COURSE SYLLABUS

Course Designator/Course Number:               IT 4823

Course Title:         INFORMATION SECURITY ADMINISTRATION

Instructor:             Mr. Bob Brown

HTTP Link:            http://www.spsu.edu/cs/faculty/bbrown/it4823/f05

Course Length:   40 contact hours. 2.5 hours per week for 16 weeks; approximately 80 hours reading, research and writing outside class.

Textbook:   Whitman, Michael E. and Herbert J. Mattors (2005) Principles of Information Security, Second Edition. Thompson, Course Technology.  ISBN: 0-619-21625-5. (For Fall, ’05.)

Bishop, Matt (2005) Introduction to Computer Security.  Addison-Wesley. (For Spring ’06 forward.)

Course Description/Objectives:

The student develops knowledge of he principles of information assurance at the policy, procedural, and technical levels to prepare the student for a role as a business decision-makers.  Real-world examples from the text and current events will be used to demonstrate the applicability of the techniques of information assurance.

 

Prerequisites:  IT 1124 Advanced Programming Principles, CS 3153 Database Systems, IT 3124 Hardware and Software Concepts.

This course will teach students:

·      The role of policy in driving information security.

·      The fundamental attributes that define information security: confidentiality, integrity, and availability

·      Identification of an organization’s information assets, including people, hardware, software, and data.

·      The role of risk management in information security.

·      The proper balance between technical controls and procedural controls.

·      The necessity of physical security controls and how to implement them.

·      The roles of awareness, training, end education in information security.

·      The need to make information security an ongoing part of daily operations.


Course Learning Outcomes

After completion of this course (IT 4823), students will be able to:

·        Describe the need for and relationship among the attributes of confidentiality, integrity, and availability.

·        Describe the McCumber model of information security and use it to describe and evaluate security controls.

·        Define the role of policy in driving information security.

·        Differentiate among policy, standards, and procedures.

·        Describe issue-specific policies and tell how they are used.

·        Describe how to identify an organization’s information assets.

·        Distinguish between identification, authentication, and authorization.

·        Describe discretionary and mandatory access control and tell how they are different.

·        Enumerate common classes of threats to information assets and describe the technical and procedural protections against each.

·        Define annualized loss expectancy (ALE) and describe its role in risk management.

·        Describe the concept of layers of information security, and give examples.

·        Define and distinguish among incident response plans, disaster recovery plans, business continuity plans, and crisis management plans.

·        Discuss business continuity strategies.

·        Describe the methods of protecting information in storage and transmission.

·        Differentiate between symmetric and public-key cryptography.

·        Explain how public-key cryptography can provide for non-repudiation through digital signatures.

·        Explain the role of digital certificates in a public-key infrastructure.

·        Describe risk assessment for and implementation pf physical security controls.

·        Describe the process of maintaining an operating information security plan.

 

Course Content Outline / Major Topics:

                  1.            Security Fundamentals

1.1 The History of Information Security

1.2 Critical Characteristics of Information

                1.2.1 Availability

1.2.2 Accuracy

1.2.3 Authenticity

1.2.4 Confidentiality

1.2.5 Integrity

1.2.6 Utility

1.2.7 Possession

1.3 NSTISSC Security Model

1.4 Components of an Information System

1.4.1 Software

1.4.2 Hardware

1.4.3 Data

1.4.4 People

1.4.5 Procedures

1.4.6 Networks

1.5 Securing Components

1.6 Balancing Information Security and Access

1.7 Approaches to Information Security Implementation

1.8 The Systems Development Life Cycle

1.8.1 Methodology

1.8.2 Phases

1.8.3 Investigation

1.8.4 Analysis

1.8.5 Logical Design

1.8.6 Physical Design

1.8.7 Implementation

1.8.8 Maintenance and Change

1.9 The Security Systems Development Life Cycle

1.9.1 Investigation

1.9.2 Analysis

1.9.3 Logical Design

1.9.4  Physical Design

1.9.5 Implementation

1.9.6 Maintenance and Change

1.10 Security Professionals and the Organization

1.11 Communities of Interest

 

