Computer System Security
Syllabus-1 of 4
Computer System Security Syllabus
CIS 282 Computer System Security
Section 01
Course
Description:
Prerequisites
Textbook and
Resources
Instructor
Office
Email
Office Hours
Instructors Web
Site Address
Course
Objectives
Fall, 2005
MTRF 9:00-9:50 AM
OM 307
This course introduces the basics of network security. The student
will be introduced to computer network vulnerabilities and threats
and how to safeguard computer networks from those vulnerabilities
and threats. This course will expose the student to network security
planning, network security technology, network security organization
and the legal and ethical issues associated with network security
CIS 265















Understand computer, network and information security.
Explain why network security is important
Explain network security prevention, detection and response.
Define and explain the concept of network confidentiality.
Define and explain the concept of information integrity.
Define and explain the concept of network availability.
Define and explain the concept of network auditability.
Define and explain the concept of non-repudiation.
Understanding management’s role in the development,
implementation and maintenance of network security.
Understand the value of education, training and awareness
programs to the organization.
Understand security architecture, it’s principles, components
and employment.
Define risk management and its role in security policy and
security architecture.
Understand the relationship between risk, threats,
vulnerabilities and countermeasures.
Identify and describe risk mitigation strategies.
Define and describe Disaster recovery Plans.
1 of 4
Computer System Security



























Syllabus-2 of 4
Define and describe an Incident Response Plan.
Define and describe a Business Continuity Plan.
Describe the various functions related to database security.
Understand the need for constantly evaluating the status of
security management.
Understand the difference between policies, procedures,
standards and guidelines.
Understand the process of encryption and define the key
cryptography terms.
Understand the difference between asymmetric and symmetric
encryption.
Discuss scanning and analysis tools
Describe the various types of firewalls.
Describe the various types of Intrusion Detection Systems.
Understand the difference between Host Based Intrusion
Detection and Network Based Intrusion Detection.
Describe the operation of Virtual Private Networks.
Understand the importance of authentication and the
characteristics of a good password.
Describe the various approaches to biometrics access control.
Understand the position of the network security element
within the organization.
Understand the skills required to staff the network security
element.
Describe the functional elements associated with network
security.
Understand the relationship between an organizations
employment practices and policies and the network security
function.
Understand the position of the CIRT element within the
security function.
Explain the various credentials that can be acquired by the
security professional and their value.
Identify and explain the major laws relating to network
security.
Understand the issue of privacy and its impact upon the
network security function.
Understand the issue of ethics and its relationship to the
security function.
Understand the cultural differences related to ethics.
Understand the necessity for a code of ethics.
Understand the potential for organizational liability with
regard to network security.
Understand and describe the tradeoffs security, privacy and
operations.
2 of 4
Computer System Security
Major topics
Syllabus-3 of 4
A. Network security basics, security architecture,
security models, and the six keys to network security
B. Network security Planning, Risk Management and
Policy
C. Network security technology
D. Network security organization
E. Legal, privacy and ethical issues
3 of 4
Computer System Security
Outcomes
1. Define and explain the concepts of
confidentiality, information integrity,
availability, non-repudiation, and audit
trails.
2.
Describe the role and significances of
the following components in overall
security management:
o
Employee training and
awareness
o
Risk management
o
Risk mitigation strategies.
3.
Develop and / or evaluate the
following types of information security
plans:
o
Disaster recovery
o
Incident response
o
Business continuity
4.
Describe the primary practices
related to database information security
5.
Articulate the role and foundation
technology underlying the following
tools:
o
Encryption both asymmetric
and symmetric
o
Scanning and analysis tools
o
Intrusion detection systems,
both host-based and network
based
o
Virtual Private Networks and
firewalls
6.
Identify and explain the major laws,
ethical concerns, cultural differences and
liabilities related to information security
Syllabus-4 of 4
Outcome measures
Unit tests and related lab assignments
Unit test and case study
Unit test , case study, lab assignments
Unit test, lab assignments
Lab assignments, final exam
Unit test, final exam
NOTE: This course encompasses the
objectives of the industry-based Security
Plus exam and is based on extensive use
of lab exercises that demonstrate
implementation and application of
concepts.
4 of 4