The security threats and risks that govern computer systems and networks can be mitigated by using a variety of security models, mechanisms and protocols. Such mechanisms are used to implement security policies that are defined in a risk management strategy. Designing security architecture is a critical task that includes securing hardware, software and networks. This course introduces security models and the concept of subjects and objects in order to discuss authorization and access control. Case studies of how authentication and access control are implemented in real-life systems are also presented. Security risks that are related to networks are equally important. Students define secure communication channels and present known and established network security protocols (SSH, SSL, IPSec, etc.). Special cases such as wireless and mobile networks are also examined to demonstrate how traditional security architectures can be adapted to facilitate different requirements.
By the end of this course, the student will demonstrate:
- A comprehensive understanding of threats, vulnerabilities and how they relate to risk through chapter questions, weekly discussion postings.
- A solid understanding of the tenants of Information Systems Security, the interrelationships between confidentiality, integrity and availability within the context of people, process and technology.
- A technical understanding through research of current ransomware outbreaks, how they were successful, their impact on the effected organization. Additionally, students look through the three lenses of people, process and technology.
- Learn and demonstrate knowledge of viable defense activities and techniques to mitigate risk to acceptable levels across all three security dimensions (PPT).
- An understanding of several of the key cybersecurity frameworks such as the NIST Cybersecurity framework, ISO 27001/02, PCI, and CIS CSC.
- An ability to develop an organizational acceptable use policy throughout the course based on a comprehensive understanding of the threat environment and mitigation strategies.
- An understanding of cybersecurity policy development through development an organizational acceptable use policy that also explores the various perspectives of the various departments within an organization (HR, legal, C-suite, Internal and external stakeholders, customers, vendors, employees, etc).
- Their understanding of effective organizational communication, influence and leadership as they work on case studies and development of their group project acceptable use policy. These case studies and project provides students an opportunity to demonstrate the importance of overcoming organizational resistance to change related to an improved cybersecurity posture and properly mitigated organizational risk.