Skip Navigation
 

ISSC363 - IT Security: Risk Management

Course Details

Course Code: ISSC363 Course ID: 2636 Credit Hours: 3 Level: Undergraduate

This course explores Networking Security from the perspective of risk management and confirms that assessment of IP based Network systems is critical to developing strategies to mitigate and manage risks. This course focuses on effective assessment strategies that ultimately help the student to implement effective and proactive risk mitigation measures and risk management practices. It exposes the vulnerabilities of TCP/IP; and appraises risk assessment, risk analysis, risk mitigation, risk management, networking components and Virtual Private Networks (VPN). This course examines the tools and techniques used to attack, test and assure the security of the remote information, maintenance, FTP, database, email, UNIX RPC, and IP VPN services. The student will apply this knowledge to develop an assessment methodology that identifies, attacks, and penetrates IP based network systems.





Course Schedule

Registration Dates Course Dates Session Weeks
06/24/19 - 11/29/19 12/02/19 - 01/26/20 Fall 2019 Session D 8 Week session
07/29/19 - 01/03/20 01/06/20 - 03/01/20 Winter 2020 Session B 8 Week session
08/26/19 - 01/31/20 02/03/20 - 03/29/20 Winter 2020 Session I 8 Week session
09/30/19 - 02/28/20 03/02/20 - 04/26/20 Winter 2020 Session D 8 Week session
10/28/19 - 04/03/20 04/06/20 - 05/31/20 Spring 2020 Session B 8 Week session
11/25/19 - 05/01/20 05/04/20 - 06/28/20 Spring 2020 Session I 8 Week session

Current Syllabi

The successful student will fulfill the following learning objectives:

  1. Identify the role of IP-Based Network Security assessment in the world of Information Technology Management.
  2. Demonstrate the need for and benefits of network security assessment; with a focus on network security assessment as a process rather than a product.
  3. Explain the process for assessing network security.
  4. Examine the components of a network security assessment methodology.
  5. Analyze the key tools used by network security professionals and seasoned hackers to perform an IP-based network security assessment.
  6. Analyze methods, tools, and techniques used for network enumeration
  7. Identify the various methods of IP network scanning
  8. Compare the capabilities of the various IP network-scanning tools in the marketplace.
  9. Evaluate the tools and techniques used to execute information leak attacks, and the tools and techniques to test while assuring the security of the remote information services and remote maintenance services
  10. Compare and Contrast the tools and techniques used to attack, test and assure the security of the remote maintenance, FTP, database, email, UNIX RPC, and IP VPN services.
  11. Define the configuration, functionality, and risks of filtering and security systems such as firewalls, border routers, switches, and ids sensors
  12. Examine the various types of application-level vulnerabilities exploited by hackers and any corresponding risk mitigation strategies and techniques.
  13. Develop an assessment methodology that identifies, attacks, and penetrates IP based network systems.

The grading will be based on graded assignments, Forum postings, labs, quizzes, and case studies.