                  2.            Business Needs

2.1 Business Needs First

2.1.1 Protecting the Functionality of an Organization

2.1.2 Enabling the Safe Operation of Applications

2.1.3 Protecting Data that Organizations Collect and Use

2.1.4 Safeguarding Technology Assets in Organizations

                2.2 Threats

2.2.1 Acts of Human Error or Failure

2.2.2 Compromises to Intellectual Property

2.2.3 Deliberate Acts of Espionage or Trespass

2.2.4 Deliberate Acts of Information Extortion

2.2.5 Deliberate Acts of Sabotage or Vandalism

2.2.6 Deliberate Acts of Theft

2.2.7 Deliberate Software Attacks

2.2.8 Forces of Nature

2.2.9 Deviations in Quality of Service

2.2.10 Technical Hardware Failures or Errors

2.2.11 Technical Software Failures or Errors

2.2.12 Technological Obsolescence

2.2 Attacks

2.2.1 Malicious Code

2.2.2 Hoaxes

2.2.3 Back Doors

2.2.4 Password Crack

2.2.5 Brute Force

2.2.6 Dictionary

2.2.7 Denial-of-Service (DOS) and Distributed Denial-of-Service (DDOS)

2.2.8 Spoofing

2.2.9 Man-in-the-Middle

2.2.10 Spam

2.2.11 Mail Bombing

2.2.12 Sniffers

2.2.13 Social Engineering

2.2.14 Buffer Overflow

2.2.15 Timing Attack

 

                  3.            Legal, Ethical and Professional Issues

3.1 Laws and Ethics in Information Security

3.2 Types of Law

3.3 Relevant U.S. Laws

                3.3.1 General Computer Crime Laws

3.3.2 Privacy

3.3.3 Export and Espionage Laws

3.3.4 U.S. Copyright Law

3.3.5 Financial Reporting

3.3.6 Freedom of Information Act of 1966 (FOIA)

3.3.7 State and Local Regulations

3.4 International Laws and Legal Bodies

3.4.1 European Council Cyber-Crime Convention

3.4.2 Digital Millennium Copyright Act (DMCA)

3.4.3 United Nations Charter

3.5 Policy versus Law

3.6 Ethics and Information Security

3.6.1 Ethical Differences Across Cultures

3.6.2 Software License Infringement

3.6.3 Illicit Use

3.6.4 Misuse of Corporate Resources

3.6.5 Ethics and Education

3.6.6 Deterrence to Unethical and Illegal Behavior

3.7 Codes of Ethics and Professional Organizations

3.7.1 Major Professional Organizations for IT

3.7.2 Other Security Organizations

3.7.3 Key U.S. Federal Agencies

3.8 Organizational Liability and the Need for Counsel

 

