Program Proposal for Master of Information Technology Security Submission to Post-secondary Education Quality Assessment Board February 3, 2004 Master of Information Technology Security 1
1 ORGANIZATION AND PROGRAM INFORMATION 1.1 Submission Title Page Full Legal Name of Organization: Operating Name of Organization: Common acronym of Organization: URL for Organization Homepage: University of Ontario Institute of Technology University of Ontario Institute of Technology UOIT www.uoit.ca Degree Level and Type to be awarded for program or part of program: Master of Information Technology Security (MITS) Proposed Degree Title: Information Technology Security Proposed Degree Nomenclature: M.I.T.S. Date of Submission: February 2, 2004 Location where program to be delivered: University of Ontario Institute of Technology 2000 Simcoe St. N. Oshawa, ON L1H 7K4 Contact Information: Person responsible for this submission: Dr. Bernadette Schell Dean, School of Business and Information Technology University of Ontario Institute of Technology 2000 Simcoe Street North Oshawa, Ontario, L1H 7K4 Tel: 905-721-3158 Fax: 905-721-3140 E-mail: bernadette.schell@uoit.ca Master of Information Technology Security 2
1.2 Table of Contents Section of Submission Page # 1. Title Page 1.1 Title Page 2 1.2 Table of Contents 3 4. Program Degree-Level Standard 4.1 Program Degree-Level Standard Summary 4 6. Program Content Standard 6.3 Program Comparison Statement 11 6.3.1 6.3.5 Tables: Program Comparison 11 6.6.1 Table: Course Descriptions and Learning Outcomes 14 8. Capacity to Deliver Standard 8.7 Table: Enrolment Projections and Staffing Implications 23 8.8.5 Resource Renewal and Upgrading Plans 24 9. Credential Recognition Standard 9.1 Program Design and Credential Recognition 26 9.2 Consultation 26 Master of Information Technology Security 3
4 PROGRAM DEGREE-LEVEL STANDARD 4.1.1 Degree-Level Summary UOIT is committed to providing high quality, challenging, research-oriented graduate programs of study which clearly meet and/or exceed the standards required of masters degrees. The MITS program is a graduate professional program as defined in the Handbook for Public Organizations, 7.1.4. and its design is guided by benchmarks described in the Postsecondary Education Quality Assessment Board Handbook for Applicants. This unique MITS program is the first of its kind in Canada and one of a handful of such specialized IT Security graduate degree programs in North America and globally. (These include James Madison University, Mary Washington College, and Idaho State University in the United States and the University of The Hague in the Netherlands), Eminently qualified faculty and well-respected educators have reviewed the draft of the MITS program. UOIT's School of Business and Information Technology currently has at least five highly qualified faculty who will deliver the curriculum in interesting and challenging ways and ensure that students are exposed to knowledge at the forefront of the discipline. The MITS program expects students to advance their knowledge and understanding of complex issues in the field of information technology security and to approach problems in systematic and innovative ways. Relevant Knowledge and Understanding The MITS program is designed to enable students to acquire a high level of knowledge and to develop skills to tackle problems in the rapidly evolving information technology security field. The program draft has been reviewed by academics and Master of Information Technology Security 4
industry professionals. Each course has been designed to help students develop an understanding of current theory, research, and practice in information technology security. The proposed MITS program not only emphasizes excellence in graduate level business and information technology security knowledge but soundness in transferable skills (i.e., interpersonal relations, leadership and team building, communication, critical analysis and decision making) and in business and IT ethics. Graduates of the MITS program will engage in a general research-based curriculum and gain a solid foundation of technical knowledge related to the key areas of information technology security. They will have an in-depth understanding of the technological, managerial, social, political, economic, and global issues that affect computer security technology and management. Skill Development The MITS program prepares graduates to take the CISSP exam offered by the International Information Systems Security Certification Consortium, Inc. (ISC) 2 is a notfor-profit consortium and certification organization. It is charged with the responsibility for maintaining various Common Bodies of Knowledge (CBK) for Information Security Professionals, including those for CISSPs (Certificate of Information Systems Security Professionals), certifying the minimum acceptable competence for professionals seeking to hold various credentials (also including CISSP and SSCP). The CISSP Certification designations are recognized and honored by the technology industry worldwide. They continue to grow in recognition and stature as a mark of excellence in the industry. Moreover, (ISC) 2 certifications are required for employment in an ever-increasing number of private and public sector organizations. CISSP and other (ISC) 2 certifications identify individuals as having demonstrated competence and industry knowledge directly related to job performance by virtue of meeting the examination prerequisites and Master of Information Technology Security 5
