This course examines a broad range of issues in computer and information security that security management professionals must address as they communicate with information technologists and prepare general information security plans. Computer and computer data protection, intrusion and control are introduced. In addition, ethical, legal and regulatory aspects of information management are discussed in the context of accessing and distributing data in a secured fashion. Computer forensics, vulnerability of networked and Internet-accessible computers, and fraudulent activities using computers are covered.
- Given a security case, describe the law that is applicable to the case concerning the rights, duties, and penalties of individuals in their relationships with each other.
- Given an organization with a need for information security, identify and prioritize information assets.
- Given an organization with a need for information security, conduct a security analysis to identify and prioritize threats to information assets.
- Given an organization's security analysis, define an information security strategy.
- Given an organization's security strategy, design an information security model and framework.
- Given an information system strategy and design, plan for and respond to intruders.
- Given an organization's physical facility and information system strategy, plan for and respond to intruders.
- Given a security case, develop a disaster recovery plan for recovery of information assets after an incident.
- Given a specific organization, design a security and personnel program for internal security.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.