posts, assignments, quizzes, exams
Understand how to communicate with business managers.
DB Posts, assignments, quizzes, exams
Understand the management of IT-based risk.
DB Posts, assignments, quizzes, exams
Create and evolve a technology roadmap.
DB Posts, assignments, quizzes, exams
SCANS Objectives
SCANS is an acronym for Secretary’s Commission on Achieving Necessary Skills. The committee, appointed by the National Secretary of Labor in 1990, created a list of skills and competencies that continue to be a valuable resource for individuals developing their careers in a high-tech job market. For more information on the SCANS objectives, visit The U.S. Department of Labor Employment and Training Administration: www.doleta.gov.
Course Structure
· Watch weekly lecture
· Participate in class discussion via iLearn forums
· Reading assigned texts
· Complete quizzes based on assigned reading and lecture
· Complete cases based upon a given scenario
· Complete homework assignments from the text and other sources
Learning Materials and References
Required Resources
Textbook(s) Required:
· McKeen, J. D., & Smith, H. A. (2015). IT strategy: Issues and practices (3rd ed.). Pearson.
Recommended Materials/Resources
Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for supplementary information to augment your learning in this subject.
· Aaron K. Olson, B. Keith Simerson
Leading with Strategic Thinking: Four Ways Effective Leaders Gain Insight, Drive Change, and Get Results
· Alfred A. Marcus
The Future of Technology Management and the Business Environment: Lessons on Innovation, Disruption, .
Syllabus Access Control, Authentication, and Public Key Infrast.docx
1. Syllabus: Access Control, Authentication, and Public Key
Infrastructure
University of the Cumberlands
School of Computer and Information Sciences
ITS 630 – Organization Leadership and Decision Making
Course Summary
Course Number and Name
ITS 630 – Organization Leadership and Decision Making
Course Term and Delivery
Fall IG, 2018
Asynchronous Online Course
Course Instructor
Dr. Greg Gleghorn
Email: [email protected]
Catalog Course Description
One of the most important skills a business leader needs to have
concerning technology involves effective decision making and
governance. This class will consist of a case study approach
presenting different scenarios that require decisions to be made
on technology issues that are relevant to today’s business
environment. Students will develop the skills for
understanding the components and elements of these technology
decisions, and assess associated risks. This course will draw
upon a cross section of technology, finance, security, project
management, leadership, and other aspects of effective decision
making.
2. Course Objectives
Course Competencies/ Learning Objectives
Course Learning Objectives
Major Instructional Areas
Assessment Method
Develop IT strategy for business value.
DB Posts, assignments, quizzes, exams
Understand business metrics.
DB Posts, assignments, quizzes, exams
Understand how to communicate with business managers.
DB Posts, assignments, quizzes, exams
Understand the management of IT-based risk.
DB Posts, assignments, quizzes, exams
Create and evolve a technology roadmap.
DB Posts, assignments, quizzes, exams
SCANS Objectives
SCANS is an acronym for Secretary’s Commission on
Achieving Necessary Skills. The committee, appointed by the
National Secretary of Labor in 1990, created a list of skills and
competencies that continue to be a valuable resource for
individuals developing their careers in a high-tech job market.
For more information on the SCANS objectives, visit The U.S.
Department of Labor Employment and Training Administration:
www.doleta.gov.
Course Structure
· Watch weekly lecture
· Participate in class discussion via iLearn forums
· Reading assigned texts
· Complete quizzes based on assigned reading and lecture
3. · Complete cases based upon a given scenario
· Complete homework assignments from the text and other
sources
Learning Materials and References
Required Resources
Textbook(s) Required:
· McKeen, J. D., & Smith, H. A. (2015). IT strategy: Issues and
practices (3rd ed.). Pearson.
Recommended Materials/Resources
Please use the following author’s names, book/article titles,
Web sites, and/or keywords to search for supplementary
information to augment your learning in this subject.
