ACG 6415Advanced Accounting Information Systems

Spring 2012

Course ObjectivesA strong grounding in computer and network security.

Learn the factors related to the plan-protect-respond cycle of IT security.

An understanding of networking concepts.

You will learn of the importance of IT security to the accounting profession and of the various control frameworks that accountant's rely on for SOX compliance.

This course is learning about defense so we will learn about many threats and how they exploit vulnerabilities but we will NOT be using these exploits in class.

2

Syllabus HighlightsDr. Steven Hornik

email: shornik@bus.ucf.edu

Course Webpage: http://acg6415.wikispaces.com/

Office Hours: Tuesday 12:30 – 1:30 Thursday 4:30 – 5:45; and by appointment

Office: BA1 432

Text Book

Corporate Computer and Network Security, 2nd Edition by Raymond R. Panko

Grade ComponentsExam 1 (Ch. 1 - 4)* 250

Exam 2 (Ch. 5- 9) 250

Access Control Simulation 100

Discussions 100

Research Paper 200

Research Paper – Presentation 50

Total Points 950

Grading Scale

• A 4.00 100-93

• A- 3.75 92-90

• B+ 3.25 89-86

• B 3.00 85-83

• B- 2.75 82-80

• C+ 2.25 79-76

• C 2.00 75-73

• C- 1.75 72-70• D+ 1.25 69-66 • D 1.00 65-63 • D- 0.75 62-60 • F 0.00 <59

ExamsTwo Part Exams

1st PartMultiple choiceMatching

2nd PartShort-answer / Essay (with Notes/Book)

WikiSpace E-mail Invitation or Click “Join” button

Join if you haven’t

Collaborative Web Pages You can Add material to any page You can Edit material already posted to a page You can Delete material posted to a page You can Create a new page with new material

Material text content Hyperlinks

WebPages, Podcasts, Video, Audio, etc.

Group Research/Project Paper Each group will have its own Team page(s) for supporting

collaborative work.

Wiki Pages to UpdateSecurity in the News

Research/Project Paper Groups of 3

Group Assessment

10-15 page final paper

Dates: Initial Title (1 sentence) – 02/09/2012 Summary idea (1 page + group assessment rubric) 02/16/2012 Draft – 5 page minimum - 03/01/2012 Final paper – 04/05/2012 Presentations – 04/12 to 4/19/2012

Topics (only 2 groups can do the same topic) Using OCTAVE Allegro, create an risk assessment, using the OCTAVE Allegro worksheets, for an

organization you work for or have access to. Identifying between 5-7 critical information assets. Beyond the risk assessment this project requires a summary of how risk assessment fits within the IT Governance frameworks

.Describe COSO's ERM Framework (2004), Key Risk Indicators (2010). Using material from our book and website determine a set of KRI's that could be useful in anticipating IT Security exploits, i.e. can we scan our internal/external environment for possible increased risk so that we can react to it beforehand? Before proceeding with this project you will need to discuss the number of exploits to be examined.

Using the various standards/frameworks, COBIT, ISO, ITIL, etc. create a report of the similarities between them and come up with a list of common controls, i.e. create a grand unified control document. The paper should include summaries of each of the frameworks included and a compare/contrast section.

Research and prepare a report on the compliance issues related to SOX and IT Security. In-depth analysis of a current topic related to accounting and IT-Security (e.g. cloud computing). 10

Access Control Simulation

11

Access Control Simulation - Tutorial

12

Access Control Simulation

13

Access Control - Office

14