Introduction to Information Security Management

95-752

Units: 12

Description:

This course is intended to give students an introduction to a variety of information and cyber security topics. As an introductory course, it will cover foundational technical concepts as well as managerial and policy topics. The purpose of the course lectures, assignments, reading, in-class presentations, and examinations are to ensure students have sufficient technical awareness and managerial competence that will enable them to pursue advanced study in information security policy and management as they progress through their program. There is no prerequisite for this course, however successful students will have fundamental knowledge of information and computer systems, and a general awareness of security issues in these systems.

Learning Outcomes:

Foundational concepts of cyber and information security and the key practices and processes for managing security effectively.

Basic network fundamentals – including (but not limited to) topologies, protocols, address conservation, and services, and the security issues that affect networks.

Basic cryptology and why it is fundamental to computer and information security.

Software program deficiencies and the vulnerabilities associated with them.

Access controls and authentication as they are used to secure systems and how they can be mitigated.

Security vulnerabilities that affect operating systems and how they can be mitigated.

The use of risk management to plan, implement, and administer security programs and processes.

The key elements of incident management; detection, remediation, and recovery.

How to translate security into a business driver that is critical to meeting the organization’s mission.

Legal, ethical, and regulatory issues that shape policy development and the ways in which organizations implement and administer security.

The organizational and societal costs of insecurity software.

Syllabus: