Undergraduate Certificate in Information Systems Security Essentials

This course is a study of the discipline of Information Assurance that focuses on protecting information assets by ensuring availability, confidentiality, integrity, authenticity, and non-repudiation. This course delves into the deliberate engineering, planning and implementation of the five major areas in any enterprise: hardware, software, networks, people, and policies. This course meets the topical requirements of the IAW 8570.1M Technical III, Management II and Management III categories.

This course examines the techniques and technologies for penetration of networks, detection of attacks, and prevention of attacks. This course addresses the techniques, the technologies, and the methodologies used by cyber intruders (hackers) to select a target and launch an attack. An understanding into the mind and psyche of the hacker is essential to anticipating the moves of the hacker and to design effective countermeasures. This course focuses on techniques and technologies to detect such attacks even while the attack is in progress; early detection enables the administrator to track the movements of the hacker and to discover the intent and goals of the hacker. This course assesses the various countermeasures to keep the system out of the “sights” of the hacker and to keep the hacker out of the perimeter of the target network. This course also explores the laws and the legal considerations in prosecuting computer crime.

This course explores Networking Security from the perspective of risk management and confirms that assessment of IP based Network systems is critical to developing strategies to mitigate and manage risks. This course focuses on effective assessment strategies that ultimately help the student to implement effective and proactive risk mitigation measures and risk management practices. It exposes the vulnerabilities of TCP/IP; and appraises risk assessment, risk analysis, risk mitigation, risk management, networking components and Virtual Private Networks (VPN). This course examines the tools and techniques used to attack, test and assure the security of the remote information, maintenance, FTP, database, email, UNIX RPC, and IP VPN services. The student will apply this knowledge to develop an assessment methodology that identifies, attacks, and penetrates IP based network systems.

This course will discuss both computer and network security, from the wetware (human), software, and hardware perspectives. The "wetware" component will deal with identification of potential risk situations, establishing policies for avoidance, recovery, and prosecution, and proactive measures to reduce causal factors for security breeches in an organization. The "software" perspective will examine types of inappropriate software activity, as well as asset protection issues (recognizing software assets). This component will also address software tools available to assist in reducing administrative costs due to both malicious and accidental loss. The "hardware" component will address hardware approaches to protecting assets, as well as hardware techniques used to compromise assets. Specific technologies discussed include firewalls, symmetric key encryption, public key encryption, digital certificates, and cryptographic systems (SSL/TLS, VPNs, and Kerberos).

This course allows students to examine a broad range of computer security issues and provides the student with technical knowledge not normally addressed in traditional training. It explores the protection of proprietary information and security planning with an emphasis on networked computer vulnerabilities. It also focuses on detection (e.g. viruses, hackers, types of computer crime, computer forensic examination, etc.), as well as disaster recovery and technology law. A primary focus is put on security of systems and computer crime prevention. Also addressed is the maturing criminal population with increased computer literacy, whose tendency is to move from violent actions to more profitable computer crime. Finally, issues of privacy and freedom of information are examined. This course meets the topical requirements of the IAW 8570.1M Technical II and Management I categories.

This course is a study of Network Security attacks and countermeasures. This course examines various security technologies, such as: intrusion detection, authentication, session hijacking, sniffing, spoofing, denial of service, buffer overflow attack, port scanning, encryption, IPSec, DES encryption, triple DES encryption, message digest 5 algorithm, point-to-point tunneling protocol (PPTP), layer 2 tunneling protocol (L2TP), Kerberos, RSA Pretty Good Privacy(PGP), Secure Shell (SSH), Secure Sockets Layer (SSL), Stateful Packet Inspection (SPI), Network Address Translation (NAT), proxies, content filters, public/private keys, Public Key Infrastructure (PKI), Virtual Private Networks (VPN), security policies, security tokens, digital certificates, viruses, worms, Trojan horses, virus scanners, virus protection, vulnerability assessment, and vulnerability scanners.