CIS 250 NETWORK SECURITY JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS
|
|
- Gwen Randall
- 8 years ago
- Views:
Transcription
1 CIS 250 NETWORK SECURITY JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS Prerequisites: CIS 175 Course Description This course is designed to give students a fundamental understanding of computer and network security. It will introduce students to a wide variety of concepts related to computer security. This course will help prepare the student for the CompTIA Security + Certification. This course is one of the required courses for obtaining the NSTISSI 4011 and CNSSI 4013 certifications. NSTISSI 4011 Course Objectives NSTISSI 4011 Mapping Details CNSSI 4013 Course Objectives CNSSI 4013 Mapping Details General Objectives Textbook Security+ Guide to Network Security Fundamental. 3rd Edition. Ciampa, Course Technology, Other Reference Materials Air Force Instruction , Volume 3, Emission Security Countermeasures - AFI33-203V3, November Key Management Using ANSI X9.17, U.S. Department of commerce, OMB Circular A-130 NIST Special Publication , An Introduction to Computer Security, October NIST Special Publication , Information Technology Security Training Requirements: A Role- and Performance-Based Model, April NIST Special Publication , Guide for Developing Security Plans for Federal Information Systems, February NIST Special Publication , Security Self-Assessment Guide for Information Technology Systems, November NIST Special Publication , Risk Management Guide for Information Technology Systems, July NIST Special Publication , Contingency Planning Guide for Information Technology Systems, June 2002.
2 NIST Special Publication , Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004 NIST Special Publication , Security Guide for Interconnecting Information Technology Systems, September NIST Special Publication , Building an Information Technology Security Awareness and Training Program, October NIST Special Publication , Recommended Security Controls for Federal Information Systems, December NIST Special Publication , Guideline for Identifying an Information System as a National Security System, August NIST Special Publication , Guide for Mapping Types of Information and Information Systems to Security Categories, June NIST Special Publication , Computer Security Incident Handling Guide, January NIST Special Publication , Security Considerations in the Information System Development Life Cycle, October NIST Special Publication , Guidelines for Media Sanitization, September NIST Special Publication , Information Security Handbook: A Guide for Managers, October CNSS Policy No. 6, National Policy on Certification and Accreditation of National Security Systems, October TEMPEST in a teapot: A note discussing the prevention of electromagnetic eavesdropping of personal computers. Grady Ward The Complete, Unofficial TEMPEST Information Page TEMPEST Information Page. This page is about surveillance technology. Class Participation/Quizzes/Homework Each student is expected to have all reading assignments and homework completed prior to coming to class. A 10% penalty per calendar day will be assessed for late assignments or homework. Tests Four exams, including a comprehensive final, will be given covering material from the text, handouts and class lectures. The tests may include multiple-choice, fill in the blank, short answer, matching, and essay questions. If it is necessary to miss an exam, it will be the student's responsibility to contact the instructor to arrange a time to make up the exam. Make-up exams may not be the same exam given during the regular exam date and must be taken prior to the final exam period. Grading Policy Each student's final grade will be determined by the following: Homework/Lab...70% Tests and Comprehensive Final...30% Total...100% Grading Scale A B C D F...69 or below
3 Attendance Policy Students are expected to attend all classes. After three hours of missed class time, 1 point will be deducted from the student's final grade for each additional one-hour of class time missed. It will be the student's responsibility to obtain all information missed. Tardiness to class will result in the equivalent of a one hour absence for every tardy. Course Format This course will use problem-based learning as its primary mode of knowledge discovery. It will be the student's responsibility to learn based on problems presented. Some classroom discussion periods will be used to clarify what is to be learned. Academic Honesty Plagiarism, cheating, and other forms of academic dishonesty are prohibited. Any student who is caught cheating on a test, exam, lab assignment, etc. will be given a grade of F for the entire course. Other Comments Jackson State will make reasonable accommodations for persons with documented physical, mental or learning disabilities. Students should notify their instructor and the Coordinator of Disabled Student Services located in the Counseling Office, Room 12 of the Student Union Building - of any special needs. Instructors should be notified the first week of class. All discussions remain confidential. No children allowed in the classroom. Cell phones and pagers must be turned off in the classroom. Ringing cell phones and audible pagers will negatively impact the student s class participation grade.
