CS 490/CIS 790
Information System
Security
Welcome to the Course!
Taught By:
Dr Susan Lincke (CISA)
Security Certifications
Managerial
Technical
Certified Information Security Mgr Certified Information Systems Auditor
(CISM)
(CISA)
Security Architect, Security Mgr,
IT Auditor
Security Consultant
High-Level & Detail Oriented
High-Level Oriented
Focus: Audit, Compliance
Certified Information Systems Security Professional
(CISSP)
Auditor, Security Consultant, Security Mgr,
Security Architect
Detail-Oriented
Secure+
Security Administrator
Certification
Overlap
Audit
Systems Life Cycle Mgmt
IT Governance
CISA
Software
CISM
Network Security
Engineering
Security Program Info Security
Data ComDevelopment
Risk Physical Control
munications &
Incident Response & Business Continuity
Networks
& Disaster Recovery
Operations
Telecommunications
Forensics
CISSP
Security
Security Architecture
Security
Program
Mgmt
Legal Regulations
Cryptography
Course Material
Security
Program
Mgmt
IT Governance
Audit
Systems Life Cycle Mgmt
CISA
Software
CISM
Engineering
Network Security
Security Program Info Security
Data ComDevelopment
Risk Physical Control
munications &
Incident Response & Business Continuity
Networks
& Disaster Recovery
Operations
Telecommunications
Forensics
CISSP
Security
Security Architecture
Legal Regulations
Cryptography
Information Security Careers
IT Auditor, Quality Assurance, Forensics
Legal compliance
Security recommendations
Audit
Forensics
Development:
Design requirements
Develop applications
Database Administration
Security software dev.
IT & Security Administration
Protect the network
Implement access control
Monitor IPS/Firewall
Risk Analysis
Security Architecture
Security Program Management
Control Layers
Technical
Network Access, Network architecture, Encryption, System Access, Protocols
Physical:
Perimeter security
Network segregation
Data backups
Computer controls
Cabling
Zoning
Administrative:
Policy & Procedures
Personnel controls
Security Training
Compliance Testing
Course Work
Lab
Lecture
Presentation:
PowerPoint
Health First
Requirements
& Design
Community
Partner
experience
Apply in
Case Study
guide
Work
Book
Health First Case Study
Health First
Jamie Ramon,
MD
Partner
Terry Winkler
Office
Administrator
Chris Ramon, RD
Partner
Sonia Ramon
Temporary Asst.
Kenosha Software
Consulting
Pat Carlson
Systems Analyst
Adrian Francois
System
Administrator
Jamie Ramon MD
Doctor
Chris Ramon RD
Dietician
Terry
Medical Admin
Pat
Software Consultant
HEALTH FIRST CASE STUDY
Service Learning Component:
Non-Disclosure Agreement
Wrong Way:
You: I developed a security plan for Help-The-Community
Interviewer: What specifically did you do?
You: I helped them to define their data security
classification schemes and recommended they encrypt
their back-up tapes daily, among other things.
Interviewer: What did you find?
You: They had no security. They were hopelessly nontechnical. We introduced some security, including
adding WPA to their wireless network.
What is wrong with this dialogue?
Service Learning Component:
Non-Disclosure Agreement
Right Way:
You: I developed a security plan for Help-The-Community
Interviewer: What specifically did you do?
You: Well, we worked with information security and
network security using the Small Business Security
Workbook. But I can’t go into more details.
Interviewer: What did you find?
You: I signed a non-disclosure agreement. But I can tell
you more about the Health First Case Study we worked
on…
How to Study
Do the work in class
 Use the test questions (CD) in the
presentations and the book for chapters
covered

 “Think

like ISACA or ISC does”
General vocabulary and concepts at end
of presentation