Clark Atlanta University

Information Assurance Design

CIS 519: IA Tools and DB Administration

Overview: Description Objective(s) Goals/Outcome Outline Suggested Assignments References   Suggested Time: 2 class periods

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Course Length: 3 Hours Pre-Requisite  : CIS 123, CIS 474

 

Target Audience

Description: An introduction to the various technical and administrative aspects of Information Security and Assurance.  This course provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system and Database Administration, with appropriate intrusion detection and reporting features.

 

Objective(s): The primary purpose of this course: Knowledge of the importance of Database Security and how it affects our changing world. Knowledge of the basic concepts of Security Requirements, especially the close relation between the objective of machine security and human factors Understand the basic concepts of database reliability and integrity Understand the basic concepts of Encryption, Program Threats, and Trusted Operating Systems Be capable of developing a Security Policy for an Organization Understand the relationship between software development and information security Identify the key areas of Security in Networks  Learn how to critically analyze situations of Threats in Networks

 

Goals/Outcome: Upon completion of this course, students should understand the following concepts: Knowledge of Administering Security (the passwords, files, and data) ·        Knowledge of protections against malicious logic ·        Identify and prioritize security Planning ·        Identify and prioritize threats to information assets. ·        Define an information security strategy and architecture. ·        Plan for and respond to intruders in an information system ·        Describe legal and public relations implications of security and privacy issues. ·        Present a disaster recovery plan for recovery of information assets after an incident ·        Be aware of Legal, Privacy, and Ethical Issues in Computer Security ·        Understand the Right of Employees and employers ·        Understand the fundamental concepts of Cryptographic Systems

 

Outline: Introduction to Information Assurance and Databases and its Security Multilevel secure databases: partitioned, cryptographically sealed, filtered General procedures in facilities (standards operation) The threats to security in computing: interception, interruption, modification, fabrication Controls Available to Address these Threats and its consequences: -    Investigative analysis -         Encryption, programming controls, operating systems, -         Network controls, administrative controls -         Law and ethics (criminal consequences). Threats against networked applications, including denial of service, web site defacements, malicious mobile code, and protocol attacks. Controls against network attacks: -         physical security; -         Control and modify policies and procedures; -         Control  range of technical issues. -         Discus specific agency security policies -         Countermeasures to reduce the impact of threats. Security goals: the confidentiality, integrity, and availabilities Vulnerabilities control (hardware and its peripheral devises, software, data and other exposed assets) Program development controls against malicious code and vulnerabilities-software engineering principles and practices Administering Security:  Security Plan, Risk Analysis, Assessments, System Life Cycle Management Security Policy- high-level standards for users and managers -         Identifies and organizes the security activities for the users and managers -         Access control authorization -         Accountability (train users about the computer security principles) -         Monitoring users computer systems (access authorization) -         Intrusion detection -         Law regulations, and other public policy Physical Security and standards (protecting outside the computer system) -         Contingency planning- recovery adequate preparation based on the standards -         Tempest- U.S. government program under which computer equipment is certified as emission-free. -         Natural threats (flood, fire, earthquake, etc…) -         Environmental control (flood, fire, safety, etc...) -         Facilities management (disaster recovery plan testing) -         Network storage Legal, Privacy ACT (1974, 1986, 2001), and Ethical Issues in Computer Security Protection of programs and information, equipments by patents, copyrights, and trademarks Ethical analysis of computer security situations Code of professional ethics, standard of conduct (monitoring keystroke) Introduction to Operation Security Protecting in General-purpose Operating Systems -         User authentication -         Controlled access to voice and data communications -         Protecting memory, files and the execution environment   Cryptography Concepts -         Concepts of Encryption (clearly address the need for confidentiality of data) -         Asymmetric encryption and RSA algorithm -         National policies and procedures (enforcing security through hardware or software means) Security Networks Concepts, Traffic Control, Firewalls, IDS, Secure e-mail/phone mail, and modems

 

	Suggested Assignments:
	References: