Introduction to Information Security Management

Korea University

Course Description

  • Course Name

    Introduction to Information Security Management

  • Host University

    Korea University

  • Location

    Seoul, South Korea

  • Area of Study

    Information Sciences, Information Technologies

  • Language Level

    Taught In English

  • Course Level Recommendations

    Upper

    ISA offers course level recommendations in an effort to facilitate the determination of course levels by credential evaluators.We advice each institution to have their own credentials evaluator make the final decision regrading course levels.

    Hours & Credits

  • Credits

    3
  • Recommended U.S. Semester Credits
    3
  • Recommended U.S. Quarter Units
    4
  • Overview

    Course Objectives:

    Information security and privacy management has been an area of interest in the U.S. for the past several years. The notion that security is not only a technical matter began as legislations such as HIPAA, SOX, and LGB increased executives? awareness of information privacy and data integrity. Major attacks against large firms and credit card processors augmented public?s awareness. No longer is information security a big corporation problem but an everyday and everyone?s problem. In addition, social engineering attacks (choicepoint.com) and a number of industrial espionage cases (Intel, Samsung) have illustrated the ?soft side? of information security. The notion that humans are the weakest link and the need for what is now termed the ?human firewall? became prevalent among academic researchers and industry experts. This notion culminated in the creation of ?centers of excellence,? a selected set of universities dedicated to the education and research of information security management.

    Although Korea has long excelled in the research and development of technical solutions to security breaches, the idea that security is a managerial and strategic issue has been mostly ignored in academic curriculum and local research. However, recent incidents against major government agencies and private companies (e.g., NH and Hana Bank SK card and in 2013 Korean broadcasting companies) brought the issue to the forefront of the media, increasing public and organizational awareness. Although Korean companies face similar security and privacy challenges as companies in the West, there are also unique aspects to information security management in Korea, such as:

     

    • Korea is one of the most connected countries in the world. Over 94% of the population uses wired and wireless devices on a daily basis. In addition, most Korean homes have Fiber-to-the-house (FTTH) which is highly susceptible to attacks.
    • The use of m-commerce in Korea is also one of the highest in the world.
    • Korea is considered a wealthy country compared to its neighbors and thus a lucrative target for professional cyber criminals.
    • Leading hi-tech companies engage in extensive R&D and are obvious subject of information leakage and industrial espionage.
    • The political climate on the Korean peninsula exposes South Korea to cyber terrorism. Although most people equate cyber terrorism with attacks on major infrastructure (e.g., electricity, water, transportation), cyber terrorists may undertake attacks against private companies. Such attacks can create much financial damage and public panic.
    • Yet, 63.5% of companies in Korea do not have a budget dedicated to information security and only 4.7% have mitigating strategies such as cyber security insurance.


    The goal of this class is twofold. First we will discuss security awareness at the individual level and how users could and should defend their computing assets. Subsequently, we will cover business and managerial issues related to information security, privacy and business continuity. Individuals and organizations face similar challenges and the two domains do overlap. Specifically, the course will cover some of the following topics :

     

    • Basic security and privacy awareness, threats, and vulnerabilities
    • A brief description of some technical countermeasures and hands-on practice in information security defense mechanisms
    • Social engineering, dumpster diving and other ?unusual? vulnerabilities
    • Does cyber security matter to your CFO? Information Security risk assessment and the financial impact of security attacks
    • Security policies and strategy: the soft side of security defense
    • The human factor: organizational users as the weakest link and what can be done about it
    • Compliance with information security legislations
    • Business continuity
    • History of hacking and hacker culture

     

     

Course Disclaimer

Courses and course hours of instruction are subject to change.

Credits earned vary according to the policies of the students' home institutions. According to ISA policy and possible visa requirements, students must maintain full-time enrollment status, as determined by their home institutions, for the duration of the program.

Please reference fall and spring course lists as not all courses are taught during both semesters.

Availability of courses is based on enrollment numbers. All students should seek pre-approval for alternate courses in the event of last minute class cancellations

Please note that some courses with locals have recommended prerequisite courses. It is the student's responsibility to consult any recommended prerequisites prior to enrolling in their course.