Introduction to Information Security Management
Description: This course is intended to give students an introduction to a variety of information and cyber security topics. As a survey course, it will cover foundational technical concepts as well as managerial and policy topics. Coverage includes foundations of information security; introductory cryptography; program, data, and operating system security; security of user-web interaction; safeguarding the Internet of Things; cyberwarfare; securing virtual, cloud, and mobile environments; network concepts and network security; incident management and IT auditing processes; security risk management; legal and ethical issues of security and privacy. Students are exposed to common sources of vulnerability information and how to incorporate this information into information security management processes. The purpose of the course lectures, assignments, readings, and examinations are to ensure students have sufficient technical awareness and managerial competence that will enable them to pursue advanced study in information security policy and management. There is no prerequisite for this course, however successful students will have fundamental knowledge of information and computer systems, and a general awareness of security issues in these systems.
Learning Outcomes: Upon completion of this course, the student will obtain confidence in understanding and applying key concepts, including: • Foundational concepts of cyber and information security and the key practices and processes for managing security effectively • Basic network fundamentals—such as topologies, protocols, address conservation, and services—and the security issues that affect networks • Basic cryptography—and why it is fundamental to computer and information security • Software program deficiencies and the vulnerabilities associated with them • Access controls and authentication as they are used to secure systems and information • Security vulnerabilities that affect operating systems and how they can be mitigated • Security challenges in the Internet of Things • Security challenges in the use of virtual and cloud computing environments • The use of risk management to plan, implement, and administer security program and processes • The key elements of incident management—detection, response, and recovery • How to translate security into a business driver that is critical to meeting the organization’s mission • Legal, ethical, and regulatory issues that shape policy development and the ways in which organizations implement and administer security • The battle between privacy and protection • The organizational and societal costs of insecure software