Reflection
Course and Instructor Information
Course Name
Unit abbreviation, course number, section number, Course name (ex: ITS 530-09 Course Title:_Analyzing and Visualizing Data
Nature of Course Content and Goals
Course Description
List the course description as listed in the course catalog located at:
https://www.ucumberlands.edu/academics/academic-catalog
Course Objectives
Learner Outcomes/ Assessments
Course Website
Access to the course website is required via the iLearn portal on the University of the Cumberlands website: http://www.ucumberlands.edu/ilearn/
Books and Resources
Required Text(s):
Kirk, A. (2016). Data Visualisation: A Handbook for Data Driven Design. Thousand Oaks, CA: Sage Publications, Ltd.
ISBN: 978-1-4739-1214-4
Microsoft Excel; Download and install R (https://cran.r-project.org/), CyGwin (https://cygwin.com/install.html, MySQL for Excel (https://www.mysql.com/why-mysql/windows/), and Python (https://www.python.org/downloads/release/python-364/)
Suggested Text (s):
If applicable
1 Course Name:
ISOL 533 Information Security & Risk Management
Course Description:
The course includes a discussion on security policies that can be used to help protect and maintain a network, such as password policy, e-mail policy, and Internet policy. The issues include organizational behavior and crisis management.
Course Objectives/Learner Outcomes:
Course Objectives/Learner Outcomes:
Upon completion of this course, the student will:
0. Explain the basic concepts of and need for risk management.
0. Explain methods of mitigating risk by managing threats vulnerabilities, and exploits.
0. Identify compliancy laws, standards, best practices, and policies of risk management.
0. Describe the components of an effective organizational risk management program.
0. Describe techniques for identifying and analyzing relevant threats, vulnerabilities, and exploits.
0. Describe the process of performing risk assessments.
0. Identify assets and activities to protect within an organization.
0. Identify threats, vulnerabilities, and exploits.
0. Identify risk mitigation security controls.
0. Describe concepts for planning risk mitigation throughout an organization.
0. Describe concepts for implementing a risk mitigation plan.
0. Perform a business impact analysis.
0. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
0. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.
0. Create a computer incident response team (CIRT) plan for an organization.
Prerequisites:
There are no prerequisites for this course.
Books and Resources:
Required Text
Gibson, Darril. Managing Risk in Information Systems, 2nd edition. Burlington, MA: Jones & Bartlett, 2015
Jones & Bartlett Learning lab manual along with the courseware. Student Lab Manual*
Recommended Materials/Resources
Judy Bell
Disaster Survival Planning: A Practical Guide for Businesses
Thomas S. Coleman
A Practical Guide to Risk Management
Kenneth L. Fulmer and Philip Jan Rothstein
Business Continuity Planning, A Step-by-Step Guide with Planning Forms on CD-ROM
Ole Hanseth, et al.
Risk, Complexity, and ICT
Susan Snedaker
Business Continuity and Disaster Recovery Planning for IT Professionals
Other References
COBIT
This URL contains information regarding COBIT from ISACA.
http://www.isaca.org/cobit/pages/default.aspx
CIPA
This Web site contains information on the Childrens Internet Protection Act from Federal Communications Commission.
http://www.fcc.gov/cgb/consumerfacts/cipa.html
FERPA
This URL provides information regarding the Family Educational Rights and Privacy Act from the U.S. Department of Education.
http://ed.gov/policy/gen/reg/ferpa/index.html
FISMA
This URL contains actual final version of the Federal Information Security Management Act.
http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
GLBA
This URL provides information regarding the Gramm-Leach-Bliley Act from the Federal Trade Commission.
http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
Guide for Conducting Risk Assessments
This URL contains NIST recommendations for conducting risk assessments for enterprise-wide risk management.
