Documente Academic
Documente Profesional
Documente Cultură
Reading and Learning Materials: There is no assigned textbook for this class. Instead, assigned reading materials are
updated each semester by the Instructor and are posted to the 650.653 Blackboard site or are hyperlinked from this
syllabus.
Blackboard Site: A Blackboard (Bb) course site is set up for this course. You are expected to check the site throughout
the semester as Blackboard will be a primary venue of outside classroom communications between the instructor and
the students. To access the course site, please log into https://blackboard.jhu.edu. If you need support for Blackboard,
please call 1-866-669-6138.
Academic Integrity: The strength of the university depends on academic and personal integrity. In this course, you must
be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of
the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and
falsification, lying, facilitating academic dishonesty, and unfair competition.
Disability Services: Any student with a disability who may need accommodations in this class must obtain an
accommodation letter from Student Disability Services, 385 Garland, (410) 516-4720, studentdisabilityservices@jhu.edu
Page | 1
Syllabus Change Log
Version Description of Change Page Changed Date
by
1.350z Initial syllabus for Spring 2018 all MDK 01/10/2018
1.351z Added essay 1 topics 7-13 MDK 02/03/2018
1.352z Removed Risk Appetite and Risk Tolerance: Critical Components of 10 MDK 02/24/2018
an Effective ERM Program from Assigned Reading (bad link).
1.352z Removed Budgeting process for information security expenditures 12 MDK 02/24/2018
2006 (Blackboard) from week 5 assigned reading.
1.352z Added ROSI -15 Things to Consider 2015 to week 5 assigned reading. 12 MDK 02/24/2018
1.352z Added Essay Topic 5.4. 13 MDK 02/24/2018
1.353z Updated Class Location from Malone 228 to Olin 305 1 MDK 03/01/2018
1.353z Updated discussion topics for weeks 4, 5, and 6. In week 4 (Feb 10-14 MDK 03/01/2018
20th) the course was scheduled to meet in Latrobe 107 instead of
Olin 305. The projector in Latrobe 107 did not work and the JHU
evening Technology Help Desk Team was not able to mitigate. The
class was reconvened in Malone 228 where the projector was non-
operational too. As a result, class was dismissed early.
1.353z Added Essay 2 Topics for weeks 9 thru 13. 15-21 MDK 03/27/2018
Page | 2
Course Learning Goals and Objectives:
The goal of this course is to provide students with a fundamental understanding of the economic and financial issues
involved in planning, managing, and implementing information security in organizations. The course will prepare
students to approach financial decision-making with a variety of techniques, both quantitative and qualitative in nature,
so that as working professionals, they can be successful in taking on leadership roles to plan expenditures that are most
effective in assuring the security of the organization’s operations.
Course Learning Objectives
Student Learning Objectives for this Course
1 Students should be able to research an INFOSEC-related topic and write a clear, concise, and
articulate essay.
2 Students should be able to locate, download, and modify useful sources of information security
documentation.
3 Students should be able to create an INFOSEC budget and be able to explain its details to senior
management.
4 Students should be able to discuss challenges associated with the original Federal Information
Security Management Act (FISMA) of 2002.
5 Students should be able to discuss the reforms associated with the Federal Information Security
Modernization Act (FISMA) of 2014.
6 Students should be able to discuss challenges associated with the 2017 Cybersecurity Executive
Order
7 Students should be able to discuss risk appetite and risk tolerance.
8 Students should be able to discuss the difference between Quantitative and Qualitative Risk
Assessments.
9 Students should be able to discuss the capital budgeting process as it relates to information
security.
10 Students should be able to discuss INFOSEC Portfolio Management.
11 Students should be able to discuss the challenges with ROSI.
12 Students should be able to discuss INFOSEC Total Cost of Ownership (TCO)
13 Students should be able to discuss INFOSEC Balanced Scorecard Framework
14 Students should be able to discuss INFOSEC Portfolio Management.
15 Students should be able to discuss the challenges associated with INFOSEC outsourcing.
16 Students should be able to discuss the true costs associated with Cost of Data and Security
Breaches.
