Introduces concept of information security. Discusses need for organizational policy to define required services such as confidentiality, authentication, integrity, nonrepudiation, access control, and availability, and mechanisms to implement those services. Covers different types of security including physical security, computer security, and network security; common threats to and attacks against information systems, including accidental damage, identity theft, malicious software, and "spam"; and defensive measures.
Learning Objectives
On successful completion of this course, students will be able to:
- Define information security (IS) and information assurance (IA),
and explain their relevance to information systems and information technology.
- Describe security services needed for modern information systems.
- Describe common threats to and attacks against information systems.
- Explain the need for an organization to define an information security policy describing the
services required to secure the organization's information assets, and for information security
technologies adopted by the organization to be consistent with the policy requirements.
- Describe and give examples of modern information security technologies.
- Give examples of current applications of information security technologies.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Vulnerability Assessment and Management
- Training, Education, and Awareness