Jan 23, 2022
CIS 229 - Protecting Your PC and Network: Countermeasures to Network 3 Credits, 3 Contact Hours
3 lecture periods 0 lab periods
Management of security for networking security professionals. Includes an overview of risk assessment and risk management principles, the CIS (confidentiality, integrity and availability) Triad, security management and policies, access controls, software development security, business continuity, and disaster recovery planning. Also includes an introduction to cryptology, legal aspects of computer crime, telecommunications, and network security.
Recommendation: Completion of CIS 119 or CIS 170 , and CIS 228 before enrolling in this course. If any recommended course is taken, see a financial aid or Veteran’s Affairs advisor to determine funding eligibility as appropriate.
Information: This course corresponds to the CISSP Certification (Certified Information Security Specialist Profession), but is not intended as a complete preparation for the CISSP Exam.
Course Learning Outcomes
- Discuss risk assessment and management techniques in IT security.
- Categorize types of threats or malware in software security.
- Explain countermeasures to malware within the area of software security.
- Discuss the use of Internet Protocols, (TCP/IP and TCP/UDP) Ports and their use in malware attacks.
- Explain the trade-offs of the Security Triad as they relate to securing information.
- Discuss fraud and cybercrime topics of importance.
- Discuss public and private key encryption techniques used in securing information.
- Risk Assessment and Risk Management within Information Security
- Risk avoidance
- Risk mitigation
- Risk acceptance
- Methods of Controlling Access to Information
- Possession-based authentication
- Biometric authentication
- Multi-factor authentication
- Ensuring Security through Software Development
- Operating system security
- Application development security
- Object-oriented programming and security
- Identification of Threats and Malware within Information Security
- Buffer overflow attacks
- Types of malicious software
- Trojan horses
- Employing Countermeasures to Threats and Malware within Information Security
- Anti-virus software
- Anti-rootkit software
- White-listing software
- Introduction to Internet Protocols and TCP/UDP (Transmission Control Protocol/User Datagram Protocol) Ports
- IPv4 Addressing and Network Computation
- TCP (Transmission Control Protocol) Introduction
- Security flaws in TCP/IPv4
- Guaranteeing Business Continuity and Disaster Recovery Planning
- Classifying disasters
- The business continuity (BC) and disaster recovery lifecycle (DRL)
- Developing BC and DRL plans
- Exploring the legal aspects and regulations in investigations
- The roles of computers in crime
- Categories of computer crimes
- Espionage and cyber warfare
- Theft and fraud
- Cyber fraud
- Security Operations Employed in Protecting Information
- Security operations concepts
- Least privilege
- Separation of duties
- Job rotation
- Data restoration
- Protection of backup media
- Offsite storage of backup media
- Introduction to Physical and Environmental Security Telecommunications and Network Security
- Site access security
- Equipment protection
- Environmental controls
- The 10 domains of Knowledge for the CISSP (Certified Information Security Specialist Profession)
- Public and Private Key Encryption Methods
- Overview of public vs private key encryption
- Public key infrastructure
- Popular encryption algorithms
- Security Architecture and Design
- Security models
- Mandatory access control
- Discretionary access control
- Role-based access control
- Rule-based access control
B. Computer hardware architecture
- Central processor unit
Full Academic Year 2018-2019
Add to Portfolio (opens a new window)