""

Howard Community College

 A-Z
Index

Home  |   Employees   |   Contact Us   |   Jobs   |   Security & Safety |   Staff Directory

""

Academics

Admissions & Enrollment

Continuing Education

About Howard Community College

BUSINESS & COMPUTER SYSTEMS DIVISION

Instructional Areas

Degrees and Certificates

Course Outlines

Faculty

Resources and Links
Waiver Forms
 Flexible Learning Options

Learning Resources

Email
HCC Express
CE6 (WebCT)
Network Storage for Students
Library
Tutoring
HOWL (HCC Online Writing Lab)

Business & Computers

Home » Academics » Academic Divisions » Business and Computer Systems Division » Instructional Areas » Network Security

NSA Approved Network Security Course Outlines

CMSY 162 – Introduction to Network Security Systems


1.       Introduction to Information Security

1.1.        The History of Information Security
1.2.        What Is Security?
1.3.        What Is Information Security?
1.4.        Critical Characteristics of Information
1.5.        NSTISSC Security Model
1.6.        Components of an Information System
1.7.        Securing the Components
1.8.        Balancing Security and Access
1.9.        Top-Down Approach to Security Implementation
1.10.      The System Development Life Cycle
1.11.      The Security System Development Life Cycle
1.12.      Key Terms
1.13.      Security Professionals and The Organization
1.14.      Communities of Interest
1.15.      Information Security: Is It an Art or a Science

2.    The Need for Security

2.1.        Business Needs First, Technology Needs Last
2.2.        Threats
2.3.        Attacks

3.    Legal, Ethical and Professional Issues in Information Security

3.1.        Law and Ethics in Information Security
3.2.        Types of Law
3.3.        Relevant U.S. Laws
3.4.        International Laws and Legal Bodies
3.5.        Policy Versus Law
3.6.        Ethical Concepts in Information Security
3.7.        Codes of Ethics, Certifications, and Professional Organizations
3.8.        Organizational Liability and the Need for Counsel

4.    Risk Management: Identifying and Assessing Risk

4.1.        Risk Management
4.2.        Risk Identification
              4.2.1.    Information Asset Classification
              4.2.2.    Information Asset Valuation
              4.2.3.    Data Classification and Management
              4.2.4.    Security Clearances
              4.2.5.    Management of Classified Data
4.3.        Risk Assessment
4.4.        Documenting Results of Risk Assessment

5.    Risk Management: Assessing and Controlling Risk

5.1.        Risk Control Strategies
5.2.        Risk Mitigation Strategy Selection
5.3.        Categories of Controls
5.4.        Feasibility Studies
5.5.        Risk Management Discussion Points
5.6.        Documenting Results
5.7.        Recommended Practices in Controlling Risk

6.    Blueprint for Security

6.1.        Information Security Policy, Standards and Practices
6.2.        Information Classification
6.3.        Systems design
6.4.        Information Security Blueprints
6.5.        ISO 1779/BS 7799
6.6.        NSIT Security Models
6.7.        VISA International Security Model
6.8.        Hybrid Framework for a Blueprint of an Information Security System
6.9.        Security Education, Training, and Awareness Program
6.10.      Design of Security Architecture

7.    Planning for Continuity

7.1.        Continuity Strategy
7.2.        Business Impact Analysis
7.3.        Incident Response Planning
7.4.        Incident Reaction
7.5.        Incident Recovery
7.6.        Automated Response
7.7.        Disaster Recovery Planning
7.8.        Business Continuity Planning
7.9.        Model for a Consolidated Contingency Plan
7.10.      Law Enforcement Involvement

8.    Security Technology

8.1.        Physical Design of the SecSDLC
8.2.        Firewalls
8.3.        Dial-up Protection
8.4.        Intrusion Detection Systems (IDS)
8.5.        Scanning and Analysis Tools
8.6.        Content Filters
8.7.        Trap and Trace
8.8.        Cryptography and Encryption-based Solutions
8.9.        Access Control Devices

9.     Physical Security

9.1.        Access Controls
9.2.        Fire Safety
9.3.        Failure of Supporting Utilities and Structural Collapse
              9.3.1.   Heating, Ventilation & Air-Conditioning
              9.3.2.   Power Management and Conditioning
              9.3.3.   Structural Collapse
              9.3.4.   Maintenance of Facility Systems
9.4.        Interception of Data
9.5.        Mobile and Portable Systems
9.6.        Special considerations for Physical Security Threats
              9.6.1.   Inventory Management

10.  Implementing Security

10.1.      Project Management in the Implementation Phase
10.2.      Technical Topics of Implementation
10.3.      Non-technical Aspects of Implementation

11.  Security and Personnel

11.1.      The Security Function Within an Organization’s Structure
11.2.      Staffing the Security Function
11.3.      Credentials of Information Security Professionals
11.4.      Employment Policies and Practices
11.5.      Security Considerations for Non-employees
              11.5.1.   Contract Employees
              11.5.2.   Consultants
              11.5.3.   Business Partners
11.6.      Separation of Duties and Collusion
11.7.      Privacy and the Security of Personnel Data

12.  Information Security Maintenance

12.1.      Managing for Change
12.2.      Security Management Models
12.3.      The Maintenance Model

13.  Additional Topics Discussed from Supplemental Text Chapters

13.1.      OPSEC Process C6.2
13.2.      OPSEC surveys/OPSEC planning C6.2
13.3.      Unclassified Indicators C6.2
13.4.      Application Guidance C5.5
13.5.      Emanations Security C9.1
13.6.      HUMINT C6.4
13.7.      Telecommunications Systems, Telecommunications C3.0 & 3.1
13.8.      Policies and Security, Contacts and References
13.9.      Vulnerabilities, Threats, Counter Measures
13.10.   Security Policies, Guidance, Contacts, and Roles C14.3
13.11.   Security Policies – Budgeting, Valuation, and Training C1.0 & 1.4
13.12.   Systems Life Cycle Processes, Certification  and Accreditation C11.6
13.13.   Software Security C5.1
13.14.   Media Processes – Attribution, Destruction, Classification, C6
13.15.   Sanitization, Transportation, Inventory, Incident Reporting C6.3
13.16.   National Threats, Vulnerabilities, Counter Measures, C1.0
13.17.   Risk Management, and other facets of NSTISS
13.18.   Testing

Appendix: Cryptography

A.i    Types of Ciphers
A.ii   Popular Cryptographic Algorithms
A.iii  Protocols for Secure Communications
A.iv  Attacks on Cryptosystems


Privacy & Security Policy | Site MapHow are We Doing? | Contact Webmaster | Advanced Search | Staff Email | HCC Intranet

copyright Howard Community College 2006
10901 Little Patuxent Parkway • Columbia, Maryland 21044
Tel. (410) 772-4856 College related information
Tel. (410) 772-4800 Switchboard | TTY users call via MD Relay 7-1-1
Howard Community College is an Equal Opportunity Institution