17 Students should be able to discuss Cyber Workforce Management Program.
18 Students should be able to discuss the cost of Business Recovery.
Page | 3
Grade Requirements
The Instructor and Course Assistant (CA) will evaluate students on their mastery of Learning Objectives through the
following deliverables:
✓ Students are expected to prepare for and attend every scheduled class session and actively participate in class
discussions. Attendance and active participation in class discussions are an integral part of your learning
experience at JHUISI. Full attendance and active participation in class discussions are required for you to
succeed in this course. Course content is extensive and unless students indicate otherwise, they are assumed to
understand the material. Please be advised that six absences, whether excused or not, will result in a failing or
incomplete grade for the course. Class Participation is worth 150 points.
✓ Students are required to write two essays on topics assigned by the instructor. The essays are worth a
combined 35% of your grade.
✓ A take-home mid-term examination worth 250 points will be administered on March 13, 2018 on topics and
class discussions up to that point. No make-ups are offered unless arranged for prior with instructor.
✓ A take-home comprehensive final exam worth 300 points will be administered on May 15, 2018 on any topics
and class discussions we have had during the entire course. No make-ups are offered unless arranged for prior
with instructor.
Grading Scale
Percentage Grade
93+ A
90-92 A-
87-89 B+
83-86 B
80-82 B-
77-79 C+
73-76 C
70-72 C-
<70 F*
Page | 4
Important Notes about Grading Policy
✓ The grade for Good Performance (typical for graduate-level study) in this course is a B+/B.
✓ The grade of A- will only be awarded for Excellent Performance. The grade of A will be reserved for the select
few who demonstrate Extraordinarily Excellent Performance.
✓ The grades of D+, D, and D- are not awarded at the graduate level.
✓ Grade appeals will ONLY be considered in the case of a documented clerical error.
✓ Please note that YOU are responsible for keeping track of and proactively managing your point totals.
Discussions regarding your point total will not be entertained retroactively
✓ Be your own advocate.
Writing Assignments
ALL STUDENTS must register for and complete the “Avoiding Plagiarism at JHU” training module NO LATER THAN the
beginning of our week 3 class session – print certificate of completion and provide to Instructor.
This course surveys a wide range of information security material. The pace is quick and the coverage is not detailed
and/or in-depth on any one specific topic. Writing assignments provide the student the opportunity to research a topic
more thoroughly than the way it’s covered in the assigned reading, in class discussions, and/or on the Internet.
Each student is required to complete the TWO ESSAYS on topics assigned by the Instructor.
The purpose of these writing assignments is to provide students the opportunity to demonstrate an understanding
beyond what is covered as part of the course. Each assignment requires multiple reference citations that may consist of
reference books, current print or electronic versions of magazines and journals, the Internet, various on-line libraries,
and textbooks.
✓ Each writing assignment must comply with the Turabian or APA Style Guides.
✓ Essays must comply with word limitations (plus 500 words / minus 0 words). Footnotes are required for essays.
Bibliographies are not required for essays.
✓ Spell Check and Grammar Check your essays
✓ DO NOT use a text application to write your paper and the transfer to MS Word to hand-in.
Page | 5
Refer to Appendix A of this syllabus for the grading criteria and standards for essays and term-papers. The topics are
taken from the discussion questions in the syllabus.
✓ Both essays must be submitted via e-mail to the instructor no later than MIDNIGHT on the class date for which
the topic is assigned (you must submit all deliverables in Microsoft WORD format – NO EXCEPTIONS)
✓ Assignments submitted in pdf format are considered incomplete. Include your name in the file name and on the
cover sheet. Essays without names will be discarded.
As a graduate student at Johns Hopkins University, you are expected to write well (in this class) – to be clear, concise,
articulate, and to the point. Plagiarism will not be tolerated – cite your sources and DO NOT COPY AND PASTE. Please
be confident that, if you do plagiarize, you will be caught and the consequences are not pleasant. Direct quotations can
be no more that 10% of your paper.