passing the required examination(s). Clearly, as more and more employers seek and even require one or more of the (ISC) 2 certifications, these certifications significantly benefit individuals seeking advancement, improved marketability or access to peer networking. Therefore, the MITS curriculum consists of learning outcomes based on the identified (ISC) 2 common bodies of knowledge. These outcomes include: a. To understand the research process in the discipline of information technology security. b. Demonstrates mastery of the basics of information security by producing a practical, original research paper or case study. c. Demonstrates mastery of risk assessment, IT infrastructure, and related security policies. d. Master the content of these 10 Domains in the CISSP exam: d.1 Access Control Systems and Methodology d.2 Applications and Systems Development d.3 Business Continuity Planning d.4 Cryptography d.5 Law, Investigation and Ethics d.6 Operations Security d.7 Physical security d.8 Security Architecture and Models d.9 Security Management Practices d.10 Telecommunications, Network and Internet Security e. Master the content of these Domains in the SANS Security Essentials Course: e.1 Risk Assessment and Auditing e.2 Host and Network Based Intrusion Detection e.3 Honeypots, Firewalls and Perimeter Protection e.4 Security Policy e.5 Password Management e.6 Security Incident Handling e.7 Information Warfare and Hacking e.8 Web Security e.9 Network Fundamentals and IP Concepts and Behaviour e.10 Primary Threats for Perimeter Protection e.11 PGP, Steganography e.12 Anti-viral tools e.13 Windows (2000, XP, NT, 98) Security Administration and Auditing e.14 IIS Security e.15 Unix Security Fundaments f. Understand different types of security related issues and applications in various businesses and disciplines. Master of Information Technology Security 6
To achieve the objectives of the program and to enhance students learning experiences, it is important for the program to provide students with the necessary hands-on skills and knowledge and opportunities to apply these in original ways. The School of Business and Information Technology will have a Hacker Research Lab, a dedicated space which literally mimics a network setting. Faculty members will incorporate various IT security lab assignments into the MITS courses. For example, groups of students will be assigned to work as either defense or attack teams. The defense team s role will be to secure its system with available hardware and software tools, while the attack team s role will be to attempt to breach the security system as designed by the defense team. This simulated network environment will train our graduate students to better understand IT security from two different perspectives; namely, from that of a technology security officer and from that of a criminally-motivated hacker. Application Students will acquire a systematic knowledge of inquiry and research methods, including qualitative and quantitative approaches. They will use technology models and infrastructure to examine and evaluate risks involved in technological applications, and they will be expected to use sound decision-making strategies to solve problems. Students will be called upon to use IT tools and techniques with greater frequency and efficiency as they complete multifaceted assignments and group projects, analyze progressively complex cases and problems and participate in field-based projects. The IT Security Capstone Research Projects I & II offer students the opportunity to apply core course concepts and techniques to a substantial project in the workplace. The MITS students will understand and be able to apply the best of current practice, but they will also be able to act as managers of transformation to improve that practice as Master of Information Technology Security 7
the field evolves. They will be required to work with a faculty member in conducting a research project in areas of IT security. They will be expected to identify a realistic problem or set of problems, and, over two semesters (approximately 7-8 months), to engage in a comprehensive analysis of the problem area(s) to arrive at appropriate solution(s) based on empirical research processes. They will be required to present their findings to a panel of faculty assessors. Their understanding of relevant theory related to IT security technology, their ability to use appropriate qualitative and quantitative methods of analysis and to create and evaluate a range of options, and their research and project management skills will all be challenged during the design and implementation of the project and at the final presentation. Cognitive Skills Problem solving, critical analysis, and synthesis are cognitive skills essential to success in any discipline. MITS students are expected