Description
- This course provides an overview of security challenges and strategies of countermeasure in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity, and confidentiality aspects of information systems.
- Major Instructional Areas
- Information Systems Security fundamentals
- Seven domains of a typical Information Technology (IT) infrastructure
- Risks, threats, and vulnerabilities found in a typical IT infrastructure
4.Security countermeasures for combating risks, threats, and vulnerabilities commonly found in an ITare infrastructure
- (ISC)2 Systems Security Certified Practitioner (SSCP®) Common Body of Knowledge – SSCP® domains
- Six domains of the CompTIA Security+ certification”
Learning Outcomes
- Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
- Assess the current methods of business communications today and the associated risks and threats.
- Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
- Explain the role of access controls in implementing a security policy.
- Explain the role of operations and administration in effective implementation of security policy
- Explain the importance of security audits, testing, and monitoring to effective security policy.
- Explain how businesses apply cryptography in maintaining information security.
- Understand malicious attacks, threats, and vulnerabilities and explain the means attackers use to compromise systems and networks and defenses used by organizations.
- Use international and domestic information security standards and compliance laws in real-world applications in both the private and public sector.
Assessment structure
- Ongoing assessment (OA):
- 02 Progress Tests: 20%
- 08 Labs: 30%
- 01 Group Presenatation: 10%
- Final examination (FE): 40%
- Completion criteria:
- Final Result >=5 & Final Exam Score >= 4
- Every on-going assessment component > 0
Course schedule
- Information Systems Security
- 1.1 Information Systems Security
- 1.2 Tenets of Information Systems Security
- 1.3 The Seven Domains of a Typical IT Infrastructure
- Information Systems Security (cont.)
- 1.4 Weakest Link in the Security of an IT Infrastructure
- 1.5 IT Security Policy Framework
- 1.6 Data Classification Standards
- Changing How People and Businesses Communicate
- 2.1 Evolution of Voice Communications
- 2.2 VoIP and SIP Risks, Threats, and Vulnerabilities
- 2.3 Converting to a TCP/IP World
- 2.4 Multimodal Communications
- Changing How People and Businesses Communicate (cont.)
- 2.5 Evolution from Brick-and-Mortar to e-Commerce
- 2.6 Why Businesses Today Need an Internet Marketing Strategy
- 2.7 The Web Effect on People, Businesses, and Other Organizations
- Reading 1: The Internet of Things Is Changing How We Live
- Lab 1: Performing Reconnaissance and Probing Using Common Tools
- The Drivers of the Information Security Business
- 4.1 Defining Risk Management
- 4.2 Implementing a BIA, a BCP, and a DRP
- 4.3 Assessing Risks, Threats, and Vulnerabilities
- Lab 2: Performing a Vulnerability Assessment
- The Drivers of the Information Security Business (cont.)
- 4.4 Closing the Information Security Gap
- 4.5 Adhering to Compliance Laws
- 4.6 Keeping Private Data Confidential
- Reading 2: The Integrated IA Model
- Lab 3: Performing Packet Capture and Traffic Analysis
- Review Chapters 1, 2, 4 & Progress Test 1 (30’)
- Access Controls
- 5.1, 5.2 Four Parts and Two Types of Access Control
- 5.4 Identification Methods and Guidelines
- 5.5 Authentication Processes and Requirements
- Access Controls (cont.)
- 5.7 Formal Models of Access Control
- 5.8 Threats to Access Controls
- 5.9 Effects of Access Control Violations
- Lab 4: Enabling Windows Active Directory and User Access Controls
- Security Operations and Administration
- 6.1 Security Administration
- 6.2 Compliance
- 6.4 The Infrastructure for an IT Security Policy
- Security Operations and Administration (cont.)
- 6.5 The Change Management Process
- 6.6 The System Development Life Cycle (SDLC)
- 6.8 Software Development and Security
- Lab 5: Implementing an Information Systems Security Policy
- Auditing, Testing, and Monitoring
- 7.1 Security Auditing and Analysis
- 7.4 Audit Data–Collection Methods
- 7.5 Post-Audit Activities
18
- 7.6 Security Monitoring
- 7.8 How to Verify Security Controls
- 7.9 Monitoring and Testing Security Systems
- Lab 6: Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control
- Reading 3: Chapter 8: Role of Risk Management, Response, and Recovery for IT Systems, Applications, and Data
- Role of Cryptography in Maintaining Confidentiality and Privacy of Data
- 9.1 What Is Cryptography?
- 9.2 Cryptographic Business and Security Requirements
- 9.4 Cryptographic Principles
- 9.5 Cryptographic Applications, Tools, and Resources
- 9.6 Principles of Certificates and Key Management
- Lab 7: Using Encryption to Enhance Confidentiality and Integrity
- Reading 4: Chapter 10. Network and Communication
- Review Chapters 5, 6, 7, 9 & Progress Test 2 (30’)
- Mitigation of Risk and Threats from Attacks and Malicious Code Information
- 11.2 The Main Types of Malware
- 11.3 A Brief History of Malicious Code Threats
- 11.4 Threats to Business Organizations
- Chapter 11 (cont.)
- 11.5 Anatomy of an Attack
- 11.6 Attack Prevention Tools and Techniques
- 11.7 Incident Detection Tools and Techniques
- Lab 8: Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities
- Information Security Standards
- 12.1 Standards Organizations
- 12.3 ISO/IEC 27002
- 12.4 Payment Card Industry Data Security Standard (PCI DSS)
- Reading 5: Examine Real-World Implementations of Security Standards and Compliance Laws
- U.S. Compliance Laws
- 15.1 Compliance Is the Law
- 15.2 Federal Information Security
- 15.3 The Health Insurance Portability and Accountability Act (HIPAA)
- U.S. Compliance Laws (cont.)
- 15.6 The Family Educational Rights and Privacy Act
- 15.7 The Children’s Internet Protection Act
- 15.8 Making Sense of Laws for Information Security Compliance
- Group Presentation (one of 5 readings)
- Course Review
Learning material
- David Kim, Michael G. Solomon, Fundamentals of Information Systems Security, 2nd Edition, Jones & Bartlett, 2014.
- The Internet of Things Is Changing How We Live, Chapter 2 in “David Kim, Michael G. Solomon, Fundamentals of Information Systems Security, 3rd Edition, Jones & Bartlett, 2016”.
- Michael E. Whitman, Herbert J. Mattord, Principles of Information Security, 5th Edition. Course Technology, Cengage Learning, 2015.
- Michael E. Whitman, Herbert J. Mattord, Management of Information Security, 4th Edition. Course Technology, Cengage Learning, 2014.
- Lecture slides, Lab manual, supplementary material
- Tools: Internet, Wireshark, OpenVAS, NetWitness Investigator, Zenmap, AD DS, PBIS, GPO Editor, RDP, MBSA, FileZilla, Kleopatra, DVWA.