IS305 Managing Risk in Information Systems [Onsite and Online]

Similar documents
ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

IS316 Fundamentals of Network Security, Firewalls and VPNs [Onsite and Online]

ITT Technical Institute. IT203 Database Development Onsite Course SYLLABUS

ITT Technical Institute. PT2520T Database Concepts Onsite Course SYLLABUS

ITT Technical Institute. NT1230T Client-Server Networking I Onsite Course SYLLABUS

ITT Technical Institute. ET3110 Networking and Communications Onsite and Online Course SYLLABUS

ITT Technical Institute. ET385 Data and Network Communications Onsite Course SYLLABUS

ITT Technical Institute. NT2640 IP Networking Onsite Course SYLLABUS

ITT Technical Institute. NT1430 Linux Networking Onsite Course SYLLABUS

ITT Technical Institute. ET4560T C++ Programming Onsite Course SYLLABUS

ITT Technical Institute. GC2630 Graphic Design for the Web Onsite Course SYLLABUS

ITT Technical Institute. IS3445 Security for Web Applications and Social Networking Onsite Course SYLLABUS

IT221T Microsoft Network Operating System I [Onsite]

ITT Technical Institute. ET3430 Fiber Optic Communications Onsite Course SYLLABUS

IS415T System Forensics Investigation and Response [Onsite]

ITT Technical Institute. TB143 Introduction to Personal Computers Onsite and Online Course SYLLABUS

ITT Technical Institute. SD2720 Advanced Software Development Using Java Onsite and Online Course SYLLABUS

ITT Technical Institute. NT1330 Client-Server Networking II Onsite Course SYLLABUS

IT109P Microsoft Desktop Operating System [Onsite]

IS317 Hacker Techniques, Tools and Incident Handling [Onsite and Online]

ET225P Networking Concepts [Onsite]

ITT Technical Institute. NT2740 Advanced Networking Devices Onsite and Online Course SYLLABUS

ITT Technical Institute. SD1420 Introduction to Java Programming Onsite and Online Course SYLLABUS

ITT Technical Institute. IT412 Voice and Data Integration Onsite Course SYLLABUS

ISM 324: Information Systems Security Spring 2014

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

ITT Technical Institute. ET2560T Introduction to C Programming Onsite and Online Course SYLLABUS

ITT Technical Institute. IT302 Linux System Administration Onsite Course SYLLABUS

IS418 Securing Linux Platforms and Applications [Onsite]

ITT Technical Institute. IT321 Network Technology and Service Integration Onsite Course SYLLABUS

ITT Technical Institute. SD1240T Creating Websites Using HTML and CSS Onsite and Online Course SYLLABUS

ITT Technical Institute. IT370 Advanced Routing and Switching I Onsite Course SYLLABUS

ITT Technical Institute. SD3120T Programming in Open Source with LAMP Onsite and Online Course SYLLABUS

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

ITT Technical Institute. DT2630 3D Modeling and Visualization Onsite and Online Course SYLLABUS

ITT Technical Institute. IS3220 Information Technology Infrastructure Security Onsite Course SYLLABUS

ITT Technical Institute. IT371 Advanced Routing and Switching II Onsite Course SYLLABUS

Fire Fighting Practices Level 1 and 2 FIRE 127 Fire Training Certification. Course Outline

IS404T Access Control, Authentication and Public Key Infrastructure (PKI) [Onsite]

ISATI 231: Windows Client (4 credits) Spring 2018 Mon, Tue, Wed, Thu, 13:10-14:40, MTB 105

ITT Technical Institute. IS4560T Hacking and Countermeasures Onsite Course SYLLABUS

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431

ITT Technical Institute. ET2640 Microprocessors and Microcontrollers Onsite and Online Course SYLLABUS

Industrial Fire Brigade Member - Incipient FIRE 123 Fire Training Certification. Course Outline

ITT Technical Institute. SD2520 Introduction to Database and XML with jquery Onsite and Online Course SYLLABUS

Certification Exam Outline Effective Date: September 2013

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

PELLISSIPPI STATE TECHNICAL COMMUNITY COLLEGE MASTER SYLLABUS CIW JAVASCRIPT FUNDAMENTALS CERTIFICATION WEB 2391

ITT Technical Institute. IT390 Business Database Administration Onsite Course SYLLABUS