to utilize these skills throughout the program and they will be provided with ample opportunities to refine these skills through such delivery models as problem based learning activities, collaborative and independent work, simulation lab exercises, attack and defense role play in the Hacker Research Lab, written critiques of theory and research, structured debates and discussions in classes, and oral presentations that require justification of decisions. Students will be actively engaged in these intellectual processes as they work with IT security challenges encountered by individuals in the profession. Such realistic and practical assignments will develop and strengthen students abilities to critically analyze the information they see, hear and read, to identify assumptions and implicit values, to gather appropriate data to inform and guide decision-making, to propose new hypotheses, to create and assess a range of solutions, to predict risks and to evaluate outcomes. Students will be required to work in teams in appropriate courses; they will Master of Information Technology Security 8
be exposed to a variety of perspectives and called upon to listen, assess and incorporate the ideas of others into the problem solving process. Collaborative activities will enable them to pose questions, devise and sustain arguments, and, most importantly, to be active participants in the learning process. While engaged in such interactive processes, they will learn from and contribute to the learning of others. Lifelong Learning Realistic case studies and lab exercises, presentations by representatives from the IT industry, and the capstone research projects will expose MITS students to the complexities and challenges of a dynamic and ever-changing IT security field. MITS graduates will work in highly complex and unpredictable environments, across different types of corporations and institutions, with a wide variety of colleagues and clients. Change and ambiguity are normal features of a technological environment and students will develop positive attitudes and pro-active strategies to manage them. Students will come to recognize that a strong base of technology knowledge and management skills, an ability to locate and utilize resources effectively, and a willingness to take informed risks will serve them well in demanding situations and changing environments. Students will learn how to engage in advanced research by using print and electronic publications, including scholarly journals, books, and prominent security research websites for the most up-to-date information on IT security. They will recognize the need for independent and ongoing learning to maintain currency in a rapidly changing field and to further develop their professional skills. MITS graduates will have the advanced knowledge base and skill set to undertake further education to support and advance their careers. Master of Information Technology Security 9
Transferable Skills All courses in the MITS curriculum have been designed to emphasize the development of qualities and transferable skills which contribute to the students' success as independent learners and as team players. Throughout the entire program, MITS students will be involved in a variety of tasks that involve the demonstration of effective communication skills using oral, written, graphic and electronic formats. They will be expected to share information in ways which are suitable for both lay and specialist audiences. Students will participate in small and large group activities and hone their skills as both team members and leaders. The coursework in the program will require hours of research along with activities involving practical applications. The demanding workload will require students to organize their time and manage their projects efficiently in order to meet clearly defined standards of performance and expected deadlines. UOIT is confident that the proposed MITS program is sufficiently comprehensive and rigorous to meet the standards of a graduate degree program and to provide students with the necessary knowledge base, technical, cognitive, and interpersonal skills and positive attitudes that will enable them to experience personal, academic, and professional success during their graduate studies at UOIT and beyond. 4.1.2 Samples of Student Work Since this program is not yet offered by the University, this section is not applicable to this submission. Master of Information Technology Security 10
