Course Outline
A. Course Number and Title: DA 203 Information Systems Security Internship
Pre-requisites: DA 107 Introduction to Information Systems Security, DA 200 Computer and Network Security, DA 201 Operations and Database Security
B. Curriculum: Information Technology (1492)
C. Course Description: Individual assignment of carefully selected information systems security internships. This will provide hands-on experience in working in the security field. This can be physical, software, hardware, operational, or database security related projects.
D. Duration of Instructional Period: One hundred (100) to one hundred forty (140) hours to complete on/off campus projects as required by contract. Two (2) credit hours
E. Lecture/Lab/Credit Hours: 2-0-2
F. Suggested Text(s): This course requires the use of several reference manuals depending upon the individual project.
G. Course Outcomes: 1. To place students in a real world working environment in the Information Systems Security areas. 2. To apply skills and knowledge they have acquired in the information systems security area on a day to day basis.
H. Program Competencies: 1. Demonstrate knowledge of a broad business and real world perspectives of information technology 2. Demonstrate analytical and critical thinking skills 3. Demonstrate the ability to apply analytical and logical thinking to gathering and analyzing information, designing and testing solutions to problems and formulating plans 4. Demonstrate the ability to visualize and articulate complex problems and concepts 5. Use and apply current technical concepts and practices in the core information technologies 6. Design effective and usable IT-based solutions and integrate those components into the user environment 7. Identify and evaluate current and emerging technologies and assess their applicability to address the users’ needs 8. Demonstrate an understanding of best practices, standards and their application 9. Demonstrate independent critical thinking and problem solving skills 10. Communicate effectively and efficiently with clients, users and peers both verbally and in writing, using appropriate terminology
I. SUNY General Education Knowledge and Skills: NA
J. ECC Graduate Learning Outcomes (GLO): 1.To listen and speak effectively (Related Course Objectives 1-2) 2. To read critically (Related Course Objectives 1-2) 3. To read correctly an effectively (Related Course Objectives 1-2) 4. To operate a computer (Related Course Objectives 1-2) 5. To identify and logically analyze problems and issues and to propose and evaluate solutions (Related Course Objectives 1-2) 6. To form reasoned value judgments (Related Course Objectives 1-2) 7. To exhibit the research skills necessary for lifelong learning (Related Course Objectives 1-2) 8. To demonstrate an understanding of the nature of our society and demonstrate the ability to conduct effective social relationships (Related Course Objectives 1-2) 9. To demonstrate awareness of the interdisciplinary nature of knowledge (Related Course Objectives 1-2)
K. Assessment of Student Learning: The grade is based on the difficulty of project selected, as well as the timely and satisfactory completion of the project based upon a timetable issued by the sponsor company.
A weekly progress report is to be submitted to the instructor.
A midterm and final evaluation form is to be completed by the instructor and/or sponsor company.
A final report which recaps the student’s project experience is required. This report will be graded for writing skills as well as technical content.
L. Library Resources: Students will be required to do research in their specific subject area for their final report. Computer manuals, software publications, and computer periodicals may be accessed.
M. Topical Outline: Each individual site will determine the selection of the individual project. The student will work with the site supervisor to analyze A. Types of project B. Scope of project C. Security sub-systems 1. System documentation 2. Operating procedures 3. Final recommendations (to be included with the student’s final paper.)
D. Range of Subject matter may include:
1. Risk Analysis
2.Information Systems Audit
3 Operations Security (OPSEC) Process
4. OPSEC surveys/planning
5. Classified/unclassified indicators
A. NIST 800-12 Ch.14
B.Sensitive Security Information (SSI) Policies &
Procedures for Safeguarding Control
www.fas.org/spg/othergov/ssi-safeguard.pdf
C. Guidelines for CAPCO Marking (Controlled Access
Program Coordination Office)
www.fas.org/spg/othergov/dod/af053006.pdf
6. Telecommunications security
7. Security policies..guidance, contracts, roles
8. Security policies..budgeting, valuation, training
9. System life-cycle processes
10. National threats, vulnerabilities, countermeasures and other
components of NSTISS
11.International & National Standards for Security
a. Security Cyber Space for 44th President
Center for Strategic & International studies (CSIS)
Washington D. C. 2008
b. KMI MAIS Annual report
31 Dec. 08.pdf
www.acc.dau.mil
12. COMSEC Awareness Training June 2005
www.ncms-1sp.org/documents/
COMSEC_material.pdf
13. DOD directive
http://www.biotech .law.lsu.edu/
blaw/dodd/corres/html2
d85001x.htm
14. European evaluation criteria
ITSEC & common criteria
http://www.commoncriteriaportal.org/
15. IPSEC-Internet Protocol Security
Internet Eng. Task Force to provide IP security at Network
layer. VPN
www.clavister.com/manuals/ver8x/manual/vpn/ipsec_basics.htm
16. NSTISS COMPUSEC 1-99
www.cnss.gov/assets/pdf/nstissam
infosec_1-99.pdf
Insider threats to US government systems
17. Computer Security Resource Center (CSRC)
www.csrc.ncsl.nist.gov also
www.palowireless.com/wireless/security_rainbow.asp
N. Prepared by: Donna Marie Kaputa PhD.