· Aaron K. Olson, B. Keith Simerson
Leading with Strategic Thinking: Four Ways Effective Leaders
Gain Insight, Drive Change, and Get Results
· Alfred A. Marcus
The Future of Technology Management and the Business
Environment: Lessons on Innovation, Disruption, and Strategy
Execution
· Eng K. Chew, Petter Gottschalk
Information Technology Strategy and Management: Best
Practices
· Jakkie Pretorius
AStructured Methodology for Developing IT Strategy
· Jill Dyché
The New IT: How Technology Leaders are Enabling Business
Strategy in the Digital Age
· Joseph Topinka
IT Business Partnerships: A Field Guide: Paving the Way for
Business and Technology Convergence
· Learn a step-by-step process for creating your organization's
IT strategy: https://www.lynda.com/Business-Skills-
4. tutorials/Welcome/418270/473471-4.html
Professional Associations
· National Management Association (NMA)
This Web site provides opportunity to interact with a
community of leaders and for leadership development at all
levels, from novice to senior mentor. It also provides
opportunities in networking and contains valuable career tools.
https://nma1.org/
· International Information Systems Security Certification
Consortium, Inc., (ISC)²®
This Web site provides access to current industry information.
It also provides opportunities in networking and contains
valuable career tools.
http://www.isc2.org/
· ISACA
This Web site provides access to original research, practical
education, career-enhancing certification, industry-leading
standards, and best practices. It also provides a network of like-
minded colleagues and contains professional resources and
technical/managerial publications.
https://www.isaca.org/Pages/default.aspxEvaluation and
Grading
Course Assignments and Evaluation Criteria
Grading will be based on accumulated points of each graded
requirement in the course distributed as described in the table
below:
Required Assignments*
Assignment
Description
Weight
5. Exams (2)
Each exam will consist of multiple choice, short answer
questions, discussion questions, and other related questions.
Exam items will be derived primarily from lectures and
readings. Exams will be available through iLearn, but must be
completed independently. See course calendar for tentative due
dates.
60%
Case Studies
Weekly case studies will be assigned to supplement the required
readings.
36%
STP
Create a Strategic Technology Plan for online course
completion.
2%
Policies
Acceptance of Course Policies
2%
TOTAL
100%
* Assignments may change at the discretion of the professor and
changes in the assignments will be announced in class.
Students are responsible for noting and completing any changes
in assignments.
Grade Conversion
The final grades will be calculated from the percentages earned
in the course, as follows:
Grade
Percentage
A
90–100%
6. B
80–89.5%
C
70–79.5%
F
<69.5%Course Expectations
Class Participation
Students are expected to:
1. Be fully prepared for each class session by studying
the assigned reading material and preparation of the
material assigned.
2. Participate in group discussions, assignments, and
panel discussions.
3. Complete specific assignments when due and in a
professional manner.
4. Take exams when specified on the attached course
schedule
Late Work
As adults, students, and working professionals I understand you
must manage competing demands on your time. Life and death
happens, be prepared. Budget your time wisely. All work is to
be submitted by the deadline 11:59PM in EST/EDT. I travel
often and am very aware of time zones. If you are traveling,
submit your work early to avoid any time zone issues.
1. Late work is not accepted. There are no exceptions. If you
miss a client deadline, you lost the contract!
2. Every student must take the scheduled tests and exams.
There is no make-up on any test or exam. There are no
exceptions. If you do not take the test or exam when scheduled
you will receive a 0.
3. Please do not attempt to submit work after the class ends.
No work will be accepted after the course ends. There are no
exceptions. The grade you earn is the grade you keep.
7. Academic Integrity
At a Christian liberal arts University committed to the pursuit
of truth and understanding, any act of academic dishonesty is
especially distressing and cannot be tolerated. In general,
academic dishonesty involves the abuse and misuse of
information or people to gain an undeserved academic
advantage or evaluation. The common forms of academic
dishonesty include:
a. cheating - using deception in the taking of tests or the
preparation of written work, using unauthorized materials,
copying another person’s work with or without consent, or
assisting another in such activities
b. lying—falsifying, fabricating, or forging information in
either written, spoken, or video presentations
c. plagiarism—using the published writings, data,
interpretations, or ideas of another without proper
documentation
Episodes of academic dishonesty are reported to the Vice
President for Academic Affairs. The potential penalty for
academic dishonesty includes a failing grade on a particular
assignment, a failing grade for the entire course, or charges
against the student with the appropriate disciplinary body.
