Ursuline College Accelerated Program
CRITICAL INFORMATION!
DO NOT SKIP THIS LINK BELOW . . .
BEFORE PROCEEDING TO READ THE UCAP MODULE, YOU ARE
EXPECTED TO READ AND ADHERE TO ALL UCAP POLICY INFORMATION
CONTAINED ON THIS LINK
BELOW
CLICK HERE
. . .
http://www3.ursuline.edu/ucap/modules/UCAPPolicies.pdf
URSULINE COLLEGE
Student Module MIS 330 SecurityUrsuline College Accelerated Program (UCAP) Ursuline College Proprietary Materials and Information
Copyright 2006 Ursuline College Revised March 2009
MIS 330 Security Course Description
This course provides an introduction to the administrative, physical, and technical aspects of information security management. Knowledge gained applies to data in students' professional and personal lives.
Goals and Objectives Knowledge
The student will:
Understand the fundamental principles of Information Security
Articulate how to facilitate security management through policies, standards, risk assessment, and awareness
Identify threats, vulnerabilities, and risks to information availability and identify measures to reinstate data and information systems
Gain an appreciation for how security makes privacy possible and how security is a business enabler
Learn about security investigations, law, and ethics related to the use of information
Understand the mindset and methodologies of cyber criminals as a way to protect information Skills
The student will
Develop critical thinking to apply knowledge in practical case studies
Gain hands-on experience with several software tools used to assess risk, identify vulnerabilities, and protect information
Use security-related Internet sites to augment learning and as reference for research Attitudes and Values
The student will
Come to appreciate the value of security practices as a business enabler rather than traditional views of (a) a necessary evil and (b) cumbersome rules to follow
Respect the value of information and the mechanisms used to protect it Gain an awareness of how prevalent computer crime is today
Learn to value why being a "good Internet neighbor" is important Realize the importance of ethical computing
Understand how home computing responsibilities play a role in protecting America's National Infrastructure
TEXT BOOK: Information Security Principles & Practices Authors - Meskow and Breithaupt Pearson Prentice Hall
ASSIGNMENTS COMPLETED PRIOR TO CLASS #1 Complete Student Assessment Survey and email to instructor Read Information Security Principles & Practices text - Chapter 1 Complete all Chapter 1 multiple choice questions for hand-in Read Information Security Principles & Practices text - Chapter 2 Complete all Chapter 2 multiple choice questions for hand-in Be prepared to discuss Exercise 2.1 in class
Read Information Security Principles & Practices text - Chapter 4 Complete all Chapter 4 multiple choice questions for hand-in Be prepared to discuss Exercise 4.5 in class
CLASS #1 Objectives
At the end of this class, the student will be able to:
Identify how security plays a role in all parts of an IT Department and within all business units of an organization
Apply concepts of Confidentiality, Integrity, Availability, Protection, Detection, and Correction to business and home computing
Articulate an awareness of the 12 Information Security principles and apply them to real life situations
Understand the value of Risk Assessment and Risk Analysis Identify key parts of a Security Policy
Distinguish between a policy, standard, procedure, and a guideline Activities
(30 minutes)
Hand in assignments Introductions
Review Course Module and Syllabus Review Course Objectives
Review Course Assignments Review Grading Criteria Q&A on Course
(10 minutes)
Q&A on Multiple Choice questions from Chapters 1,2, and 4 (20 minutes)
Lecture: Pervasiveness of Information Security within IT and Business Units (30 minutes)
Review/Commentary on 12 Information Security Principles (20 minutes)
Discussion of Exercises 2.1 and 4.5 (10 minutes)
Break
(30 minutes)
Small Groups: Examine sample security policies & discuss (30 minutes)
Class Discussion: Elements of an Employee Termination Policy (20 minutes)
Class Discussion of Current Security News (10 minutes)
Introduction of Class Case Study (10 minutes)
Break (10 minutes)
Assignment of Mini-Presentation Topics/Review of Presentation Requirements (5 minutes)
Review of assignments for next class (5 minutes)
Complete Feedback Survey for Class #1
ASSIGNMENTS COMPLETED PRIOR TO CLASS #2
Read Information Security Principles & Practices text - Chapter 6 Complete all Chapter 6 multiple choice questions for hand-in
Visit these web sites & become familiar with their purpose and content: www.sungard.com; www.platformlab.org; hp.com.au/services/dr; www.drj.com Read Information Security Principles & Practices text - Chapter 8
Complete all Chapter 8 multiple choice questions for hand-in Be prepared to discuss Exercise 8.2 in class
Read Information Security Principles & Practices text - Chapter 9 Complete all Chapter 9 multiple choice questions for hand-in Be prepared to discuss Exercises 9.3 & 9.4 in class
Complete Employee Termination Policy assignment Prepare Mini-Presentation if assigned
CLASS #2 Objectives
At the end of this class, the student will be able to:
Identify common practices for creating high confidence of data availability and recovery Discuss recovery strategies
Understand the importance of DR testing through real world examples
Apply knowledge of techniques and controls used mitigate physical security threats Apply knowledge of data center operational controls
Activities: (15 minutes) Hand-in homework
Review Class #1 important concepts (15 minutes)
Mini Quiz on Chapters 1,2, and 4 (10 minutes)
Q&A on Multiple Choice questions from Chapters 6,8, and 9 (20 minutes)