4 Network Security CIS 250 NSTISSI 4011Course Objectives G1. Describe the different types of software-based attacks G2. List types of hardware attacks G3. Define virtualization and explain how attackers are targeting virtual systems G4. Explain how to harden operating systems G5. List ways to prevent attacks through a Web browser G6. Define SQL injection and explain how to protect against it G7. Explain how to protect systems from communications-based attacks G8. Describe various software security applications G9. Explain the types of network vulnerabilities G10. List categories of network attacks G11. Define different methods of network attacks G12. Explain how to enhance security through network design G13. Define network address translation and network access control G14. List the different types of network security devices and explain how they can be used G15. Describe the basic IEEE wireless security protections G16. Define the vulnerabilities of open system authentication, WEP, and device authentication G17. Describe the WPA and WPA2 personal security models G18. Explain how enterprises can implement wireless security G19. Define access control and list the four access control models G20. Describe logical access control methods G21. Explain the different types of physical access control G22. Define authentication G23. Describe the different types of authentication credentials G24. List and explain the authentication models G25. Define authentication servers G26. Describe the different extended authentication protocols G27. Define risk and risk management G28. Describe the components of risk management G29. List and describe vulnerability scanning tools G30. Define privilege audits G31. Describe how usage audits can protect security G32. List the methodologies used for monitoring to detect security-related anomalies G33. Describe the different monitoring tools G34. Define cryptography G35. Describe hashing G36. List the basic symmetric cryptographic algorithms G37. Describe how asymmetric cryptography works G38. List types of file and file system cryptography G39. Explain how whole disk encryption works G40. Define digital certificates G41. List the various types of digital certificates and how they are used G42. Describe the components of Public Key Infrastructure (PKI) including G43. List the tasks associated with key management G44. Describe and domonstrate the different cryptographic transport protocols including how it is applied to dial-up, dedicated, end-to-end access control, public vs private networks. Also, IPSEC, PPP, PPTP and L2TP protocols are addressed as it applies to the transport, tunnel, AH and ESP modes G45. Define environmental controls G46. Describe the components of redundancy planning G47. List disaster recovery procedures G48. Describe incident response procedures G49. Define organizational security policy
5 G50. List the types of security policies G51. Discuss various technological policy and educational solutions relating to personnel/user issues, awareness, training and education, and computer support and operations. G52. Discuss personnel security practices and procedures G53. Explain and discuss examples of administrative security procedural controls including password policies, copyright protection, destruction procedures, computer misuse, repudiation, security plan preparation, sanitization and transportation of media G54. Describe access, control and storage of COMSEC material including destruction procedures for COMSEC material, identify and inventory COMSEC material, key management protocols (bundling, electronic key, over-the-air rekeying), report COMSEC incidents G55. Discuss TEMPEST Security with regards to attenuation, banding, cabling, filtered power, grounding, shielding, TEMPEST separation, zone of control/zoning G56. Students will complete an activities that involve identifying example policy and procedures related to physical security measures, personnel security practices and procedures G57. Students will configure mechanisms to protect information such as setting access privileges, create audit trails, configuring authentication settings, create and implement a password policy and set up auditing on network server. Students will participate in lab exercises using Wireshark to capture and examine network traffic G58. Describe software security policy and procedures including assurance, configuration management (change controls, documentation, programming standards and controls), software security mechanisms to protect information (access privileges, application security features, audit trails and logging, concept of least privilege), identification and authentication, internal labeling, malicious logic protection, need-to-know controls, operating systems security features and segregation of duties). G59. Students will examine samples, when applicable, and discuss security reviews, the effectiveness of security programs, investigations of security breaches, monitoring systems for accuracy and abnormalities, privacy, review of accountability controls, review of audit trails and logs, review of software design standards, verification, validation, testing, and evaluation processes