6 PROGRAM CONTENT STANDARD 6.3 Program Comparisons The Applicant has on file and available upon request the research undertaken to complete Appendix 6.3.2 6.3.n. The Applicant found that there are not more than five similar or related existing programs offered at Ontario universities and that there are more than three similar or related existing programs offered at universities in other jurisdictions (outside Canada) which could have been included in Appendix 6.3.2 6.3.n. This unique MITS program, the first of its kind in Canada and one of a handful of such specialized IT Security graduate degree programs in North America and globally, prepares students to work in the high-tech professions as well as in business corporations, particularly in the IT security areas. Moreover, UOIT's partnership with the SANS (SysAdmin, Audit, Network, Security) Institute in the United States, the trusted leader in information security research, education, and certification, will allow MITS graduates to write tests for GIAC (Global Information Assurance Certification). No other graduate degree programs in Canada offer such a tangible career outcome. 6.3.2 Program Comparison Tables Institution: Carleton University Program Name & Credential: Bachelor of Computer Science - Information Systems Security Stream Program Description: Information Systems Security is concerned with security issues related to all aspects of networked information systems. Security has become an important parameter in the technological well being of our society, and affects all sectors in business, government and academia due to our dependence on information technology. This stream is for students interested in acquiring a solid background in computer science and software engineering, as well as depth in both the foundations and the practice of information systems security, including computer and network security, cryptography, and software security. It provides new career opportunities for security analysts and software engineers with an understanding of security issues in networked information systems. The broad spectrum of subject areas covered ranges from cryptographic applications to secure operating systems to security threats impacting network availability, and includes information storage, transmission and delivery. (http://www.scs.carleton.ca/~paulv/iss_stream.html) Similarities and Differences: Although there is no graduate degree level program in information technology security offered at Carleton University, this stream is offered at the undergraduate level. UOIT's proposed program provides opportunities for graduates of Carleton's program with appropriate qualifications to pursue a graduate level degree. Master of Information Technology Security 11
Institution: University of Ottawa Program Name & Credential: B.Sc. and M.Sc. in Computer Science Program Description: The University of Ottawa offers Masters level courses in the areas of Software Engineering, Theory of Computing, Computer Applications and Computer Systems. Similarities and Differences: There are a few courses related to Information Technology Security within these offerings but there is not a distinct undergraduate or master's level degree in the security area. Institution: James Madison University, Virginia Program Name & Credential: M.Sc. in Computer Science (with a concentration in Information Security) Program Description: People involved in information security must be able to understand and systematically employ and manage InfoSec concepts, principles, methods, techniques, practices and procedures drawn from U.S. statutes, current or pending. InfoSec experts also must understand procedures followed by the Department of Defense, federal, state and local governments, industry and businesses. The nature of information security education demands expertise concentrated in areas of information technologies, administrative operations, and law and regulation. The JMU Master of Science in Computer Science with a concentration in Information Security program will deliver this to the graduate student. The program is entirely Internet-based, with courses designed so that students and professors can maximize the use of their time asynchronously. Course objectives center on the the technical aspects of information security including: network and web security, intrusion detection, trusted systems, audit trails, secure operations, cryptography, legal issues, policies and procedures, as well as the management and implementation of computer science technology as it focuses on information security. Managing information security programs consists of preserving information confidentiality and protection, risk management, data and system integrity, availability, authenticity and utility. http://www.infosec.jmu.edu/program/html/program.htm Similarities and Differences: The components of UOIT's proposed program are similar to the JMU model described above. Unlike JMU, UOIT's program is not Internet-based. Master of Information Technology Security 12
Institution: Mary Washington College, Virginia Program Name & Credential: Graduate Certificate in Information Security Program Description: James Monroe Center for Graduate and Professional Studies (JMC) at Mary Washington College in Virginia offers an entirely online 18-credit graduate certificate in Information Security. To offer the most up-to-date material, JMC partnered with a national leader in information security research and education, the SANS (SysAdmin, Audit, Network, Security) Institute. A SANS certification exam is included with each course. Students learn how to improve information security in order to prevent and minimize attacks on computer systems using commercially available tools. To gain admission to JMC's information security program, a student must have a bachelor's degree from a regionally accredited college or university, as well as a strong background in computer networks or operating systems. The typical participant is currently employed as a systems or network administrator or in a similar position. http://www.jmc.mwc.edu/ Similarities and Differences: UOIT's proposed program targets a similar applicant market and the curriculum has been developed to prepare the program graduates for SANS certification. The UOIT program is not offered in the online format. Master of Information Technology Security 13