                  4.            Risk Management

4.1 An Overview of Risk Management

4.1.1 Know Yourself

4.1.2 Know the Enemy

4.1.3 The Roles of the Communities of Interest

4.2 Risk Identification

                4.2.1 Asset Identification and Valuation

4.2.2 Automated Risk Management Tools

4.2.3 Information Asset Classification

4.2.4 Information Asset Valuation

4.2.5 Listing Assets in Order of Importance

4.2.6 Data Classification and Management

4.2.7 Security Clearances

4.2.8 Management of Classified Data

4.2.9 Threat Identification

4.2.10 Identify and Prioritize Threats and Threat Agents

4.2.11 Vulnerability Identification

4.3 Risk Assessment

4.3.1 Introduction to Risk Assessment

4.3.2 Likelihood

4.3.3 Valuation of Information Assets

4.3.4 Risk Determination

4.3.5 Identify Possible Controls

4.3.6 Access Controls

4.3.7 Documenting the Results of Risk Assessment

4.4 Risk Control Strategies

4.4.1 Avoidance

4.4.2 Imlementing Avoidance

4.4.3 Transference

4.4.4 Mitigation

4.4.5 Disaster Recovery Plan

4.4.6 Acceptance

4.5 Selecting a Risk Control Strategy

4.5.1 Evaluation, Assessment, and Maintenance of Risk Controls

4.5.2 Categories of Controls

4.5.3 Feasibility Studies

4.5.4 Other Feasibility Studies

4.6 Risk Management Discussion Points

4.6.1 Risk Appetite

4.6.2 Residual Risk

4.7 Documenting Results

4.8 Recommended Practices in Controlling Risk

4.8.1 Qualitative Measures

4.8.2 Delphi Technique

 

                  5.            Policies, Standards and Practices

5.1 Information Security Policy, Standards, and Practices

5.1.1 Enterprise Information Security Policy (EISP)

5.1.2 Issue-Specific Security Policy (ISSP)

5.1.3 Systems-Specific Security Policy (SysSP)

5.1.4 Policy Management

5.1.5 Information Classification

5.2 The Information Security Blueprint

                5.2.1 ISO 17799/BS7799

5.2.2 NIST Security Models

5.2.3 IETF Security Architecture

5.2.4 VISA International Security Model

5.2.5 Baselining and Best Business Practices

5.2.6 Hybrid Framework for a Blueprint of an Information Security System

5.2.7 Design of Security Architecture

5.3 Security Education, Training, and Awareness Program

5.3.1 Security Education

5.3.2 Security Training

5.3.3 Security Awareness

5.4 Continuity Strategies

5.4.1 Business Impact Analysis

5.4.2 Incident Response Planning

5.4.3 Disaster Recovery Planning

5.4.4 Business Continuity Planning

5.4.5 Model for a Consolidated Contingency Plan

5.4.6 Law Enforcement Involvement

 

                  6.            Security Technology: Firewalls and VPNs

6.1 Physical Design

6.2 Firewalls

                6.2.1 Firewall Categorization Methods

6.2.2 Firewall Architectures

6.2.3 Selecting the Right Firewall

6.2.4 Configuring and managing Firewalls

6.2.5 Content Filter

6.3 Protecting Remote Connections

6.3.1 Dial-Up

6.3.2 Virtual Private Networks (VPNs)

 

                  7.            Security Technology: Intrusion Detection, Access Control, and Other Security Tools

7.1 Intrusion Detection Systems (IDSs)

7.1.1 IDS Terminology

7.1.2 Why Use IDS?

7.1.3 Types of IDS and Detection Methods

7.1.4 IDS Response Behavior

7.1.5 Selecting IDS Approaches and Products

7.1.6 Strengths and Limitations of IDS

7.1.7 Deployment and Implementation of an IDS

7.1.8 Measuring the Effectiveness of IDS

7.2 Honey Pots, Honey Nets, and Padded Cell Systems

                7.2.1 Trap and Trace Systems

7.2.2 Active Intrusion Prevention

7.3 Scanning and Analysis Tools

7.3.1 Port Scanners

7.3.2 Firewall Analysis Tools

7.3.3 Operating System Detection Tools

7.3.4 Vulnerability Scanners

7.3.5 Packet Sniffers

7.3.6 Wireless Security Tools

7.4 Access Control Devices

7.4.1 Authentication

7.4.2 Effectiveness of biometrics

7.4.3 Acceptability of Biometrics

 

                  8.            Cryptography

8.1 A Short History of Cryptography

8.2 Principles of Cryptography

                8.2.1 Basic Encryption Definitions

8.2.2 Cipher Methods

8.2.3 Elements of Cryptosystems

8.2.4 Encryption Key Size

5.2.5 Conclusions Regarding the Principles of Cryptography

8.3 Cryptography Tools

8.3.1 Public Key Infrastructure (PKI)

8.3.2 Digital signatures

8.3.3 Digital Certificates

8.3.4 Hybrid Cryptography Systems

8.3.5 Steganography

8.4 Protocols for Secure Communications

8.4.1 Securing Internet Communication with S-HTTP and SSL

8.4.2 Securing E-mail with S/MIME, PEM, and PGP

8.4.3 Securing Web Transactions with SET, SSL, and S-HTTP

8.4.4 Securing TCP/IP with IPSec and PGP

8.5 Attacks on Cryptosystems

8.5.1 Man-in-the-Middle Attack

8.5.2 Correlation Attacks

8.5.3 Dictionary Attacks

8.5.4 Timing Attacks

8.5.5 Defending From Attacks

 

