Sep 23, 2020  
2016-2017 Catalog 
2016-2017 Catalog [PAST CATALOG]

CTS 210 - Information Systems Security

3 credit hours - Three hours of lecture weekly; one term.
(formerly CSI 214 - Information Systems Security)

Gain an understanding of physical security, hardware, software, and communications security. Recognize and handle viruses. Discuss technical, legal and ethical issues associated with information systems security.

Prerequisite(s): CTS 110  or CTS 130  or permission of CTS department chair.

Course Outcomes
Upon successful completion of this course, students will be able to:

  • Demonstration an understanding of Information Security Fundamentals
    • Define information security
    • Describe the history of computer security, and explain how it evolved into information security
    • Define key terms and critical concepts of information security
    • Describe the phases of security systems development life cycle
    • Describe the information security roles of professionals within an organization
    • Explain why organizations have a need for information security
    • Identify threats and attacks from both inside and outside an organization
    • Describe security issues related to software development
  • Describe the legal, ethical and professional issues in information security
    • Describe the laws, regulations and professional organizations related to information security and how they interact
    • Differentiate between laws and ethics
    • Identify major national laws related to information security
    • Explain the role of culture as it applies to ethics in information security
  • Demonstrate an understanding of risk management
    • Define risk management, risk identification, and risk control
    • Describe how risk is identified and assessed including probability of occurrence and likely impact
    • Explain documenting risk via the process of risk assessment
    • Describe risk mitigation strategies
    • Identify categories for classifying controls and formulate a cost benefit analysis
    • Describe how to maintain and perpetuate risk controls
  • Demonstrate an understanding of security planning
    • Define management’s role is information security policy
    • Describe and identify the major components information security blueprints
    • Describe how organizations institutionalize information security
    • Explain contingency planning and its relationship to other security planning
  • Demonstrate an understanding of cryptography
    • Explain the basic principles of cryptography
    • Describe the operating principles of popular cryptographic tools
    • Identify the major protocols used for secure communications
    • Discuss the dominate methods of attack used against cryptosystems
  • Demonstrate an understanding of security technology
    • Describe access control including authentication factors
    • Describe firewall technology and implementation
    • Describe the various approached to control remote and dial-up access
    • Discuss content filtering
    • Describe technology  used in virtual private networks
    • Identify instruction detection and prevention systems
    • Define and describe honeypots, honeynets, and padded cell systems
    • Identify scanning and analysis tools
    • Explain methods for access control
  • Identify the characteristics of physical security
    • Discuss the relationship between information security and physical security
    • Describe key physical security considerations
    • Identify critical physical environment considerations for computing facilities
  • Demonstrate an understanding of the implementing Information Security
    • Explain how an organization’s information security blueprint becomes a project plan
    • Enumerate the organizational considerations that a project  plan must address
    • Explain the role of the project manager
    • Describe technical strategies and models for implementing a project plan
    • Describe nontechnical problems organizations may face
  • Demonstrate an understanding of security as it related to personnel
    • Describe the positioning of the information security function within an organization
    • Explain staffing issues and concerns related to information security function
    • Identify credentials of information security professionals
    • Explain how employment policies and practices can support the information security effort
    • Identify the special security precautions of contract workers
    • Explain the need for separation of duties
    • Describe the special requirements needed to ensure the privacy of personnel data
  • Demonstrate an understanding of Information Security Maintenance
    • Discuss the need for ongoing maintenance
    • List the recommended security management models
    • Define a model for a full maintenance program
    • Identify the key factors for monitory the external and internal environment
    • Describe the systems needed to implement information security maintenance including readiness and review procedures
    • Define digital forensics and the management of digital forensics maintenance
    • Describe the process of acquiring, analyzing, and maintaining potential evidentiary material
Core Competencies
Core 1 Communication Core 2 Technology Fluency Core 5 Self Management