EMSE 298 IN/IN2

Towson University

Syllabus
IHSM 611
3 Credit Hours
Critical National Infrastructures

Fall 2006
15-Week Program

Office:	Carlisle, PA
Availability:	10:00- 22:00 EST
E-Mail:	profrknichols@comcast.net
Course Website:	www.infosec-technologies.com
Classroom:	TBA
Class Times:	Per Spring 06 Schedule
Prerequisites:	None

Course Description

Examines America’s critical infrastructures and their relationships to one-another, and issues pertaining to safeguarding and managing these infrastructures under serious threat. Analyzes key asset identification, threat and vulnerability, and studies technologies for their ability to support planning, mitigation, response, recovery, and prediction

Objectives / Learning Outcomes

There are three core elements of knowledge required for understanding the challenge of protecting the U.S. Homeland: 1) the evolution of the homeland security threats and responses before and after the September 11, 2001 terrorist attacks; 2) the nature of the threat; and the response to the threat, i.e. the contemporary organization, principles, and practices that govern U.S. Homeland security activities at the federal, state, and local level as in the private sector. Of special management concern is the deployment of national assets into critical infrastructure sectors (CIS) and their protection against terrorist threats.

There are two main objectives for addressing the core knowledge requirements (supra). They are:

To develop relevant theoretical knowledge, employ strategic and tactical skills, and demonstrate cooperative leadership in solving problems of homeland security;
To explore interrelationships among national critical infrastructure sectors and their asymmetric affects in cyberspace.

Students completing this course will possess an introductory level skill set to:

Synthesize a broad-based knowledge of homeland security issues with government policies, procedures and strategies.
Think asymmetrically, i.e. students develop effective and innovative strategies for rapid, creative responses to homeland crisis situations. They accomplish this by using research skills, knowledge of homeland security issues, policies, procedures and team creativity to respond wisely to unexpected simulated emergencies.
Demonstrate leadership in work collaboratively in the preparation for, protection against, and response to national, state and local crises based on a comprehensive knowledge of systems, relationships and research in homeland security and related areas.
Prepare “on-target”, executive situation reports that: 1) focus on key CIS issues and 2) recommend required short- and long-term actions.

Textbooks

Required

Sauter, M. A., & Carafano, J. J. (2005) Homeland Security: A Complete Guide to Understanding, Preventing, and Surviving Terrorism. New York: McGraw Hill.

Evers, D., Miller, M. & Glover, T. (2005) Pocket Partner, 4th Ed. Littleton, CO: Sequoia.

Case Studies (Material will be taken from these readings and be available via Towson University Albert S. Cook Library on reserve)

Howard, R., Forest, J. & Moore, J. (2006) Homeland Security and Terrorism: Readings and Interpretations. New York: McGraw Hill.

Kamien, D. G. (2006) The McGraw Hill Homeland Security Handbook: The Definitive Guide for Law Enforcement, EMT, and all other Security Professionals. New York: McGraw Hill.

Laqueur, W. (Ed.). (2004). Voices of terror: Manifestos, writings and manuals of Al Qaeda, Hamas, and other terrorists from around the world and throughout the ages. New York: Reed Press

References (Additional course material may be drawn from these optional readings. They will be available via email from instructor, on Blackboard common area, or placed on 3-day reserve at Towson University Albert S. Cook Library)

Acquista, A. (2003). The Survival Guide: what to do in a Biological, Chemical or Nuclear Emergency. New York: Random House.

Barnett, T.P.M. (2004). The Pentagon’s new map: War and peace in the twenty-first century. New York: Penguin Group.

Bidgoli H., Editor-in-Chief. (2006) Volume 1: Handbook of Information Security: Key Concepts, Infrastructure, Standards, and Protocols. Hoboken, New Jersey: Wiley.

Bidgoli H., Editor-in-Chief. (2006) Volume 2: Handbook of Information Security: Information Warfare; Social, Legal and International Issues; and Security Foundations. Hoboken, New Jersey: Wiley.

