This course provides a broad overview of security in information systems. Covered are various aspects of security in computing, including security threats and controls; basic cryptography and its applications; network intrusion detection and prevention; security administration and planning; anonymity and privacy; legal issues; protection; and ethics. Coursework also examines controls in information systems, and addresses security issues surrounding information systems and computer-generated data.
- Given a specific description of hardware, systems software, and application software components of a computer-based system, identify and assess the controls we expect to find in each of the system components and describe how they function.
- Given a Local Area Network (LAN) and Wide Area Network (WAN), identify and analyze the inherent weaknesses and exposures, identify control techniques commonly used to provide security of data and control over access to the network, and demonstrate how a security plan functions to safeguard against unauthorized network access.
- Given a computer network for data transmission, identify and analyze the possibilities for loss or modification of data and demonstrate techniques to safeguard data from loss, modification or improper disclosure during transmission by using encryption, digital signatures, cryptographic seals, and time stamp techniques, and describe how they provide the elements of secrecy, authenticity, detection of modification, and detection of reuse of the transaction data.
- Given the history and the definition of computer crime, identify the role the computer played in a given crime scenario by reviewing several cases of computer crime.
- Given the concepts of risk, exposure, vulnerabilities, strengths, and weaknesses in a system of internal controls, demonstrate how controls reduce risk of loss by reducing the amount subject to loss, the probability of loss, or the impact of the loss using insurance.
- Given the definition of legal and ethical behavior, demonstrate the ethical actions according to the several means of reviewing behavior, and given cases of development and ownership of hardware, software or data, analyze the need for legal protection and identify the remedies available to the developer/owner.
- Given the concept of a patent and the legal protection that it provides the owner and/or inventor of hardware, demonstrate the copyright laws and the protection they provide for the software owner or developer.
- Given the concept of how security and privacy controls can be applied in order to maintain IS ethics in the organization, identify and analyze the unique skills that managers must possess to perform their responsibilities.