6.6.2 Course Descriptions and Learning Outcomes Program Map - Master of Information Technology Security YEAR ONE SEMESTER ONE (9 credit hours) MITS 5100G Law & Ethics of IT Security MITS 5200G Advanced Communications Networks MITS 5300G Operating Systems Security SEMESTER TWO (9 credit hours) MITS 5400G Secure Software Systems MITS 5500G Cryptography and Secure Communications MITS 5600G Elective* YEAR TWO SEMESTER ONE (9 credit hours) MITS 6100G Attack and Defence MITS 6200G ecommerce Infrastructure Security MITS 6300G IT Security Capstone Research Project I SEMESTER TWO (9 credit hours) MITS 6400G Biometrics/Access Control and Smart Card Technology MITS 6500G Incident Handling, Recovery, Policies, & Risk Management MITS 6600G IT Security Capstone Research Project II *ELECTIVES MITS 5610G MITS 5620G Special Topics in IT Security Example: Multimedia Technology Special Topics in IT Management Examples: Economics of Information Technology Contemporary Management for IT Security Professionals Risk Management for Information Systems Nuclear Safety Management Note: All courses are 3 credit hours unless otherwise noted. Master of Information Technology Security 14
Classroom Requirements Naturally, classes for students will be scheduled in rooms which are an appropriate size to accommodate the learning activity. Smaller lecture rooms and break-out rooms for tutorials and small group activities will be available as needed. Classes and tutorials in all subjects require the use of computers and so all classrooms, seminar rooms and labs used by students will have wireless connectivity or will be wired for computer use and internet access. Additional physical requirements will include: data projectors in all classrooms, blinds on windows to reduce sun glare, comfortable and ergonomically sound chairs and tables for computing, white board with markers/eraser, and bulletin board display space in classrooms. Construction for the 50,000-square-foot School of Business and Information Technology building is expected to complete by September 2004. Details about this new facility are provided in Section 8.8.5. Laboratory Facilities In order to enhance students learning experience and provide them with the necessary security hands-on skills and knowledge, the School will launch a Hacker Research Lab. This lab will mimic a network setting with equipment such as servers, clients, firewalls, routers, etc. Two groups of students will be assigned to work as defense and attack teams. The defense team is to secure their system with available hardware and software tools while the attack team will attempt to breach the security system as designed by the defense team. This simulated environment will train our students to better understand the information technology security from two different perspectives, namely, a technology security officer and a hacker. This lab is described in detail in Section 8.8.5. Equipment Requirements The University of Ontario Institute of Technology is committed to advancing the highest quality of learning, teaching, research and professional practice. This means using educational technologies to enhance the learning experience, inspire innovative teaching and foster student success. This is learning and teaching for the 21st century. A laptop in every hand At the heart of our program is a personal laptop for each student. The connectivity that the laptop provides gives every student an equal opportunity to communicate with faculty, access course materials, make quality presentations, conduct research and pursue personal knowledge. The laptop facilitates broad access to information and gives professors the opportunity to employ advanced learning technologies. Master of Information Technology Security 15
Each student receives a current model of the IBM ThinkPad complete with hardware and software. Personal assistance, computer support, service and training are included. The laptop is upgraded every two years to ensure students and faculty have the most current capacity and technology. Students' laptops will be equipped with software tools which are relevant to the course and program. Access anytime The latest wireless technology is available in common public areas such as seminar rooms, learning commons, cafeterias and other special areas. Every laptop includes a wireless network card to ensure connectivity at the user's convenience as well as connection to wired laptop classrooms. A comprehensive data network-part of the campus and residence infrastructureprovides access to other students, faculty, program materials and the internet. Access to education resources from residence and off campus is available. Support and Service From the moment that students pick up a personal laptop at the university's Mobile Computing Centre, the University will ensure that they have access to on-going support and service. The Centre provides personal assistance in configuring, installing and testing software as well as regularly scheduled training seminars and hardware servicing. Drop-in or call-in Helpdesk services are available at the Centre. Master of Information Technology Security 16