                  9.            Physical Security

9.1 Physical Access Controls

9.1.1 Controls for Protecting the Secure Facility

9.2 Fire Security and Safety

                9.2.1 Fire Detection and Response

9.3 Failure of Supporting Utilities and Structural Collapse

9.3.1 Heating, Ventilation, and Air Conditioning

9.3.2 Power Management and Conditioning

9.3.3 Water Problems

9.3.4 Structural Collapse

9.3.5 Maintenance of Facility Systems

9.4 Interception of Data

9.5 Mobile and Portable Systems

9.5.1 Remote Computing Security

9.6 Special Considerations for Physical Security Threats

9.6.1 Inventory Management

 

              10.            Implementing Information Security

10.1 Project Management for Information Security

10.1.1 Developing the Project Plan

10.1.2 Project Planning Considerations

10.1.3 Scope Considerations

10.1.4 The Need for Project Management

10.2 Technical Topics of Implementation

                10.2.1 Conversion Strategies

10.2.2 The Bull’s-Eye Model for Information Security Project Planning

10.2.3 To Outsource or Not

10.2.4 Technology Governance and Change Control

10.3 Nontechnical Aspects of Implementation

10.3.1 The Culture of Change Management

10.3.2 Considerations for Organizational Change

 

              11.            Information Security Credentials, Security and Personnel

11.1 Positioning and Staffing the Security Function

11.2 Credentials of Information Security Professionals

                11.2.1 Certified Information Security Professional (CISSP) and Systems

11.2.2 Security Certified Practitioner (SSCP)

11.2.3 Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM)

11.2.4 Global Information Assurance Certification (GIAC)

11.2.5 Security Certified Professional (SCP)

11.2.6 TruSecure ICSA Certified Security Associate (TICSA)

11.2.7 Security+

11.2.8 Certified Information Forensics Investigator

11.2.9 Related Certifications

11.2.10 Cost of Being Certified

11.2.11 Advice for Information Security Professionals

11.3 Employment Policies and Practices

11.3.1 Job Descriptions

11.3.2 Interviews

11.3.3 Background Checks

11.3.4 Employment Contracts

11.3.5 New Hire Orientation

11.3.6 On-the-Job Security Training

11.3.7 Performance Evaluation

11.3.8 Termination

11.4 Security Considerations for Nonemployees

11.5 Separation of Duties and Collusion

11.6 Privacy and Security of Personnel Data

 

              12.            Maintaining Information Security

12.1 Security Management Models

12.1.1 The ISO Network Management Model

12.2 The Maintenance Model

                12.2.1 Monitoring the External Environment

12.2.2 Monitoring the Internal Environment

12.2.3 Planning and Risk Assessment

12.2.4 Vulnerability Assessment and Remediation

12.2.5 Readiness and Review

 

 

Method of Instruction:

 

            Lectures, discussion, presentation, hands-on lab practice.

 

Evaluation Methods:

Grade will be based on meeting attendance, participation, submitting the required written assignments, two examinations, and a comprehensive final examination.

·        Participation, written assignments and labs   40%    

·        Examinations                                                          30%     Two at 15% each

·        Comprehensive final exam                           30%    

To receive a grade of “A”, the student must accumulate 90% to 100% of the points.

To receive a grade of “B”, the student must accumulate 80% to 89% of the points.

To receive a grade of “C”, the student must accumulate 70% to 79% of the points.

To receive a grade of “D”, the student must accumulate 60% to 69% of the points.