Page | 6
WK / Date Topics/Issues
1 1/30 Discussion Topics
✓ Course Administration
✓ Instructor and Student Introductions
✓ Assignment of the Numbers
✓ Learning Objectives and Learning Expectations
✓ Time Management
✓ Bachelor’s vs. Master’s Degree
Assigned Reading
The Plagiarism Spectrum (Blackboard)
Defining and Avoiding Plagiarism Statement on Best Practices (Blackboard)
Wisdom from YouTube
Cyber Security 101 - https://www.youtube.com/watch?v=sdpxddDzXfE&t=28s (3:52)
C-I-A Basics - https://www.youtube.com/watch?v=89WXcyWZ-qc (6:31)
Careers in Cybersecurity - Expert Advice from Black Hat & DEFCON
https://www.youtube.com/watch?v=EhIp3b8iGm4 (8:53)
Careers in Cybersecurity - New Advice from DEFCON 24
https://www.youtube.com/watch?v=Mg7_XlP4gqA&t=365s (8:34)
Assigned Reading
A Closer Look at Information Security Costs.
http://www.econinfosec.org/archive/weis2012/papers/Brecht_WEIS2012.pdf
The Economics of Information Security Investment (Blackboard)
The Financial Management of Cyber Risk – Chapter 1 (Blackboard) Pages 9-18.
Information Security Trends: IT Security Spending Remains Robust – Compliance is Key Driver
of Security Initiatives.
https://www.451alliance.com/Portals/5/TMC_it_security_june2015.pdf
How to Dramatically Improve Corporate IT Security without Spending Millions.
https://www.praetorian.com/downloads/report/How%20to%20Dramatically%20Improve%2
0Corporate%20IT%20Security%20Without%20Spending%20Millions%20-%20Praetorian.pdf
Determining How Much to Spend on Your IT Security. http://www-
03.ibm.com/industries/ca/en/healthcare/documents/IDC_Canada_Determining_How_Much
_to_spend_on_Security_-_Canadian_Perspective_2015.pdf
Page | 7
4 Tips for Planning an Effective Security Budget. http://www.darkreading.com/careers-and-
people/4-tips-for-planning-an-effective-security-budget/d/d-id/1325290
Federal Information Security Management Act of 2002.
http://csrc.nist.gov/groups/SMA/fisma/overview.html
FISMA Updated and Modernized. http://www.natlawreview.com/article/fisma-updated-and-
modernized-federal-information-security-management-act
The Fallacy of the FISMA Critics:
http://www.infosectoday.com/Articles/Fallacy_FISMA_Critics.htm
Congress Passes The Federal Information Security Modernization Act of 2014: Bringing
Federal Agency Information Security into the New Millennium:
http://www.privsecblog.com/2014/12/articles/cyber-national-security/congress-passes-the-
federal-information-security-modernization-act-of-2014-bringing-federal-agency-
information-security-into-the-new-millennium/
Page | 8
2.3 Organizations need to understand the financial impacts of insufficient cybersecurity. In
addition, they need to enact management systems that bring all of the necessary executives
to the table to address cybersecurity issues on an enterprise-wide basis. For this essay,
assume that you have just been hired the new CISO for M&T Bank. Please write an essay
discussing who you would bring to the table to help address the insufficient cybersecurity
issues at the bank. Your essay should span a 3-5 year timeframe and should include both
short and long-term initiatives.
Assigned Reading
President Trump signs cybersecurity executive order -
https://www.usatoday.com/story/news/politics/2017/05/11/president-trump-signs-
cybersecurity-executive-order/101556518/
White House Cybersecurity Executive Order Summary -
https://blog.rapid7.com/2017/05/12/white-house-cybersecurity-executive-order-summary/
A Summary of the Cybersecurity Executive Order - https://www.lawfareblog.com/summary-
cybersecurity-executive-order
A Framework for Protecting Our Critical Infrastructure - https://www.nist.gov/blogs/taking-
measure/framework-protecting-our-critical-infrastructure
(Draft) Cybersecurity Framework v1.1 Draft 2 (PDF) without markup -
https://www.nist.gov/sites/default/files/documents/2017/12/05/draft-2_framework-v1-
1_without-markup.pdf
Page | 9
3.2 The Framework for Improving Critical Infrastructure Cybersecurity provides a voluntary, flexible
approach to help an organization better understand, manage, and reduce its cybersecurity
risks. Based on existing standards, guidelines, and practices, the Framework can aid in
prioritizing investments and maximizing the impact of each dollar spent on cybersecurity.
