Upon course completion, the student will be able to:
1. Define information security and identify its key terms, critical concepts, and evolvement overtime.
2. Describe the information security roles of professional within an organization, and Compare and contrast the phases of security systems development life cycle.
3. Demonstrate organizations’ business need for information security; and describe where and how the information security function should be positioned within organizations.
4. Identify the threats posed to information security; differentiate threats to the information within systems from attacks against the information within systems; and evaluate alternative strategies in defending against information security threats.
5. Differentiate laws, ethics, and cultures in information security and identify major laws that affect the practice of information security,
6. Illustrate the importance of risk management in information security and describe how risk is identified, assessed, and mitigated.
7. Define management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines; and discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs.
8. Describe what an information security blueprint is, what its major components are, and explain how it supports the information security program.
9. Explain what contingency planning is and how it relates to incident response planning, disaster recovery planning, and business continuity planning.
10. Recognize the important role of access control, fire walls, authentication and authorization, content filtering, virtual private networks, Instruction Detection Systems, and other technologies in protecting information systems.
11. List the recommended security management models; define a model for a full maintenance program; and identify the key factors involved in monitoring the external and internal environment.