Lecture: Operational and Physical Security (10 minutes)
Class Discussion of Current Security News (20 minutes)
Discuss Exercises 8.2, 9.3, and 9.4 (10 minutes)
Break (30 minutes)
Mini-Presentations given by students (30 minutes)
Lecture: BCP/DR - The Jump from Theory to Practice (30 minutes)
Small Group/Class Discussion - Applying Chapters 6, 8, and 9 to Class Case Study (10 minutes)
Break (20 minutes)
Continue Class Discussion - Applying Chapters 6, 8, and 9 to Class Case Study (5 minutes)
Review of Next Class Assignments (5 minutes)
ASSIGNMENTS COMPLETED PRIOR TO CLASS #3
Read Information Security Principles & Practices text - Chapter 10 Complete all Chapter 10 multiple choice questions for hand-in Be prepared to discuss Exercises 10.1 & 10.2 in class
Read Information Security Principles & Practices text - Chapter 13 Complete all Chapter 13 multiple choice questions for hand-in Be prepared to discuss Exercise 13.1 & 13.2 in class
Complete Data Backup Policy and Data Backup Standard assignment Prepare Mini-Presentation if assigned
Google Research on spyware, viruses, antivirus software
CLASS #3 Objectives
At the end of this class, the student will be able to:
Understand Access Control Techniques and apply them to real world cases
Choose effective passwords and articulate awareness of tools/methods used to exploit weak password management
Identify password alternatives Articulate dangers of remote access
Verbalize an understanding of the role Information Security plays in Application Development Distinguish between types of malicious software
Outline types and uses of AntiVirus software
Define Social Engineering, its dangers, and countermeasures Activities:
(15 minutes) Hand in homework
Review Class #2 important concepts (15 minutes)
Mini Quiz on Chapters 6,8, and 9 (10 minutes)
Q&A on Multiple Choice questions from Chapters 10 and 13 (15 minutes)
Discuss Exercises 10.1, 10.2, 13.1, and 13.2 (20 minutes)
Lecture: Application Security - Hackers, Quality Control, and Testing (20 minutes)
Mini-presentations by students (10 minutes)
Break (45 minutes)
(20 minutes)
Lecture: Access Control - Passwords, Phishing, Social Engineering, and Multi-Factor Authentication
(25 minutes)
Small Group/Class Discussion - Applying Chapters 10, and 13 to Class Case Study (10 minutes)
Break (25 minutes)
Continue Class Discussion - Applying Chapters 10 and 13 to Class Case Study (5 minutes)
Review of Next Class Assignments (5 minutes)
Complete Feedback Survey for Class #3
ASSIGNMENTS COMPLETED PRIOR TO CLASS #4
Read Information Security Principles & Practices text - Chapter 11 Complete all Chapter 11 multiple choice questions for hand-in Be prepared to discuss Project 11.2 #1 and #2 in class
Read Information Security Principles & Practices text - Chapter 12 Complete all Chapter 12 multiple choice questions for hand-in Complete Password Policy and Password Standards assignment Internet Research on SurfControl and Websense
Read Instructor Notes on TCP/IP
Look up these TCP/IP ports on the Internet: TCP 21, TCP 22, TCP 23, TCP 25, TCP 53, UDP 53, TCP 80, TCP 137, TCP 139, TCP 443, TCP 445
CLASS #4 Objectives
At the end of this class, the student will be able to: Explain common terms used in the field of cryptography
Explain the difference between symmetric and asymmetric encryption
Identify several types of encryption technologies and their application in real world scenarios Summarize fundamentals of TCP/IP
Understand the types of tools used for network self assessment and by hackers Identify the dangers of and risk mitigation techniques for wireless networking
Activities: (15 minutes) Hand in homework
Review Class #3 important concepts (15 minutes)
(10 minutes)
Q&A on Multiple Choice questions from Chapters 11 and 12 (20 minutes)
Lecture: Crypto Applications & Their Use ((30 minutes)
Small Group: Crypto Case Studies (10 minutes)
Break (45 minutes)
LAB: Reconnaissance w/ Scanning Tools; Using WinMD5 (20 minutes)
Lecture: Introduction to Wireless Networking Security (30 minutes)
Small Group/Class Discussion - Applying Chapters 11, and 12 to Class Case Study (10 minutes)
Break (30 minutes)
Continue Class Discussion - Applying Chapters 11 and 12 to Class Case Study (5 minutes)
Review of Next Class Assignments/Discuss Final Exam (5 minutes)
Complete Feedback Survey for Class #4
ASSIGNMENTS COMPLETED PRIOR TO CLASS #5
Read Information Security Principles & Practices text - Chapter 7 Complete all Chapter 7 multiple choice questions for hand-in Be prepared to discuss Exercises 7.5
Read http://www.grc.com/dos/grcdos.htm Internet Research on Botnets
Read Case Study at end of Chapter 7 and be prepared to discuss in class (do not write the press release)
Review for Final
CLASS #5 Objectives
At the end of this class, the student will be able to: Identify the types and targets of computer crime
Summarize the major types of attacks performed by cyber criminals Understand the context of the computer in the legal system
Appreciate the complexities of intellectual property law
Discuss the issues surrounding computer security and priivacy rights Articulate the challenges of computer forensics
Activities: (15 minutes) Hand in homework
Review Class #4 important concepts (15 minutes)
Mini Quiz on Chapters 11 and 12 (10 minutes)
Q&A on Multiple Choice questions from Chapter 7 (20 minutes)
Class Discussion of Exercise 7.5, Case Study, GRC article, and botnets (25 minutes)
Lecture: Computer Forensics, Laws & Regulations, and Cyber Criminals (10 minutes)
Class Discussion: Hiring a Hacker (10 minutes)
Break (30 minutes)
Small Group/Class Discussion: Class Case Study - Activity Logging, Case Study Summary (25 minutes) Review (10 minutes) Break (60 minutes) Final Exam (5 minutes) Class 5 Evaluation (10 minutes) Course Evaluation