6 Network Security CIS 250 NSTISSI 4011Mapping Details (G) NSTISS Policies and Procedures: Course objectives G1 G21, G29, G51. Course lectures include an extensive review of the threat and vulnerabilities that exist in an AIS/telecommunications system. In addition, how to protect against these threats are both discussed and applied in various labs throughout the course. The NIST Handbook Special Publication NIST pdf Chapters 10, 13 and 14 discuss various technological policy and educational solutions relating to personnel/user issues, awareness, training and education, and computer support and operations. o (G1a) Physical Security Measures: The NIST Handbook Special Publication NIST pdf Chapter 15 and course objectives G19 G21, G56 covers alarms, building construction, cabling, communications centers, environmental controls (humidity and air conditioning), filtered power, information systems centers, physical access control systems (key cards, locks and alarms), power controls (regulator, uninterrupted power service (UPS), and emergency poweroff switch), protected distributed systems, shielding, stand-alone systems and peripherals and storage area controls. Students will complete an activity that involves identifying example policy and procedures related to physical security measures. These examples will be found on web sites such as o (G1b) Personnel Security Practices and Procedures: The NIST Handbook Special Publication NIST pdf Chapter 10 and 13 and course objectives G27 G28, G49 G50, G52, G56 discusses access authorization/verification (need-to-know), contractors, employee clearances, position sensitivity, security training and awareness (initial and refresher) and systems maintenance personnel. Students will complete an activity that involves identifying example policy and procedures related to personnel security practices and procedures. These examples will be found on web sites such as o (G1c) Software Security: The NIST Handbook Special Publication NIST pdf Chapters 9, 13, 14, 17 and 18 and course objectives G1 G7, G19 - G26 and G30 G33, G57 - G58 covers assurance, configuration management (change controls), configuration management (documentation), configuration management (programming standards and controls), software security mechanisms to protect information (access privileges), software security mechanisms to protect information (application security features), software security mechanisms to protect information (audit trails and logging), software security mechanisms to protect information (concept of least privilege), software security mechanisms to protect information (identification and authentication), software security mechanisms to protect information (internal labeling), software security mechanisms to protect information (malicious logic protection), software security mechanisms to protect information (need-to-know controls), software security mechanisms to protect information (operating systems security features), software security mechanisms to protect information (segregation of duties). Students will complete an activity that will require them to set configure mechanisms to protect information such as setting access privileges, create audit trails and configuring authentication settings. o (G1d) Network Security: The NIST Handbook Special Publication NIST pdf Chapter 19 and course objectives G19 - G21, G32 G33, G40 G44 covers dial-up vs dedicated, end-to-end access control, privileges (class, nodes), public vs private, traffic analysis. This chapter specifically addresses IPSEC and discuss transport protocol such as PPP, PPTP and L2TP. Students will participate in lab exercises using Wireshark to capture and examine network traffic. o (G1e) Administrative Security Procedural Controls: The NIST Handbook Special Publication NIST pdf Chapter 8, 10, 14 and 16, NIST Information Security Handbook: A Guide for Managers NIST pdf Chapter 3 and 8, NIST Guidelines for Media Sanitization NIST pdf Chapter 4 and course objectives G19 G21, G36 G37, G40 G42, G53, G57 discusses
7 attribution, construction, changing, issuing and deleting passwords, copyright protection and licensing, destruction of media, documentation, logs and journals, emergency destruction, external marking of media, media downgrade and declassification, preparation of security plans, reporting of computer misuse or abuse, repudiation, sanitization of media, transportation of media. Students will do a lab involving create and implement a password policy. o (G1f) Auditing and Monitoring: The NIST Handbook Special Publication NIST pdf Chapter 4 and 18, NIST Information Security Handbook: A Guide for Managers NIST pdf Chapter 7, and course objectives G30 G33, G57, G59 covers conducting security reviews, effectiveness of security programs, investigation of security breaches, monitoring systems for accuracy and abnormalities, privacy, review of accountability controls, review of audit trails and logs, review of software design standards, verification, validation, testing, and evaluation processes. Students will do a lab that will have them set up auditing on network server. They will them review logs that show the results of the audit. o (G1g) Cryptosecurity: The NIST Handbook Special Publication NIST pdf Chapter 19, and course objectives G34 G44 covers cryptovariable or key, electronic key management system and encryption/decryption method, procedure, algorithm. o (G1h) Key Management: The NIST Handbook Special Publication NIST pdf Chapter 19, Key Management Using ANSI X9.17.pdf and course objectives G34 G44, G54 covers access, control and storage of COMSEC material, destruction procedures for COMSEC material, identify and inventory COMSEC material, key management protocols (bundling, electronic key, over-the-air rekeying), report COMSEC incidents. o (G1i) Transmission Security: Covered in the CIS 175 course. o (G1j) TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course objectives G45 and G55 covers attenuation, banding, cabling, filtered power, grounding, shielding, TEMPEST separation, zone of control/zoning.
