TECH REVIEW COMMITTEE MINUTES April 12, 2017

Transcription

1 MINUTES April 12, 2017 Commenced: 2:03 pm In Attendance Committee Member: Boots, Farr, Pruitt, Norvell, Rivera, Sanz, Testado Adjourned: 3:00 pm COURSES: PROPOSAL AGRI 130 Agriculture Direct Marketing Internship ENGL 249 Introduction to Creative Writing I ENGN 110 Science for Technical Applications INWT 205 CompTIA Advanced Security Practitioner (CASP) REQUESTED ACTION: Course Deactivation (Not at any College) Course Revision (City, Mesa, Miramar) Course Deactivation (Not at any College) ORIGINATOR/ REPRESENTATIVE Erin McConnell Jennifer Boots Fred Julian NOTES Purpose: Course has not been offered. Follow-up: Revisions to the following award is needed as a result of this course deactivation: Urban Farming Professional, Certificate of Achievement: District will need to open last approved proposal from 04/14/16 NO EDITS Purpose: Remove equivalency to allow for students to enroll into ENGL 249B. Six year review. Update textbooks. NO EDITS Purpose: Course has not been offered. Follow-up: Revisions to the following courses and awards are complete as a result of this course deactivation per Articulation Officer: ENGN 128 MFET 115 Electromechanical Engineering Technology, Associate of Science; Liberal Arts and Sciences Scientific Studies Mathematics and Pre-Engineering, Associate of Arts; Manufacturing Engineering Technology Options: Electronics, Associate of Science; Manufacturing Engineering Technology Option: Fabrication, Associate of Science; and Mechanical Design, Certificate of Performance NO EDITS New Course Rose LaMuraglia Purpose: New course. Course is being proposed based on industry standards. This will be a stand-alone course until cybersecurity associates is finalized award is scheduled to be submitted for approval by August Follow-up: Double check with Dean Rose LaMuraglia regarding Economic Development as a reason for proposed action and how course fit the college mission. EDITS Course Report: SECTION I, XIII. Field Trip: Change Required to May be required SECTION II, COURSE ANALYSIS DATA, I. Reason for Proposed Action: Double check with Dean Rose LaMuraglia regarding Economic Development as a reason for proposed action SECTION II, COURSE ANALYSIS DATA, II. How Does The Course Fit The College Mission?: Double check with Dean Rose LaMuraglia regarding Economic Development as how 1 P a g e

2 MINUTES April 12, 2017 course fit the college mission SECTION III, COURSE DISTANCE Ed. INFORMATION, CITY, III. Type of frequency Of contact may include, but is not limted to, #6: Remove second mention of group meetings SECTION III, COURSE DISTANCE Ed. INFORMATION, CITY, V. How to Evaluate Students For Achieved Outcomes, last sentence: Add of between Completion and individual SECTION III, COURSE DISTANCE Ed. INFORMATION, CITY, VI. Additional Resources/Materials/Information: Information provided is duplicated revision is needed Course Outline: SECTION I, CATALOG COURSE DESCRIPTION: Update course description to state the following: This course provides students with the skills and technical knowledge needed to conceptualize, design, engineer security solutions across complex enterprise environments. Emphasis is placed on the principles of Enterprise Security, Research and Analysis, Risk Management, Policy/Procedure and Legal, Integration of Computing, Business Disciplines, and Communications as they relate to security factors affecting network environments. This course is designed for student preparing for the CASP exam or any students interested in cybersecurity. CompTIA s Advanced Security Practitioner (CASP) certification is included in the approved list of certifications that meet the Department of Defense (DoD) Directive SECTION I, STUDENT LEARNING OBJECTIVES, #8: Revise to state the following Analyze scenarios and apply the resulting analysis to secure the enterprise. SECTION I, STUDENT LEARNING OBJECTIVES, #11: Misspelling Anslyze should be Analyze SECTION II, 1. COURSE OUTLINE AND SCOPE, A. Outline Of Topics: Update outline to revise the leading topics so they do not match the Student Learning Objectives and remove unnecessary punctuation, such as periods (.) and commas (,) outline should be as in the attached Appendix SECTION II, 1. COURSE OUTLINE AND SCOPE, B. Reading Assignments: Revise current information to include the following I. Assigned textbook II. Two information security articles from IEEE Communications Magazine III. Two information security articles from SECTION II, 1. COURSE OUTLINE AND SCOPE, C. Writing Assignments: Revise current information to include the following I. Short risk management reports II. An acceptable use policy for a large organization III. Reviews and summaries related to integration of computers, business functions, and information security SECTION II, 1. COURSE OUTLINE AND SCOPE, D. Appropriate Outside Assignments: Revise current information to include the following I. Research related to penetration tests II. Maintenance of a journal that summarizes how each network security tool covered in class is used and 2 P a g e

