CISW 240 IT Security
This course provides an introductory to intermediate survey of IT security. Topics covered include application and operating system security, network security, physical security, and the human element. Students will gain experience with a variety of security testing tools and methods.
General Education Competency
[GE Core type]
CISW 240IT Security
Please note: This is not a course syllabus. A course syllabus is unique to a particular section of a course by instructor. This curriculum guide provides general information about a course.
I. General Information
Department
Information Technology
II. Course Specification
Course Type
Program Requirement
General Education Competency
[GE Core type]
Semester Contact Hours Lecture
30
Semester Contact Hours Lab
30
Grading Method
Letter grade
III. Catalog Course Description
This course provides an introductory to intermediate survey of IT security. Topics covered include application and operating system security, network security, physical security, and the human element. Students will gain experience with a variety of security testing tools and methods.
IV. Student Learning Outcomes
Upon completion of this course, a student will be able to:
- Define information security, and identify attackers and types of attacks
- Define different types of malware and explain how each type interacts with computer systems
- Demonstrate ability to assess vulnerability of a working network, and describe ways to mitigate those vulnerabilities
- Implement network security through industry best practice controls on hosts and network devices
- Describe security monitoring techniques for ongoing mitigation of known and unknown attacks
V. Topical Outline (Course Content)
Class introduction
Overview of security threats and strategies
Environment setup
Access control & identity management
Access control models & best practices
Authentication methods and facts
Cryptography
Hashing
Symmetric encryption
Asymmetric (public key) encryption and PKI
Encryption applications (SSL, PGP, etc.)
Policies & Procedures
Practical and legal ramifications of setting policy
Business continuity topics, risk management
Dealing with incidents
Internal creation of policy
Physical Security
Human security
Securing computers
Securing mobile devices
Perimeter Defenses
General network attack vectors
Security appliances and firewalls
Network access controls
Wireless-specific concerns
Network Defenses
Device attacks and security practices
IDS/IPS
Host Defenses
Malware
Password attacks
System hardening and enforcement
Virtualization
Application Defenses
Web application attacks
Browser attacks and mitigation
Other protocols (email, etc.)
Application development concerns
Data Defenses
Redundant systems
Backups
Data encryption’s role in defense
Securing network protocols
Cloud computing concerns for data
Assessments & Audits
Vulnerability assessment
Why penetration test?
Internal monitoring, logging and auditing concepts
VI. Delivery Methodologies
Required Assignments
Quizzes for each section
In class activities as appropriate per section
Required Exams
Final research assignment (presented as a paper, video, presentation, or other media that instructor approves)
Final comprehensive exam
Required Materials
TestOut Security Pro online coursework
Headphones
Specific Course Activity Assignment or Assessment Requirements
Quizzes for each section
In class activities as appropriate per section
Final research assignment (presented as a paper, video, presentation, or other media that instructor approves)
Final comprehensive exam