  1. There are eight assignments for the course. The assignments count as 30% of the final grade. The assignments will follow each of the major portions of the course. These assignments are questions from the text. They are selected to demonstrate mastery of concepts discussed during the course. Assignments should be prepared in Microsoft Word or an equivalent word processor program and uploaded onto the assignments’ area by the due date.
  2. There are four Forum postings. There will be four forums. Answers should restate the question with supporting sentences using the terms, concepts, and theories from the required readings. The key requirement is to express your idea and then support your position to demonstrate that you understand the material. Your answer should be a minimum of 250 words. Please see Appendix A for the grading rubric on all written assignments. In addition, you are to respond to at least two of your classmates’ postings by critiquing, supporting or supplementing the other students’ answers. Your responses should be at least 150 words long. All responses should be courteous with sound supporting sentences. The key requirement is to express your idea and then support your position using the terms, concepts and theories from the required readings to demonstrate that you understand the material. You may respond multiple times within a continuous discussion with points and counter points. Duplicate responses will not receive credit. The Forums count as 20% of the final grade.
  3. Two quizzes with multiple choice and true/false questions are open book and open notes. The quizzes count as 10% of your final grade.
  4. There is a Case Study; with three phases – counts as 10% of your final grade.
  5. Lab Work: The labs are hands-on additional exercises to reinforce the material covered in the weekly objectives. Counts as 30% of your grade.
NameGrade %
Forums 20.00 %
Forum Week 1 5.00 %
Forum Week 3 5.00 %
Forum Week 5 5.00 %
Forum Week 7: Cloud 2.50 %
Forum Week 7: Remote Access 2.50 %
Case Study 10.00 %
Case Study Phase 1 2.00 %
Case Study Phase 2 3.00 %
Case Study Phase 3 5.00 %
Assignments 30.00 %
Assignment 1: Security Assessment 3.75 %
Assignment 2: Risk Review 3.75 %
Assignment 3: Risk Consultant 3.75 %
Assignment 4: Network Risk Assessment 3.75 %
Assignment 5: Article Review - Security Hacking or Data Breach 3.75 %
Assignment 6: Article Review - Denial of Service 3.75 %
Assignment 7: Buffer Overflows 3.75 %
Assignment 8: Favorite Course Topic 3.75 %
Labs 30.00 %
Lab Week 2 10.00 %
Lab Week 5 10.00 %
Lab Week 7 10.00 %
Quizzes 10.00 %
Week 2 Quiz 5.00 %
Week 4 Quiz 5.00 %

Starting April 2016 this title & edition has moved to VitalSource. The VitalSource e-book is provided via the APUS Bookstore. Please visit http://apus.libguides.com/bookstore for more information.

Lab Manual:

Gibson, Darril (2014). Lab Manual to Accompany Managing Risk in Information Systems, 2nd edition. Jones & Bartlett Learning: Information Systems Security & Assurance Curriculum. Provided in the classroom within the lab environment (blue cover).

Web-Based Readings

http://www.sans.org/rr/

http://www.sans.org/resources/policies/

http://www.cert.org/

www.informationweek.com

www.internetworld.com

Software Requirements

Selected Bibliography

Compinfo.ws. (1995). LANs (Local Area Networks – a CompInfo Directory. Retrieved from http://www.compinfo-center.com/netw/lans.htm

Curt White, (2002) Data Communications and Computer Networks: A Business Users Approach, Second Edition. Boston, Massachusetts: Course Technology. ISBN 0-619-06464-1.

Feig, R. (2002). The OSI Reference Model. Retrieved from http://www2.rad.com/networks/1994/osi/intro.htm

ISSA. (2008). International systems security association home page. Retrieved October 28, 2008, from http://www.issa.org/.

Ostmo, C. (2000). Everything You Ever Wanted to Know About Modems… Retrieved from http://modems.rosenet.net/

SANS. (2008). Infosec reading room. Retrieved October 28, 2008, from http://www.sans.org/rr/.

Schnieder, K. (2003). Fiber Optic Data Communications for the Premises Environment. Retrieved from http://www.telebyteusa.com/foprimer/foprimer.htm

TechTarget. (2008). Information security magazine. Retrieved October 28, 2008, from http://informationsecurity.techtarget.com/

Book Title:ISSC363 Lab Manual provided inside the classroom
ISBN:9781449670764
Publication Info:CLASS-Jones & Bartlett
Author:Jones & Bartlett
Electronic Unit Cost:$55.00
Book Title:Managing Risk in Information Systems, 2nd Ed. - the VitalSource e-book is provided inside the classroom
ISBN:9781284055955
Publication Info:VS-Jones & Bartlett
Author:Gibson, Darril
Unit Cost:$75.79
Electronic ISBN:9781284107753
Electronic Unit Cost:$35.00

Previous Syllabi

Not current for future courses.