8 Network Security CIS 250 CNSSI 4013Course Objectives F1A1. Describe the basic IEEE wireless security protections and policies F1A2. Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards F1A3. Describe and demonstrate the different cryptographic transport protocols including how it is applied to dial-up, dedicated, end-to-end access control, public vs private networks. Also, IPSEC, PPP, PPTP and L2TP protocols are addressed as it applies to the transport, tunnel, AH and ESP modes F1A4. List and describe the different types of network security devices and explain how they can be used F1A5. Define and describe network address translation and network access control including wide area network security policies F1A6. Explain how to enhance security through network design including policy development F1A7. Define and describe different methods of network attacks F1A8. List categories of network attacks F1A9. Explain the types of network vulnerabilities F1A10.Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security F1A11. List ways to prevent attacks through a Web browser F1A12.Define SQL injection and explain how to protect against it F1A13.Explain how to protect systems from communications-based attacks F1A14.Describe various software security applications F1A15.Students will complete lab activities that focus on hardening operating systems. F1A16.Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practices and procedures F1A17.Define and describe zoning and zone of control policy F1B1 Define environmental controls F1B2 Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards F1B3 Describe and demonstrate the different cryptographic transport protocols including how it is applied to dial-up, dedicated, end-to-end access control, public vs private networks. Also, IPSEC, PPP, PPTP and L2TP protocols are addressed as it applies to the transport, tunnel, AH and ESP modes F1B4 Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security F1B5 List ways to prevent attacks through a Web browser F1B6 Define SQL injection and explain how to protect against it F1B7 Explain how to protect systems from communications-based attacks F1B8 Describe various software security applications F1B9 Students will complete lab activities that focus on hardening operating systems. F1B10 Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards F1B11 Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards F1D1 Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards F1F1 Describe the different types of software-based attacks including Keyloggers
9 F1F2 List types of hardware attacks including Keyloggers F4A1 Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards as it applies to the risk management process F4A2 Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security F4A3 List ways to prevent attacks through a Web browser F4A4 Define SQL injection and explain how to protect against it F4A5 Explain how to protect systems from communications-based attacks F4A6 Describe various software security applications F4A7 Students will complete lab activities that focus on hardening operating systems. F4A8 Describe what zoning and zone of control ratings are based F4A9 Address authentication, biometrics, access, access control software, account management and procedures with the work force and staff and describe data access F4B1 Define and describe decentralized/distributed single sign on, discretionary and mandatory access controls and security domains F4B2 describe access control physical, logical, and administrative configurations, access rights and permissions, techniques and policies and identify access control attacks F4B3 Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security F4B4 List ways to prevent attacks through a Web browser F4B5 Define SQL injection and explain how to protect against it F4B6 Explain how to protect systems from communications-based attacks F4B7 Describe various software security applications F4B8 Students will complete lab activities that focus on hardening operating systems. F4E1 Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security F4E2 List ways to prevent attacks through a Web browser F4E3 Define SQL injection and explain how to protect against it F4E4 Explain how to protect systems from communications-based attacks F4E5 Describe various software security applications F4E6 Students will complete lab activities that focus on hardening operating systems. F5A1 Address authentication, biometrics, access, access control software, account management and procedures with the work force and staff and describe data access F5A2 Define decentralized/distributed single sign on, discretionary and mandatory access controls and security domains F5B1 Address authentication, biometrics, access, access control software, account management and procedures with the work force and staff and describe data access F5C1 Define and describe decentralized/distributed single sign on, discretionary and mandatory access controls and security domains F5C2 Address authentication, biometrics, access, access control software, account management and procedures with the work force and staff and describe data access