Any student who accumulates total scores of 59 or less will receive a grade of “F”.

 

A grade of “I” is awarded only when a student was doing satisfactory work but, for nonacademic reasons beyond his or her control, was unable to meet the full requirements of the course.   All policies in the University Catalog will apply to a grade of I.

 

Please adhere to the following requirements which may affect your grade: (I) Regular and punctual meeting and lab attendance and participation; (II) Submission of all written work on time; and (III) Successful completion of the examinations.

 

 

Class Schedule:

Date

Topic  

Reading

Due Today 

Aug 22

Introductions, Security Fundamentals I

1 - 19

 

Aug 24

Security Fundamentals II

20 - 32

 

Aug 29

Business Needs, Threats, Attacks

35 - 68

 

Aug 31

Legal, Ethical & Professional Issues

75 - 104

Assignment 1

Sep 5

No Meeting – Labor Day Holiday

 

 

Sep 7

Risk Management I

109 - 131

 

Sep 12

Risk Management II

132 - 144

Assignment 2

Sep 14

Risk Management III

145 - 165

 

Sep 19

Risk Management IV

 

 

Sep 21

Policies, Standards and Practices

171 - 185

Assignment 3

Sep 26

Information Security Blueprint

186 - 205

 

Sep 28

Continuity Strategies I

206 - 233

 

Oct 3

Examination 1

 

 

Oct 5

Firewalls and VPNs I

239 - 260

 

Oct 10

Firewalls and VPNs II

260 - 276

Assignment 4

Oct 12

Intrusion Detection Systems

281 - 319

 

 

October 13 is the last day to withdraw with a grade of W.

 

 

Oct 17

Scanning and Analysis, Access Control 

320 - 336

Assignment 5

Oct 19

Lab Day

341 - 365

 

Oct 24

Cryptography I

341 - 365

 

Oct 26

Crytptography II

366 - 385

 

Oct 31

Cryptography III

 

 

Nov 2

Examination 2

 

 

Nov 7

Physical Access, Fire Safety

389 - 407

 

Nov 9

Other Physical Security

408 - 421

Assignment 6

Nov 14

Implementing Information Security I

427 - 447

 

Nov 16

Information Security Credentials

451 - 471

Assignment 7

Nov 21

Employment Practices

472 - 482

 

Nov 23

No Meeting – Thanksgiving Holiday

 

 

Nov 28

Information Security Maintenance I

489 - 500

 

Nov 30

Information Security Maintenance II

501 - 527

Assignment 8

Dec 5

Information Security Maintenance III

 

 

Dec 7

Review for Final

 

 

 

Last day to resubmit work

 

 

Dec 12

Final Examination

 

Note time: 8:00 to 9:50

 

 

 

 

 

Academic Honesty and Collaboration: Collaboration with your classmates in studying and understanding the material is part of the collegiate experience, and is strongly encouraged. Collaboration on written assignments is permitted and encouraged, but each student must submit work written in his or her own words. For programming assignments, you may work together, but each student must produce his or her own complete program or Web document. Copying another's work will be considered cheating; all students involved will receive a grade of zero and possibly other penalties including failure of the course and dismissal from the University. Unless you are specifically advised otherwise by the instructor, any work submitted for credit, other than homework assignments, must be completely the work of the individual student.

Collaboration or cheating on examinations will result in a grade of zero and other penalties including failure of the course and dismissal from the University. Plagiarism, fabrication, or other academic misconduct will result in a grade of zero and other penalties, including failure of the course and dismissal from the University.

It is very important that you understand the concepts of academic honesty. If any of the above is not clear, or if you are not certain what some of the terms mean, please ask me. A misunderstanding in this area could end your academic career.