Cybersecurity risk management requires the buy-in of all levels of management, including the
board of directors. The Framework provides guidance as to how organizations can use a
common lexicon to communicate between and among organizations. Industry has provided
comments that suggest the board level of organizations requires more attention when
spreading cybersecurity risk management awareness. For this essay, assume that you have just
been hired as the new CISO for the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF).
Please write an essay discussing your recommendations on how you would ensure buy-in at all
levels of management within your Agency. Please start by defining “buy-in” as it relates to the
Framework for Improving Critical Infrastructure Cybersecurity.
Assigned Reading
✓ NIST Risk Management Framework. http://csrc.nist.gov/publications/nistpubs/800-37-
rev1/sp800-37-rev1-final.pdf
✓ Committee of Sponsoring Organizations of the Treadway Commission (COSO).
http://www.coso.org/documents/coso_erm_executivesummary.pdf
✓ Quantitative Risk Analysis Step-By-Step. https://www.sans.org/reading-
room/whitepapers/auditing/quantitative-risk-analysis-step-by-step-849
✓ Difference between Quantitative and Qualitative Risk Analysis.
http://www.izenbridge.com/blog/differentiating-quantitative-risk-analysis-and-qualitative-
risk-analysis/
✓ Risk Appetite and Risk Tolerance. https://www.apm.org.uk/media/1257/risk-appetite-and-
risk-tolerance.pdf
✓ How Security Risk Assessments & Risk Management Can Improve Your Security Program -
https://www.hitachi-systems-security.com/blog/how-security-risk-assessments-risk-
management-can-improve-your-security-program/
✓ Successful Security Programs: Security vs. Risk Management vs. Compliance -
https://technical.nttsecurity.com/post/102dwj8/successful-security-programs-security-vs-
risk-management-vs-compliance
✓ Cyber-security: More Than Just A Reputational Risk -
https://www.holmesreport.com/agency-playbook/sponsored/article/cyber-security-more-
than-just-a-reputational-risk
Page | 10
Wisdom from YouTube
✓ Risk Appetite and other Terms vs Performance Measurement Scorecard terms -
https://www.youtube.com/watch?v=ektmWa2b9VQ (6:19)
✓ Risk Appetite and Risk Tolerance - https://www.youtube.com/watch?v=OIQntO0p-jQ (4:33)
Page | 11
5 2/27 Discussion Topics
The INFOSEC Budgeting Process
Capital Investment Analysis
Discounted Cash Flow (DCF)
Net Present Value (NPV)
INFOSEC Portfolio Management (PM)
Return on Security Investment (ROSI)
Assigned Reading
ROSI -15 Things to Consider 2015 (Blackboard)
Resources for an information security budget discussion -
https://www.kaspersky.com/blog/calculator-financial-report/18534/
Capital Investment Analysis and Project Assessment.
https://www.extension.purdue.edu/extmedia/ec/ec-731.pdf
Capital Budgeting Analysis. http://www.exinfm.com/training/pdfiles/course03.pdf
Taking a Business Risk Portfolio (BRP) Approach to Information Security.
