CSS 345: Auditing IT Infrastructure for Compliance

Course Description

This course will focus on the principles, approaches, and methodology in auditing information systems to ensure compliance with pertinent laws and regulatory provisions, especially in the context of information systems security (ISS). (3 credits)

Prerequisites

  • ENG 101: English Composition 1
  • ENG 102: English Composition 2
  • ITE 145: Fundamentals of Information Systems Security
  • ITE 220: Networking and Data Communcation (Recommended)

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Describe the role of information systems security (ISS) compliance in relation to organizations.
  2. Explain specific U.S. compliance laws and standards, and how they affect IT operations.
  3. Explain the scope of an IT audit for compliance and the use of standards and frameworks.
  4. Describe the components and basic requirements for creating an audit plan to support business and system considerations.
  5. Describe the parameters required to conduct and report on an IT infrastructure audit for organizational compliance.
  6. Describe information security systems compliance requirements within the seven domains of an IT infrastructure.
  7. Describe the qualifications, ethics, and certification organizations for IT auditors.

Course Activities and Grading

AssignmentsWeight

Discussions

10%

Written Assignments

24%

Lab Assignments

20%

Project

21%

Final Exam

25%

Total

100%

Required Textbooks

Available through Charter Oak’s online bookstore

  • Weiss, Martin. Auditing IT Infrastructures for Compliance - with Access Code. Jones & Bartlett. 2nd ed. 2015. ISBN-13: 9781284143447
    • Note: This is a bundle which includes the textbook and the Access Code required for this course. We discourage students from purchasing “used” materials from other sources due to access codes not working properly.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1

Topic: Introduction Systems Security Compliance

  • Readings:
    • Chapter 1, "The Need for Information Systems Security Compliance"
    • Chapter 2, "Overview of U.S. Compliance Laws"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignment
    • Compliance Laws
  • Submit Week 1 Lab
    • Assessing the Impact of Sarbanes-Oxley (SOX) Compliance Law on Enron

2

2

Topic: Information Security Compliance Audit

  • Readings:
    • Chapter 3, "What Is the Scope of an IT Infrastructure Audit for Compliance?"
    • Chapter 4, "Auditing Standards and Frameworks"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 2 Assignments
    • Frameworks - Role in IT Security Domains and Auditing Compliance
    • Protecting Personal Information
    • Quiz
  • Submit Week 2 Lab
    • Aligning Auditing Frameworks for a Business Unit within the DoD

3

3

Topic: Planning, Conducting, and Reporting an IT Infrastructure Audit for Compliance

  • Readings:
    • Chapter 5, "Planning an IT Infrastructure Audit for Compliance"
    • Chapter 6, "Conducting an IT Infrastructure Audit for Compliance"
    • Chapter 7, "Writing the IT Infrastructure Audit Report"
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 3 Assignments
    • Analyzing Critical Security Control Points
    • Baseline Controls and the IT Security Policy Framework
  • Submit Week 3 Labs
    • Defining a Process for Gathering Information Pertaining to a HIPAA Compliance Audit
    • Aligning an IT Security Assessment - Risks, Threats, and Vulnerability - to Achieve Compliance

4

4

Topics: Compliance Within the User, Workstation, and LAN Domains

  • Readings:
    • Chapter 8, "Compliance Within the User Domain"
    • Chapter 9, "Compliance Within the Workstation Domain"
    • Chapter 10, "Compliance Within the LAN Domain"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 4 Assignments
    • Best Practices for User Domain Compliance
    • Best Practices for Workstation and LAN Domain Compliance
    • Security Controls for the Workstation Domain
  • Submit Week 4 Lab
    • Defining a Process for Gathering Information Pertaining to a GLBA Compliance Audit
    • Auditing the Workstation Domain for Compliance
  • Complete Project Part 1: PCI DSS Compliance Requirements

5

5,6

Topic: Compliance Within the LAN-to-WAN and WAN Domains

  • Readings:
    • Chapter 11, "Compliance Within the LAN-to-WAN Domain"
    • Chapter 12, "Compliance Within the WAN Domain"
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 5 Assignment
    • Best Practices for LAN-to-WAN and WAN Domain Compliance
  • Submit Week 5 Labs
    • Auditing the LAN-to-WAN Domain for Compliance

6

7,8,9

Topic: Compliance Within the Remote Access and System/ Application Domains

  • Readings:
    • Chapter 13, "Compliance Within the Remote Access Domain"
    • Chapter 14, "Compliance Within the System/Application Domain"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 6 Assignments
    • Best Practices for Remote Access Domain Compliance
    • Best Practices for System/Application Domain Compliance
  • Submit Week 6 Labs
    • Auditing the Remote Access Domain for Compliance
    • Auditing the System/Application Domain for Compliance
  • Complete Project Part 2: Design of an Integrated Internal Control System

7

10

Topics: Ethics, Education, and Certification for IT Auditors

  • Readings:
    • Chapter 15, "Ethics, Education, and Certification for IT Auditors"
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 7 Assignment
    • Codes of Conduct for Employees and IT Auditors
  • Submit Week 7 Lab
    • Charting Your Career Path - Professional Certifications

8

1-10

Topics: Conclusion and Final Exam

  • Readings:
    • Review all materials from previous weeks of the course
  • Complete Final Exam
  • Complete Project Part 3: Compliance Within IT Infrastructure Domains
  • Complete the Course Evaluation

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.