10 o o Network Security CIS 250 CNSSI 4013 Mapping Details (F1) Function 1 Secure Use (F1A) General Security Policy (F1A15) Wireless Security. The course textbook identifies organizational wireless security policies. Course objective F1A1 (F1A16) EMSEC/TEMPEST (Emanations Security/Short name referring to the investigation, study, and control of compromising emanations from IS equipment): TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course textbook define, describe and identify EMSEC/TEMPEST security and control policies. Course objectives F1A2 and F1A3 o (F1A29) Network: The NIST Handbook Special Publication NIST pdf Chapter 19 and the course textbook describe computer network defense, policies relevant to network security and wide area network security policies. Course objectives F1A4 F1A9 o (F1A30) Operating System: Course textbook defines functional requirements for operating system integrity. Course objectives F1A10 F1A15 o (F1A33) Physical Security: The NIST Handbook Special Publication NIST pdf Chapter 15 and the course textbook define physical security. Course objective F1A16 o (F1A45) Zone: TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course textbook define and describe zoning and zone of control policies. Course objective F1A17 (F1B) General Procedures o (F1B9) EMSEC/TEMPEST: TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course textbook define and identify EMSEC/TEMPEST security procedures and identify certified EMSEC/TEMPEST technical authority (CTTA). Course objectives F1B2 F1B3 o (F1B18) IPSEC: Course textbook discusses IPSEC authentication and confidentiality. Course objective F1B3 o (F1B25) Operating System: Course textbook defines and describes operating systems security procedures. Student will be required to complete lab activities that focus on hardening operating systems. Course objectives F1B4 F1B9 (F1D) General Awareness, Training and Education (AT&E) o (F1D10) EMSEC/TEMPEST: TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course
11 textbook describe EMSEC/TEMPEST security countermeasures and safeguards. Course objective F1D1 (F1F) Operations Policies/Procedures o (F1F9) Privacy: Course textbook outlines known means of keystroke monitoring. Course objectives F1F1 F1F2 (F4A3) EMSEC/TEMPEST: TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course textbook defines and describes EMSEC/TEMPEST security as it relates to the risk management process. Course objective F4A1 (F4A8) Operating Systems: The course textbook describes operating system integrity. Course objectives F4A2 F4A7 (F4A11) Zone: TEMPEST SECURITY: AIR FORCE INSTRUCTION , VOLUME 3, EMISSION SECURITY COUNTERMEASURES - AFI33-203V3 TEMPEST.pdf Chapter 8, The NIST Handbook Special Publication NIST pdf Chapter 15, TEMPEST in a teapot, The Complete, Unofficial TEMPEST Information Page and course textbook describe what zoning and zone of control ratings are based. Course objective F4A8 (F4B1) Access Control: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook addresses access control software management and procedures with the work force and staff, defines decentralized/distributed single sign on, discretionary and mandatory access controls and security domains. These sources also describe access control physical, logical, and administrative configurations, access rights and permissions, techniques and policies and identify access control attacks. Course objectives F4B1 F4B3 (F4B9) Operating Systems: The course textbook describes operating system security features. Course objectives F4B3 F4B8 (F4E4) Operating Systems: The course textbook describes operating system security features. Course objectives F4E1 F4E6 (F5A1) Access Control: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook addresses access control software management and procedures with the work force and staff, access management and procedures with the work force and staff, access account management procedures with work force and describe data access. Course objectives F5A1 and F5A2 (F5A2) Accounts: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook addresses account management with staff. Course objective F5A1 (F5A3) Authentication: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook address authentication procedures with work force and staff. Course objective F5A1 (F5A5) Biometrics: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook address biometric access management with staff. Course objective F5A1 (F5B2) Authentication: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook address authentication procedures with work force and staff. Course objective F5B1 (F5B3) Biometrics: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook address biometric access management with staff. Course objective F5B1 (F5C1) Access Control: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook define and describe discretionary and mandatory access controls. Course objectives F5C1 (F5C4) Biometrics: The NIST Handbook Special Publication Chapter 2, 5, 15, 16 and 17 and the course textbook describe biometrics. Course objective F5C2
12 Network Security CIS 250 General Course Objectives 1. Address authentication, biometrics, access, access control software, account management and procedures with the work force and staff and describe data access 2. Define access control and list the four access control models 3. Define and describe decentralized/distributed single sign on, discretionary and mandatory access controls and security domains 4. Define and describe different methods of network attacks 5. Define and describe network address translation and network access control including wide area network security policies 6. Define and describe zoning and zone of control policy 7. Define authentication 8. Define authentication servers 9. Define cryptography 10. Define decentralized/distributed single sign on, discretionary and mandatory access controls and security domains 11. Define different methods of network attacks 12. Define digital certificates 13. Define environmental controls 14. Define information security and