6.6.1 Course Descriptions and Learning Outcomes Year 1, Semester 1 LAW AND ETHICS OF IT SECURITY This course covers the many ways in which commercial law applies to information technology security. As more and more business transactions and communications are now conducted electronically, the IT function within an institution has become the custodian of the official business records. This course introduces the laws governing the daily business of an institution or government agency, as those laws apply to the protection of information and computer systems. Emerging issues, such as privacy and information disclosures, will be discussed in the course. Learning Outcomes: 1. To assess technological issues in respect to legal and ethical issues. 2. To analyze the legal and ethical implications when implementing and deploying technology. 3. To demonstrate the basic understanding of legal and privacy issues related to technology by citing landmark cases. 4. To state legal resources used in technology applications. ADVANCED COMMUNICATION NETWORKS Networks are the essential components to information transmission, without which there are no communications. This course presents an overview of telecommunications networks and the fundamental concepts of the field, as well as advanced topics and detailed network architectures. This course blends an accessible technical presentation of important networking concepts with many business applications. Addressing networks from a top-down approach, this course shows students the big picture of networks in general so that they may see how the various parts of the network fit in to the picture. The course gives detailed descriptions of the principles associated with each layer and highlights many examples drawn from the Internet and wireless networks. The TCP/IP protocol stack will be discussed in detail with a variety of examples on its various layers. This course also describes all aspects of various wireless systems, from cordless phones, pagers, PDAs to mobile phones and wireless computers. The wide deployment of cellular phones for M-commerce applications and wireless LANs in corporate environments have resulted in interesting security challenges. Learning Outcomes: 1. To identify, describe, and evaluate a variety of electronic communications environments. 2. To apply the best communication environments and tools to solve problems. 3. Estimate the need for a communications networks and to evaluate methods for the selection of the best solutions. Master of Information Technology Security 17
4. To demonstrate the ability to design and implement security features for communications networks and related computer hardware and software. 5. To understand the various networking protocols and their applications and implications of security issues. OPERATING SYSTEMS SECURITY Study of operating system security with particular focus on the Windows and Unix/Linux operating system. Provide an overview of the security risk and management of the specified operating systems, and the preventive efforts to use the security features builtin within the systems and third-party applications. Understand and familiarize with various essentials reference sources available on the subjects on computer security, including organizations such as CERT. Learning Outcomes: 1. To understand the core security environment in an operating systems. 2. To demonstrate strengthening security features in an operating systems, including Unix and Windows. 3. To gain work experience in securing operating system via updates and patches. Year 1, Semester 2 SECURE SOFTWARE SYSTEMS Computer security is a bigger problem today than ever before even though most organizations have firewalls, antivirus software, and intrusion detection in place to keep attackers out. The simple cause for the problem at the heart of all computer security problems is bad software. This course takes a proactive approach to computer security and covers areas from the technical side of coding secure software to more managerial and project management tasks. Common coding problems like buffer overflows, random number generation and password authentication are addressed. A secondary focus is set on the a software design process; it needs to be set up so that security is built in at the very early stages and considered throughout the design process and not patched in a later point of time. Risk management in the development cycle as well as software and system audits will be discussed within the course. Learning Outcomes: 1. To understand the issues in developing secure software systems and how it differs from traditional software design. 2. To apply the knowledge by developing practical software secure systems. 3. To test software systems for their security measures. 4. To be aware of the current and future trends in secure software systems. 5. To describe the role and limitations of formal management and quality assurance practices in ensuring software quality. 6. To understand the security feature development in software engineering. 7. To understand how to manage risk in software planning. Master of Information Technology Security 18