Bidgoli H., Editor-in-Chief. (2006) Volume 3: Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management. Hoboken, New Jersey: Wiley.

Cherkasky, M. with Alex Prud’ Homme. (2003). Forewarned: Why the government is failing to protect us – and what we must do to protect ourselves. New York: Ballantine.

Curts, R.J. & Campbell, D.E. (2003). Building a Global Information Assurance Program. New York: Auerbach.

Diamond, J. (2005). Collapse: How societies choose to fail or succeed. New York: Viking.

Gordon, L. A. & Loeb, M. P. (2006) Managing Cyber-Security Resources: A Cost- Benefit Analysis. New York: McGraw Hill.

Harris, S. (2005). The End of Faith: Religion, Terror, and the future of reason. New York: Norton.

Hall, W. M. (2003). Stray Voltage: War in the information age. Annapolis, MD: Naval Institute Press.

Johnson, L. K. (2000) Bombs, Bugs, Drugs and Thugs: Intelligence and America’s quest for security. New York: New York University Press.

National Research Council of the National Academies. (2002). Making the nation safer: The role of science and technology in countering terrorism. Washington: Author.

Rattray, G. J. (2001). Strategic warfare in cyberspace. London: MIT Press.

Scheuer, M. (Nom-de-Plume: Anonymous) (2004). Imperial Hubris: Why the West is Losing the War on Terror. Washington, DC: Brassey’s.

Yourdon, E. (2002). Byte wars: The impact of September 11 on information technology. Upper Saddle River, NJ: Prentice Hall PTR.

Web Site

A wealth of supplementary information for our course is available at www.infosec-technologies.com. Material downloaded must be appropriately attributed to contributors in all team / individual papers.

Course Deliverables

Exams. There will be no formal midterm or final exams.

Collaborative Team Research Papers / PowerPoint Presentations. Four (4) ten-page papers and corresponding PowerPoint presentations will be due during the semester covering issues relevant to four interrelated CIS. Students must flesh out the co-dependencies, interrelationships, sector threats, vulnerabilities, cross-impact and potential countermeasures.

In addition, a group research paper covering an assigned hypothetical A/D (Attack/Defense with After-Action Reporting) scenario / PowerPoint presentation will be required to demonstrate collaborative skills and asymmetric responses to national crises and terrorist threat.

Participation. Students are expected to prepare for each class meeting and participate in the weekly homework discussion conferences. Questions based on the weekly lecturette and assigned text readings require students to contribute regularly. A rubric for participation is available as a benchmark.

Quizzes. End-of-chapter Open Book quizzes (generally 5-10 questions) will be submitted by students for credit no later than 10 days after completion of the assigned chapter.

Bullets. Each week, students will prepare short, relevant, current bullets (30 - 60 second written summaries) pertaining to this course: e.g., national crises, terror incidents, terror groups, accidents, natural disasters, maritime incidents or piracy, political or infrastructure news, LEO actions, civil / criminal actions, health issues, open intelligence, BW/CW rulings, CIS sector news, Patriot Act, NSA, CIA, WH, laws or rulings of interest; URLS, security events, interesting IT/ INFOSEC finds, agency news or actions, or webliography items. Virus / Anti-Malware bullets do not count. Duplicate bullets do not count.

Grading

The final grade will be determined as follows:

Group Research A/D Paper and PowerPoint Presentation-- 35%
Four Team CIS Sector Papers and Presentations-- 40%
Chapter Quizzes – 10%
Bullets, Case Studies and Participation-- regular submissions of "Bullets" or webliography, Case Studies, and responses to discussion questions online -- 15%

Where: A (90-100%); B (80-90%); C (70-79%); F (<70%)

Course Content

IHSM 611 textbook and course is organized into three learning modules. Module 1 covers how we got here from there, outlining America’s traditional approach to domestic security, the evolution of an unprecedented terrorist threat that led to the September 11, 2001 attacks, and the nation’s response to the events of 9/11.

