Information Systems Security

The Information Systems Security concentration provides graduates with fundamental knowledge of technology and business with specific knowledge in securing information systems enabling graduates to pursue a career securing, managing, and supporting information technology within a variety of organizations.

Topics include computer systems and database security, applied cryptography, network security, decision support systems, and I.T. project management.

ITEC 445 will cover threats and vulnerabilities in software systems, principles to design and implement secure software systems, database and information security.

Computer System and Database Security (ITEC 445)

Topics include:
1. Computer application vulnerabilities, threats and attacks
2. Malicious software
3. Physical security of servers
4. Secure software design principles
5. Security analysis (ethical hacking/penetration testing)
6. Operating System  security
7. Evaluating systems for security using standards (e.g., Common Criteria)
8. Database Security and Privacy
9. Host based security controls such as Intrusion detection and prevention mechanisms


Students who complete the course will be able to:
1. Describe and identify common vulnerabilities and exploits in software applications.
2. Apply well-known secure design principles such as least privilege, separation of privilege, complete mediation, economy of mechanism and least common mechanism.
3. Implement secure code for applications in a high-level language such as Java.
4. Identify and describe the various security controls and secure operations to achieve security and privacy in operating systems and databases.
5. Describe the concepts of assurance and trust.
6. Describe the process of evaluating systems for security using standard criteria such as the Common Criteria.

ITEC 455 will cover threats and vulnerabilities in computer networks, cryptography and its application to network security mechanisms, secure network protocols and network intrusion detection systems.

Applied Cryptography and Network Security (ITEC 455)

Topics include:
1. Secret and public key cryptography.
2. Modes of operation.
3. Hashes and message digests.
4. Public key infrastructure.
5. Threats and attacks on networking infrastructure.
6. Analyzing networking protocols for security flaws.
7. Secure authentication protocols and security standards (e.g., Kerberos, SSL/TLS).
8. Securing networks: defense in depth, device security, perimeter security, wireless security.
9. Incident response.


Students who complete the course will be able to:
1. Identify and describe the working and application of various cryptographic algorithms and mechanisms including secret and public key cryptographic algorithms, modes of operation, hashes and message digests.
2. Identify and describe vulnerabilities, threats and attacks on a networking infrastructure.
3. Analyze common network protocols for security issues and describe standards such as Kerberos, public key infrastructure (PKI) and IPsec.
4. Configure and/or apply network security controls such as firewalls, virtual private networks and intrusion detection systems.  
5. Respond to network security incidents.  

ITEC 485 will cover data and modeling solutions to semi-structured business problems including expert systems, executive information systems, on-line analytical processing, natural language interfaces, and ad-hoc query and reporting tools.

Decision Support Systems (ITEC 485)

Topics include:
1) Computer-based decision support systems as currently developed and utilized by business decision makers
2) Decisions and decision makers
3) Modeling decision processes
4) Designing and building Decision Support Systems (DSS) and Enterprise Systems (ES)
5) The DSS and ES development process
6) The use of application  software to construct prototype decision support system components
7) Spreadsheet models used in the decision making process
8) Concepts and structure of ES


Students who complete the course will be able to:  
1) Identify benefits and limitations of DSS and ES use.
2) Describe the importance of user interface in DSS and ES.
3) Define the characteristics a good decision.
4) Describe the process of choice.
5) Describe the concept of ES knowledge engineering and how it is distinct from traditional IS development.
6) Compare how DSS and ES differ from and relate to other types of information systems.
7) Create expert systems applications using an ES shell
8) Create a stand-alone or web based DSS or ES

ITEC 495 will cover advanced topics in information systems that build on previous courses in software engineering, web programming, databases and business.  This course is intended to provide a large information system capstone experience.

Information Systems Capstone (ITEC 495)

Topics include:
1. Leveraging the power of information.
2. The strategic value of IS and the alignment between business and IT.
3. The disruptive and transformational potential of information technologies.
4. Various methods of system acquisition and their pros and cons.
5. Managing an effective IT infrastructure.
6. Managing the outsourcing of IT operations.
7. Managing a balanced IT project portfolio.
8. Understanding IS leadership and governing the IS Function.
9  Technological trends and implications.


Students who complete the course will be able to:  
1. Assess the strategic value of information systems (IS) to an organization.
2. Recognize the importance of the alignment of business and IS strategies and capabilities.
3. Evaluate the business impacts of networked IT infrastructures.
4. Apply the principles of information security and risk management.
5. Explain different methods of acquiring information systems and their pros and cons.
6. Evaluate the disruptive and transformational potential of emerging information technologies.
7. Apply the project portfolio approach to project management.
8. Analyze IS leadership and IT governance issues.