Students with Disabilities
University of the Cumberlands accepts students with certified
disabilities and provides reasonable accommodations for their
certified needs in the online classroom or in other areas. For
accommodations to be awarded, a student must submit a
completed Accommodations Application form and provide
documentation of the disability. Students who may have a
disability meriting an academic accommodation should contact
the Disability Services Coordinator (Nate Clouse, in Boswell
Campus Center) to ensure that their needs are properly
evaluated and that documentation is on file. Any
accommodations for disabilities must be re-certified each bi-
8. term by the Disability Services Coordinator before course
adjustments are made by individual instructors.
Student Responsibilities
1. Students are expected to login several times per week to
participate in class discussions.
2. Students are expected to find out if any changes have been
made in the class or assignment schedule.
3. Students are expected to be self-motivating in an online,
asynchronous course.
Tentative Course Outline*
ISOL 534: Application Security
Summer IIG, 2018
McKeen, J. D., & Smith, H. A. (2015). IT strategy: Issues and
practices (3rd ed.). Pearson. Students are to purchase either of
the following: 1) a paperback book OR 2) a digital ebook.
These are for sale at the UC bookstore online at
http://cumber.bncollege.com.
Note: Assignments in the following table are listed when they
are due.
Grading Category
Activity Title
Grade Allocation
(% of all graded work)
Lesson 1: Delivering Value with IT (Part 1)
Required Readings
· Chapter 1, “Developing and Delivering on the IT Value
Proposition”
· Chapter 2, “Developing IT Strategy for Business Value”
· Chapter 3, “Linking IT to Business Metrics”
0
Course Policies
Acceptance of Course Policies
9. 2
Assignment
Hefty Hardware Case Study
3.6
Lesson 2: Delivering Value with IT (Part 2)
Required Readings
· Chapter 4, “Building a Strong Relationship with the Business”
· Chapter 5,” Communicating with Business Managers”
· Chapter 6, “Building Better IT Leaders from the Bottom Up”
0
Assignment
STP – Strategic Technology Plan
2
Case Study
ModMeters Case Study
3.6
Lesson 3: IT Governance (Part 1)
Required Readings
· Chapter 7, “IT Shared Services”
· Chapter 8, “Delivering IT Functions: A Decision Framework”
· Chapter 9, “The IT Budgeting Process”
0
Case Study
RR Communications Case Study
3.6
Case Study
Nationstate Insurance Case Study
3.6
Lesson 4: IT Governance (Part 2)
Required Readings
· Chapter 10, “Managing IT-Based Risk”
· Chapter 11, “Information Management: The Nexus of Business
and IT”
0
Exam
10. Midterm Exam
30
Lesson 5: IT-Enabled Innovation (Part 1)
Required Readings
· Chapter 12, “Innovation with IT”
· Chapter 13, “Big Data and Social Media”
· Chapter 14, “Improving the Customer Experience: An IT
Perspective”
· Chapter 15, “Business Intelligence”
0
Case Study
International Foods Case Study
3.6
Case Study
IFG Case Study
3.6
Lesson 6: IT-Enabled Innovation (Part 2) IT Portfolio
Development and Management (Part1)
Required Readings
· Chapter 16, “Enabling Collaboration with IT”
· Chapter 17, “Application Portfolio Management”
· Chapter 18, “Microsoft Windows and the Security Life Cycle”
Case Study
Minitrex Case Study
3.6
Case Study
Datatronics Case Study
3.6
Lesson 7: IT Portfolio Development and Management (Part2)
Required Readings
· Chapter 19, “Best Practices for Microsoft Windows and
Application Security”
· Chapter 20, “Enhancing Development Productivity”
· Chapter 21, “Information Delivery: IT’s Evolving Role”
12. The Scientific Method Applied To Digital Forensics
by student name
Professor D. Barrett
University
Course
Todays date
Abstract
Computer forensics is the process of digital investigation
combining technology, the science of discovery and the
methodical application of legal procedures. Judges and jurors
13. often do not understand the inner workings of computers and
rely on digital forensics experts to seek evidence and provide
reliable, irrefutable testimony based on their findings. The
scientific method is the process of diligent, disciplined
discovery where a hypothesis is formed without bias, and
analysis and testing is performed with the goal of effectively
proving or disproving a sound hypothesis. When investigative
teams do not follow standard investigative procedures it can
lead to inappropriate and inaccurate evidentiary presentations
that are extremely difficult for non-technical participants to
refute. The practitioners of digital forensics can make strides to
measure and improve the accuracy of their findings using the
scientific method. This paper includes a summary of the
scientific method as applied to the emerging and growing field
of digital forensics and presents details of a specific case where
both the prosecution and defense would have benefitted greatly
from the use of this proven method of discovery and analysis.
