| Course ID: | MIST 5770. 3 hours. |
| Course Title: | Information Security Management |
Course
Description: | Cybersecurity and information systems governance, risk, and
compliance are areas of great importance to organizations. The
course relates these areas to creating and preserving
organizational value and assets. Integration is accomplished
through case readings and consultation-oriented presentations.
Work outside class and teleconferences with working
professionals (such as consultants) are required. |
| Oasis Title: | Information Security Mgmt |
| Nontraditional Format: | Students will receive a case in class and, during the next class
period, will present their findings and solution to a
representative from the company/firm who created the case. Also,
they will have to commit to a 30-45 minute
teleconference/meeting once per week during the last half of the
semester. |
| Prerequisite: | (MIST 4610 or MIST 4610E) and (MIST 5750 or MIST 5750E) |
| Pre or Corequisite: | MIST 5740 or MIST 5740S |
Semester Course
Offered: | Offered fall and spring semester every year. |
| Grading System: | A-F (Traditional) |
|
| Course Objectives: | Understand, comprehend, and/or apply/discuss/evaluate:
1. Introduction to Information Security Governance and Risk
Management
a. Security terminology, principles, and protection control
types
b. Security frameworks, models, standards, and best practices
c. IT risk management, risk, and compliance
d. Information classification and protection
e. Malware types and attacks I
f. General controls, IT governance, and security governance
2. Security Architecture and Design
a. System architecture
b. Hardware, software, and operating system architectures
c. System security architecture and IS security software
models
d. Assurance evaluation criteria and ratings
3. Access control
a. Identification and authentication models, methods, and
technologies
b.IT audit and access controls
c. Information protection
d. Accountability, monitoring, and auditing practices
e. Electronic intrusion detection systems
f. Threats to access control practices and technologies
4. Telecommunications and network security
a. Open Systems Interconnection Reference Model
b. TCP/IP and other protocols
c. LAN, WAN, MAN, and other area networks and intranets and
extranets
d. Cable and Data transmission types
e. Network and telecommunications devices and services
f. Communications security management
g. Remote access methods and technologies
h. Wireless technologies
5.Physical and Environmental Security
a. Administrative, technical, and physical controls
b. Physical security risks, threats, and countermeasures
c. Electrical power issues and fire prevention, detection, and
suppression
6.Business Continuity and Disaster Recovery Planning
a. Business continuity management and planning components
b. Standards and best practices
c. Selecting, developing, and implementing disaster and
continuity solutions
d. Recovery, redundant, and backup technologies and
facilities
7.Software development security
a. Common software development issues and secure software
development approaches
b. Change control and configuration management
c. Programming languages, databases, and related security
issues
d. Malware types and attacks II |
| Topical Outline: | 1. Information security governance and risk management
2. Security architecture and design
3. IT Audit and Access control
4. Telecommunications and network security
5. Physical and environmental security
6. Business continuity and disaster recovery
7. Software development security |