Course Description
Cybersecurity and information systems governance, risk, and compliance are areas of great importance to organizations. The course relates these areas to creating and preserving organizational value and assets. Integration is accomplished through case readings and consultation-oriented presentations. Work outside class and teleconferences with working professionals (such as consultants) are required.
Athena Title
Information Security Mgmt
Non-Traditional Format
Students will receive a case in class and, during the next class period, will present their findings and solution to a representative from the company/firm who created the case. Also, they will have to commit to a 30-45 minute teleconference/meeting once per week during the last half of the semester.
Prerequisite
(MIST 4610 or MIST 4610E) and (MIST 5750 or MIST 5750E)
Pre or Corequisite
MIST 5740 or MIST 5740S
Semester Course Offered
Offered fall and spring
Grading System
A - F (Traditional)
Course Objectives
Understand, comprehend, and/or apply/discuss/evaluate: 1. Introduction to Information Security Governance and Risk Management a. Security terminology, principles, and protection control types b. Security frameworks, models, standards, and best practices c. IT risk management, risk, and compliance d. Information classification and protection e. Malware types and attacks I f. General controls, IT governance, and security governance 2. Security Architecture and Design a. System architecture b. Hardware, software, and operating system architectures c. System security architecture and IS security software models d. Assurance evaluation criteria and ratings 3. Access control a. Identification and authentication models, methods, and technologies b.IT audit and access controls c. Information protection d. Accountability, monitoring, and auditing practices e. Electronic intrusion detection systems f. Threats to access control practices and technologies 4. Telecommunications and network security a. Open Systems Interconnection Reference Model b. TCP/IP and other protocols c. LAN, WAN, MAN, and other area networks and intranets and extranets d. Cable and Data transmission types e. Network and telecommunications devices and services f. Communications security management g. Remote access methods and technologies h. Wireless technologies 5.Physical and Environmental Security a. Administrative, technical, and physical controls b. Physical security risks, threats, and countermeasures c. Electrical power issues and fire prevention, detection, and suppression 6.Business Continuity and Disaster Recovery Planning a. Business continuity management and planning components b. Standards and best practices c. Selecting, developing, and implementing disaster and continuity solutions d. Recovery, redundant, and backup technologies and facilities 7.Software development security a. Common software development issues and secure software development approaches b. Change control and configuration management c. Programming languages, databases, and related security issues d. Malware types and attacks II
Topical Outline
1. Information security governance and risk management 2. Security architecture and design 3. IT Audit and Access control 4. Telecommunications and network security 5. Physical and environmental security 6. Business continuity and disaster recovery 7. Software development security
Syllabus