Findings can only be deemed reasonably conclusive when the
scientific process is correctly applied to an investigation,
findings are repeatable and verifiable, and where both the
evidence collected and the tools used are subject to the utmost
scrutiny.
The Scientific Method Applied To Digital Forensics
The forensic analyst and investigator must use a unique
combination of technical, investigative, and scientific skills
when approaching a forensic case. Most adults remember the
Scientific Method from their middle school science class as a
set of six steps beginning with stating a problem, gathering
information, forming a hypothesis, testing the hypothesis,
analyzing the data and drawing conclusions that either support
or do not support the hypothesis. Peisert, Bishop, & Marzullo
(2008) note that the term computer forensics has evolved to
mean “scientific tests of techniques used with the detection of
crime” yet note that many academic computer scientists also use
14. the term to refer to the “process of logging, collecting, auditing
or analyzing data in a post hoc investigation”. The necessity to
maintain chain of custody requires methodical and detailed
procedures, as does the formulation of a legitimate and unbiased
hypothesis and conclusion using the scientific method. Since
many judges and jurors assume that computer forensic evidence
is as “reliable and conclusive” as it is depicted on television,
the legal system is unaware of the volatile nature of computer
forensics investigations and the significance of a scientific
approach to evidence gathering and analysis (Peisert et al.,
2008).
The Scientific Process as Applied to Computer Forensics
Peisert et al. (2008) discuss in detail the need for the use of the
scientific method in forensic investigations, not only for the
process of discovery and analysis of evidence, but for
measuring the accuracy of the forensic tools used in an
investigation. Casey (2010) agrees, and cautions that evidence
must be compared to known samples so that investigators better
understand the scope and context of the evidence that is
discovered or presented and to better understand the output of
forensic tools. Casey (2010) further elaborates that the
scientific method is a powerful tool for forensic investigators
who must be neutral fact finders rather than advocates for one
side of a case or the other.
The process of creating a hypothesis and completing
experiments to prove or disprove them allows an investigator to
gain a concrete understanding of the digital evidence or mere
traces of evidence under analysis. Casey (2010) also notes that
while there is no ethical requirement to do so and may be
impractical, a thorough investigative practice would consider
investigation of alternate scenarios presented by defense.
Forensic examination tools can contain bugs, or behave
differently with various types of data and forensic images.
Casey (2010) recommends that investigators examine evidence
at both the physical and logical layers since both methods can
provide unique perspectives, and the physical layer may not
15. yield deleted, corrupted or hidden data. Suspects with limited
technical experience can rename image files with different
extensions not used for images, and those with more technical
knowledge can use advanced steganography techniques to
embed data within other data in an attempt to defy detection.
The 2004 case of State of Connecticut v. Julie Amero in
Norwich, Connecticut is one where the scientific method was
clearly missing from both the defense and prosecution.
Eckelberry, Dardick, Folkerts, Shipp, Sites, Stewart, & Stuart
(2007) completed a comprehensive post-trial analysis of the
evidence as provided to the defense and discovered very
different evidentiary results using a structured scientific
approach to their investigation. Amero was a substitute
elementary teacher accused of displaying pornographic images
that appeared on pop-up’s to her students from what ultimately
was proven to be a spyware-infected school computer. The
credibility of the legal system was compromised and the
prosecution made a numerous incorrect assumptions based on
results provided from inadequate forensic tools and poor
investigative techniques (Eckelberry et al., 2007).
The computer that Amero was using in her classroom was a
Windows 98 machine running Internet Explorer 6.0.2800 and a
trial version of Cheyenne AntiVirus that had not received an
update in several years. The content filtering at the school had
expired several months prior to the incident. The prosecution
presented non-factual statements that may easily have been
misconstrued by a non-technical jury and that likely caused a
guilty verdict. The false testimony made by the school IT
specialist indicated that the virus protection was updated
weekly when in fact they were not since computer logs and the
signatures clearly showed that virus updates were no longer
supported by the vendor. The updates may have been performed
but against files that had no new updates for many months. The
IT Manager who testified also incorrectly claimed that adware
was not able to generate pornography and especially not
“endless loop pornography”. This information was received as
16. a fact by the non-technical jury and incredibly not refuted by
the defense. The detective for the prosecution also stated that
his testimony was based completely on the product
ComputerCop which the vendor admits is incapable of
determining if a website was visited purposefully or
unintentionally. The forensic detective astoundingly admitted
that he did not examine the computer for the presence of adware
(Eckelberry et al., 2007, p. 7-10).