https://www.rsaconference.com/writable/presentations/file_upload/grc-f03-taking-a-
business-risk-portfolio-_brp_-approach-to-information-security.pdf
A Review of Return on Investment for Cybersecurity (Blackboard)
Evaluating Information Security Investments from Attackers Perspective (Blackboard)
The Evolution of Return on Security Investment (Blackboard)
Value Creation and Return on Security Investment (Blackboard)
Cyber ROI - https://apps.fcc.gov/edocs_public/attachmatch/DOC-343096A1.pdf
The Real Cost of Not Implementing Cybersecurity Practice. http://pellcenter.org/the-real-
cost-of-not-implementing-cybersecurity-practices/
Page | 12
5.3 Producing a cost-benefit analyses of security solutions has always been hard, because the
benefits are difficult to assess and often only a part of the overall cost is clear. Despite this,
today the provision of economic evaluations of security technology investments is a
requirement that more and more customers ask vendors to satisfy. The typical calculation for
a Return-On-Investment (ROI) index is based on the evaluation of the Annual Loss Expectancy
(ALE). Our motivating assumption is that such a classical index, the ROI, provides only a partial
characterization of investments in information security technology, because it fails to explicitly
consider attackers' behavior. Security professionals are beginning to suggest that to better
evaluate security technology investments, the ROI index should be coupled with a
corresponding index aimed at measuring the convenience of attacks, or “the Return-On-Attack
(ROA)” especially in situations where different technologies are combined or where the
possible degradation of a security solution's efficiency over time must be taken into account.
Please write an essay discussing the concept of ROA and discuss how it may be coupled with
ROI to provide a full characterization of investments in information security. Does ROA make
sense? How does the combination of ROI/ROA compare with ROSI?
5.4 The article titled: Return on Security Investment – 15 Things to Consider includes a checklist of
15 issues/topics that the INFOSEC professional should consider in an effort to improve the
accuracy and usability of the Return of Security Investment (ROSI). Many of the existing
methods for calculating the ROSI are complex and include an array of mathematical formulas
and statistical analyses. No matter what method is used, these calculations almost always rely
on soft data (i.e.: intangible values) to derive hard numbers associated with Return on
Investment (ROI), making the challenge of an accurate and reliable ROSI elusive. Please write
an essay discussing your thoughts on the ROSI calculation (in general) and the 15 topic areas
that the author recommend should be considered. Please include in your discussion if you
think the suggested element is useful, makes no difference, or is a waste of time. Finally,
include your own recommendations on elements that may be missing from the list.
Page | 13
6 3/6 Discussion Topics
✓ Mid-Term Q & A and Clarification
✓ Mid-Term Examination Review
7 3/13 Mid-Term Examination - This examination is an Open Book /Open Note Examination
The examination becomes available on Blackboard at 6:00 PM. Students must complete the exam
and upload to Blackboard NLT 9:00 PM (timestamp) on March 13, 2018.
Please ensure that you put your name on the examination.
✓ On page 1 enter your first and last name plus your JHUISI Student Number.
✓ When you save the Mid-Term Exam replace “YOUR LAST NAME HERE” with your last name.
o For example, your Instructor would save the exam as follows: “Spring 2018 650.653.01
Mid-Term Exam for Kociemba.”
PLEASE NOTE:
1 Late exams will be assessed a 10% (25 points) penalty for the first 60 minutes. Additional
penalties of 5 points per half hour will be assessed for each additional ½ hour that the exam
is late. These penalties are not negotiable. Avoid them be not being late.
2 Students who do not turn in exams by 3:00 am the next morning (March 14, 2018) will be
awarded 0 (zero) points.
3 Students who are taking the exam and are observed communicating (i.e.: talking, e-mailing,
texting, or signing) with other students will forfeit all points associated with this exam. The
student you are talking with will also forfeit all points associated with this exam.
Page | 14
9 3/27 Discussion Topics
✓ INFOSEC Total Cost of Ownership (TCO)
✓ INFOSEC Balanced Scorecard Framework
✓ INFOSEC Metrics
Assigned Reading
How to Calculate Total Cost of Ownership.
http://www.graco.com/us/en/products/manufacturing/cost/how-to-calculate-total-cost-of-
ownership.html
Total Cost of Ownership (TCO) for Access Control Systems (Blackboard)
Calculating Total Cost of Ownership for Intrusion Prevention Technology (Blackboard)
Minimizing Security Related Total Cost of Ownership -
https://www.scribd.com/document/86807927/Minimizing-Security-Related-Total-Cost-of-
Ownership
The True Cost of Compliance.
