Course Description

IS 497B: Special Topics in Information Systems

Information Security and Assurance

 

497B. SPECIAL TOPICS IN INFORMATION SYSTEMS; INFORMATION SECURITY AND ASSURANCE (3 units)

This course is for students who are Information Systems majors who are at the senior level.  Topics in this course address technical and managerial aspects of information security and assurance including examples of; information security issues, tools and practices.  The course covers how information systems decisions regarding infrastructure components are evaluated in light of both business and security objectives.

 

Learning Goals:

Students shall develop an understanding of the following topics.  A student should be able to articulate that understanding and apply it to real-world situations.

 

• The definition and nature of information security and be able to contrast that with information assurance.
• Why information security is important in the modern networked business environment
• Threats and vulnerabilities of network information systems security
• Personal computer security
• Organizational, enterprise-level security
• Types of measures available to protect information systems
• Understand the business value of security
• Planning for systems security
• Understand and develop security policy for an enterprise
• Be able to coordinate or reconcile the security policy with organizational goals
• Understand concepts related to the management of the security of an information system
• Particularly means of instilling awareness of the criticalness of systems security in the minds of users

 

 

Learning Modules:

The course will be divided into several learning modules for instruction purposes.  A description of each module is provided.  The modules follow roughly the section and chapter outlines of much of the contents of the textbook.  The book is;

 

Management of Information Security Fourth Edition, by Michael E. Whitman and Herbert J. Mattoro, Course Technology, Boston, 2014

 

Module I:  Security Awareness

 

• I have found that, even among those who should have knowledge of information security, there is a lack of awareness of the magnitude of the task in securing distributed systems.  This module will begin by making students aware of factors that pose threats to systems and how systems are vulnerable to those threats.  This will instill in the student an appreciation for study in information systems security.  Students will learn of the importance of personal computer security and how it relates to overall distributed systems security.
• Students will learn why security is important and who the attackers are and how they attack.  The module will outline basic tasks necessary for safeguarding a computer system.
• Students will be instructed in how to make desktop and laptop computers secure by protecting the equipment and the data stored on them, as well as preventing viruses, bots and spyware from taking over.
• Students will have an introduction in this module to how an organization can implement a secure environment through security policies, human resource procedure and business continuity plans.
• Students will learn how about Internet and internal network security and how to protect networks from attacks.  Students will also learn how to prepare for the inevitable attack, how to remain alert and what to do when an attack occurs.

 

Module II:  Information Security Planning

 

• Students will receive knowledge in greater detail of how to plan for systems security and how to plan for contingencies.  Students will learn more about business continuity plans and how to protect an organization from business disruptions resulting from attacks and other breaches in security.

 

Module III:  Information Security Policy and Programs

 

• Students will gain detailed knowledge of why a security policy is important and how to develop a security policy, particularly one for an enterprise-level information system.
• Students will learn about developing information security programs within organizations and how the programs will differ depending on the size of an organization as well as the type of work the organization does.
• Students will learn about security management models and practices that are available that may guide security policy and programs.

 

Module IV:  Protection of Information Systems

 

• Students will learn how to manage risk through identifying, assessing and controlling risk related to organizational information systems.  This will include instruction on mechanisms that are available for protecting information systems.

 

Module V:  Issues in Information Security Related to People and Society

 

• Students will gain knowledge in the role of personnel management in information security.  This module includes discussion of security issues in staffing the IT function as well as other employee attributes related to information security.
• Students will learn about issues of Law and Ethics in the realm of information security.
• Students will learn about managing information security projects within organizations.

 

 

[back]

 

This WebPage created and maintained by David W. Miller.  ©2006  All rights reserved by the author.

The page was last updated on January 19, 2016.

CSUN Home | COBAE Home | Accounting & IS Home | Information Systems Info Page