INSE 400 Fundamentals of Information Security
The digital revolution has created the need for a focus on information systems security. New risks, threats and vulnerabilities associated with the transformation into a digital world have emerged. A review of compliance law, best practices in IT security, principles of network security, and an overview of operation security process and methodologies are covered in this course. In addition, specific focus on application data and computer security, threat identification, vulnerability assessments, access control, identity management and cryptography is provided.
Cross Listed Courses
None
Corequisite
None
Washington Technology University
Syllabus
INSE 400 : Fundamentals of Information Security
5 Credits
Approved: 8/29/2018 6:27:32 PM
Course Description
The digital revolution has created the need for a focus on information systems security. New risks, threats and vulnerabilities associated with the transformation into a digital world have emerged. A review of compliance law, best practices in IT security, principles of network security, and an overview of operation security process and methodologies are covered in this course. In addition, specific focus on application data and computer security, threat identification, vulnerability assessments, access control, identity management and cryptography is provided.
Course Required Resources
- Kim, D. & Soloman M. (2014). Fundamentals of Information Systems Security. Burlington, Massachusetts: Jones & Bartlett Learning
- Dulaney, E. & Easttom, C. (2018). CompTIA Security+ Study Guide: Wiley
Course Outcomes
Analyze and implement security in terms of Confidentiality, Integrity, and Availability and a balance of their conflicting requirements.
Address the relevant legal, regulatory, and ethical concerns affecting the information security profession nationally and internationally
Examine cyber threats including their origin, motivation, targets and methods.
Implement a defense in depth to prevent, identify and mitigate vulnerabilities, the effects of cyber-attacks, and security breaches.
Review means of authenticating, authorizing, managing access for, and protecting the privacy of users.
Explore how cryptography, in its many forms, is used to secure data at rest and in motion in cyber systems.
Course Keywords
Data Breach, C-I-A Triad, Internet, TCP/IP Protocol Suite, OSI 7-layer Model, Internet of Things, VoIP, Reconnaissance, Probing, Packet Sniffer, Vulnerability Scanner, Threat, Vulnerability, Risk, Attack, Social Engineering, Phishing, Malware, DoS, SQL Injection, Backdoor, Defense in Depth, IDS/IPS, Access control, Authentication, Authorization, Accountability, Security Administration, Risk Identification, Qualitative/Quantitative Risk Assessment, Residual Risk, Benchmark, BCP, DRP, Vulnerability Testing, Penetration Testing, Logs, SEIM, Security Audit, Cipher, Ciphertext, Symmetric/Asymmetric Cipher, Hash, Cryptanalysis
Assignment Summary
25% Project – Hands-On Labs with Professional Tools and Techniques for Information Security
In Lab 1, students will use Wireshark to capture and analyze network traffic, use Nessus to scan the network, use Zenmap to perform a scan of the network, and review a sample collection of data using NetWitness Investigator. Students will also use PuTTY to connect to a Linux machine and run several Cisco commands to display statistics for the network interfaces.
In Lab 2, students will use common applications to generate traffic and transfer files between the machines. Then student will capture packets using Wireshark and review the captured traffic at the packet level, to analyze the vulnerabilities in protocols like FTP, TFTP.
In Lab 3, students will learn how cryptography tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. Student will use Kleopatra, the certificate management component of GPG4Win, to generate both a public and private key as both a sender and a receiver, which will be used to encrypt, sign, decrypt and verify files for secure communication.
25% Instructor Determined Assignments, Collaboration and Participation (attendance and online activities)
The instructor will evaluate participation in the course and in online discussions. The instructor may also include other assignments. The instructor-determined assignments and discussions will be distributed and evaluated such that the total point value reflects the weighting given in the rubrics. The instructor will provide the grading criteria, rubrics, and directions for completing these assignments.
25% Mid Term Exam
Students should be prepared to answer a variety of types of questions pertinent to the concepts covered in or suggested by the course materials, assignments and activities. The instructor may provide additional information about the content, style, and grading criteria of this exam. The test will cover all concepts covered since the first day of class
25% Final Exam
Students should be prepared to answer a variety of types of questions pertinent to the concepts covered in or suggested by the course materials, assignments and activities. The instructor may provide additional information about the content, style, and grading criteria of this exam. The exam will be limited to concepts covered since the mid-term.