explain why it is important 15. Define network address translation and network access control 16. Define organizational security policy 17. Define penetration testing 18. Define privilege audits 19. Define risk and risk management 20. Define SQL injection and explain how to protect against it 21. Define the vulnerabilities of open system authentication, WEP, and device authentication 22. Define virtualization and explain how attackers are targeting virtual systems 23. Define, describe and identify EMSEC/TEMPEST Security procedures, controls and policies, identify the Certified EMSEC/TEMPEST Technical Authority (CTTA) and describe EMSEC/TEMPEST security countermeasures and safeguards as it applies to the risk management process 24. Describe access control physical, logical, and administrative configurations, access rights and permissions, techniques and policies and identify access control attacks 25. Describe access, control and storage of COMSEC material including destruction procedures for COMSEC material, identify and inventory COMSEC material, key management protocols (bundling, electronic key, over-the-air rekeying), report COMSEC incidents 26. Describe and demonstrate the different cryptographic transport protocols including how it is applied to dial-up, dedicated, end-to-end access control, public vs private networks. Also, IPSEC, PPP, PPTP and L2TP protocols are addressed as it applies to the transport, tunnel, AH and ESP modes 27. Describe hashing 28. Describe how asymmetric cryptography works 29. Describe how education and training can limit the impact of social engineering 30. Describe how usage audits can protect security 31. Describe incident response procedures 32. Describe logical access control methods 33. Describe software security policy and procedures including assurance, configuration management (change controls, documentation, programming standards and controls), software security mechanisms to protect information (access privileges, application security features, audit trails and logging, concept of least privilege), identification and authentication, internal labeling, malicious logic protection, need-to-know controls, operating systems security features and segregation of duties). 34. Describe the basic IEEE wireless security protections and policies
13 35. Describe the challenges of securing information 36. Describe the components of Public Key Infrastructure (PKI) 37. Describe the components of redundancy planning 38. Describe the components of risk management 39. Describe the different cryptographic transport protocols 40. Describe the different extended authentication protocols 41. Describe the different monitoring tools 42. Describe the different types of authentication credentials 43. Describe the different types of software-based attacks 44. Describe the different types of software-based attacks including Keyloggers 45. Describe the five steps in a defense 46. Describe the WPA and WPA2 personal security models 47. Describe various software security applications 48. Describe what zoning and zone of control ratings are based 49. Discuss personnel security practices and procedures 50. Discuss TEMPEST Security with regards to attenuation, banding, cabling, filtered power, grounding, shielding, TEMPEST separation, zone of control/zoning 51. Discuss various technological policy and educational solutions relating to personnel/user issues, awareness, training and education, and computer support and operations. 52. Explain and discuss examples of administrative security procedural controls including password policies, copyright protection, destruction procedures, computer misuse, repudiation, security plan preparation, sanitization and transportation of media 53. Explain how a virtual private network functions 54. Explain how enterprises can implement wireless security 55. Explain how to enhance security through network design 56. Explain how to enhance security through network design including policy development 57. Explain how to harden operating systems 58. Explain how to harden operating systems and discuss examples of procedures needed to assure operating systems security 59. Explain how to protect systems from communications-based attacks 60. Explain how whole disk encryption works 61. Explain the different types of information security careers and how the Security+ certification can enhance a security career 62. Explain the different types of physical access control 63. Explain the types of network vulnerabilities 64. Identify the types of attackers that are common today 65. List and describe the different types of network security devices and explain how they can be used 66. List and describe vulnerability scanning tools 67. List and explain the authentication models 68. List categories of network attacks 69. List disaster recovery procedures 70. List the basic steps of an attack 71. List the basic symmetric cryptographic algorithms 72. List the different types of network security devices and explain how they can be used 73. List the methodologies used for monitoring to detect security-related anomalies 74. List the tasks associated with key management 75. List the types of security policies 76. List the various types of digital certificates and how they are used 77. List types of file and file system cryptography 78. List types of hardware attacks 79. List types of hardware attacks including Keyloggers 80. List ways to prevent attacks through a Web browser 81. Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practices and procedures 82. Students will complete lab activities that focus on hardening operating systems.
