Description

3 credit/unit hours – Three hours of lecture weekly; one term

This course offers in-depth coverage of the current risks and threats to an organization’s data, combined with a structured way of addressing the safeguarding of these critical electronic assets. The course provides a foundation for those new to Information Security as well as those responsible for protecting network services, devices, traffic, and data. Additionally, the course provides the broad-based knowledge necessary to prepare students for further study in other specialized security fields. It is also intended to serve the needs of individuals seeking to pass the Computing Technology Industry Association’s (CompTIA) Security + certification exam (SY0-501).

Learning Objectives

Upon completion of this course the student will be able to:

  • Describe why information security is essential in today’s IT environment;
  • Identify the goals of information security;
  • Describe common security threats and their ramifications;
  • Determine the factors involved in developing a secure information security strategy;
  • Identify common attacks and describe how to safeguard against them;
  • Describe communications, E-mail, Web, remote access, and wireless security issues;
  • Evaluate various network devices and media and how best to secure them;
  • Describe the basics of cryptography and Public Key Infrastructure (PKI);
  • Differentiate between physical security, disaster recovery, and business continuity;
  • Utilize network diagrams; and
  • Demonstrate appropriate and ethical behavior and good work habits

Main Topics

1.0 Identifying Security Fundamentals:

  • Identify Information Security Concepts
  • Identify Basic Security Controls
  • Identify Basic Authentication and Authorization Concepts
  • Identify Basic Cryptography Concepts

2.0 Analyzing Risk:

  • Analyze Organizational Risk
  • Analyze the Business Impact of Risk

3.0 Identifying Security Threats:

  • Identify Types of Attackers
  • Identify Social Engineering Attacks
  • Identify Malware
  • Identify Software-based Threats
  • Identify Network-based Threats
  • Identify Wireless Threats
  • Identify Physical Threats

4.0 Conducting Security Assessments:

  • Identify Vulnerabilities
  • Assess Vulnerabilities
  • Implement Penetration Testing

5.0 Implementing Host and Software Security:

  • Implement Host Security
  • Implement Cloud and Virtualization Security
  • Implement Mobile Device Security
  • Incorporate Security in the Software Development Life Cycle

6.0 Implementing Network Security:

  • Configure Network Security Technologies
  • Secure Network Design Elements
  • Implement Secure Networking Protocols and Services
  • Secure Wireless Traffic

7.0 Managing Identity and Access:

  • Implement Identity and Access Management
  • Configure Directory Services
  • Configure Access Services
  • Manage Accounts

8.0 Implementing Cryptography:

  • Identify Advanced Cryptography Concepts
  • Select Cryptographic Algorithms
  • Configure a Public Key Infrastructure
  • Enroll Certificates
  • Backup and Restore Certificates and Private Keys
  • Revoke Certificates

9.0 Implementing Operational Security:

  • Evaluate Security Frameworks and Guidelines
  • Incorporate Documentation in Operational Security
  • Implement Security Strategies
  • Manage Data Security Processes
  • Implement Physical Controls

10.0 Addressing Security Incidents:

  • Troubleshoot Common Security Issues
  • Respond to Security Incidents
  • Investigate Security Incidents

11.0 Ensuring Business Continuity:

  • Select Business Continuity and Disaster Recovery Processes
  • Develop a Business Continuity Plan