CYSC300 - Information Assurance

Description:
In a highly connected, data intensive, and cost-focused business environment, the practice of information security is not a business advantage; it is a customer requirement. Malware and exploits including ransomware, viruses, trojans, denial of service attacks, phishing, and even Wiki leaks have become headline news. Failure to insure the confidentiality, integrity, and availability of data costs companies millions, if not billions of dollars in legal settlements, lost business, and trade secrets. In this course, you will get an overview of information security principles and practices, including security models, risk management, access controls, intrusion detection and prevention (IDS/IPS), cryptography, software vulnerabilities, and ethical issues. Subsequent courses expand on this foundational material in much greater depth. Note, this course has proctored exam(s).

Outcomes:

• Describe how availability, integrity, and confidentiality requirements affect a typical IT infrastructure
• Identify common sources of security breaches and their associated countermeasures
• Identify, manage, and mitigate risk as part of a security plan
• Describe, develop, and maintain appropriate access controls
• Create, maintain, and promote suitable security policies
• Apply auditing and monitoring techniques to assess security compliance
• Employ a business continuity plan to reduce risk
• Describe the key components of cryptographic systems
• Explore network security risks and layered defense mechanisms
• Identify key U.S. security standards and compliance laws

Required Text(s):

Whitman, M. E., & Mattord, H. J. (2022). Principles of information security (7th ed.). Boston, MA: Course Technology/Cengage Learning. ISBN: 9780357506448.