https://www.ponemon.org/local/upload/file/True_Cost_of_Compliance_Report_copy.pdf
Migrating Security to the Cloud: A Model for Total Cost of Ownership -
https://securityintelligence.com/migrating-security-to-the-cloud-a-model-for-total-cost-of-
ownership/
The Hidden Costs of Information Security Projects - https://zeltser.com/hidden-costs-of-
information-security-projects/
Calculating TCO: The Real Cost of Cloud Security -
https://www.threatstack.com/blog/calculating-tco-the-real-cost-of-cloud-security/
A Strategy Map for Security Leaders: Applying the Balanced Scorecard Framework to
Information Security. https://securityintelligence.com/a-strategy-map-for-security-leaders-
applying-the-balanced-scorecard-framework-to-information-security/
Balanced Scorecard for Information Security Introduction. https://technet.microsoft.com/en-
us/library/bb821240.aspx
Security Metrics and the Balanced Scorecard.
https://www.csoonline.com/article/2137095/identity-management/security-metrics-and-
the-balanced-scorecard.html
Assigned Reading
Outsourcing - www.referenceforbusiness.com/small/Op-Qu/Outsourcing.html
The 10 hidden costs of outsourcing -
www.supplychainquarterly.com/topics/Strategy/20130621-the-10-hidden-costs-of-
outsourcing/
The Hidden Costs of Outsourcing -
https://www.forbes.com/sites/forbesinsights/2013/03/29/the-hidden-costs-of-
outsourcing/#36c3cd8971c7
The Real Cost of Outsourcing 2012 – PDF
How to Determine Your Outsourcing Cost - http://www.smarthustle.com/determine-
outsourcing-cost/
When You’ve Got to Cut Costs—Now - https://hbr.org/2010/05/when-youve-got-to-cut-
costs-now
How to Cut Costs – Strategically https://hbr.org/ideacast/2009/09/how-to-cut-costs-
strategically?referral=03759&cm_vc=rr_item_page.bottom
Page | 16
A Better Way to Cut Costs - https://hbr.org/2009/03/a-better-way-to-cut-
costs?referral=03759&cm_vc=rr_item_page.bottom
Cutting Costs Without Cutting People - https://hbr.org/2011/04/cutting-costs-without-
cutting?referral=03759&cm_vc=rr_item_page.bottom
In-house vs. outsourced IT: what makes the most business sense? - http://www.information-
age.com/top-five-things-consider-when-outsourcing-123459436/
To Outsource or Not to Outsource: a Cost Accounting Decision -
http://www.dummies.com/business/accounting/to-outsource-or-not-to-outsource-a-cost-
accounting-decision/
Page | 17
Assignments: Essays Due by Midnight – Numbers 1 thru 9
Assigned Reading
Data breaches cost US businesses an average of $7 million — here’s the breakdown -
http://www.businessinsider.com/sc/data-breaches-cost-us-businesses-7-million-2017-4
Rand Study: Average Data Breach Costs $200K, Not Millions -
https://www.darkreading.com/attacks-breaches/rand-study-average-data-breach-costs-
$200k-not-millions/d/d-id/1326962?
Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says -
http://www.darkreading.com/attacks-breaches/global-cost-of-cybercrime-predicted-to-hit-
$6-trillion-annually-by-2021-study-says/d/d-id/1326742
Page | 18
12 4/17 Discussion Topics
✓ INFOSEC Education, Awareness, and Training
✓ IAWIP – Cyber Workforce Management Program
Assigned Reading
✓ Information Assurance Workforce Improvement Program. DoD 8570.01-M.
http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
✓ DoD 8570.01-M Manual Information Assurance Workforce Improvement Program and DoD
Directive 8140.01 Cyberspace Workforce Management Frequently Asked Questions (FAQs).
http://iase.disa.mil/iawip/Pages/iaetafaq.aspx
✓ Summary of IA Workforce Qualification Requirements.
http://iase.disa.mil/iawip/Pages/summary_wf_requirements.aspx
✓ DoD Approved 8570 Baseline Certifications. http://iase.disa.mil/iawip/Pages/iabaseline.aspx
✓ What Types of Background Checks are There?
https://www.criminalwatchdog.com/faq/types-of-background-checks
1
The Smith, Barrett, Jones, and Darby (SBJ&D) Cybersecurity Convergence Group (CCG) is comprised of 1200 Partners and a
10 member Board of Directors. Below the partnership, there is a global workforce of 6,000 INFOSEC Professionals working in 60
countries worldwide.
