This class explores the overarching security architectures and vectors of information assurance from a management perspective to allow the learner to formulate the basis for sound business decisions. Students gain an appreciation for systems, networks, processes, methodologies, documentation requirements, recovery processes, certification and accreditation processes as well as “best practice” implementation, training and continuous improvement. Discussions in this course give the correct acumen of personnel security, physical security, and technical operational security as these principles relate and interface with information security principles. Defense-in-depth principles also are covered for designing proper physical security programs. At the completion of the course students should be able to manage an IA function and evaluate an organization’s Contingency Planning process for adequacy. First course in the MSIA Program.
Learning Objectives
- Describe the principal functions of an Information Systems Security Officer (ISSO).
- Describe the principal Information Security functions of System Certifiers.
- Understand the importance of general enterprise-wide security awareness in the day-to-day protection of an enterprise
- Demonstrate a fundamental knowledge of the laws and regulations enacted to combat computer crimes.
- Demonstrate a fundamental understanding of the impact of laws and regulations on both policies and practices of organizations
- Establish fundamental information security policies and procedures.
- Describe the threats and vulnerabilities facing an enterprise - both its physical and technical infrastructure and its intellectual property
- Demonstrate an understanding of the fundamental tactical and strategic means of detecting and monitoring anomalous activity.
- Apply basic Risk Management techniques to determine Business Continuity and Disaster Recovery Planning needs of the enterprise.
- Understand administrative policies and procedures that compliment Information Security Technologies
- Describe personnel security requirements and trustworthiness
- Understand physical security impacts on the enterprise information infrastructure
- Understand critical Infrastructure and planning for possible impacts on IT
- Understand E-discovery, what is it and what does it mean to your enterprise and employees
- Demonstrate understanding of biometrics for identification and authentication in logical and physical access systems
- Understand configuration management
- Demonstrate the ability to establish and supervise the maintenance of the enterprise baseline