Course Syllabus CMGT/441 Version 2

Course Syllabus
College of Information Systems & Technology CMGT/441 Version 2 Introduction to Information Systems Security Management
Copyright 2010, 2009 by University of Phoenix. All rights reserved.

Course Description This course introduces security principles and management issues that IT professionals must consider. The course surveys current and emerging security practices and processes as they relate to; information system, systems development, operating systems and programming, database development and management, networking and telecommunications, and the Internet. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: University policies: You must be logged into the student website to view this document. Instructor policies: This document is posted in the Course Materials forum.

University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Stallings, W., & Brown, L. (2008). Computer security principles and practice. Pearson Education, Inc. Article References Barr, J. G. (2011). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2011). Identity management market trends. Faulkner Information Services, 1-10. Spring, K. (2009). IBM tivoli security event management. Faulkner Information Services, 1-9. Barr, J. G. (2009). Common criteria overview. Faulkner Information Services, 1-10. Vosevich, K. A. (2011). Risk management software market trends. Faulkner Information Services, 1-9. Barr, J. G. (2011). Biometrics market trends. Faulkner Information Services, 1-7. All electronic materials are available on the student website.

Week One: IT Security Overview

Details
Objectives 1.1 Recognize the importance of IT security implementation.

Due

Points

Course Syllabus CMGT/441 Version 2

1.2 Identify major security issues associated with physical and operating system security. 1.3 Describe basic advantages and disadvantages among the various security implementations. Course Preparation Read the course description and objectives. Review the Learning Team Toolkit. NOTE: TestOut LabSims are available for this course. See Week One, Course Materials Page. Read Ch. 1, Overview, of Computer Security Principles and Practice. Read Ch. 2, Cryptographic Tools, of Computer Security Principles and Practice. Read Ch. 3, User Authentication, of Computer Security Principles and Practice. Read Ch. 4, Access Control, of Computer Security Principles and Practice. Read Ch. 5, Database Security, of Computer Security Principles and Practice. Read the Week One Read Me First. Read this weeks Electronic Reserve Readings. Participate in class discussion. Respond to weekly discussion questions. DQ #1 DQ #2 Post weekly summary. Complete the Learning Team Charter. The Learning Team project for this course, due in Week Five, is in the form of a Service Request from Riordan Manufacturing. It will be necessary for the Learning Team to access Service Request: SR-rm013, Information Systems Security Review. 05/23/2012 05/26/2012 05/28/2012 2 1 1 1

Readings

Participation Discussion Questions Weekly Summary Learning Team Instructions

Week Two: Computer and Network Security Issues and Considerations

Details
Objectives 2.1 Recognize major elements of network and workstation security. 2.2 Recall methods of securing networks and workstations. 2.3 Give examples of various security methodologies. Read Ch. 6, Intrusion Detection, of Computer Security Principles and Practice. Read Ch. 7, Malicious Software, of Computer Security Principles and Practice.

Due

Points

Readings

Course Syllabus CMGT/441 Version 2

Read Ch. 8, Denial of Service, of Computer Security Principles and Practice. Read Ch. 9, Firewalls and Intrusion Prevention Systems, of Computer Security Principles and Practice. Read Ch. 10, Trusted Computing and Multilevel Security, of Computer Security Principles and Practice. Read the Week Two Read Me First. Read this weeks Electronic Reserve Readings. Participation Discussion Questions Weekly Summary Learning Team Instructions Individual Participate in class discussion. Respond to weekly discussion questions. DQ #3 DQ #4 Post weekly summary. Draft a 2-3 page description of the physical and network security issues and concerns at each Riordan plant. Using various Internet sources, find an article or website on an information security topic that is of interest to you. Prepare a 1-2 page paper evaluating the article or website. Refer to the note on Evaluative Writing below. Evaluative Writingrequires students to take a stand on the quality of the material being evaluated. Provide an introduction, and select various aspects of the article or website. Describe each aspect, providing comments on the usefulness, validity or appropriateness of the article or website. The evaluation should provide details, examples and/or reasons for your viewpoint. 05/30/2012 06/02/2012 06/04/2012 06/04/2012 06/04/2012 2 1 1 1 5 15

Week Three: Data Security Issues and Considerations

Details
Objectives 3.1 Identify components of data security. 3.2 Distinguish the differences among the various data security methodologies. 3.3 Begin to apply data security methodologies in situational cases. Read Ch. 11, Buffer Overflow, of Computer Security Principles and Practice. Read Ch. 12, Software Security, of Computer Security Principles and Practice. Read Ch. 19, Symmetric Encryption and Message Confidentiality, of Computer Security Principles and Practice. Read Ch. 20, Public-key Cryptography and Message Authentication, of Computer Security Principles and Practice. Read the Week Three Read Me First. Read this weeks Electronic Reserve Readings.