Page | 19
13 4/24 Discussion Topics
✓ The Cost of Business Recovery
✓ Disaster Recovery
✓ Continuity of Operations
✓ High Availability
Assigned Reading
The Power of Information Availability (Blackboard) 12 pages.
Disaster Recovery Planning Guide 2013 (Blackboard) 11 pages.
Business Impact Analysis 2007 (Blackboard) 52 pages.
Executive Guide to Business Continuity Management 2017 (Blackboard) 14 pages.
Ten steps to a successful business impact analysis.
http://searchsecurity.techtarget.com/tip/Ten-steps-to-a-successful-business-impact-analysis
Continuity of Operations Plans. https://emergency.princeton.edu/how-to-
prepare/continuity-of-operations-plans
High Availability Computer Systems (Blackboard) 19 pages.
US-CERT Federal Incident Notification Guidelines - https://www.us-cert.gov/incident-
notification-guidelines
3 Crisis Management Case Studies We Can Learn From -
https://www.rockdovesolutions.com/blog/3-crisis-management-case-studies-we-can-learn-
from
Page | 20
Table Top Test in order for it to be a success. Finally, discuss how a Table Top Test can be performed
across International Boundaries and across multiple time zones.
13.3 Availability is one of the three primary components in the CIA Triad. The concept of Recover Time
Objective (RTO) is measured in seconds, minutes, hours, and/or days. RTO drives the Continuity of
Operations planning process and is the defining variable when determining if the organization needs
Disaster Recovery Planning (DRP), Continuity of Operations Planning (COOP), or High Availability
Planning (HAP). Please write an essay discusses the significance of the availability component and its
key driver, the RTO. Once the relationship between RTO and availability has been established, discuss
the level of preparedness that will be required to support RTOs ranging from 0 seconds to 60 days.
13.4 Assume that you graduate from the MSSI program and are hired by a rather large organization with an
established presence in markets around the world. Please write an essay describing the difference
between Disaster Recovery Planning (DRP), Continuity of Operations Planning (COOP), and High
Availability Planning (HAP)? Incorporate into your paper how and why you arrived at your conclusions –
the BIA and the RTO should figure prominently in your decisions.
Page | 21
14 5/1 Discussion Topics
✓ Final Q & A and Clarification
✓ Final Examination Review
16 5/15 Final Examination - This examination is an Open Book /Open Note Examination
The examination becomes available on Blackboard at 6:00 PM. Students must complete the exam
and upload to Blackboard NLT 9:00 PM (timestamp) on May 15, 2018.
Please ensure that you put your name on the examination.
✓ On page 1 enter your first and last name plus your JHUISI Student Number.
✓ When you save the Final Exam replace “YOUR LAST NAME HERE” with your last name.
o For example, your Instructor would save the exam as follows: “Spring 2018 650.653.01
Final Exam for Kociemba.”
PLEASE NOTE:
4 Late exams will be assessed a 10% (25 points) penalty for the first 60 minutes. Additional
penalties of 5 points per half hour will be assessed for each additional ½ hour that the exam
is late. These penalties are not negotiable. Avoid them be not being late.
5 Students who do not turn in exams by 3:00 am the next morning (May 16, 2018) will be
awarded 0 (zero) points.
6 Students who are taking the exam and are observed communicating (i.e.: talking, e-mailing,
texting, or signing) with other students will forfeit all points associated with this exam. The
student you are talking with will also forfeit all points associated with this exam.