14 83. Students will configure mechanisms to protect information such as setting access privileges, create audit trails, configuring authentication settings, create and implement a password policy and set up auditing on network server. Students will participate in lab exercises using Wireshark to capture and examine network traffic 84. Students will examine samples, when applicable, and discuss security reviews, the effectiveness of security programs, investigations of security breaches, monitoring systems for accuracy and abnormalities, privacy, review of accountability controls, review of audit trails and logs, review of software design standards, verification, validation, testing, and evaluation processes 85. Students will participate in lab exercises using Wireshark to capture and examine network traffic
CNA 432/532 OSI Layers Security
CNA 432/532 OSI Layers Location: ECC 116 Days: Thursday Semester: Fall 2012 Times: 5:00-7:50 pm Professor: Dr. Amos Olagunju E-mail: aoolagunju@stcloudstate.edu Office Hrs: 3-4 MW, Office: ECC256 Other
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationEleventh Hour Security+
Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.
More informationCIS 521/421 Introduction to Information Assurance. Management of Information Security by Whitman and Mattord 2 nd Lecture notes posted on Blackboard
CIS 521/421 Introduction to Information Assurance Text Management of Information Security by Whitman and Mattord 2 nd Lecture notes posted on Blackboard Edition Course Objective and Overview: This course
More informationHARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline
HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline CIS 210 COURSE NUMBER: CIS 210 COURSE NAME: MEETING PLACE: Random On-Line DIVISION: Business, Computing & Applied Technology
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationSecurity + Certification (ITSY 1076) Syllabus
Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and
More informationCourse Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)
Page 1 of 5 Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description:
More informationWeighted Total Mark. Weighted Exam Mark
CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU
More informationCIS 175 NETWORK TECHNICIAN JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS
CIS 175 NETWORK TECHNICIAN JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS Course Description A course designed to enable students to understand and work with network media and topologies, protocols and
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationCSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; 278-4238/6834)
CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; 278-4238/6834) C Sc 250 Computer Security and Privacy, Spring 2012 (TR 4-5:15p; RVR 2010) INSTRUCTOR: Martin Nicholes
More informationMonfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed.
Monfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed. Cap: 40 CATALOG DESCRIPTION: Prerequisite: BACS 380 or consent of
More informationCIS 253. Network Security
CIS 253 Network Security Approved: May 6, 2011 EFFECTIVE DATE: Fall 2011 COURSE PACKAGE FORM Team Leader and Members Andra Goldberg, Matt Butcher, Steve Sorden, Dave White Date of proposal to Curriculum
More informationTable of Contents. Introduction. Audience. At Course Completion
Table of Contents Introduction Audience At Course Completion Prerequisites Certified Professional Exams Student Materials Course Outline Introduction This four-day, instructor-led course provides students
More informationEC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led
EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.
