This course focuses on legal, ethical and security issues involving data and information assets organizations must address to ensure operational continuity as well as compliance with standards, policies and laws. Students examine various levels of threats to an organization’s data and develop standards, policies, procedures and plans to combat them. Security technology specific to safeguarding data and information assets is also covered.
- Given an organization which needs a general security policy, provide a brief overview of the guiding principles that should form the basis of that security policy.
- Possess a thorough understanding of the common body of knowledge.
- Have a working knowledge of security management practices.
- Be able to apply and explain how computer law and ethics relates to an organization's computer security practices.
- Understand the major security models and be able to integrate one or more of them into an organization's security plan.
- Given an organization requiring physical security, be able to establish physical security guidelines for that organization.
- Given an organization requiring operational security, be able to establish operational security guidelines for that organization.
- Be able to analyze and select the appropriate backup strategy for a given organization.
- Be able to establish access control strategies for a given organization.
- Be able to understand basic cryptography well enough to analyze different cryptography solutions, and select the appropriate one for a given organization's security needs.
- Be able to select the appropriate firewall.
- Be able to analyze and select an appropriate Intrusion Detection System.
- Explain how software development impacts data security and privacy.