ITE 145: Fundamentals of Information Systems Security

Course Description

This course will focus on an overview of security challenges and strategies of countermeasure in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. (3 credits)

Prerequisite

ITE 101: Management Information Systems or ITE 102: Introduction to Computer Science

Student Learning Outcomes (SLOs)

Upon completion of the course, the students will be able to:

Explain the concepts of information systems security as applied to an IT infrastructure.
Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
Explain the role of access controls in implementing a security policy.
Explain the role of operations and administration in effective implementation of security policy.
Explain the importance of security audits, testing, and monitoring to effective security policy.
Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems.
Explain how businesses apply cryptography in maintaining information security.
Analyze the importance of network principles and architecture to security operations.
Explain the means attackers use to compromise systems and networks and defenses used by organizations.
Apply international and domestic information security standards and compliance laws to real-world implementation in both the private and public sector.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

Assignments	Weight
Discussions (Weeks 1-8)	16%
Written Assignments (Weeks 1-7)	20%
Labs (Weeks 1-7)	20%
Projects (Weeks 2, 6 & 8)	30%
Final Exam (Week 8)	14%
Total	100%

Required Textbooks

Available through Charter Oak's online bookstore

Kim, David, and Michael G. Solomon. Fundamentals of Information Systems Security - with Navigate2 Access. 3rd ed. Sudbury, MA: Jones & Bartlett, 2018. ISBN-13: 978-1-284-15971-4

Note: This is a bundle which includes the textbook and an access code required for this course. Student must purchase these materials “New” from the Charter Oak State College bookstore. Used materials or materials from any other source are not acceptable.

Additional Resources

Links and readings will be provided in the Course Documents and Webliography sections on Blackboard.

Technical Requirements

See below for additional requirements

Course Schedule

Week	SLOs	Readings and Exercises	Assignments
1	1	Topic: Information Systems Security Fundamentals Readings: Chapter 1: Information Systems Security Chapter 2: Changing How People and Businesses Communicate	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Match Risks/Threats to Solutions Submit Assignment: Impact of a Data Classification Standard Complete Lab: Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Begin working on Project Part 1 due Week 2
2	2	Topic: Security Countermeasures to Mitigate Malicious Attacks Readings: Chapter 3: Malicious Attacks, Threats, and Vulnerabilities Chapter 4: The Drivers of the Information Security Business	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Microsoft Environment Analysis Complete Lab: Perform a Vulnerability Assessment Submit Project Part 1: Risks, Threats and Vulnerabilities
3	3	Topic: Access Controls Readings: Chapter 5: Access Controls	Read assigned chapter Participate in the Discussions Review the Lecture material Submit Assignment: Remote Access Control Policy Definition Complete Lab: Enabling Windows Active Directory and User Access Controls
4	4,5	Topics: Security Policies, Auditing, Testing, and Monitoring Readings: Chapter 6: Security Operations and Administration Chapter 7: Auditing, Testing, and Monitoring	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Enhance an Existing IT Security Policy Framework Submit Assignment: Create an Internet and E-mail Acceptable Use Policy Submit Assignment: Testing and Monitoring Security Controls Submit Assignment: Define a Comprehensive Acceptable Use Policy Complete Lab: Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control Complete Lab: Performing Packet Capture and Traffic Analysis
5	6,7	Topics: Risk, Response, Recovery, and Cryptography Readings: Chapter 8: Risk, Response and Recovery Chapter 9: Cryptography	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Match Risk and Response Descriptions Submit Assignment: Quantitative and Qualitative Risk Assessment Analysis Submit Assignment: Select Appropriate Encryption Algorithms Submit Assignment: Design an Encryption Strategy Complete Lab: Implementing a Business Continuity Plan Complete Lab: Using Encryption to Enhance Confidentiality & Integrity Begin working on Project Part 2 due Week 6
6	8,9	Topics: Network Weaknesses and Mitigation of Risks and Threats from Attacks Readings: Chapter 10: Networks and Telecommunications Chapter 11: Malicious Code and Activity	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Network Hardening Submit Assignment: Network Security Applications and Countermeasures Submit Assignment: List Phases of an Attack Submit Assignment: Summary Report on a Malicious Code Attack Complete Lab: Performing a Website and Database Attack by Exploiting Identified Vulnerabilities Submit Project Part 2: Gap Analysis Plan and Risk Assessment Methodology
7	10	Topics: Information Security Standards and Compliance Laws Readings: Chapter 12: Information Security Standards Chapter 15: U.S. Compliance Laws	Read assigned chapters Participate in the Discussions Review the Lecture material Submit Assignment: Examine Real-World Implementations of Security Standards Submit Assignment: Examine Real-World Implementations of U.S. Compliance Laws Submit Assignment: Small- to Medium-Sized Business Analysis Complete Lab: Eliminating Threats with a Layered Security Approach Begin working on Project Part 3 due Week 8
8	1-10	Topics: Information Systems Security Education and Certifications Readings: Review chapters and course materials for Final Exam	Participate in the Discussions Submit Project Part 3: System Hardening and Auditing Complete Final Exam Complete Course Evaluation
Final Exam Chapters 1-12 & 15 SLOs 1-10

Hatsize System Requirements

Internet Connection

Bandwidth: At least .8 Mbps per second
Latency: Less than 125 milliseconds

Minimum System Requirements

N/A – all requirements are network and browser-based

Browser Requirements

Any contemporary browser that supports HTML 5 classes
Chrome and Firefox are recommended

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.