The case against Amero was largely based on testimony
stating that she deliberately visited the offensive pornographic
websites and that the sites visited subsequently showed the links
in red. The post-trial investigative team quickly verified that
the ‘sites visited’ color setting in Internet Explorer on the
suspect machine was set to “96,100,32” which is a greenish-
gray color. One of the web pages that the defendant allegedly
visited had an HTML override to highlight one of the links
presented in red and was not colored based on a deliberate visit
to the site. According to Eckelberry et al. (2007) the page in
question was not discovered in “any of the caches or Internet
history files or the Internet History DAT files. The post-trial
investigative team through meticulous investigation and use of
the scientific method were able to present facts that were
“exculpatory evidence showing that the link was never clicked
on by the defendant” or any other person, and disproved most of
the statements made by the forensics examiner and the
witnesses for the prosecution (Eckelberry et al., 2007, p. 12-
14).
The prosecution testimony stated that there was no
evidence of uncontrollable pop ups found on the suspect
machine, however, the post-trial investigative team discovered
irrefutable evidence that the page in question was loaded
twenty-one times in one second using a computer forensics tool
called X-Ways Trace. Eckleberry et al. (2007) detail many
other instances where testimony was haphazard and discovered
that a Halloween screen saver was the source of the adware that
presented the continuous stream of pornographic sites. The
17. chain of custody was also compromised in that the disk image
was from a Dell PC but the defense witness saw a Gateway PC
stored at the police station. The officer reportedly seized a
computer but the police report contradicts this and states that
only a drive was taken (Eckelberry et al., 2007, p. 14-17).
The case described and investigated by Eckelberry et al.
(2007) resembles a staged blunder designed as a humorous
sample case for beginning forensic students to discuss. The
case was however very real and even though the defendant was
eventually acquitted she suffered lasting harm from the
notoriety based on the initial conviction of contributing to the
delinquency of minors. If the prosecution or defense had
investigated the evidence using the scientific method and
maintained a credible chain of custody, or at least used clear
critical thinking while performing a thorough forensic
investigation this case may never have gone to trial. It wasted
the time and resources of judge, jury, and countless other
participants in the trial and permanently damaged an innocent
victim (Eckelberry et al., 2007).
Conclusion
The scientific method is a process that allows confidence
in a hypothesis when it can be subjected to repeated identical
tests. The use of the scientific method not only provides a
methodical structure to a forensic investigation, it lends
credibility to a case in the very nature of the steps used to
document and diligently test any given hypothesis. The case
independently investigated post-trial by Eckelberry et al. (2007)
was performed by a team of trained experts who were well
aware of the necessity of the methodical requirements and
necessity of the scientific method of discovery. Their findings
proved that the suspect was in fact a victim of poorly
maintained computers by a local Connecticut school system,
that the forensic expert and witnesses who testified in the case
were untrained and uninformed and used inadequate tools for
the investigation. Cases such as State of Connecticut v. Julie
Amero illustrate the importance of using the scientific method,
18. and the necessity of proper training in the art and science of
digital forensics.
References
Carrier, B. (2002, October). Open Source Digital Forensics
Tools: The Legal Argument. In @ Stake Inc. Retrieved
September 8, 2011, from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.78
99&rep=rep1&type=pdf
Casey, E. (Ed.). (2010). Handbook of Digital Forensics and
Investigation (Kindle ed.). Burlington, MA: Elsevier, Inc.
Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E.,
Stewart, J., & Stuart, R. (2007, March 21). Technical Review of
the Trial Testimony of State of Connecticut vs. Julie Amero.
Retrieved September 9, 2011, from http://www.sunbelt-
software.com/ihs/alex/julieamerosummary.pdf
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to
Computer Forensics and Investigations (4th ed.). Boston, MA:
Course Technology, Cengage Learning.
Peisert, S., Bishop, M., & Marzullo, K. (2008, April).
Computer Forensics in Forensis. Retrieved September 8, 2011,
from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.3
949&rep=rep1&type=pdf