Module 2 offers an overview of contemporary terrorists – who they are, what they want, and how they operate. Module 2 is concerned with “knowing the enemy.” This knowledge is essential to understanding the challenge of homeland security. It is the driving force for the massive response and reorganization of functions by the U.S government in half a century.

Module 3 describes all the critical elements of the present homeland security regime. Knowing the enemy is not good enough; good security requires “knowing yourself” as well. In respect to homeland security, good security requires understanding the roles and responsibilities of government officials, public servants, businesses, and average citizens.

It is in Module 3 that we are concerned with the CIS concept but also the critical relationships and dependencies of each CIS on each other. Module 3 covers a range of issues from national security and public preparedness to business continuity and disaster recovery. Many of the efforts to fight, protect against, and respond to terrorism are “all hazards.” The process is useful for addressing many of the natural and man-made (technological) disasters, national security threats, and law enforcement challenges that affect public safety.

Each lecture supporting the three Modules will include: Chapter Summary and Overview; Chapter Learning Objectives; Chapter Outline; Chapter PowerPoint’s; Chapter Quiz; “From the Source Feature;” Issues; Readings; References and Web resources; and suggestions for inclusion into the students final project.

Course Schedule

Schedule	Module / Subjects Covered Reading Assignments	Class Discussion Questions CIS Sectors under consideration	Topics Quizzes / special Case Studies
Week 1	Module 1: Emergence of Modern Homeland Security (HS) Covers: 1) HS the American Tradition 2)The Road to 9/11 3) The National Response to 9/11 Sauter: Chapters 1-3 inclusive		Syllabus Administrative Class Expectations Peer-to-Peer Evaluations Class Rubric for Participation TEAMS FORMATION
Week 2	Module 2: Understanding Terrorism Covers: The Mind of the terrorist and why they hate us. Sauter: Chapter 4	Q1: Political Solution Possible?	Quiz on chapter 1-3 due. Case Study 1: Howard: The Strategic Logic of Suicide Bombers (Chapter 6)
Week 3	Module 2 cont: Understanding Terrorism Covers: Al-Qaida and other Islamic Extremist Groups; Understanding fanaticism in the name of religion. Sauter: Chapter 5 Sauter: Appendix 1	Individual (not team) 2-pager review of one terrorist group Covering: description, Strength, Location, AOA, Aid, activities and current threat level.	Quiz on chapter 4 due.
Week 4	Module 2 cont: Understanding Terrorism Covers: Transnational dimensions of terrorism; the unique dangers of the 21st century. Sauter: Chapter 6	Q2: International terrorism and issues with borders, will current proposals work?	Quiz on chapter 5 due. 2-pager, terrorist group review due.
Week 5	Module 2 cont: Understanding Terrorism Covers: Domestic Terrorist groups: the forgotten threat. Sauter: Chapter 7	Q3: Estimate domestic terrorism effects and resources available. Are they enough?	Quiz on chapter 6 due. Open source issues
Week 6	Module 2 cont: Understanding Terrorism Covers: Terrorist Operations and Tactics: How attacks are planned and executed. Sauter: Chapter 8	Q4: Characterize the terrorist asymmetric warfare. What changes do you see in next 5 years?	Quiz on chapter 7 due. US DOD guest Weapons issues Al-Qaida manual at www.INFOSEC-Technologies.com
Week 7	Module 2 cont: Understanding Terrorism Covers: Weapons of Mass Destruction (WMD): Understanding the great terrorist threats and getting beyond the hype. Sauter: Chapter 9	Q5a: How easy would it be to bring WMD through our ports? Q5b: What about a dirty bomb or low-level WMD?	Quiz on chapter 8 due. Case Study 2: Howard: Seacurity: Improving the Security of Global Sea-Container Shipping System (Chapter 12)