CRYPTOGRAPHY AND SECURE COMMUNICATIONS Secrecy is certainly important to the security or integrity of information transmission. Indeed, the need for secure communications is more profound than ever, recognizing that the conduct of much of our commerce and business is being carried out today through the medium of computers and digital networks. This course is on cryptography, the umbrella term used to describe the science of secret communications. In this course, students with strong mathematical background learn the details about the transformation of a message into coded form by encryption and the recovery of the original message by decryption. This course describes cryptography through which secrecy, authentication, integrity, and non-repudiation can all be provided. Learning Outcomes: 1. To know how to break a number of historical ciphers. 2. To understand the different roles of information and complexity theory in cryptography. 3. To be aware of the number theory used in the RSA system. 4. To discuss and evaluate the security of new ciphers either in later courses or when in jobs. 5. To implement the DES and RSA algorithms in a high level language. 6. To state the modern methods of cryptography. ELECTIVES Students will select one of the following: Special Topics in IT Security OR Special Topics in IT Management Year 2, Semester 1 ATTACK AND DEFENCE The course covers attackers tactics and strategies and presents ways in finding vulnerabilities and discovering intrusions. It also discusses the latest cutting-edge insidious attack vectors, the oldie-but-goodie attacks that are still so prevalent, and everything in between. This course also presents the understanding tools needed to defend against attackers maintaining access and covering their tracks. This course examines and reviews various types of hacking tools and ways to harden the system or application against the attack. The course also discusses defenses and attacks for Windows, Unix, switches, routers and other systems. Master of Information Technology Security 19
Learning Outcomes: 1. To demonstrate the skills to identify potential targets for a computer attack and to locate tools needed to test the systems effectively for vulnerabilities. 2. To understand various tools exploit holes and to state ways to protect systems from each type of attacks. 3. To understand how attackers manipulate systems to discover hints associated with system compromise. ECOMMERCE INFRASTRUCTURE SECURITY This course introduces the main components of an ecommerce setup and covers the security related problems with these components. This course will visit some topics that are addressed in context of Advanced Networking or Operating System Security. It will provide an ecommerce context to these more technical issues. Major components that will be discussed are VPNs in business contexts, Mail Systems, Web Servers, and in particular Middleware Suites like Microsoft s.net framework and Sun s J2EE architecture and it s implementation in industrial strength products like JBOSS and IBM s WebSphere. Strategy and policy topics on how to find the right balance between security and usability will be addressed as well as the management of maintaining a secure infrastructure. Learning Outcomes: 1. To understand issues raised by securing e-commerce and other related applications. 2. To state how institutions and corporations should protect sensitive and confidential information. 3. To demonstrate how to work with Web Services applications, such as.net or J2EE technology by developing applications for the environments. 4. To understand the ways to secure an ecommerce environment. IT SECURITY CAPSTONE RESEARCH PROJECT I This course provides students with an opportunity to gather knowledge and skills learned from the program coursework and to conduct a research project with industrial applications. Students are expected to do a research literature review and to develop a set of hypotheses for a research project in IT security. A research proposal outlining alternative remedies to the problem and hypotheses should be submitted to the research faculty advisor by the end of the course semester. Learning Outcomes: 1. To apply and synthesize the knowledge and skills gained in the individual courses in the program of study to a project in information technology security. 2. To define a project, formulate its requirements and processes for carrying it out to a satisfactory conclusion 3. To research existing work and other relevant information for the project. 4. To perform project planning, preparation, budgeting, documentation and presentation of the conduct and results of the project 5. To demonstrate the required level of technical knowledge to solve problems presented by the chosen project. Master of Information Technology Security 20