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Health Information Privacy
This URL provides information regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, from the U.S. Department of Health and Human Services.
http://www.hhs.gov/ocr/privacy/
ITIL
This Web site is an official site of for the Information Technology Infrastructure Library from AXELOS, which contains information on ITIL and provides a cohesive set of best practice, drawn from the public and private sectors internationally.
http://www.itil-officialsite.com/home/home.asp
PCI
This Web site is an official site of the PCI Security Standards Council, which provides details on payment card industry security standards.
https://www.pcisecuritystandards.org/index.shtml
Risk Management Framework Overview
This Web page provides an overview of the NIST Risk Management Framework (RMF), with links to related resources.
http://csrc.nist.gov/groups/SMA/fisma/framework.html
Risk Management Association
This Web site contains information on the RMA, which is a non-profit organization focusing on all aspects of risk management throughout the enterprise.
http://www.rmahq.org/
about-rma
SOX
This Web site provides detailed information on the Sarbanes-Oxley Act of 2002.
http://www.soxlaw.com/
TechRepublic
This Web site contains articles, videos, pictures, white papers, webcasts, and other downloadable materials on risk management.
5 How the following four subjects are related to QA Automation Engineer Role in IT.
Whose main responsibilities are writing automation scripts in Java and selenium, and implementing different features in the framework.
Subjects
1. Access Control
2. Info Security and risk management
3. Operational Excellence
4. Analyzing & visualization of Data Course Description:
This course focuses on the skills and knowledge to guide an organization in its best use of technology to achieve its business goals and objectives. Although technical knowledge and skills are essential for technology professionals, this course focuses on the development of more general leadership skills. The ability to communicate with a broad set of stakeholders is essential and this course will offer exercises in skills such as negotiation, persuasion, agility, coaching and facilitation through case studies, role playing and simulation. Technology leaders must also understand the elements of developing and implementing an overall IT Strategy for the organization. This course will review the various levels of strategy and how strategy is implemented through tactical and operational plans.
Course Objectives/Learner Outcomes:
Course Objectives/Learner Outcomes:
Upon completion of this course, the student will:
Analyze the concepts in the overall understanding of Information Technology which enhance the efficiency of operational efficiency within an organization.
Explore the various organizational learning theories to develop an understanding of the interaction of theory to practical approach.
Investigate the theories of globalization to enhance understanding of how various factors within the globalization framework influence operational excellency.
Summarize best practices to develop a greater understanding of the concepts that influence operational excellence.
Ascertain the importance of resource management principles that influence the success of operational excellence.
Be able to understand how Big Data impacts business intelligence, scientific discovery, and our day-to- day life.
Prerequisites:
There are no prerequisites for this course.
Books and Resources:
Required Text
Bourgeous, D., Smith, J., Wang. S., Mortati, J. (2019). Information Systems for Business and Beyond.
Langer, A. M. (2018). Information Technology and Organizational Learning. 3rd edition. Taylor & Francis Group, LLC. ISBN: 978-1-138-23858-9
Recommended Resources
1
Please use the following journal titles, Web sites, and/or keywords to search for supplementary information to augment your learning in this subject.
Journal of Operations Management
Business Process Management Journal
McKinsey Quarterly
Process Excellence Network
Professional Associations
APICS- One of the leading providers of research, education, and certification programs that elevate
supply chain excellence, innovation, and resilience. www.apics.org
POMS -Production and Operations Management Society (POMS) is an international professional organization representing the interests of POM professionals from around the world. www.poms.org Course Name:
Access Control
Course Description:
The course provides an in depth study of the three main security principles: availability, integrity and confidentiality. The course will examine: mechanisms used in access control, what resources an entity can access and the extent of the entitys capabilities to interact with the resource. The course will also examine approaches to auditing how an entity interacts with the resource.
Course Objectives/Learner Outcomes:
Course Objectives/Learner Outcomes:
Upon completion of this course, the student will:
Identify the types of access control technologies used in a networking environment.
Implement knowledge-based and biometric authentication.
Identify knowledge-based and characteristics-based authentication technologies.
Recognize how single sign-on systems (SSOs), one-time passwords (OTPs), and smart cards are used for authentication
Determine the appropriate type of authentication to implement in a given enterprise scenario.
