Course Code: ISSC471 Course ID: 2646 Credit Hours: 3 Level: Undergraduate
Security is one of the most important concerns in the world of Information Technology. This course examines the technical issues and the administrative practices to implement and manage security; in particular, this course focuses on the principles of security auditing. This course explores the various technologies and tools to assist with discovery and auditing in the world of security management. This course also assesses the audit practices, audit processes, audit plans, discovery process, discovery software, penetration strategies, identification of potential attacks, log analysis, user baseline analysis, activity analysis, risk assessment, roles and responsibilities, and the roles and responsibilities of security auditing professionals.
|Registration Dates||Course Dates||Session||Weeks|
|11/30/20 - 04/30/21||05/03/21 - 06/27/21||Spring 2021 Session I||8 Week session|
|12/28/20 - 06/04/21||06/07/21 - 08/01/21||Spring 2021 Session D||8 Week session|
|01/25/21 - 07/02/21||07/05/21 - 08/29/21||Summer 2021 Session B||8 Week session|
|02/22/21 - 07/30/21||08/02/21 - 09/26/21||Summer 2021 Session I||8 Week session|
|03/29/21 - 09/03/21||09/06/21 - 10/31/21||Summer 2021 Session D||8 Week session|
The successful student will fulfill the following learning objectives:
- Describe the role of ISS compliance in relation to U.S. compliance laws.
- Explain the use of standards and frameworks in a compliance audit of an IT infrastructure.
- Describe the components and basic requirements for creating an audit plan to support business and system considerations.
- Describe the different parameters required to conduct and report on IT infrastructure audit for organizational compliance.
- Describe information security systems compliance requirements within the User Domain.
- Describe information security systems compliance requirements within the Workstation and LAN Domains.
- Use an appropriate framework to implement ISS compliance within the LAN-to-WAN and WAN Domains.
- Describe information security systems compliance requirements within the Remote Access Domain.
- Describe the information security systems compliance requirements within the System/Application Domain.
- Describe the qualifications, ethics, and certification organizations for IT auditors.
This course has a strong writing component. The goal is to organize, synthesize, and demonstrate your comprehension of core concepts investigated during this course by applying a combination of the terms, concepts, and details you have learned in a systematic way. As important as "the details" that you analyze and arrange in your writing, however, are the conclusions you draw from those details, and your predictions, responses to, and ultimate interpretation of those details.
Each week a newsgroup thread will be started for discussion of the week's readings. A specific assignment for posting on the newsgroup will be announced each week. The assignments may involve discussion or debate. The number of postings required each week will vary and will be announced in the assignment for the week. In most cases you will be required to post at least one original post and one or more follow-up posts to your classmates' posts.
Your first post each week must be posted by Sunday at midnight ET, but it is highly recommended that you submit the initial post no later than Friday night to allow your classmate’s time to provide feedback on your posting. Please try not to be late with this post because your classmates will be relying on you to post on time to give them a post to respond to later in the week. All follow-up posts must be posted by Sunday at midnight ET.
You will be required to write one research paper this semester. The specifications are as follows:
- 8-10 pages (double-spaced).
- Choose any topic related to the course and write about the latest developments and issues.
- Use at least five references outside of your textbook (you may use your textbook too, but are not required to).
- In addition to the required number of pages for the assignment, you must also Include a reference page (bibliography), written in APA style, and a title page. Be sure to give all of your papers a descriptive title.
- You must get your topic approved by the end of Week 2.
- You must provide a 1-page outline of your paper by the end of Week 3. Your outline must include citations to three references (other than your textbook) and a brief summary of at least three references that you will use in your paper.
- At Week 6 you will be working on a PowerPoint presentation highlighting the key points of the paper you are working on.
- Use APA Style formatting in Arial 11 or 12-point font or Times New Roman styles.
- Page margins Top, Bottom, Left Side and Right Side = 1 inch, with reasonable accommodation being made for special situations
- Your paper must be in your own words, representing original work. Paraphrases of others’ work must include attributions to the authors. Limit quotations to an average of no more than 15% of the paper, and use quotations sparingly!
Quizzes (non-proctored, open-notes)
The Quizzes will be open notes. Questions may include multiple-choice, true/false, and/or essay. If it occurs in required reading, up to and including the week of the quiz, it is a candidate for inclusion on the quiz. You will be given 30 minutes to complete this examination.
- MS Office
A short list of Audit and Accounting Standard Organizations and their publications:
• American Institute of Certified Public Accountants (AICPA)
Statements on Auditing Standards (http://www.aicpa.org/members/div/auditstd/auditing_standards.htm)
Codification of Auditing Standards (Including AICPA and PCAOB Auditing and Attestation Standards) - The "bible" of audit standards.
• Institute of Internal Auditors Association (IIA)
Standards for the Professional Practice of Internal Auditing
• U.S. General Accounting Office (GAO) Government Auditing Standards and Title 2, Accounting
• The IT Governance Institute COBIT
• The National Institute of Standards and Technology (NIST)
• Institute of Internal Auditors Research Foundation (IIARF)
• Systems Auditability and Control
• National Institutes of Standards and Technology (NIST) Special Publications http://csrc.nist.gov/publications/nistpubs/index.html
- • William F. Messier, Jr. , Steven M. Glover, Douglas F. Prawitt, Messier Glover, Auditing and Assurance Services, A systematic Approach, 4th Ed., McGraw-Hill College, December 2004
- • Frederick Gallegos, Daniel Manson, Carol Gonzales, Information Technology Control and Audit, 2nd Ed., Auerbach Publications, 2004
- • Sam Afyouni, Database Security And Auditing: Protecting Data Integrity and Accessibility, Course Technology, 2006,
• Munter, Paul. "Evaluating Internal Controls and Auditor Independence under Sarbanes-Oxley." Financial Executive 19.7 (2003): 26 (2).
• “Perspectives on Internal Control Reporting: A Resource for Financial Market Participants." Deloitte & Touche LLP, Ernst & Young LLP, KPMG LLP, PricewaterhouseCoopers LLP. December 2004.
• Piazza, Peter. "IT security requirements of Sarbanes-Oxley." Security Management June 2004: 40(1).
|Book Title:||ISSC471 Lab Manual provided inside the classroom|
|Publication Info:||CLASS-Jones & Bartlett|
|Electronic Unit Cost:||$55.00|
|Book Title:||Auditing IT Infrastructures For Compliance, 2nd ed - e-book available in the APUS Online Library|
|Publication Info:||Jones & Bartlett - Lib|
|Author:||Weiss, Martin / Solomon, Michael G.|
Not current for future courses.