How to Succeed in this Class: Here are five things you can do that will greatly improve your chances of making a satisfactory grade in this class:

  • Read the syllabus: It is a lot of trouble to prepare so detailed a syllabus. You should assume I had a reason for it. You should read every word in the syllabus before the second class. I will not be sympathetic to complaints that you didn't understand something about the course if it's written down in the syllabus and you didn't ask about it when you reviewed the syllabus.
  • Read the textbooks: You will get a lot more out of this class, and so be able to give back more on the assignments and examinations, if you read the assigned parts of the textbooks before class. In my experience, students who don't complete the reading before class either never complete it or try to cram it all in just before the exams. That doesn't work.
  • Come to class: You will read below that there's no specific penalty for missing a class. However, you are missing an opportunity to have things that may not be clear explained to you, to ask me questions, and to interact with me and your colleagues. If classes weren't important, we wouldn't have them.
  • Do the homework: The homework assignments build upon one another. If you get behind, you will find it very difficult to catch up. Moreover, when you read the syllabus, you will find that there are substantial penalties for late or incomplete work.
  • Allow enough time: More unsatisfactory grades are due to procrastination than any other cause. Do not assume that you can complete the homework and reading assignments in the thirty minutes before class; you cannot. The most successful students complete this work the weekend before it is due.

Course Objectives: Students who complete IT 4823 successfully will be able to:

Class Attendance: Attendance and participation in class are expected. While there is no academic penalty for missing a class, you should be aware that information not in the book will be presented in class and you will be held responsible for it on examinations. You are responsible for announcements, assignments, and syllabus revisions made in class. If you must miss a class, please arrange to borrow another student's notes. Often you'll get better notes if you make such arrangements in advance.

Historically, students with good attendance records have done significantly better in this class than students with poor records.

Preparation: You will be expected to have read this syllabus, Chapter 1 of the text, and the Standards of Academic Conduct handout by the second class meeting. After that, you are expected to have read each section by the date it is first scheduled to be discussed. I recommend that you read each chapter before it is discussed and jot down questions about anything that is not clear. If your questions are not answered during the lecture, ask them in class. Then re-read each chapter, jotting down important points. Use these notes to study for the examinations.
 

Grading:

40% 

Assignments

 

30% 

Examinations (two at 15% each)

 

30% 

Final Exam

Important note: The grading is established so that you cannot pass the class without getting at least most of the homework points.

In general, I will use the following scale to assign course letter grades. I reserve the right to make adjustments (either up or down) for borderline cases.

Grading Scale: 90 and above: A. 80+: B. 70+: C. 60+: D. Below 60: F.

Examinations: Examinations will consist mainly of short answer questions, with a small number of essay or programming questions. Makeup examinations will not be given unless you make prior arrangements with me. The final examination will be comprehensive.

Assignment Grades:There are four possible grades for assignments. A grade of check-plus indicates exemplary work or effort beyond what is normally expected. A grade of checkmark means your work meets expected standards. Both check-mark and check-plus receive full credit if submitted on time. A grade of  check-minusindicates that one or more areas of the assignment weren't completed satisfactorily. You may resubmit work which receives a check-minus after revising it based on the instructor's comments.  Except at the end of the term, you have two weeks from the time grades are returned to the class (even if you don't get yours timely through not checking!) to resubmit your work. If you do not resubmit within two weeks, you will receive a grade of zero. You will receive full credit for resubmitted work which meets standards.  The last date to resubmit lab assignments is the last meeting date of this class. There is no partial credit. You must get a check or check-plus on all parts of an assignment to receive credit for that assignment. If your work is turned in very late or does not show an honest effort to complete the assignment, you will receive a grade of zero.

You may resubmit only problems which were part of your original submission.  In other words, if you don't attempt a problem on your first submission, you may not receive credit for it by "resubmitting" it later.  Note that not attempting all parts of an assignment is very likely to result in a grade of zero for the entire assignment. However, if you do not understand a problem, you may submit a substantive question about the problem in place of a solution. I will answer your question and you may then submit a solution to the problem without penalty.

Examinations will be based in part on the contents of the assignments.

Assignments:   Assignments will be posted on the class Web page approximately a week before they're due.