Week 8	Module 2 cont: Understanding Terrorism Covers: The Digital battlefield: CyberTerrorism and CyberSecurity Sauter: Chapter 10	Q6: Investigate Spybots, Rootkits and hydra’ cybercraft. What is their effectiveness against enterprise networks and what is the future?	Quiz on chapter 9 due. Case Study 3: Howard: Cyber Threats: Ten Issues to Consider (Chapter 10)
Week 9	Module 3: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: HS Roles, Responsibilities, and Jurisdictions – Federal, State, Local Government responsibilities Sauter: Chapter 11	Q7: What agency would you split off of DHS, if you had the authority and why?	Quiz on chapter 10 due. SDHS Sr Official guest lecture
Week 10	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: America’s National Strategies: The Plans driving the War on Global Terrorism and what they mean. Sauter: Chapter 12 Sauter: Appendix 5	Agriculture Food Water Public Health Q8: What is Agro-terrorism and comment on likely target vectors?	Quiz on chapter 11 due. US Surgeon General Online Case Study 4: Howard: Strategic Planning for First Responders: Lessons Learned from the NY Fire Department (Chapter 17)
Week 11	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: Domestic Terrorism and Anti-Terrorism and Counter-Terrorism: The new role for States and Localities and supporting LEO Sauter: Chapter 13 Sauter: Appendix 4	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: Domestic Terrorism and Anti-Terrorism and Counter-Terrorism: The new role for States and Localities and supporting LEO Sauter: Chapter 13 Sauter: Appendix 4	Quiz on chapter 12 due. CIS PAPER 1 DUE
Week 12	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: CIS: Critical Infrastructure Protection and Key Assets. Protecting America’s most vulnerable Targets. Sauter: Chapter 14	Information & Tele-communications (I&T) Transportation Postal & Shipping Q9: What is the relationship between I & T CIS and all other CIS’s? Where is it most vulnerable?	Quiz on chapter 13 due. CIS PAPER 2 DUE
Week 13	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers: 1 ) Incident Management and Emergency management: Preparing for Prevention Fails; 2) Business Preparedness, Continuity, and Recovery: Private Sector Responses to Terrorism Sauter: Chapters 15 & 16 Sauter: Appendix 3	Energy Banking & Finance Chemical Industry & HAZMAT	Quiz on chapter 14 due. CIS PAPER 3 DUE Download Trucking Scenario from www.infosec-technologies.com
Week 14	Module 3 cont: Homeland Security (HS): Organization, Strategies, Programs and Principles Covers:1) Public Awareness and Preparedness; 2) Future of HS: Adapting and Responding to Evolving Terrorist Treats while Balancing Safety and Civil Liberties Sauter: Chapters 17 & 18 Sauter: Appendix 2	Q10: What is the correct balance between HS restrictions / operations and Civil Liberties? Comment on the US Patriot Act (rev 2006)	Quiz on chapters 15 & 16 due. CIS PAPER 4 DUE
Week 15	A/D Collaborative Paper & PPT Presentation		Quiz on chapters 17 & 18 due. Course Wrap-Up and Material Synthesis
Course Policies and Procedures Grading According to Graduate School grading policy, the following symbols are used: A = excellent; B = good; C = passing; and F = failure. The grade of B represents the benchmark for the Graduate School. It indicates that the student has demonstrated competency in the subject matter of the course, e.g., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, well-reasoned, well-organized, and grammatically correct responses, whether written or oral. Only students who fully meet this standard and, in addition, demonstrate exceptional comprehension and application of the course subject matter earn a grade of A. Students who do not meet the benchmark standard of competency fall within the C range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they can earn an F. Writing Standards Effective managers, leaders, and teachers are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all papers, individual and group, must demonstrate graduate level writing and comply with the format requirements of the Publication Manual of