Due

Points

Readings

Course Syllabus CMGT/441 Version 2

Participation Discussion Questions Weekly Summary Learning Team Instructions Individual

Participate in class discussion. Respond to weekly discussion questions. DQ #5 DQ #6 Post weekly summary. Draft a 2-3 page description on the data security issues and concerns present at each Riordan plant. Using various Internet sources, find an article or website on attack prevention. Prepare a 2-3 page paper evaluating the article and information provided. 06/06/2012 06/09/2012 06/11/2012 06/11/2012 06/11/2012

2 1 1 1 5 15

Week Four: Web Security Issues and Concerns

Details
Objectives 4.1 Identify components of web security. 4.2 Distinguish the differences among the various web security methodologies. 4.3 Begin to apply web security methodologies in situational cases. Read Ch. 21, Internet Security Protocols and Standards, of Computer Security Principles and Practice. Read Ch. 22, Internet Authentication Applications, of Computer Security Principles and Practice. Read Ch. 23, Operating System Security, of Computer Security Principles and Practice. Read Ch. 24, Windows and Windows Vista Security, of Computer Security Principles and Practice. Read the Week Four Read Me First. Read this weeks Electronic Reserve Readings. Participate in class discussion. Respond to weekly discussion questions. DQ #7 DQ #8 Post weekly summary. Draft a 2-3 page description on the web security issues and concerns present at each Riordan plant. Create and submit a 2-3 page security policy for McBride Financial Services, located in the Virtual Organizations. Develop a policy based on perceived needs associated within the loan department and issues in implementing online loan applications. 06/13/2012 06/16/2012 06/18/2012 06/18/2012 06/18/2012 2 1 1 1 5 20

Due

Points

Readings

Participation Discussion Questions Weekly Summary Learning Team Instructions Individual

Course Syllabus CMGT/441 Version 2

Week Five: Organization Security Issues and Concerns

Details
Objectives 5.1 Comprehend organizational security issues and concerns. 5.2 Comprehend needs for risk management and corporate planning and analysis. 5.3 Apply data security methodologies in situational cases. 5.4 Solve data security issues with proper application of the various methodologies. Read Ch. 13, Physical and Infrastructure Security, of Computer Security Principles and Practice. Read Ch. 14, Human Factors, of Computer Security Principles and Practice. Read Ch. 15, Security Auditing, of Computer Security Principles and Practice. Read Ch. 16, IT Security Management and Risk Assessment, of Computer Security Principles and Practice. Read Ch. 17, IT Security Controls, Plans and Procedures, of Computer Security Principles and Practice. Read Ch. 18, Legal and Ethical Aspects, of Computer Security Principles and Practice. Read the Week Five Read Me First. Read this weeks Electronic Reserve Readings. Participate in class discussion. Respond to weekly discussion questions. DQ #9 DQ #10 Post weekly summary. Finalize and submit an 8-10 page Learning Team paper. Prepare a Microsoft PowerPoint presentation. 06/20/2012 06/23/2012 06/25/2012 06/25/2012 06/25/2012 2 1 1 1 5 5

Due

Points

Readings

Participation Discussion Questions Weekly Summary Learning Team SR-rm-013 Project Learning Team SR-rm-013 Presentation

Optional Discussion Questions Week One Discussion Questions According to chapter 1 in the Computer Security Principles and Practices, security awareness program can be one of an organizations most powerful protection strategies. Discuss what makes a successful information security awareness program and how a security awareness program can be one of an organizations most powerful protection strategies. Based on the Barr (2011) article, how will merging information technologies such as data center

Course Syllabus CMGT/441 Version 2

virtualization impact business continuity for websites? Use your workplace, or your client's workplace, or a workplace in a case study, will cloud computing or platform as a service (PaaS) that provides dynamic scalability with enhanced infrastructure security ensure business continuity for websites or is this just a new unproven panacea? Week Two Discussion Questions Why is managing technical vulnerabilities so important to an organization managing their security environment? What are some ways to mitigate those vulnerabilities? Based on the Barr (2011) article, why is identity management considered the central component of access management and security strategies? Should identity management focus on role-based access control (RBAC)? What has the greatest positive impact on enterprise data protection (EDP), identity management, or encryption?

Week Three Discussion Questions Based on the Spring (2009) article, do you think security event management (SEM), such as the IBM Tivoli products, is feasible for small- to medium-sized businesses (SMBs)? Will SEM push SMBs to SaaS to gain an acceptable cost/benefit justification for the holistic security provided by SEM? In your current or previous workplace, have you ever worked with SEM? According to Chapters 11 and 12 in our readings, what are buffer overflow attacks? What can be done to prevent these vulnerabilities? Define software security and defensive programming. How do these techniques correlate to a reduction in vulnerabilities? Week Four Discussion Questions As hackers keep thinking of new ways to attack systems, what are some of the tools and techniques that experts believe will keep government on the cutting edge of security? Based on the Barr (2011) article, how does the common criteria standardized, global set of IT security specifications impact EDP? How does the common criteria address end-to-end data encryption throughout the information life cycle (ILM) of the data? What assurance levels, if any, does your current or previous workplace employ?

Week Five Discussion Questions What are some of the challenges facing companies when trying to implement wireless security? How does this affect their security frameworks? What can be done to overcome these challenges? Discuss the principles and challenges associated with continuous data protection. Does your organization have a CDP plan? Why or why not?

Copyright
University of Phoenix is a registered trademark of Apollo Group, Inc. in the United States and/or other countries. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the United States and/or other countries. All other company and product names are trademarks or registered trademarks of their respective companies. Use of these marks is not intended to imply endorsement, sponsorship, or affiliation. Edited in accordance with University of Phoenix editorial standards and practices.