Objectives - Assess the laws (national and federal), policies (including Sarbanes-Oxley), issues (social, psychological, legal, and management), risks, and controls related to information assurance and network security.
- Appraise the principles and concepts behind computer network defense (CND) methodology, robust codes, cryptography, authentication, authorization, non-repudiation, and commercially available security packages (PKI, PGP, Kerberos, SSL, VPN)
- Examine the processes, roles and responsibilities of management and security professionals in risk assessment, risk mitigation, security validation, policy enforcement, and personnel indoctrination.
- Assess the key components of the Physical Security Policy, Internet Security Policy, E-Mail Security Policy, Encryption Security Policy, Software Development Security Policy, Authentication Security Policy, Network Security Policy, Acceptable Use Policy, and the policy that addresses viruses, worms, and Trojan horses
- Assess the engineering discipline, process, techniques, tools and technologies used by hackers to gain unauthorized access to the systems; appraise counter measures to mitigate this risk.
- Examine the plans, procedures, practices, and tools to ensure business continuity and to recover rapidly after an incident.
CS304 / ISS 361 - Information Assurance
CS305 / ISS 362 - IT Security: Attack & Defense
CS406 / ISS 471 - IT Security: Auditing
CS407 / ISS 481 - IT Security: Planning and Policy
GM316 / ISS 381 - Cyberlaw and Privacy in a Digital Age
|