More informationDepartment of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus
Department of Computer & Information Sciences INFO-450: Information Systems Security Syllabus Course Description This course provides a deep and comprehensive study of the security principles and practices
More informationCH ENSA EC-Council Network Security Administrator Detailed Course Outline
CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationSecurity+ P a g e 1 of 5. 5-Day Instructor Led Course
P a g e 1 of 5 Security+ 5-Day Instructor Led Course Overview This course is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic
More informationDepartment of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus
Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationCompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill
CompTIA Security+ Certification Study Guide (Exam SYO-301) Glen E. Clarke McGraw-Hill is an independent entity from CompTIA,This publication and CD may be used in assisting students to prepare for the
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationIT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationRYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education
RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education COURSE OF STUDY 2015-2016 (C)ITM 820 - Information Systems Security and Privacy
More informationCHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu
CHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu COURSE TITLE: COURSE NUMBER: Advanced Network Security CTS 2127 COURSE DESCRIPTION (with prerequisites): This course is a study of advanced
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationControls for the Credit Card Environment Edit Date: May 17, 2007
Controls for the Credit Card Environment Edit Date: May 17, 2007 Status: Approved in concept by Executive Staff 5/15/07 This document contains policies, standards, and procedures for securing all credit
More informationSample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat
Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat Centers for Disease and Prevention National Center for Chronic Disease Prevention and Health
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationCSC 483 Advanced Computer and Network Security (Online)
CSC 483 Advanced Computer and Network Security (Online) Online Comments This is an online course. The following information is very important. CSC 4012 is the first course in the CNSS 4012 certification
More informationInformation Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1
APPENDIX A Appendix A Learning Continuum A-1 Appendix A Learning Continuum A-2 APPENDIX A LEARNING CONTINUUM E D U C A T I O N Information Technology Security Specialists and Professionals Education and
More informationBUY ONLINE FROM: http://www.itgovernance.co.uk/products/497
CISSP EXAM CRAM 2 1. The CISSP Certification Exam. Assessing Exam Readiness. Taking the Exam. Multiple-Choice Question Format. Exam Strategy. Question-Handling Strategies. Mastering the Inner Game. 2.
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room
More informationCTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationNEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus
NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus CSCI - 440 Network Security and Perimeter Protection 3-0-3 CATALOG DESCRIPTION This
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationMS-55096: Securing Data on Microsoft SQL Server 2012
MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary
More informationGovt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester
Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering Sixth Semester Subject: Network Security & Management Contact Hrs / week: 4 Total hrs: 64 Table of Contents
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationMCSE. 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080. Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724
COURSE SYLLABUS MCSE Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationHow To Pass A Credit Course At Florida State College At Jacksonville
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationCSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun
CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationGREAT PLAINS TECHNOLOGY CENTER COURSE OF STUDY. Adult Students: 1050 Hours
GREAT PLAINS TECHNOLOGY CENTER COURSE OF STUDY Career Cluster: Career Pathway: Career Major: Career Major Hours: Information Technology (IT) Network Systems (IT001) Cyber Security Forensics Specialist
More informationCNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan
CNT5412/CNT4406 Network Security Course Introduction Zhenhai Duan 1 Instructor Professor Zhenhai Duan (duan@cs.fsu.edu) Office: 162 LOV Office hours: 1:00PM to 2:00PM, T/Th Or by appointment Email: duan@cs.fsu.edu
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationSecuring Data on Microsoft SQL Server 2012
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
More informationComputer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings
Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,
More informationSecurity and Privacy Controls for Federal Information Systems and Organizations
NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE This document contains excerpts from NIST Special Publication
More informationCIS 292 Computer and Network Security Proposed Start: Summer 2015. Instructor's Name: Office Location: Office Hours: Office Phone: E-mail:
CIS 292 Computer and Network Security Proposed Start: Summer 2015 Instructor's Name: Office Location: Office Hours: Office Phone: E-mail: Course Description: This course assists students in developing
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationCredit Card Security
Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary
More information---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---
---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationFundamentals of Network Security - Theory and Practice-
Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring
More informationCSCI 454/554 Computer and Network Security. Final Exam Review
CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes
More informationSyllabus. No: CIS 200. Title: Fundamentals of Network Security. Credits: 4. Coordinator: Dr. B. Dike-Anyiam, Computer Science & Networking Lecturer
Syllabus No: CIS 200 Title: Fundamentals of Network Security Credits: 4 Coordinator: Dr. B. Dike-Anyiam, Computer Science & Networking Lecturer Instructor: Dr. B. Dike-Anyiam, Computer Science & Networking
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationINFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.
INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationSoran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification
1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer
More informationform approved June/2006 revised 11-02-06 Page 1 of 7
Administrative-Master Syllabus form approved June/2006 revised 11-02-06 Page 1 of 7 Administrative - Master Syllabus I. Topical Outline Each offering of this course must include the following topics (be
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationInformation Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200
Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200 Course Description: Advanced Cybersecurity is designed to provide students the advanced concepts and terminology of
More informationCHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu
CHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu COURSE TITLE: COURSE NUMBER: Introduction to Server and Network Security CIS 1352 COURSE DESCRIPTION (with prerequisites): This course
More information