CCISO Blueprint v1. EC-Council

Information Systems and Tech (IST)

ITT Technical Institute. IS3120 Network Communications Infrastructure Onsite Course SYLLABUS

NCSF Foundation Certification

ITT Technical Institute. SD3240T Creating Websites in the LAMP Environment Onsite and Online Course SYLLABUS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

COURSE OUTLINE. Last Amendment Edition Procedure No. Lecturer /blog Room No. Phone No. / Name.

ITT Technical Institute. SD1420 Introduction to Java Programming Onsite Course SYLLABUS

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

ITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS

Emergency Vehicle Operation FIRE 106 Fire Training Certification. Course Outline

Solutions Technology, Inc. (STI) Corporate Capability Brief

Introduction To Data Processing COMP 153 Business Administration Program/Administrative Studies. Course Outline

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Course Title: Computer Networking 2. Course Section: CNS (Winter 2018) FORMAT: Face to Face

Course Title: Network+/Networking Fundamentals. Course Section: CNS-101-I1. FORMAT: Online

COPYRIGHTED MATERIAL. Index

ITT Technical Institute. VC240T Visual Design for the Web Onsite Course SYLLABUS

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

ITT Technical Institute. SD3440T Creating Websites Using ASP.NET Onsite and Online Course SYLLABUS

Mobile Device policy Frequently Asked Questions April 2016

Cybersecurity & Privacy Enhancements

Security Awareness Compliance Requirements. Updated: 11 October, 2017

Annual Program Assessment Review

Network Security

ITT Technical Institute. ET376 C/C++ Programming Onsite Course SYLLABUS

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Information Security Risk Strategies. By

Cybersecurity in Higher Ed

ITT Technical Institute. IS3440T Linux Security Onsite Course SYLLABUS

Legal and Regulatory Developments for Privacy and Security

TEL2813/IS2820 Security Management

ISAO SO Product Outline

NCSF Foundation Certification

Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

MIS5205 IT Service Delivery and Support Fall 2016

EC423 E-Commerce Technology System Design [Onsite]

COBIT 5 Implementation

Effective COBIT Learning Solutions Information package Corporate customers

Risk Assessment: Key to a successful risk management program

ITT Technical Institute. VC130P Digital Type and Image Manipulation Onsite Course SYLLABUS

Windows Server 2008 Applications Infrastructure Configuration (ITMT 2322)

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

ITT Technical Institute. IT217P Programming in C++ II Onsite Course SYLLABUS

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Transcription:

IS305 Information Systems [Onsite and Online] Course Description: This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT60 Networking Application Services and Security or equivalent Credit hours: 4 Contact hours: 50 (30 Theory Hours, 0 Lab Hours)

Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: 400 Level IS47 Information Systems Security IS41 IS404 IS411 IS415 IS416 IS418 IS43 Legal & Security Issues 300 Level IS305 Information Systems IS308 IS316 IS317 EC311 Introduction to Project CNS Program 300 Level IT30 IT30

00 Level IT60 Networking Application IT55 Introduction to Information IT0 IT1 IT50 100 Level TB143 Introduction to Personal Computers - Foundational Courses - Technical Courses - Capstone Project - CNS Prerequisites

Course Summary Course Description This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis, business continuity plan, and disaster recovery plan will also be discussed. Major Instructional Areas 1. Risk management basics. Risk assessment plan 3. Risk mitigation plan 4. Cost and benefit analysis 5. Business continuity plan 6. Disaster recovery plan Course Objectives 1. Explain the basic concepts of and need for risk management.. Identify compliancy laws, standards, best practices, and policies of risk management. 3. Describe the components of an effective organizational risk management program. 4. Describe techniques for identifying relevant threats, vulnerabilities, and exploits. 5. Identify risk mitigation security controls. 6. Describe concepts for implementing risk mitigation throughout an organization. 7. Perform a business impact analysis for a provided scenario.

8. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization. 9. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization. 10. Create a Computer Incident Response Team (CIRT) plan for an organization in a given scenario. SCANS Objectives SCANS is an acronym for Secretary s Commission on Achieving Necessary Skills. The committee, appointed by the National Secretary of Labor in 1990, created a list of skills and competencies that continue to be a valuable resource for individuals developing their careers in a high-tech job market. For more information on the SCANS objectives, visit The U.S. Department of Labor Employment and Training Administration: www.doleta.gov.

Learning Materials and References Required Resources Textbook Package New to this Course Carried over from Previous Course(s) Required for Subsequent Course(s) Gibson, Darril. Information Systems. 1 st ed. Sudbury, MA: Jones & Bartlett, 011. n Companion CD IS305 n Printed IS305 Student Lab Manual n Recommended Resources Books, Professional Journals Please use the following author s names, book/article titles and/or keywords to search in the ITT Tech Virtual Library for supplementary information to augment your learning in this subject: Ole Hanseth, et al., Risk, Complexity, and ICT. Search in: Books > Books 4x7 Periodicals. EbscoHost Other References

COBIT This URL contains information regarding COBIT from the ISACA. http://www.isaca.org/template.cfm?section=cobit6&template=/taggedpage/taggedpagedispl ay.cfm&tplid=55&contentid=7981 (accessed on April 8, 010) CIPA This Website contains information on the Children s Internet Protection Act from Federal Communications Commission. http://www.fcc.gov/cgb/consumerfacts/cipa.html (accessed on April 8, 010) DIACAP Information regarding the Department of Defense Information Assurance Certification and Accreditation Process from the Defense Information Systems Agency http://iase.disa.mil/diacap/ (accessed on April 8, 010) FERPA This URL provides information regarding the Family Educational Rights and Privacy Act from the U.S. Department of Education. http://ed.gov/policy/gen/reg/ferpa/index.html (accessed on April 8, 010) FISMA This URL contains actual final version of the Federal Information Security Management Act. http://csrc.nist.gov/drivers/documents/fisma-final.pdf (accessed on April 8, 010) GLBA

This URL provides information regarding the Gramm-Leach Bliley Act from the Federal Trade Commission. http://www.ftc.gov/privacy/privacyinitiatives/glbact.html (accessed on April 8, 010) Health Information Privacy This URL provides information regarding HIPPA from the U.S. Department of Health and Human Services. http://www.hhs.gov/ocr/privacy/ (accessed on April 8, 010) ITIL This Website is an official site of for the Information Technology Infrastructure Library from the OGC which contains information on ITIL and provides a cohesive set of best practice, drawn from the public and private sectors internationally. http://www.itil-officialsite.com/home/home.asp (accessed on April 8, 010) PCI This Website is an official site of the PCI Security Standards Council which provides details on security standards. https://www.pcisecuritystandards.org/index.shtml (accessed on April 8, 010)

Risk Management Association This Website contains information on the RMA which is a non-profit organization focusing on all aspects of risk management throughout the enterprise. http://www.rmahq.org/rma/default.htm (accessed on April 8, 010) Risk Management Guide for Information Technology Systems This URL contains NIST recommendations for the U.S. Department of Commerce on Risk Management for Information Technology Systems. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (accessed on April 8, 010) SOX This Website provides detailed information on the Sarbanes-Oxley Act of 00. http://www.soxlaw.com/ (accessed on April 8, 010) TechRepublic This Website contains articles, videos, pictures, white papers, webcasts, and downloads material on risk management. http://techrepublic.com.com/ (accessed on April 8, 010) NOTE: All links are subject to change without prior notice. Information Search Use the following keywords to search for additional online resources that may be used for supporting your work on the course assignments: COBIT