3 MINUTES April 12, 2017 applied to prevent cyber intrusions SECTION II, 1. COURSE OUTLINE AND SCOPE, E. Appropriate Assignments that Demonstrate Critical Thinking: Revise current information to include the following I. Analysis and comparisons of various network vulnerabilities published in a journal, such as Communications of the ACM II. Analysis of current cyber security strategy or policy published in IEEE Communications Magazine, or similar cyber security source SECTION II, 2. METHODS OF EVALUATION: Remove the double formatting SECTION II, 4. REQUIRED TEXTS AND SUPPLIES, TEXTBOOKS, #1: Double-check publication year for text and update ISBN to SECTION II, 4. REQUIRED TEXTS AND SUPPLIES, TEXTBOOKS, #2: Double-check publication year for text and update ISBN to PROGRAMS: PROPOSAL Customer Relationship Management, Certificate of Performance (BUSE) Intro to Business Information Worker, Certificate of Performance (CBTE) REQUESTED ACTION: ORIGINATOR/ REPRESENTATIVE NOTES New Program Shana Carr Course was at Curriculum Technical Review at 03/08/2017 New Program Theresa Savarese Purpose: New program. Create a certificate of performance to introduce students to Business Information Worker series of awards. EDITS Program Report: PROGRAM & AWARD INFORMATION, Award Description, sentence #1: Capitalize w in Worker Revised 04/13/17 3 P a g e

4 INWT 205 CompTIA Advanced Security Practitioner (CASP) B. Outline Of Topics: I. Elements of enterprise security A. Storage types 1. Virtual storage 2. Cloud storage 3. Data warehousing 4. Data archiving B. Storage protocols C. Secure storage management 1. Multipath 2. Snapshots 3. Deduplication 3. Dynamic disk pools 4. Logical Unit Number (LUN) masking and mapping 5. Host Bus Adapter (HBA) allocation 6. Offsite or multisite replication D. Encryption 1. Disk 2. Block 3. File 4. Record 5. Port II. Cryptographic concepts and techniques A. Techniques B. Concepts C. Chain of trust, root of trust D. Cryptographic applications and proper or improper implementations E. Advanced Public Key Infrastructure (PKI) concepts 1. Wind card 2. Users 3. Systems 4. Applications 5. Key escrows F. Steganography G. Implications of cryptographic methods and designs 1. Stream 2. Block 3. Modes 4. Known flaws or weaknesses 5. Strength versus performance 6. Feasibility to implement versus interoperability H. Implementations 1. Watermarking III. Network and security components, concepts and architectures. A. Advanced network design for both wired and wireless systems 1. Remote access 2. Internet Protocol Version 6 (IPv6) and associated transitional technologies 3. Transport encryption 4. Network authentication B. Security devices 4 P a g e