the American Psychological Association, (5th Edition). Careful attention should be given to spelling, punctuation, source citations, references, and the presentation of tables and figures. Timeliness It is expected that all course work will be presented on time and error free. Work submitted online should follow standard procedures for formatting and citations. Academic Integrity and Plagiarism Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes, but is not limited to, obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types. Plagiarism is the intentional or unintentional presentation of another person’s idea or product as ones own. Plagiarism includes, but is not limited to, the following: copying verbatim all or part of another’s written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources to material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion. Students may learn more about Towson University’s formal policies at: https://inside.towson.edu/generalcampus/tupolicies/index.cfm Disabilities Any student who needs an accommodation due to a disability should make an appointment to discuss the accommodation. A memo from Disability Support Services authorizing the accommodation is required. Course Evaluations Feedback on each graduate course and instructor is important to the university, your professor, and to all students. Towson University has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course. This should be viewed as an additional course and program requirement. Bibliography Acquista, A. (2003). The Survival Guide: What to do in a Biological, Chemical or Nuclear Emergency. New York: Random House. Adams, J. (1998) the Next World War, New York: Simon & Schuster. Anonymous. (April 2001) Electronic Crime Needs Assessment for State and Local Law Enforcement, National Institute of Justice: Washington, DC. Barnett, T.P.M. (2004). The Pentagon’s new map: War and peace in the twenty-first century. New York: Penguin Group. Bergen, P.L. (2001) Holy War Inc: Inside the Secret World of Osama bin Laden. Denver: Free Press. Berkoswitz, B. (2003) the New Face of War, New York: Free Press. Bidgoli H., Editor-in-Chief. (2006) Volume 1: Handbook of Information Security: Key Concepts, Infrastructure, Standards, and Protocols. Hoboken, New Jersey: Wiley. Bidgoli H., Editor-in-Chief. (2006) Volume 2: Handbook of Information Security: Information Warfare; Social, Legal and International Issues; and Security Foundations. Hoboken, New Jersey: Wiley. Bidgoli H., Editor-in-Chief. (2006) Volume 3: Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management. Hoboken, New Jersey: Wiley. Campen, A.D., et. al. (1996) Cyberwar: Security, Strategy and Conflict in the Information Age, AFCEA. Cherkasky, M. with Alex Prud’ Homme. (2003). Forewarned: Why the government is failing to protect us – and what we must do to protect ourselves. New York: Ballantine. Cordesman, A.H. (2002) Cyber-Threats, Information Warfare, and Critical Infrastructure Protection: Defending the U.S. Homeland. Westport Connecticut: CSIS publications. Curts, R.J. & Campbell, D.E. (2003). Building a Global Information Assurance Program. New York: Auerbach. Dacey, R. F. (April 8, 2003) Information Security: Progress Made, But Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructures, GAO Testimony Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Committee on Government Reform, House of Representatives, Statement of Robert F Dacey, Director, Information Security Issues. Diamond, J. (2005). Collapse: How societies choose to fail or succeed. New York: Viking. Dorothy, D. (1999) Defending the Nation: Information Warfare and Security. (Boston: ACM Press. Evers, D., Miller, M. & Glover, T. (2005) Pocket Partner, 4th Ed. Littleton, CO: Sequoia. Gordon, L. A. & Loeb, M. P. (2006) Managing Cyber-Security Resources: A Cost- Benefit Analysis. New York: McGraw Hill. Harris, S. (2005). The End of Faith: Religion, Terror, and the future of reason. New York: Norton. Hall, W. M. (2003). Stray