Course Code: ISSC364 Course ID: 4401 Credit Hours: 3 Level: Undergraduate
This course examines a broad range of network security issues. It explores how access controls protect resources against unauthorized viewing, tampering, or destruction and serves as a primary means of ensuring privacy, confidentiality, and prevention of unauthorized access and disclosure. It focuses on access control, such as components, processes, controls, and authentication, as well as security breaches, organizational behavior and social engineering, physical security, remote access control, public key infrastructure and encryption, cryptography, testing, and information assurance. Requires CITRIX CLIENT SOFTWARE INSTALLATION FOR ONLINE VIRTUAL LABS accessibility.
|Registration Dates||Course Dates||Session||Weeks|
|12/28/20 - 06/04/21||06/07/21 - 08/01/21||Spring 2021 Session D||8 Week session|
|02/22/21 - 07/30/21||08/02/21 - 09/26/21||Summer 2021 Session I||8 Week session|
The successful student will fulfill the following learning objectives:
CO-1: Explain how to access risk and its impact on access control:
CO-2: Describe Access Control Policies, Standards, Procedures, and Guidelines
CO-3: Define Unauthorized Access and Security Breeches
CO-4: Discuss Human Nature, Organizational Behavior and Social Engineering
CO-5: Describe Access Control for Information Systems
CO-6: Identify Planning Considerations for Physical Security and Access Control
CO-7: Implement Access Control Systems
CO-8: Identify Access Control Solutions for Remote Worker
CO-9: Discuss Public key infrastructure, Encryption and Cryptography
CO-10: Describe the Elements of Information Assurance
The grading will be based on 6 graded assignments, 4 Peer Discussion Forum postings, an individual project proposal paper with acknowledgement, outline, presentation and final project proposal, as well as one open book quiz.
- There will be Case Assignments (5 cases worth 5% and the last case worth 10%) counting a total of 35% of the final grade. The assignments will follow each of the major milestones of the course. These assignments will be problems/cases based on the text. They are a combination of assignments and or case study based problems. They are selected to provide the student with information to understand the concepts discussed. Assignments should be prepared in Microsoft Word and uploaded into the student folder by the due date. Any diagrams to support your paper should be incorporated within the Word document as part of the document.
- There will be 4 graded Peer Discussions. For graded forums, answers should be 3-4 paragraphs with a topic sentence that restates the question and supporting sentences using the terms, concepts, and theories from the required readings. Each answer should be a minimum of 250 - 400 words (about 6 to 8 good sentences). You may attack, support, or supplement other students’ answers using the terms, concepts, and theories from the required readings. All responses should be a courteous paragraph that contains a topic sentence with good supporting sentences. You must respond to at least 2 of your classmates with value added comments for full credit consideration throughout the graded week. You may respond multiple times with a continuous discussion with points and counter points. The key requirement is to express your idea and then support your position using the terms, concepts and theories from the required readings to demonstrate to me that you understand the material. The Forum postings will count as 20% (5% for each graded discussion posting) of the final grade.
- There will be a Course Access Control Project (15%) with Project Acknowledgement (2%), Project outline (4%), and Presentation (4%), all totaling 25% of your final grade. There will 1 one hour long and non-proctored quiz in Week 3 which counts as 10% of the final grade. It will be a combination of multiple-choice and true-false and will be open book and open note.
All assignments, Forum question responses, and the quiz are due by 12:00 midnight Eastern Time Sunday of the week assigned.
Project Paper (Proposal Acknowledgement, Outline, PowerPoint Presentation, and Paper) Topics:
Week 2: Project Proposal Acknowledgement due
4: Project Proposal Outline due
Week 7: PowerPoint Presentation due
Week 8: Project Proposal Final report and Revised Presentation (if revision required)
Course Project (15%)
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:
- The ability to discern when a risk assessment should be performed and carrying out the task
- Understanding user or customer access requirements, whether remote or local
- Using a layered security approach to establish and maintain access controls
- Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.
Required Source Information and Tools
You will require the following resources to complete this project:
- Text sheet: Integrated Distributors Incorporated (provided in Week 1)
- A computer with:
- Access to the Internet
- Microsoft Office Suite—Word, PowerPoint, and Visio or any other comparable editing, presentation, and drawing software
User identification, authentication, and authorization are essential in developing, implementing, and maintaining a framework for information system security. The basic function of an information system security framework is to ensure the confidentiality and the integrity, as well as the availability of systems, applications, and data. Certain information security implementation and management knowledge is required of network administrators, IT service personnel, management, and IT security practitioners, such as information security officers, security analysts, and domain administrators.
