Information Security Policies and Strategies

This is my 2nd course within the degree program and I think it was a pretty straightforward class. 2 group projects/papers within the 1st half of the course. One of those projects will have you think like a cyber criminal which was kind of fun. Quizzes are open book...you can use your notes and lectures for help. One of the assignments (assignment 4) is discussion board heavy and you have to interact with others about the cybersecurity topic that is posted. I took this class by itself while working a full time job, but I think it can be paired with another class. I also think that it can be a good course to take during the summer or as your 1st course when you're admitted into the program.

This course was not difficult at all, but still frustrating. After reading the reviews here I went into this expecting a B and that's exactly what I got despite more effort than I knew I should have put in. Grading depends on the TA you get and it seems that a few have chips on their shoulders (Beau Sommerville). Expect to spend some money out of pocket on the Go Phish assignment for a cloud email server because this is not possible any other way unless you happen to have one at home.

I literally fell asleep many times studying the material for this course. I did not learn anything that wasn't taught in my associate-level security course. The policy track should be a separate degree entirely because these are basically business courses and I think it's odd that students from technical tracks would be required to take a policy course at the graduate level. If this course is a requirement for you, do not put any more effort in than what is required for a B or you will regret it.

How you feel about this course will depend entirely on which TA grades your assignments. While all TAs are supposed to use the same rubric, it simply isn't the case. A group of us used out-of-band communications to compare assignment submissions and grades. There was no consistency to the grading and some TAs took marks off for not including things that weren't listed in the rubric. In one presentation the group annotated their slides to show which section of the rubric the slide aligned with. The TA who was grading gave them a zero for a whole section (which was later changed in a regrade) because they didn't see the information.

Also, you will have 2 group projects, that the TAs do not seem to consider while grading. The fate of your GPA will not be in your hands. If this wasn't a required course I would not recommend it to anyone.

The assignments are good, but like the other reviewers said, the TAs are the one who makes this class difficult. First of all, the instructions given for assignment will always leave you with more questions and when you ask them, you will be given the most vague answers(check canvas, its up for you to interpret, etc). Assignment 4 is debate styled and is divided into 2 sections 4a is initial statement and 4b is actual debate with students. This assignment literally has least amount of instructions and no rubric is given. I got full marks for 4a with one TA and another TA graded 4b with less than the average marks(perhaps lowest) and the feedback i got was, my 4a was not sufficient which I believe is unfair(because 4a and 4b are graded different why was i graded for 4a in 4b). Mind you, I had followed all instructions provided for 4b and some of the TAs feedback was not even mentioned in assignment instructions(like using sources). When I put this for regrading request, after a long discussion the head TA pitched in and increased few points and told me the grading is subjective and objective, I was graded harsh. My end grade got up from 87.5 to 89.5 with a B, imo my points were increased to make me feel good and stop me at a B. Unfortunately, my regrading request got dragged for a week and the final grades were released so I could not argue more. The assignment graded are subjective to TA's understanding of expectations so if you feel like you have done everything right. make sure you put in a regrading request and you tag professor and other TAs to pitch in and not rely on the TA which graded you initially, because initial TA will be the one who pick up your regrading request as well.

In short, you are literally at the mercy of TA for grading, if you get a hard grader like i did, you will suffer even though you followed every instruction, if not you will get A. My only regret is I did not put regrading request for all of my assignments.

This class has tearable TAs they take off like 30 or 40 pts for vague and not clear criteria. Overall worst experience in a college class I have ever had. If I met the TAs in person they would hope to get away from me without giving them an earful. The program is so bad I am not impressed so far with the education. The class needs new TAs and management. Id say it was easy but when the big projects get huge deductions for no reason because the TA wanted to be a hard tail then it's not easy. Just aweful.

I had a bad experience taking this course. It was going fine till i received a bad feedback from a teammate forcing me to withdraw from the course as it would affect my grade. Even after contributing to the assignments, to assign 10% of the overall points just because you don't like someone is unprofessional. Despite getting bad vibes initially and being tempeted to leave very low points to the same person, I kept it professional and left a satisfactory review based on my experience working in multiple companies and different teams. The same person had only contributed to the documentation powerpoint slides for assignment and did not contribute to performing the actual exploit except for looking up some tool he knew from work and preparing slides on the same while I did a part of the exploit as well as add to the slides from the same documentation. Your contribution does not warrant a >35 points for the effort even though some work was done for looking up details of the victim and posting screenshots of the same of the slides. You envisoned the slides to look a certain way and others had agreed to accept your view but it does not warrant >35 points and does not mean you did "more effort" for the padded slides.

Eventually, after having a prior experience from my first course for a similar personality, this time, I withdrew rather than follow ethics and continue giving an undeserving teammate a satisfactory review.

The Online MS courses at Georgia Tech have a recurring problem with such personalities that do not understand how the feedback system work. In the previous semester, I had an experienced manager from a multi-national company as my teammate that did not know how to code, I did not leave a bad feedback, just because he couldn't code, and still gave an equal feedback that would not affect his overall score. In your professional career you are going to work with many such groups, and behaving in this manner that would harm someone is unprofessional.

Overall this is a solid class. Content was interesting, but the class kind of lacked substance. The instructor would talk about cybersecurity at a superficial level and never really dove deep. The lecture videos were short as a result. The content, as fluffy as it may be, I felt was pretty interesting. The instructor is a career academic and it shows; some of the content doesn't apply in the real world very well or is esoteric. On the whole it was interesting. The quizzes were open book/note no time limit -- they were more challenging than I expected -- most questions could be CTRL+F'd, but a few required at least some mastery of the topic. Several times for the life of me I could not find addressed in the lectures or readings at all. The course was so devoid of content I literally could do 3 weeks of lectures in a few hours even while taking notes. At times I forgot I was enrolled in grad school :D This class felt like it has about 4 weeks worth of content in it. The instructor and TAs would often speak about cybersecurity like politicians do. I guess thats a public policy department for you. :) That said, I was impressed by the instructors accuracy; many policy people I've worked with make inaccurate assertions about technology. The instructor was spot on the entire course.

Group work can suck. I had a team that varied from okay to bad and we did okay on the projects. 1 person on our team did not really contribute at all but was assertive with their opinions, the 2nd only contributed to the second project. The third person and I did 80% of the work. Nothing too abnormal with academic group work. Would have preferred working alone; the hardest part was dealing with the non-contributors.

Cons:

• Go Phish very very questionable legally. As students we agree to GaTech's acceptable use policy but the project scope is very vaguely defined and rules of engagement are non existent. One of the first things I learned in cybersecurity is to never attack things without an explicit ROE with scope clearly defined; without it in place you are in questionable ethical and legal territory at best. Any cybersecurity instructor who tells you otherwise should probably find another line of work. Its really ironic for a cyber security policy class to ignore this.
• Grading was all over the place. They would dock points but not tell you why. In other cases they docked points for made up requirements not specified in the rubric. Or the TA would tell you that you did great work on a section of the rubric, not mentioning any issues but dock points anyways. It felt like my grade depended on the TA I got more than the quality of the submission. In the end it all worked out and I got a solid A.
• Projects, like most Gatech work is vaguely defined. Most of the time that is fine; students get clarification in Piazza and go about their business. However questions in Piazza were frequently responded to with non-answers. The only TA I ever got useful answers from was Beau who was absolutely fantastic.