Information Technology 466

ITEC 466
Information Assurance Management

1. Catalog Entry

ITEC 466
Information Assurance Management

Credit hours (3)
Prerequisite: ITEC 345

The course covers principles, policies, procedures and management in security. It includes information assurance governance, risk, compliance, planning and procedures.   

2. Detailed Description of Course

    1) Cybersecurity Planning and Management
        a. Common Body of Knowledge
        b. Operational, Tactical, Strategic Plan and Management
        c. Incidence Response, Business Continuity/Disaster Recovery
        d. Audit, Report
        e. C-Level Functions
        f. Cybersecurity as a strategy
    2) Security Program Management
        a. Project and Resource Management.
        b. Quality Assurance and Control
        c. Security Awareness, Training, Education and Ethics
        d. Security Baselines
        e. Change and Patch Management.
        f. Roles and Responsibilities of the Security Organization
    3) Threat Model, Security Risk Analysis: Assessment, Measurement, Management, Mitigation, Transference and Communication.
    4) IA compliance: HIPAA, SOX, FERPA, Data Breach Disclosure Laws, FISMA, Gramm Leach Biley and PCI DSS
    5) IA standards: Rainbow series
    6) Systems Certification and Accreditation
        a. DoD Policies and Directives
        b. Roles/Players
        c. Components of the C&A process
        d. Certification Boards and Panels
        e. NIST Risk Framework (SP800-37)

3. Detailed Description of Conduct of Course

The course is a series of lectures that present the theory. Students will work on projects involving case studies and design of security plans and policies.

4. Goals and Objectives of the Course

Students who complete the course will be able to:
    1) Describe how risk relates to a system security policy and the various risk analysis methodologies.
    2) Categorize risk 1) with respect to technology; 2) with respect to individuals, and 3) in the enterprise, and recommend appropriate responses.
    3) Compare the advantages and disadvantages of various risk assessment methodologies and select the optimal methodology.
    4) Describe applicable laws for compliance in a given situation.
    5) Describe what the laws mandate and where they apply.
    6) Conduct audits to determine compliance with laws.
    7) Define certification and accreditation.
    8) Apply their knowledge to effectively manage a security program.
    9) Examine the placement of security functions in a system and describe the strengths and weaknesses
    10)Develop various security plans, policies and procedures such as business continuity, disaster recovery, protection of IP, patch and change
       management

5. Assessment Measures

Assessment of student achievement is measured by written tests and through projects completed outside of class.

6. Other Course Information

None.

Review and Approval