A. Course Number and Title: DA 107 Introduction to Information Systems Security

A. Course Number and Title: DA 107 Introduction to Information Systems Security

Course Outline

A. Course Number and Title:DA 107 Introduction to Information Systems Security

Pre-requisites: DA 150 or any approved programming course, DA 215 or any approved networking course

B. Curriculum: Information Technology (1492), Technical elective

C. Course Description: The course provides an overview of the principles & concepts of Information Security Systems (ISS). This is the first course required for the ISS Certificate. It includes an introduction to information security, the need for information security, risk assessment and management, network and system security, cryptography, and security maintenance. Hands-on exercises will be included.

D. Duration of Instructional Period:150 minutes/week/15 weeks – classroom 100 minutes/week/15 weeks – laboratory 3,750 minutes/semester (4) credit hours

E. Lecture/Lab/Credit Hours:3-2-4

F. Suggested Text(s):Principles of Information Security (2nd edition) Whitman / Mattrod Course Technology (course.com) ISBN: 0-619-21625-5 AND Lab Manual for Hands-On Information Security(2nd edition) Whitman / Mattrod / Shackleford Course Technology (course.com) ISBN: 0-619-21631-X

G. Course Outcomes:Upon completion, the student will be able to: 1. Understand key terms and critical concepts of information security, and the duties and responsibilities within an information technology department 2. Identify threats and attacks to information security 3. Assess security risks and determine how to manage them 4. Identify intrusion detection, access control, and other tools used for information security 5. Describe basic principles of cryptography 6. List and explain major protocols for secure communication

H. Program Competencies: 1. Demonstrate knowledge of a broad business and real world perspectives of information technology 2. Demonstrate analytical and critical thinking skills 3. Demonstrate the ability to apply analytical and logical thinking to gathering and analyzing information, designing and testing solutions to problems and formulating plans 4. Demonstrate the ability to visualize and articulate complex problems and concepts 5. Use and apply current technical concepts and practices in the core information technologies 6. Design effective and usable IT-based solutions and integrate those components into the user environment 7. Identify and evaluate current and emerging technologies and assess their applicability to address the users’ needs 8. Demonstrate an understanding of best practices, standards and their application 9. Demonstrate independent critical thinking and problem solving skills 10. Communicate effectively and efficiently with clients, users and peers both verbally and in writing, using appropriate terminology

I. SUNY General Education Knowledge and Skills: NA

J. ECC Graduate Learning Outcomes (GLO): 1. To listen and speak effectively (Related Course Objectives 1-6) 2. To read critically (Related Course Objectives 1-6) 3. To write correctly and effectively (Related Course Objectives 1-6) 4. To operate a computer (Related Course Objectives 1-6) 5. To identify and logically analyze problems and issues and to propose and evaluate solutions (Related Course Objectives 1-6) 6. To demonstrate awareness of the interdisciplinary nature of knowledge. (Related Course Objectives 1-6)

K. Assessment of Student Learning: 60% - Six (6) lab projects (participative and written) 40% - Two (2) exams (Midterm & Final)

L. Library Resources: Students are encouraged to use the resources of the computer labs on campus. Library resources should also be used.

M. Topical Outline:

I. Introduction to Information Security1 week A. History B. Critical characteristics of information C. Components of an information system D. Security Systems Development Life Cycle E. Security personnel

II. The Need of Security 1.5 weeks A. Business needs B. Threats C. Attacks

III. Legal, Ethical, and Professional Issues in Information Security 1 week A. U.S. Laws B. International Laws C. Ethics and information security

IV, Risk Management1.5 weeks A. Overview B. Risk Identification C. Risk Assessment

1. OPSEC operations security www.ioss.gov/nsdd298.pdf

D. Risk Control Strategies

V. Planning for Security1 week A. Information security policy, standards, and practices B. Security education, training, and awareness

C. Defense in Depth

1. Acceptable Use policies Internet, e-mail

2. Due Care, due diligence

VI. Security Technology3.5 weeks A. Firewalls B. Remote Connections (VPN’s, Dial-up) C. Intrusion Detection Systems (IDSs) D. Honey Pots, Honey Nets, and Padded Cell Systems E. Scanning and Analysis Tools F. Access Control Devices

VII. Cryptography1.5 weeks A. Overview and principles B. Cryptography tools C. Secure communications protocols D. Cryptosystems attacks

VIII. Physical Security1 week A. Introduction B. Fire Detection and Response C. Failure of Supporting Utilities and Structural Collapse

D. Interception of Data

1. Direct Observation

2. Interception of Data transmission

3. Electro magnetic interception

A. TEMPEST

E. Mobile and Portable Systems

IX. Implementing Information Security1 week A. Project Management B. Technical and non-technical aspects

X. Security and Personnel1.5 weeks A. Staffing B. Credentials and Certification C. Employment

XI. Information Security Maintenance1.5 weeks

N. Prepared by: Louise Kowalski; Donna Marie Kaputa PhD.

Top View