Due Dates: Assignments are due at the beginning of class on the date shown in the syllabus. Late assignments, including assignments submitted after class has started, will not be graded and will be recorded as zeroes. As university students, I expect you will manage your time well enough to be able to complete your assignments on time in spite of both usual and unanticipated events. However, I do recognize that sometimes, no matter how well one plans, outside events interfere with one's plans. Therefore, each student will have five "late days" that may be used to submit late assignments without penalty. You may submit one assignment five days late, five assignments one day late each, or any other combination that adds up to five. I encourage you plan well so that your late days will be available in case of a true emergency because, when you have used up your late days, there will be no other exceptions for any reason whatsoever.

Technical difficulties: Explanations of "technical difficulties" will not be accepted as excuses for late or unsatisfactory work. As university students, I expect you to manage your time and your facilities well enough to be able to complete your work in a timely and satisfactory manner.

Style Guidelines: Written work for IT 4823 must be typed or computer printed. Handwritten material is not acceptable. Type only on one side of the paper you turn in. Use only 8-1/2 x 11 inch paper.

If the work you are turning in has more than one page, staple the pages together in the upper left corner. This is the only way to organize your work; do not use notebooks, folders, etc.

In the upper right corner of the first page of each item you turn in, put the following information in the order shown:

Your name

IT 4823 -- BROWN (be sure to put my name here)

The date of the class when the item is turned in

Identification of the item (Term Paper Idea, etc.)

If the item is being resubmitted, the word "resubmitted"

Here is an example:

Joe W. College
IT 4823 -- BROWN
September 22, 2005
Assignment 3

The first line of your work goes here.

Put this information as close to the top right corner as you can. Do not use a cover page.

World Wide Web: Questions and answers, class announcements, assignments and other material will be published from time to time on the school's Web page for this class. You should get into the habit of checking http://www.spsu.edu/cs/faculty/bbrown/it4823/f05/ for class information. You will also find copies of the handouts, this syllabus, notes on the homework and other useful information there.

However, you are cautioned that the presence of this Web page does not relieve you of responsibility for material, including announcements, assignments, and syllabus revisions made in class. In other words, I'll put material on the Web, but you still have to come to class or make sure you find out what happened in each class meeting.

Students with disabilities: Students with disabilities who believe that they may need accommodations in this class are encouraged to contact the counselor working with disabilities at (678) 915-7244 as soon as possible to better ensure that such accommodations are implemented in a timely fashion.

Administrivia:
Form of address: Call me Bob or Mr. Brown, whichever is more comfortable for you.

Sending E-mail: I use a text based e-mail reader. If you send e-mail, please send plain ASCII text and include a line break every 70 characters or so. Messages may not be in the appropriate format unless you take special steps. I expect you to know your e-mail program well enough to configure it to send plain text only. Please do not attach word processing documents to e-mail messages... send plain ASCII text only.  Do not submit assignments via e-mail; they go on the server.

Class format: There will be no scheduled breaks. Questions will be taken at the beginning of class, during the lecture, and near the end of the class.

Appointments:  I will be available after class until all questions have been answered and any other concerns have been discussed, and at other times during my office hours (see the first page of this syllabus) and by appointment.

Decorum: If you have something to say in class, please address yourself to me. Keep beepers, phones, watches, etc. quiet in class; you will be asked to leave the class if your "gear" causes disruption. You will be highly embarrassed if you're kicked out of class because your cell phone rings. Don't let it happen!

Leaving materials for me: Your homework will be posted on the server. However, you may sometimes have other material for me. Bring it to class! If you are unable to attend a class, you can get material to me in three ways: Have a colleague bring them to class, take them by the SwE Office in room J-370 during office hours, or place them in one of the CSE drop boxes at any time. These drop boxes are located at the west entrance to Building J and in the hallway across from room J-361. These drop boxes are checked twice daily during the week, and material left in them will be put in my mail box if it has my name on it.

Belongings left in the classroom: If you leave belongings in the classroom and I notice them, I'll take them to the campus police office on the ground floor of Norton Hall.