Page | 22
Appendix A – Rubric and Grading Criteria / Standards for Course Essays
As a graduate student at Johns Hopkins University, you are expected to write well (in this class) – to be clear, concise,
articulate, and to the point. Plagiarism will not be tolerated – cite your sources and DO NOT COPY AND PASTE. Direct
quotations can be no more that 5% of your paper.
A+ 98-100 Offers a genuinely new understanding of the topic. Indicates brilliance. An organized, coherent and well-
written product that clearly warrants publication. Demonstrates total grasp of the topic. Error free and
proper use of grammar.
A 93-97 Work of superior quality that shows a high degree of original thought. Addresses all major considerations.
Demonstrates excellent grasp of topic.
A- 90-92 Clearly well above the average expected of graduate work; contains original thought. Demonstrates a
comprehensive grasp of topic. Addresses all major and key minor points. To receive this grade or higher,
inclusion of a counter-argument must be included that explores the case which could be made against the
offered thesis.
B+ 87-89 A sound effort that meets all the criteria of a well-crafted essay; discusses all important ideas related to the
topic.
B 83-86 Average graduate-level performance. A solid essay that is, on the whole, a successful consideration of
topic.
B- 80-82 An essay that addresses the question and has a clearly-stated thesis, but fails to fully support the thesis
and either does not address counter- arguments thoroughly, has serious structural flaws or does not fully
develop conclusions. Below average grade.
C+ 77-79 Sufficiently analytical to distinguish it from a C, but lacks sufficient support, structure, analysis or clarity to
merit graduate credit. An essay that does not include a thesis cannot receive a grade higher than this. Fair
grade.
C 73-76 Indicates that the work is barely adequate and does not meet the standards of graduate work. Expresses a
responsible opinion but makes inadequate use of evidence, has little coherent structure, is critically
unclear, or lacks the quality of insight deemed sufficient to explore adequately the issue. Poor grade.
C- 70-72 Attempts to address the question and approaches a responsible opinion but does not come to a
responsible, defensible conclusion worthy of serious attention or is sufficiently below average in one or
more of the six standards of an essay. Substandard grade.
D Blatantly minimal effort made in preparation of essay. Totally ignores six standards of an essay.
F 69 and An essay that is clearly unrepresentative of the qualities expected of graduate-level work or that fails to
below address the question. Failing grade.
Page | 23
Appendix B – Rubric and Grading Criteria for Class Participation
A+(98-100) Strikes an outstanding balance between listening and contributing. Demonstrates complete preparation for
each class as reflected in the quality of contributions to discussions. Contributions indicate brilliance through a
wholly new understanding of the topic.
A (93-97) Contribution is always of superior quality. Unfailingly thinks through the issue at hand before comment. Can
be relied upon to be prepared for every class meeting. Contributions highlighted by insightful thought,
understanding, and in part original interpretation of complex concepts.
A- (90-92) Above the average expected of a graduate student. By the insightful quality of contributions, commands the
respect of other students and instructors. Fully engaged in class discussions.
B+ (87-89) A positive contributor to class discussions. Joins in most weekly discussions. Contributions reflect
understanding of the material.
B (83-86) Average graduate level contribution. Involvement in weekly discussions reflects adequate preparation for
seminar.
B- (80-82) Contributes infrequently. Sometimes speaks out without having thought through the issue well enough to
marshal logical supporting evidence, address counter-arguments, or present a structurally sound position.
C+ (77-79) Sometimes contributes voluntarily; more frequently needs to be encouraged. Content to allow others to take
the lead or frequently tries to dominate the discussion. Minimal preparation for seminar reflected in arguments
lacking the support, structure or clarity to merit graduate credit.
C (70-76) Contribution is barely adequate. Attempts to forward a plausible opinion through inadequate use of evidence,
incoherent logical structure, and a critically unclear quality of insight that is insufficient to adequately examine
the issue at hand. Usually content to let others form the seminar discussions.
D A grade of “D” is not acceptable, and not awarded, for Graduate-level work.
F (69 or Student fails to contribute in any substantive manner. Extremely disruptive or uncooperative. Completely and
lower) habitually unprepared for class.
Page | 24