CISW 240 IT Security

This course provides an introductory to intermediate survey of IT security. Topics covered include application and operating system security, network security, physical security, and the human element. Students will gain experience with a variety of security testing tools and methods.

Credits

3

Semester Contact Hours Lecture

30

Semester Contact Hours Lab

30

General Education Competency

[GE Core type]

CISW 240IT Security

Please note: This is not a course syllabus. A course syllabus is unique to a particular section of a course by instructor. This curriculum guide provides general information about a course.

I. General Information

Department

Information Technology

II. Course Specification

Course Type

Program Requirement

General Education Competency

[GE Core type]

Credit Hours Narrative

3

Semester Contact Hours Lecture

30

Semester Contact Hours Lab

30

Grading Method

Letter grade

Repeatable

N

III. Catalog Course Description

This course provides an introductory to intermediate survey of IT security. Topics covered include application and operating system security, network security, physical security, and the human element. Students will gain experience with a variety of security testing tools and methods.

IV. Student Learning Outcomes

Upon completion of this course, a student will be able to:

  • Define information security, and identify attackers and types of attacks
  • Define different types of malware and explain how each type interacts with computer systems
  • Demonstrate ability to assess vulnerability of a working network, and describe ways to mitigate those vulnerabilities
  • Implement network security through industry best practice controls on hosts and network devices
  • Describe security monitoring techniques for ongoing mitigation of known and unknown attacks

V. Topical Outline (Course Content)

Class introduction Overview of security threats and strategies Environment setup Access control & identity management Access control models & best practices Authentication methods and facts Cryptography Hashing Symmetric encryption Asymmetric (public key) encryption and PKI Encryption applications (SSL, PGP, etc.) Policies & Procedures Practical and legal ramifications of setting policy Business continuity topics, risk management Dealing with incidents Internal creation of policy Physical Security Human security Securing computers Securing mobile devices Perimeter Defenses General network attack vectors Security appliances and firewalls Network access controls Wireless-specific concerns Network Defenses Device attacks and security practices IDS/IPS Host Defenses Malware Password attacks System hardening and enforcement Virtualization Application Defenses Web application attacks Browser attacks and mitigation Other protocols (email, etc.) Application development concerns Data Defenses Redundant systems Backups Data encryption’s role in defense Securing network protocols Cloud computing concerns for data Assessments & Audits Vulnerability assessment Why penetration test? Internal monitoring, logging and auditing concepts

VI. Delivery Methodologies

Required Assignments

Quizzes for each section In class activities as appropriate per section

Required Exams

Final research assignment (presented as a paper, video, presentation, or other media that instructor approves) Final comprehensive exam

Required Materials

TestOut Security Pro online coursework Headphones

Specific Course Activity Assignment or Assessment Requirements

Quizzes for each section In class activities as appropriate per section Final research assignment (presented as a paper, video, presentation, or other media that instructor approves) Final comprehensive exam