Voltage: War in the information age. Annapolis, MD: Naval Institute Press. Henderson, H. (2003) Global Terrorism: The Complete Reference Guide, Checkmark Books, 2003. Howard, R., Forest, J. & Moore, J. (2006) Homeland Security and Terrorism: Readings and Interpretations. New York: McGraw Hill. Johnson, L. K. (2000) Bombs, Bugs, Drugs and Thugs: Intelligence and America’s quest for security. New York: New York University Press. Kamien, D. G. (2006) The McGraw Hill Homeland Security Handbook: The Definitive Guide for Law Enforcement, EMT, and all other Security Professionals. New York: McGraw Hill. Kroeger, T. (2003) Information Warfare: More than meets the eye, GSEC version 1.4b, San Francisco: SANS Institute. Laqueur, W. (Ed.). (2004). Voices of terror: Manifestos, writings and manuals of Al Qaeda, Hamas, and other terrorists from around the world and throughout the ages. New York: Reed Press. Larson, E.V. & J. E. Peters, (June 2001) Preparing the U.S. Army for Homeland Security: Concepts, Issues, and Options: Santa Monica, CA: Rand Corporation. Leone, R.C. & Anrig, G. Jr. (2003) the War on Our Freedoms: Civil Liberties in an Age of Terrorism. New York: Century Foundation. Lesser, I.O, Hoffman, B., Arquilla, J., Ronfeldt, D. & Jenkins, M. (1999) Countering the New Terrorism, Boston: Rand Press. Libicki, M. (1997) What is Information Warfare? National Defense University, NDU Press Book. Lewis, J.A. (December, 2002) Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Center for Strategic and International Studies, Washington, DC. Miniter, R. (2004). Shadow War: The Untold Story of How Bush is Winning the War On Terror. Washington, DC: Regnery. Molander, R.C., Wilson, P.A. & Anderson, R.H. (1998) United States Vulnerabilities: Threats Against Society, Santa Monica, Calif.: RAND, MR-1016, OSD. National Research Council, (2002). Making the Nation Safer: The Role of Science and Technology in Countering Terrorism, Washington: National Academy Press, Washington. Nichols R. K, Ryan, D. J., & Ryan, JCH. (2002) Defending your Digital Assets, Against Hackers, Crackers, Spies and Thieves, McGraw-Hill. Nichols, R.K. & Lekkas, P. C. (2002). Wireless Security: Models, Threats, Solutions. New York, NY: McGraw Hill. O'Hanlon, M. E., et. al, (2002) Protecting the American Homeland: One Year On, Brookings, Harrisonburg, VA: Brookings. Parker, T., et. al. (2004). Cyber Adversary Characterization. Rockland, MD: Syngress. Pynchon, J.H. & Burke, T. (2001) Terrorism: Today's Biggest Threat to Freedom, New York: Pinnacle. Rattray, G. J. (2001). Strategic Warfare in Cyberspace. London: MIT Press. Richelson, J.T. (1995). The U.S. Intelligence Community, 3rd Ed. Boulder, CO: Westview. Sauter, M. A., & Carafano, J. J. (2005) Homeland Security: A Complete Guide to Understanding, Preventing, and Surviving Terrorism. New York: McGraw Hill. Scheuer, M. (Nom-de-Plume: Anonymous) (2004). Imperial Hubris: Why the West is Losing the War on Terror. Washington, DC: Brassey’s. Schneier, B. (2003). Beyond Fear: Thinking Sensibly about Security in an Uncertain World. New York: Copernicus. Schwartau, W. (1996) Information Warfare: CyberTerrorism: Protecting Your Personal Security in the Electronic Age. New York: Thunder's Mouth Press. Vatis, M.A. (September 16, 2001) Combating Terrorism: A Compendium of Recent CounterTerrorism Recommendations from Authoritative Commissions and Subject Matter Experts, Director, Institute for Security Technology Studies, Dartmouth College. Vatis, M.A. (September 22, 2001) Cyber Attacks During the War on Terrorism: A Predictive Analysis. Director, Institute for Security Technology Studies, Dartmouth College. Verton, D. (2004) Black Ice: The Invisible Threat of Cyber-Terrorism, (ICE) San Francisco: Osborne. Williams, P. L. (2004) Osama’s Revenge: The Next 9/11: What the media and the Government Haven't Told You. New York: Prometheus. Yourdon, E. (2002). Byte wars: The impact of September 11 on information technology. Upper Saddle River, NJ: Prentice Hall.