Ursuline College Accelerated Program URSULINE COLLEGE

Ursuline College Accelerated Program

CRITICAL INFORMATION!

DO NOT SKIP THIS LINK BELOW . . .

BEFORE PROCEEDING TO READ THE UCAP MODULE, YOU ARE

EXPECTED TO READ AND ADHERE TO ALL UCAP POLICY INFORMATION

CONTAINED ON THIS LINK

BELOW

CLICK HERE

. . .

http://www3.ursuline.edu/ucap/modules/UCAPPolicies.pdf

URSULINE COLLEGE

Ursuline College Accelerated Program (UCAP) Ursuline College Proprietary Materials and Information

Copyright 2006 Ursuline College Revised March 2009

MIS 330 Security Course Description

This course provides an introduction to the administrative, physical, and technical aspects of information security management. Knowledge gained applies to data in students' professional and personal lives.

Goals and Objectives Knowledge

The student will:

Understand the fundamental principles of Information Security

Articulate how to facilitate security management through policies, standards, risk assessment, and awareness

Identify threats, vulnerabilities, and risks to information availability and identify measures to reinstate data and information systems

Gain an appreciation for how security makes privacy possible and how security is a business enabler

Learn about security investigations, law, and ethics related to the use of information

Understand the mindset and methodologies of cyber criminals as a way to protect information Skills

The student will

Develop critical thinking to apply knowledge in practical case studies

Gain hands-on experience with several software tools used to assess risk, identify vulnerabilities, and protect information

Use security-related Internet sites to augment learning and as reference for research Attitudes and Values

The student will

Come to appreciate the value of security practices as a business enabler rather than traditional views of (a) a necessary evil and (b) cumbersome rules to follow

Respect the value of information and the mechanisms used to protect it Gain an awareness of how prevalent computer crime is today

Learn to value why being a "good Internet neighbor" is important Realize the importance of ethical computing

Understand how home computing responsibilities play a role in protecting America's National Infrastructure

TEXT BOOK: Information Security Principles & Practices Authors - Meskow and Breithaupt Pearson Prentice Hall

ASSIGNMENTS COMPLETED PRIOR TO CLASS #1 Complete Student Assessment Survey and email to instructor Read Information Security Principles & Practices text - Chapter 1 Complete all Chapter 1 multiple choice questions for hand-in Read Information Security Principles & Practices text - Chapter 2 Complete all Chapter 2 multiple choice questions for hand-in Be prepared to discuss Exercise 2.1 in class

Read Information Security Principles & Practices text - Chapter 4 Complete all Chapter 4 multiple choice questions for hand-in Be prepared to discuss Exercise 4.5 in class

CLASS #1 Objectives

At the end of this class, the student will be able to:

Identify how security plays a role in all parts of an IT Department and within all business units of an organization

Apply concepts of Confidentiality, Integrity, Availability, Protection, Detection, and Correction to business and home computing

Articulate an awareness of the 12 Information Security principles and apply them to real life situations

Understand the value of Risk Assessment and Risk Analysis Identify key parts of a Security Policy

Distinguish between a policy, standard, procedure, and a guideline Activities

(30 minutes)

Hand in assignments Introductions

Review Course Module and Syllabus Review Course Objectives

Review Course Assignments Review Grading Criteria Q&A on Course

(10 minutes)

Q&A on Multiple Choice questions from Chapters 1,2, and 4 (20 minutes)

Lecture: Pervasiveness of Information Security within IT and Business Units (30 minutes)

Review/Commentary on 12 Information Security Principles (20 minutes)

Discussion of Exercises 2.1 and 4.5 (10 minutes)

Break

(30 minutes)

Small Groups: Examine sample security policies & discuss (30 minutes)

Class Discussion: Elements of an Employee Termination Policy (20 minutes)

Class Discussion of Current Security News (10 minutes)

Introduction of Class Case Study (10 minutes)

Break (10 minutes)

Assignment of Mini-Presentation Topics/Review of Presentation Requirements (5 minutes)

Review of assignments for next class (5 minutes)

Complete Feedback Survey for Class #1

ASSIGNMENTS COMPLETED PRIOR TO CLASS #2

Read Information Security Principles & Practices text - Chapter 6 Complete all Chapter 6 multiple choice questions for hand-in

Visit these web sites & become familiar with their purpose and content: www.sungard.com; www.platformlab.org; hp.com.au/services/dr; www.drj.com Read Information Security Principles & Practices text - Chapter 8

Complete all Chapter 8 multiple choice questions for hand-in Be prepared to discuss Exercise 8.2 in class

Read Information Security Principles & Practices text - Chapter 9 Complete all Chapter 9 multiple choice questions for hand-in Be prepared to discuss Exercises 9.3 & 9.4 in class

Complete Employee Termination Policy assignment Prepare Mini-Presentation if assigned

CLASS #2 Objectives

At the end of this class, the student will be able to:

Identify common practices for creating high confidence of data availability and recovery Discuss recovery strategies

Understand the importance of DR testing through real world examples

Apply knowledge of techniques and controls used mitigate physical security threats Apply knowledge of data center operational controls

Activities: (15 minutes) Hand-in homework

Review Class #1 important concepts (15 minutes)

Mini Quiz on Chapters 1,2, and 4 (10 minutes)

Q&A on Multiple Choice questions from Chapters 6,8, and 9 (20 minutes)

Lecture: Operational and Physical Security (10 minutes)

Class Discussion of Current Security News (20 minutes)

Discuss Exercises 8.2, 9.3, and 9.4 (10 minutes)

Break (30 minutes)

Mini-Presentations given by students (30 minutes)

Lecture: BCP/DR - The Jump from Theory to Practice (30 minutes)

