Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Course Syllabus
College of Information Systems & Technology CMGT/441 Version 2 Introduction to Information Systems Security Management
Copyright 2010, 2009 by University of Phoenix. All rights reserved.
Course Description This course introduces security principles and management issues that IT professionals must consider. The course surveys current and emerging security practices and processes as they relate to; information system, systems development, operating systems and programming, database development and management, networking and telecommunications, and the Internet. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: University policies: You must be logged into the student website to view this document. Instructor policies: This document is posted in the Course Materials forum.
University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Stallings, W., & Brown, L. (2008). Computer security principles and practice. Pearson Education, Inc. Article References Barr, J. G. (2011). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2011). Identity management market trends. Faulkner Information Services, 1-10. Spring, K. (2009). IBM tivoli security event management. Faulkner Information Services, 1-9. Barr, J. G. (2009). Common criteria overview. Faulkner Information Services, 1-10. Vosevich, K. A. (2011). Risk management software market trends. Faulkner Information Services, 1-9. Barr, J. G. (2011). Biometrics market trends. Faulkner Information Services, 1-7. All electronic materials are available on the student website.
Due
Points
1.2 Identify major security issues associated with physical and operating system security. 1.3 Describe basic advantages and disadvantages among the various security implementations. Course Preparation Read the course description and objectives. Review the Learning Team Toolkit. NOTE: TestOut LabSims are available for this course. See Week One, Course Materials Page. Read Ch. 1, Overview, of Computer Security Principles and Practice. Read Ch. 2, Cryptographic Tools, of Computer Security Principles and Practice. Read Ch. 3, User Authentication, of Computer Security Principles and Practice. Read Ch. 4, Access Control, of Computer Security Principles and Practice. Read Ch. 5, Database Security, of Computer Security Principles and Practice. Read the Week One Read Me First. Read this weeks Electronic Reserve Readings. Participate in class discussion. Respond to weekly discussion questions. DQ #1 DQ #2 Post weekly summary. Complete the Learning Team Charter. The Learning Team project for this course, due in Week Five, is in the form of a Service Request from Riordan Manufacturing. It will be necessary for the Learning Team to access Service Request: SR-rm013, Information Systems Security Review. 05/23/2012 05/26/2012 05/28/2012 2 1 1 1
Readings
Due
Points
Readings
Read Ch. 8, Denial of Service, of Computer Security Principles and Practice. Read Ch. 9, Firewalls and Intrusion Prevention Systems, of Computer Security Principles and Practice. Read Ch. 10, Trusted Computing and Multilevel Security, of Computer Security Principles and Practice. Read the Week Two Read Me First. Read this weeks Electronic Reserve Readings. Participation Discussion Questions Weekly Summary Learning Team Instructions Individual Participate in class discussion. Respond to weekly discussion questions. DQ #3 DQ #4 Post weekly summary. Draft a 2-3 page description of the physical and network security issues and concerns at each Riordan plant. Using various Internet sources, find an article or website on an information security topic that is of interest to you. Prepare a 1-2 page paper evaluating the article or website. Refer to the note on Evaluative Writing below. Evaluative Writingrequires students to take a stand on the quality of the material being evaluated. Provide an introduction, and select various aspects of the article or website. Describe each aspect, providing comments on the usefulness, validity or appropriateness of the article or website. The evaluation should provide details, examples and/or reasons for your viewpoint. 05/30/2012 06/02/2012 06/04/2012 06/04/2012 06/04/2012 2 1 1 1 5 15
Due
Points
Readings
Participate in class discussion. Respond to weekly discussion questions. DQ #5 DQ #6 Post weekly summary. Draft a 2-3 page description on the data security issues and concerns present at each Riordan plant. Using various Internet sources, find an article or website on attack prevention. Prepare a 2-3 page paper evaluating the article and information provided. 06/06/2012 06/09/2012 06/11/2012 06/11/2012 06/11/2012
2 1 1 1 5 15
Due
Points
Readings
Due
Points
Readings
Participation Discussion Questions Weekly Summary Learning Team SR-rm-013 Project Learning Team SR-rm-013 Presentation
Optional Discussion Questions Week One Discussion Questions According to chapter 1 in the Computer Security Principles and Practices, security awareness program can be one of an organizations most powerful protection strategies. Discuss what makes a successful information security awareness program and how a security awareness program can be one of an organizations most powerful protection strategies. Based on the Barr (2011) article, how will merging information technologies such as data center
virtualization impact business continuity for websites? Use your workplace, or your client's workplace, or a workplace in a case study, will cloud computing or platform as a service (PaaS) that provides dynamic scalability with enhanced infrastructure security ensure business continuity for websites or is this just a new unproven panacea? Week Two Discussion Questions Why is managing technical vulnerabilities so important to an organization managing their security environment? What are some ways to mitigate those vulnerabilities? Based on the Barr (2011) article, why is identity management considered the central component of access management and security strategies? Should identity management focus on role-based access control (RBAC)? What has the greatest positive impact on enterprise data protection (EDP), identity management, or encryption?
Week Three Discussion Questions Based on the Spring (2009) article, do you think security event management (SEM), such as the IBM Tivoli products, is feasible for small- to medium-sized businesses (SMBs)? Will SEM push SMBs to SaaS to gain an acceptable cost/benefit justification for the holistic security provided by SEM? In your current or previous workplace, have you ever worked with SEM? According to Chapters 11 and 12 in our readings, what are buffer overflow attacks? What can be done to prevent these vulnerabilities? Define software security and defensive programming. How do these techniques correlate to a reduction in vulnerabilities? Week Four Discussion Questions As hackers keep thinking of new ways to attack systems, what are some of the tools and techniques that experts believe will keep government on the cutting edge of security? Based on the Barr (2011) article, how does the common criteria standardized, global set of IT security specifications impact EDP? How does the common criteria address end-to-end data encryption throughout the information life cycle (ILM) of the data? What assurance levels, if any, does your current or previous workplace employ?
Week Five Discussion Questions What are some of the challenges facing companies when trying to implement wireless security? How does this affect their security frameworks? What can be done to overcome these challenges? Discuss the principles and challenges associated with continuous data protection. Does your organization have a CDP plan? Why or why not?
Copyright
University of Phoenix is a registered trademark of Apollo Group, Inc. in the United States and/or other countries. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the United States and/or other countries. All other company and product names are trademarks or registered trademarks of their respective companies. Use of these marks is not intended to imply endorsement, sponsorship, or affiliation. Edited in accordance with University of Phoenix editorial standards and practices.