Nov 04, 2024  
2024-2025 Catalog 
    
2024-2025 Catalog

CTS 210 - Information Systems Security

3 credit hours - Three hours of lecture weekly; one term.
Formerly CSI 214 - Information Systems Security

Gain an understanding of physical security, hardware, software, and communications security. Recognize and handle viruses. Discuss technical, legal and ethical issues associated with information systems security.

Prerequisite(s): CTS 110  or CTS 130  or permission of CTS department chair.

Course Outcomes:
 

  • Demonstration an understanding of Information Security Fundamentals
    • Define information security
    • Describe the history of computer security, and explain how it evolved into information security
    • Define key terms and critical concepts of information security
    • Describe the phases of security systems development life cycle
    • Describe the information security roles of professionals within an organization
    • Explain why organizations have a need for information security
    • Identify threats and attacks from both inside and outside an organization
    • Describe security issues related to software development
  • Describe the legal, ethical and professional issues in information security
    • Describe the laws, regulations and professional organizations related to information security and how they interact
    • Differentiate between laws and ethics
    • Identify major national laws related to information security
    • Explain the role of culture as it applies to ethics in information security
  • Demonstrate an understanding of risk management
    • Define risk management, risk identification, and risk control
    • Describe how risk is identified and assessed including probability of occurrence and likely impact
    • Explain documenting risk via the process of risk assessment
    • Describe risk mitigation strategies
    • Identify categories for classifying controls and formulate a cost benefit analysis
    • Describe how to maintain and perpetuate risk controls
  • Demonstrate an understanding of security planning
    • Define management’s role is information security policy
    • Describe and identify the major components information security blueprints
    • Describe how organizations institutionalize information security
    • Explain contingency planning and its relationship to other security planning
  • Demonstrate an understanding of cryptography
    • Explain the basic principles of cryptography
    • Describe the operating principles of popular cryptographic tools
    • Identify the major protocols used for secure communications
    • Discuss the dominate methods of attack used against cryptosystems
  • Demonstrate an understanding of security technology
    • Describe access control including authentication factors
    • Describe firewall technology and implementation
    • Describe the various approached to control remote and dial-up access
    • Discuss content filtering
    • Describe technology  used in virtual private networks
    • Identify instruction detection and prevention systems
    • Define and describe honeypots, honeynets, and padded cell systems
    • Identify scanning and analysis tools
    • Explain methods for access control
  • Identify the characteristics of physical security
    • Discuss the relationship between information security and physical security
    • Describe key physical security considerations
    • Identify critical physical environment considerations for computing facilities
  • Demonstrate an understanding of the implementing Information Security
    • Explain how an organization’s information security blueprint becomes a project plan
    • Enumerate the organizational considerations that a project  plan must address
    • Explain the role of the project manager
    • Describe technical strategies and models for implementing a project plan
    • Describe nontechnical problems organizations may face
  • Demonstrate an understanding of security as it related to personnel
    • Describe the positioning of the information security function within an organization
    • Explain staffing issues and concerns related to information security function
    • Identify credentials of information security professionals
    • Explain how employment policies and practices can support the information security effort
    • Identify the special security precautions of contract workers
    • Explain the need for separation of duties
    • Describe the special requirements needed to ensure the privacy of personnel data
  • Demonstrate an understanding of Information Security Maintenance
    • Discuss the need for ongoing maintenance
    • List the recommended security management models
    • Define a model for a full maintenance program
    • Identify the key factors for monitory the external and internal environment
    • Describe the systems needed to implement information security maintenance including readiness and review procedures
    • Define digital forensics and the management of digital forensics maintenance
    • Describe the process of acquiring, analyzing, and maintaining potential evidentiary material