You are provided with the text sheet named “Integrated Distributors Incorporated” (Project.TS1.doc) to complete this project. You play the dual role of an IT architect and IT security specialist working for Integrated Distributors Incorporated (IDI), a multi-national organization with offices in several countries. Your instructor for this course plays the role of the chief information officer (CIO). Your peers play the role of selected technology staff. Each of the organization’s locations is operating with different information technologies and infrastructure—IT systems, applications, and databases. Various levels of IT security and access management have been implemented and embedded within their respective locations.
Your goals as the IT architect and IT security specialist are to:
- Develop solutions to the issues that the specified location of IDI is facing.
- Develop plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability.
- Assess risks and vulnerabilities with operating IT facilities in the disparate locations where IDI now functions and develop mitigation plans and implementation methods.
- Analyze the strengths and weaknesses in the current systems of IDI.
- Address remote user and Web site user’s secure access requirements.
- Develop a proposed budget for the project—consider hardware, software, upgrades/replacements, and consulting services.
- Prepare detailed network and configuration diagrams outlining the proposed change to be able to present it to the management.
- Develop and submit a comprehensive report addressing the learning objectives and your solutions to the issues within the scenario.
- Prepare a 10- to 15-slide PowerPoint presentation that addresses important access control, infrastructure, and management aspects from each location.
Brocade; Survey Results Demonstrate Need for Integrated Approach to Network Security; Point Products Fall Short”, Network Business Weekly, Apr 5, 2010.
Bruce J.Fried, et al, Human Resources in Healthcare: Managing for Success,2nd ed. (Chapter 4)
Certified Ethical Hacker is Big News for Local Small Business: The Academy of Computer Education”, Business Wire, Dec 22, 2008.
Craig S.Wright The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments (Chapter 3)
Dobromir Todorov Mechanics of User Identification and Authentication: Fundamentals of Identity Management (Chapter 1, 2 and 3)
e-DMZ Security Selected as 2010 SC Magazine Best Regulatory Compliance Solution”, Business Wire, Mar 8, 2010.
Eric Cole, et al Network Security Bible (Chapter 5)
Harold F.Tipton, et al Information Security Management Handbook, 6th ed. (Chapters 19, 30, 87 and 106)
Harold F.Tipton, et al Official (ISC)2 Guide to the CISSP CBK(Domains 1 and 2)
Jay Kelley,et al Network Access Control for Dummies (Chapter 15)
Jeremy Moskowitz Group Policy: Management, Troubleshooting, and Security: For Windows Vista, Windows 2003, Windows XP, and Windows 2000(Chapter 1)
John R.Vacca Public Key Infrastructure: Building Trusted Applications and Web Services (Chapter 1)
Joseph Steinberg, et al SSL VPN: Understanding, Evaluating, and Planning Secure, Web-Based Remote Access
M.E. Kabay “Extensive Catalog Provides Security Controls for Contemporary Security Requirements”, Network World (Online), Nov 2, 2009.
Michael Coles, et al Expert SQL Server 2008 Encryption (Chapter 1)
Neil Wyler, ed. Juniper Networks Secure Access SSL VPN Configuration Guide (Chapter 9)
NetworkedPlanet: 50 Percent of Employees Admit to Losing Documents on the Company Network”, M2 Presswire, Apr 12, 2010.
Peter Stephenson “Applying Evolved Policy”, SC Magazine, Oct 2009, Vol. 20 Issue 10, (Page 39)
Poonam Khanna “Two-Factor Authentication is Key to Sound ID Management: Schmidt”, Computing Canada, Jun 17, 2005, Vol. 31 Issue 9, (Page 10)
Robert E.Larson, et al CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide(Chapter 4)
Secure Computing Shares Research Innovations and Best Practices In Email, Web and Domain Authentication; Technologists Discuss Reputation Systems and Authentication Protocols at 2007 Authentication Summit”, PR Newswire, Apr 17, 2007.
Seymour Bosworth, et al Computer Security Handbook, 5th ed. (Chapters 23, 67 and 69)
Steve Manzuik, et al Network Security Assessment: From Vulnerability to Patch (Chapter 2)
Yan Zhang, et al Handbook of Research on Wireless Security (Chapter XLIV)
|Book Title:||Access Control, Authentication, and Public Key Infrastructure, 2nd ed - e-book available in the APUS Online Library|
|Publication Info:||Jones & Bartlett Lib|
|Author:||Chapple, Ballad, Banks|
|Book Title:||Requires CITRIX CLIENT SOFTWARE INSTALLATION FOR ONLINE VIRTUAL LABS accessibility - instructions provided inside the classroom.|
|Author:||No Author Specified|
|Book Title:||ISSC364 virtual lab manual provided inside the classroom|
|Publication Info:||CLASS-Jones & Bartlett|
|Electronic Unit Cost:||$55.00|
Not current for future courses.