Small Group/Class Discussion - Applying Chapters 6, 8, and 9 to Class Case Study (10 minutes)

Break (20 minutes)

Continue Class Discussion - Applying Chapters 6, 8, and 9 to Class Case Study (5 minutes)

Review of Next Class Assignments (5 minutes)

ASSIGNMENTS COMPLETED PRIOR TO CLASS #3

Read Information Security Principles & Practices text - Chapter 10 Complete all Chapter 10 multiple choice questions for hand-in Be prepared to discuss Exercises 10.1 & 10.2 in class

Read Information Security Principles & Practices text - Chapter 13 Complete all Chapter 13 multiple choice questions for hand-in Be prepared to discuss Exercise 13.1 & 13.2 in class

Complete Data Backup Policy and Data Backup Standard assignment Prepare Mini-Presentation if assigned

Google Research on spyware, viruses, antivirus software

CLASS #3 Objectives

At the end of this class, the student will be able to:

Understand Access Control Techniques and apply them to real world cases

Choose effective passwords and articulate awareness of tools/methods used to exploit weak password management

Identify password alternatives Articulate dangers of remote access

Verbalize an understanding of the role Information Security plays in Application Development Distinguish between types of malicious software

Outline types and uses of AntiVirus software

Define Social Engineering, its dangers, and countermeasures Activities:

(15 minutes) Hand in homework

Review Class #2 important concepts (15 minutes)

Mini Quiz on Chapters 6,8, and 9 (10 minutes)

Q&A on Multiple Choice questions from Chapters 10 and 13 (15 minutes)

Discuss Exercises 10.1, 10.2, 13.1, and 13.2 (20 minutes)

Lecture: Application Security - Hackers, Quality Control, and Testing (20 minutes)

Mini-presentations by students (10 minutes)

Break (45 minutes)

(20 minutes)

Lecture: Access Control - Passwords, Phishing, Social Engineering, and Multi-Factor Authentication

(25 minutes)

Small Group/Class Discussion - Applying Chapters 10, and 13 to Class Case Study (10 minutes)

Break (25 minutes)

Continue Class Discussion - Applying Chapters 10 and 13 to Class Case Study (5 minutes)

Review of Next Class Assignments (5 minutes)

Complete Feedback Survey for Class #3

ASSIGNMENTS COMPLETED PRIOR TO CLASS #4

Read Information Security Principles & Practices text - Chapter 11 Complete all Chapter 11 multiple choice questions for hand-in Be prepared to discuss Project 11.2 #1 and #2 in class

Read Information Security Principles & Practices text - Chapter 12 Complete all Chapter 12 multiple choice questions for hand-in Complete Password Policy and Password Standards assignment Internet Research on SurfControl and Websense

Read Instructor Notes on TCP/IP

Look up these TCP/IP ports on the Internet: TCP 21, TCP 22, TCP 23, TCP 25, TCP 53, UDP 53, TCP 80, TCP 137, TCP 139, TCP 443, TCP 445

CLASS #4 Objectives

At the end of this class, the student will be able to: Explain common terms used in the field of cryptography

Explain the difference between symmetric and asymmetric encryption

Identify several types of encryption technologies and their application in real world scenarios Summarize fundamentals of TCP/IP

Understand the types of tools used for network self assessment and by hackers Identify the dangers of and risk mitigation techniques for wireless networking

Activities: (15 minutes) Hand in homework

Review Class #3 important concepts (15 minutes)

(10 minutes)

Q&A on Multiple Choice questions from Chapters 11 and 12 (20 minutes)

Lecture: Crypto Applications & Their Use ((30 minutes)

Small Group: Crypto Case Studies (10 minutes)

Break (45 minutes)

LAB: Reconnaissance w/ Scanning Tools; Using WinMD5 (20 minutes)

Lecture: Introduction to Wireless Networking Security (30 minutes)

Small Group/Class Discussion - Applying Chapters 11, and 12 to Class Case Study (10 minutes)

Break (30 minutes)

Continue Class Discussion - Applying Chapters 11 and 12 to Class Case Study (5 minutes)

Review of Next Class Assignments/Discuss Final Exam (5 minutes)

Complete Feedback Survey for Class #4

ASSIGNMENTS COMPLETED PRIOR TO CLASS #5

Read Information Security Principles & Practices text - Chapter 7 Complete all Chapter 7 multiple choice questions for hand-in Be prepared to discuss Exercises 7.5

Read http://www.grc.com/dos/grcdos.htm Internet Research on Botnets

Read Case Study at end of Chapter 7 and be prepared to discuss in class (do not write the press release)

Review for Final

CLASS #5 Objectives

At the end of this class, the student will be able to: Identify the types and targets of computer crime

Summarize the major types of attacks performed by cyber criminals Understand the context of the computer in the legal system

Appreciate the complexities of intellectual property law

Discuss the issues surrounding computer security and priivacy rights Articulate the challenges of computer forensics

Activities: (15 minutes) Hand in homework

Review Class #4 important concepts (15 minutes)

Mini Quiz on Chapters 11 and 12 (10 minutes)

Q&A on Multiple Choice questions from Chapter 7 (20 minutes)

Class Discussion of Exercise 7.5, Case Study, GRC article, and botnets (25 minutes)

Lecture: Computer Forensics, Laws & Regulations, and Cyber Criminals (10 minutes)

Class Discussion: Hiring a Hacker (10 minutes)

Break (30 minutes)

Small Group/Class Discussion: Class Case Study - Activity Logging, Case Study Summary (25 minutes) Review (10 minutes) Break (60 minutes) Final Exam (5 minutes) Class 5 Evaluation (10 minutes) Course Evaluation