5 1. Placement of devices 2. Application and protocol aware technologies such as Next Generation Firewalls 3. Passive vulnerability scanners C. Virtual networking and security components 1. Switches, firewalls, wireless controllers, routers and proxies D. Complex network security solutions for data flow 1. Secure Socket Layer (SSL) inspection 2. Network flow data E. Secure configuration and baselining of networking and security components 1. Change monitoring 2. Configuration lockdown 3. Availability controls F. Cloud-managed networks G. Network management and monitoring tools H. Advanced configuration of routers, switches and other network devices I. Transport and Trunking security J. Route protection K. Security zones and data flow enforcement L. Critical infrastructure/supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) IV. Application vulnerabilities and appropriate security controls A. Web application security design considerations B. Specific application issues C. Application sandboxing D. Application security frameworks E. Secure coding standards F. Database Activity Monitor (DAM) G. Web Application Firewalls (WAF) H. Client-side processing versus server-side processing V. Business and industry influences and associated security risks A. Risk management of new products, new technologies and user behaviors B. New or changing business models/strategies 1. Partnerships 2. Outsourcing 3. Cloud 4. Merger and demerger/divestiture C. Security concerns of integrating diverse industries 1. Rules 2. Policies 3. Regulations 4. Geography D. Ensuring third-party providers have requisite levels of information security E. Internal and external influences 1. Competitors 2. Auditors and audit findings 3. Regulatory entities 4. Internal and external client requirements 5. Top level management F. Impact of de-perimeterization such as constantly changing network boundary 1. Telecommuting 2. Cloud 5 P a g e

6 3. Bring your own device (BYOD) 4. Outsourcing VI. Security, privacy policies and procedures based on organizational requirements A. Policy development and updates in light of new business, technology, risks, or environment changes B. Process and procedures 1. Development 2. Updates C. Legal compliance 1. Human resources 2. Management 3. Advocacy groups D. Common business documents 1. Risk assessment 2. Statement of Applicability (SOA) 3. Business Impact Analysis (BIA) 4. Interoperability Agreement (IA) 5. Interconnection Security Agreement (ISA) 6. Memorandum of Understanding (MOU) 7. Service Level Agreement (SLA) 8. Operating Level Agreement (OLA) 9. Non-Disclosure Agreement (NDA) 10. Business Partnership Agreement (BPA) VII. Research methods to determine industry trends and impact to the enterprise A. Ongoing research on 1. Best practices 2. New technologies 3. New security systems and services 4. Technology evolution B. Situational awareness 1. Latest client-side attacks 2. Current vulnerabilities and threats 3. Zero-day mitigating controls and remediation 4. Emergent threats and issues C. Research security implications of new business tools 1. Social media networking 2. End-user cloud storage D. Security requirements for contracts 1. Request for Proposal (RFP) 2. Request for Quote (RFQ) 3. Request for Information (RFI) 4. Agreements VIII. Analyze scenarios related to securing the enterprise A. Benchmarks and baselines B. Prototype and test multiple solutions C. Metrics collection and analysis D. Interpret trend data E. Anticipate cyber defense needs F. Review of effectiveness of existing security tools G. Analyze security solutions H. Prepare lessons-learned and after-action reports 6 P a g e

7 IX. Methods and tools for assessment and analysis tools methods A. Tool types 1. Port scanners 2. Vulnerability scanners 3. Protocol analyzer 4. Network enumerator 5. Password cracker 6. Fuzzer 7. Exploitation tools and frameworks B. Methods 1. Vulnerability assessment 2. Malware sandboxing 3. Memory dumping, runtime debugging 4. Penetration testing 5. Black box 6. White box 7. Grey box 8. Reconnaissance 9. Fingerprinting 10. Code review 11. Social engineering X. Secure communications and collaboration solutions A. Security of unified collaboration tools 1. Video conferencing 2. Instant messaging 3. Desktop sharing 4. Remote assistance 5. Presence Telephony a. Voice over the Internet Protocol (VoIP) 8. Collaboration sites a. Social media b. Cloud-based B. Remote access C. Mobile device management 1. BYOD D. Over-the-air technologies concerns XI. A Secure enterprise architecture A. Secure data flows B. Interoperability issues C. Technical deployment models 1. Outsourcing 2. Insourcing D. Vulnerabilities E. Data remnants F. Data aggregation and isolation H. Enterprise application integration enablers 7 P a g e