IT 0120 - Introduction to Information Systems Security
http://catalog.sierracollege.edu/course-outlines/it-0120/
Catalog Description DESCRIPTION IS HERE: Formerly known as CIS 147 Prerequisite: Completion of IT 105 with grade of "C" or better Advisory: Completion of IT 115 with grade of "C" or better Hours: 72 (54 lecture, 18 laboratory) Description: Introduction to the fundamental principles and topics of Information Technology Security and Risk Management at the organizational level. Addresses hardware, software, processes, communications, applications, and policies and procedures with respect to organizational Cybersecurity and Risk Management. Preparation for the CompTIA Security+ certification exams. (C-ID ITIS 160) (CSU) Units 3 Lecture-Discussion 54 Laboratory 18 By Arrangement Contact Hours 72 Outside of Class Hours Course Student Learning Outcomes Research, analyze and evaluate information to solve business problems using appropriate network security technology. Design and produce data and computer network security incorporating current trends, security, and best practices. Employ network security concepts and terminology in professional communication. Demonstrate marketable network security career skills. Course Content Outline 1.Introduction to Information Systems Security 2.Malware and Social Engineering Attacks 3.Application and Network Attacks 4.Vulnerability Assessment and Mitigating Attacks 5.Host, Application, and Data Security 6.Network Security 7.Administering a Secure Network 8.Wireless Network Security 9.Access Control Fundamentals 10.Authentication and Account Management 11.Basic Cryptography 12.Advanced Cryptography 13.Business Continuity 14.Risk Mitigation Course Objectives Course Objectives Lecture: 1. Describe the fundamental principles of information systems security. 2. Define the concepts of threat, evaluation of assets, information assets, physical, operational, and information security and how they are related. 3. Evaluate the need for the careful design of a secure organizational information infrastructure. 4. Determine both technical and administrative mitigation approaches. 5. Explain the need for a comprehensive security model and its implications for the security manager or Chief Security Officer (CSO). 6. Define basic cryptography, its implementation considerations, and key management. 7. Design and guide the development of an organization's security policy. Laboratory: 1. Perform risk analysis and risk management. 2. Create and maintain a comprehensive security model. 3. Apply security technologies. 4. Determine appropriate strategies to assure confidentiality, integrity, and availability of information. 5. Apply risk management techniques to manage risk, reduce vulnerabilities, threats, and apply appropriate safeguards/controls. Methods of Evaluation Objective Examinations Problem Solving Examinations Projects Skill Demonstrations Reading Assignments 1. Students read from the course text. For example students read the textbook chapter on encryption and answer end of chapter questions. 2. Students perform web based research on software and hardware security concepts from sites such as www.cert.org and report back on their findings. Writing, Problem Solving or Performance Example 1: After listening to the podcast (or reading the transcript) of a discussion titled "Train for the Unexpected," available at the CERT website (http://www.cert.org/podcast/show/20100330meyer.html), submit a one page response, identifying key information that will help you in your efforts to develop an incident response plan. Example 2: Detail the specific differences between symmetric cryptographic algorithms and asymmetric cryptography algorithms and explain where each algorithm would be utilized. Other (Term projects, research papers, portfolios, etc.) Methods of Instruction Laboratory Lecture/Discussion Distance Learning Other materials and-or supplies required of students that contribute to the cost of the course.