CIPA DIACAP FERPA FISMA GLBA Health Information, Privacy ITIL PCI Risk Management Association Risk Management Guide for Information Technology Systems SOX TechRepublic Course Plan Instructional Methods This course is designed to promote learner-centered activities and support the development of cognitive strategies and competencies necessary for effective task performance and critical problem solving. The course utilizes individual and group learning activities, performance-driven assignments, problem-based cases, projects, and discussions. These methods focus on building engaging learning experiences conducive to development of critical knowledge and skills that can be effectively applied in professional contexts. Suggested Learning Approach In this course, you will be studying individually and within a group of your peers. As you work on the course deliverables, you are encouraged to share ideas with your peers and instructor, work

collaboratively on projects and team assignments, raise critical questions, and provide constructive feedback. Use the following advice to receive maximum learning benefits from your participation in this course: DO DON T Do take a proactive learning approach Do share your thoughts on critical issues and potential problem solutions Do plan your course work in advance Do explore a variety of learning resources in addition to the textbook Do offer relevant examples from your experience Do make an effort to understand different points of view Do connect concepts explored in this course to real-life professional situations and your own experiences Don t assume there is only one correct answer to a question Don t be afraid to share your perspective on the issues analyzed in the course Don t be negative towards the points of view that are different from yours Don t underestimate the impact of collaboration on your learning Don t limit your course experience to reading the textbook Don t postpone your work on the course deliverables work on small assignment components every day

Course Outline Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) 1 Risk Management Fundamentals Chapter 1 Quiz 1.1 An open book quiz over the assigned reading of Unit 1. 1 Chapter Lab 1. Identifying Threats and Vulnerabilities Assignment 1.3 Application of risk management techniques 3 Course Project and associated deliverables are introduced. Compliance Laws, Standards, and Best Practices 3 Risk Management Planning Chapter 3 Chapter 4 Quiz.1 Quiz.1 1 Lab. COBIT Framework Assignment.3 PCI DSS and the seven domains Quiz 3.1 Quiz 3.1 1 Lab 3. Risk management scope/boundaries 3 Discussion 3.3 Risk Management Process 5 4 Concepts of Risk Assessment Chapter 5 Chapter 6 Quiz 4.1 Quiz 4.1 1 Lab 4. Risk Assessment Pre- Planning

Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) Assignment 4.3 Risk Assessment Approaches Project 4.4 Risk Management Plan Project Part 1 3 5 5 Key Components of Risk Assessment Chapter 7 Chapter 8 Chapter 9 Quiz 5.1 Quiz 5.1 1 Lab 5. Perform a Risk Assessment Discussion 5.3 Risk Assessment and Risk Mitigation control 5 6 Strategies for Mitigating Risk Chapter 10 Chapter 11 Quiz 6.1 Quiz 6.1 1 Lab 6. Risk Mitigation Project 6.3 Risk Assessment Plan 3 7 Business Impact Analysis Chapter 1 Quiz 7.1 Quiz 7.1 1 Lab 7. Business impact analysis Project 7.3 Risk Mitigation Plan 3

Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) 8 Business Continuity Planning Chapter 13 Quiz 8.1 Quiz 8.1 1 Lab 8. Reviewing business continuing planning techniques Project 8.3 Risk Management Plan Project Part 5 9 Disaster Recovery Planning Chapter 14 Quiz 9.1 Quiz 9.1 1 Lab 9. Disaster recovery techniques Project 9.3 Conducting a business continuity plan 3 10 Structuring Computer Incident Response Team and Plan 11 Course Review and Final Exam Chapter 15 N/A Quiz 10.1 Quiz 10.1 1 Lab 10. CIRT planning techniques Project 10.3 Disaster Recovery Plan Project 11.1 Project: Risk Management Plan Exam 11. Final Exam 0 10 Evaluation and Grading

Evaluation Criteria The graded assignments will be evaluated using the following weighted categories: Category Weight Discussion 10 Assignment 9 Lab 0 Project 31 Quiz 10 Exam 0 TOTAL 100% Grade Conversion The final grades will be calculated from the percentages earned in the course, as follows: Grade Percentage Credit A 90 100% 4.0 B+ 85 89% 3.5 B 80 84% 3.0 C+ 75 79%.5 C 70 74%.0 D+ 65 69% 1.5

D 60 64% 1.0 F <60% 0.0 Academic Integrity All students must comply with the policies that regulate all forms of academic dishonesty, or academic misconduct, including plagiarism, self-plagiarism, fabrication, deception, cheating, and sabotage. For more information on the academic honesty policies, refer to the Student Handbook. (End of )

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback