Frederick Community College

CIS218-HYB1 –Introduction to Information Security and Assurance

SPRING 2012

 

Class begins:  01/30/2012

Class ends:  05/18/2012

Last Day to Withdraw: 04/16/2012

 

Instructor Information:

 

 

Name:Joel Younkins

Office:G-124

E-mail:jyounkins@frederick.edu

Phone Number:  301-846-2647

Contact Hours:email for an appointment

Campus Mail Box #: 116

 

Course Information:

 

Credits:  3

On-campus Meetings: 15 (Wed. 5pm)

Exams: 3

Prerequisites:CIS106

Corequisites:n/a

 

Course Description:

 

Introduces the fundamental concepts of information security and assurance. Topics include technical, policy and personnel aspects.  Specific case studies and hands-on laboratories will be used to enhance student comprehension.

 

Core Learning Outcomes:

 

Upon completion of this course students will:

1.    Design policies, standards and practices to create an environment of information security

2.    Implement technologies to enforce information security

3.    Describe risks, control mechanism and investigation techniques

4.    Analyze flaws in information security policies, practices and technology

5.    Present risks and suggested improvements to the policy, practices and technological aspects of information security

 

 Instructional Methods:

 

Lecture, Discussion, Demonstration, Forums, Hands-on activities, On-line activities.  For every hour spent in the classroom, the student should expect to spend at least three hours (3) working on this course outside the classroom.

 

 How is this course organized?

 

This course is organized into 15 on-campus sessionsand related on-line activities to supplement the on-campus content.  The course is not self paced, however, for every hour in class on campus, the student should expect to spend at least three (3) additional hours working on related on-line activities, reading or other exercises and assignments.

 

 

 

Text(s) and Course Materials:

Required Textbook:

CISSP Guide to Security Essentials, 1st Edition

Peter Gregory512 Pages©2010Cengage Learning

ISBN-10: 1435428196  ISBN-13: 9781435428195

Student Companion Website: http://www.cengagebrain.com/shop/ISBN/9781435428195?cid=APL1

 

Optional Resource:  Official (ISC)2 Guide to the CISSP CBK (ISBN-10: 0849382319)

 

Additional materials will be provided by the instructor.

 

 

Progress Report:

 

By the end of the sixthweek of the semester, you will have an opportunity to evaluate your progress in this course and decide if you need to make any adjustments (additional study, tutoring, conference with instructor) to assure your success in this course.

 

Evaluation Methods:

 

Tests / Papers / Projects / Participation

Point Value

Final Grade Scale

Tests (various)

Quizzes (10 total)

Assignments

Labs/Hands-on Projects

Case Study Presentation

40%

5%

20%

25%

10%

90.0% to 100.0% = A

80.0% to 89.9%   = B

70.0% to 79.9%   = C

60.0% to 69.9%   = D

Below 60.0%       = F

If the graded performance for online assignments differs significantly from the grade average for proctored assignments, the instructor reserves the right to administer additional tests.  The point values above are subject to change.

 

Student Services

 

A variety of services are available to assist students in succeeding at FCC. Students can learn more about these services by visiting the Student Services web page: http://www.frederick.edu/student_services/index.aspx.

 

Students with disabilities who are in need of accommodations or who have questions related to disabilities services should contact the Services for Students with Disabilities (SSD) office at 301-846-2408. Students can learn more about these services by visiting the Services for Students with Disabilities web page: http://www.frederick.edu/student_services/disability.aspx.

 

 Participation Policy:

 

Participation on-campus and on-line is required.  Students in this class are expected to assume responsibility for attending and participating fully in class.  Student are expected to come to class prepared to participate, this includes but is not limited to reading the chapter to be covered before the class in which it is covered.  Active participation will enhance the student learning process.  Disruptive or unprofessional behavior diminishes the learning environment for the entire class and will not be tolerated. Students using of electronic devices (e.g., cell phones) or surfing the Web during class for material not related to active participation in the class is considered disruptive behavior.  Disruptive students may be asked to leave the class and will not be given credit for participation in the class activities.  (Please refer to the "Classroom Behavior" section in the Student Handbook for more information on expected behavior.)  Absence from a class does not excuse a student from knowing what was covered in class or from completing activities, assignments, quizzes, tests, or other requirements of the course on time, which may affect your grade. Excused absences include illness (with doctor's note), emergencies deemed as such by your instructor, religious holidays, and official College functions. The instructor has full discretion on whether the absence to qualifies as an excused absence and whether to issue makeup work for the student to complete.

 

 Email Policy:

 

With the exception of MOL students, all FCC students will receive and are expected to use their FCC email address for correspondence with faculty and staff at the college. Students can establish and access their FCC email accounts at https://myfcc.frederick.edu. Email is an instructional tool essential to student-instructor and student-student communication. In the Blackboard environment by default, your email address is available to all students in this course.

However, students are permitted to use email addresses of other students in this course only for the purpose and the duration of this course.

 

The instructor can be expected to respond to regular student email inquiries (grades, posted assignments, and tests excluded) within the time frame of 24 to 48 hours during weekdays only.

 

Academic Integrity:

 

Work in this course is subject to the provisions of the FCC Code of Academic Integrity. Plagiarism in any form will not be tolerated. As a student, it is your job to practice academic honesty at ALL times.  Make sure that all sources, particularly Internet sources, get proper credit for quotations, paraphrases, and ideas. More information about this and the Student Conduct Codeare available at http://www.frederick.edu/student_services/studentpolicies.aspx

You must send your Academic Integrity Pledge to the instructor. The form is available athttp://courses.frederick.edu/_utilities/regform.htm
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Topical Outline (HYBRID COURSES)

 

WEEK

SUBJECT

ACTIVITY ONLINE

ON-CAMPUS ACTIVITY

Week 1

Overview & Introductions

Discussion Forum

 

Quizzes, Homework and Assignments Dates will be scheduled in Blackboard

Introductions and Overview

 

White Hat Agreement/Signature

Week 2

(1) Information Security and Risk Management

Topics: 

·     Concepts of organization mission, objectives, and goals,

·     Concepts of risk management and the types of risk assessments,

·     Common security management concepts and activities

 

Introduction to Linux& Windows

Introduction to Linux& Windows

 

Chapter Review

Labs & Activities

Week 3

(2) Access Controls

Topics: 

·     Access control concepts

·     Technologies used in access controls

·     Types and categories of controls

·     Access control attacks and how access controls can be tested

 

Quiz 1

More Linux& Windows

 

Chapter Review

Labs & Activities

Week 4

(3) Application Security

Topics: 

·     Types of applications

·     Application models and technologies

·     Application threats and countermeasures

·     Security in the software development life cycle

·     Application security controls

·     Databases and data warehouses

Quiz 2

Even More Linux& Windows

 

Chapter Review

Labs & Activities

Week 5

(4) Business Continuity and Disaster Recovery Planning

 

 

 

 

 

Logs & Recon

Topics: 

·     Types of natural and man-made disasters

·     Significance of executive support

·     Steps in a Business Impact Assessment

·     Role of prevention

·     Types of recovery plan testing

 

Logging, WHOIS info, DNS Interrogation, Web & Network Reconnaissance

Quiz 3

Chapter Review

Labs & Activities

Week 6

Test 1

Discussion Topics:  TBA

TBA

Week 7

(5) Cryptography

Topics: 

·     Types of encryption algorithms

·     Uses and applications of cryptography

·     How cryptanalysis works

·     Principles of key management

·     Alternatives for hiding information

·     Steganograpy

 

Quiz 4

Chapter Review

Labs & Activities

NOTE: There will be no classes from March 19 through March 25.

Week 8

(6) Legal, Regulations, Compliance, and Investigations

Topics: 

·     Understand how computers are involved in various types of crimes

·     Basic structure of U.S. laws and regulations

·     Specific laws related to computer crime in the U.S. and other countries

·     Steps in security incident response and investigations

·     Principles of computer forensics

·     Ethical issues

 

Case Study Selection

 

Quiz 5

Chapter Review

Labs & Activities

Week 9

(7) Operations Security

 

 

 

 

 

 

 

 

 

 

 

 

Intrusion Detection

Topics: 

·     Application of security concepts to computer and business operations

·     Operational controls related to records management, backups, and anti-virus

·     Security’s role in administrative management

·     Change and configuration management

·     High availability architectures

 

Tools and Scanning.

 

Quiz 6

Chapter Review

Labs & Activities

Week 10

Test 2

Discussion Topics:  TBA

TBA

April 16

 

LAST DAY TO WITHDRAW

 

Week 11

(8) Physical and Environmental Security

 

 

 

 

 

 

Topics:

·     Site access controls used to protect premises

·     Criteria for a secure site

·     Protecting equipment from fire, flooding, and other threats

·     Implementation and operation of data center environmental controls

 

Quiz 7

Chapter Review

Labs & Activities

Week 12

(9) Security Architecture and Design

 

 

Topics: 

·     Various security models such as Biba, Bell LaPadula, Access Matrix, and Mandatory Access Control

·     System evaluation models like Common Criteria, ITSEC, and TCSEC

·     Computer hardware architecture

·     Types of software and how they work

·     Threats and countermeasures related to computer hardware and software

 

 

Quiz 8

Chapter Review

Labs & Activities

Week 13

Computer Forensics

 

Preservation, chain of custody, imaging, investigation.

 

Quiz 10

Chapter Review

Labs & Activities

Week 14

(10) Telecommunications and Network Security

 

 

 

 

 

 

Topics:

·     Technologies and standards in wired and wireless networks used by telecommunications carriers and businesses

·     OSI and TCP/IP network models

·     Network routing, addressing, authentication, and tunneling

·     Network vulnerabilities, threats, attacks, and countermeasures

 

Quiz 9

Case Presentations (In-Class)

Week 15

Test 3

Discussion Topics:  Info Sec Case Study Presentations

Final Lab

Make-up days: Students may be required to attend make up sessions on May 21 and/or 22.

NOTE:Your instructor reserves the right to make changes to this outline as needed.