|
Nov 04, 2024
|
|
|
|
CTS 210 - Information Systems Security3 credit hours - Three hours of lecture weekly; one term. Formerly CSI 214 - Information Systems Security
Gain an understanding of physical security, hardware, software, and communications security. Recognize and handle viruses. Discuss technical, legal and ethical issues associated with information systems security.
Prerequisite(s): CTS 110 or CTS 130 or permission of CTS department chair.
Course Outcomes:
- Demonstration an understanding of Information Security Fundamentals
- Define information security
- Describe the history of computer security, and explain how it evolved into information security
- Define key terms and critical concepts of information security
- Describe the phases of security systems development life cycle
- Describe the information security roles of professionals within an organization
- Explain why organizations have a need for information security
- Identify threats and attacks from both inside and outside an organization
- Describe security issues related to software development
- Describe the legal, ethical and professional issues in information security
- Describe the laws, regulations and professional organizations related to information security and how they interact
- Differentiate between laws and ethics
- Identify major national laws related to information security
- Explain the role of culture as it applies to ethics in information security
- Demonstrate an understanding of risk management
- Define risk management, risk identification, and risk control
- Describe how risk is identified and assessed including probability of occurrence and likely impact
- Explain documenting risk via the process of risk assessment
- Describe risk mitigation strategies
- Identify categories for classifying controls and formulate a cost benefit analysis
- Describe how to maintain and perpetuate risk controls
- Demonstrate an understanding of security planning
- Define management’s role is information security policy
- Describe and identify the major components information security blueprints
- Describe how organizations institutionalize information security
- Explain contingency planning and its relationship to other security planning
- Demonstrate an understanding of cryptography
- Explain the basic principles of cryptography
- Describe the operating principles of popular cryptographic tools
- Identify the major protocols used for secure communications
- Discuss the dominate methods of attack used against cryptosystems
- Demonstrate an understanding of security technology
- Describe access control including authentication factors
- Describe firewall technology and implementation
- Describe the various approached to control remote and dial-up access
- Discuss content filtering
- Describe technology used in virtual private networks
- Identify instruction detection and prevention systems
- Define and describe honeypots, honeynets, and padded cell systems
- Identify scanning and analysis tools
- Explain methods for access control
- Identify the characteristics of physical security
- Discuss the relationship between information security and physical security
- Describe key physical security considerations
- Identify critical physical environment considerations for computing facilities
- Demonstrate an understanding of the implementing Information Security
- Explain how an organization’s information security blueprint becomes a project plan
- Enumerate the organizational considerations that a project plan must address
- Explain the role of the project manager
- Describe technical strategies and models for implementing a project plan
- Describe nontechnical problems organizations may face
- Demonstrate an understanding of security as it related to personnel
- Describe the positioning of the information security function within an organization
- Explain staffing issues and concerns related to information security function
- Identify credentials of information security professionals
- Explain how employment policies and practices can support the information security effort
- Identify the special security precautions of contract workers
- Explain the need for separation of duties
- Describe the special requirements needed to ensure the privacy of personnel data
- Demonstrate an understanding of Information Security Maintenance
- Discuss the need for ongoing maintenance
- List the recommended security management models
- Define a model for a full maintenance program
- Identify the key factors for monitory the external and internal environment
- Describe the systems needed to implement information security maintenance including readiness and review procedures
- Define digital forensics and the management of digital forensics maintenance
- Describe the process of acquiring, analyzing, and maintaining potential evidentiary material
|
|