Recognize ways of securing passwords and identify different types of attacks against passwords and password files.
Select the appropriate access control model for a scenario.
Determine the most appropriate access control model to implement in a given situation.
Recognize how different types of access control techniques operate.
Distinguish between centralized and decentralized access control administration mechanisms.
Identify information detection system (IDS) mechanisms and implementation methods, and recognize various intrusion detection and prevention techniques.
Prerequisites:
There are no prerequisites for this course.
Books and Resources:
Required Text: Chapple, Mike, Ballad, Bill, Ballad, Tricia, and Banks, Erin K. Access Control, Authentication, and Public Key Infrastructure, Second Edition. Jones & Bartlett Learning, 2016, ISBN:978-1-284-03159-1
Other articles and readings may be assigned by course professor.
Recommended Materials/Resources
Please use the following authors names, book/article titles, Web sites, and/or keywords to search for supplementary information to augment your learning in this subject.
Official (ISC)2 CISSP Training Seminar Handbook. International Information Systems Security Consortium, 2014.
Harris, Shon. All in One CISSP Exam Guide, Sixth Edition. McGraw-Hill, 2013.
Rhodes-Ousley, Mark. The Complete Reference to Information Security, Second Edition. McGraw-Hill, 2013.
Professional Associations
International Information Systems Security Certification Consortium, Inc., (ISC) This Web site provides access to current industry information. It also provides opportunities in networking and contains valuable career tools. http://www.isc2.org/
International Association of Privacy Professionals (IAPP) This Web site provides opportunity to interact with a community of privacy professionals and to learn from their experiences. This Web site also provides valuable career advice. https://www.privacyassociation.org/
ISACA This Web site provides access to original research, practical education, career-enhancing certification, industry-leading standards, and best practices. It also provides a network of likeminded colleagues and contains professional resources and technical/managerial publications. https://www.isaca.org/Pages/default.aspx
Tentative Course Expectations (specific due dates are listed in the course module)
Note: Assignments in the following table are listed when they are due.
Unit
Unit Topic
Reading
Assignment Due**
1
Lessons 1 & 2: Access Control Framework, Assessing Risk, and Impact on Access Control
Ch. #1 – 2
Lab 1: Configuring an Active Directory Domain Controller
Lab 2: Managing Windows Accounts and Organizational Units
Lab 1 Quiz
Lab 2 Quiz
Discussion Forum :
Introduce Yourself to your classmates
Jan 12
2
Lessons 3 & 4: Business Drivers for Access Controls
Access Control Policies, Standards, Procedures, and Guidelines
Ch. #3 – 4
Lab 3: Configuring Windows File System Permissions
Lab 3 Quiz
Lab 4: Managing Group Policy Objects in Active Directory
Lab 3 Quiz
Lab 4 Quiz
Jan 19
3
Lessons 5 & 6: Security Breaches and the Law
Mapping Business Challenges
to Access Control Types
Ch. #5 – 6
Lab 5: Managing Group Policy Objects in Active Directory
Lab 6: Configuring Windows Firewall
Lab 5 Quiz
Lab 6 Quiz
Jan 26
4
Lessons 7 & 8: Human Nature and Organizational Behavior
Access Control for Information Systems
Ch. #7 – 8
Midterm Exam. No Lab is due.
Feb 2
5
Lesson 9 & 10: Physical Security
and Access Control
Access Control in the Enterprise
Ch. #9 -10
Lab 9: Configuring Linux File System Permissions
Lab 10: Configuring Linux File System Permissions
Lab 10 Quiz.
Feb 9
6
Lesson 11 & 12: Access Control System Implementations
Access Control Solutions for Remote Workers
Ch. #11 – 12
Lecture Quizzes 11 & 12
Feb 16
7
Lessons 13, 14 & 15: Public Key Infrastructure and Encryption;
Testing Access Control Systems
Access Control Security Models; Access Control Assurance
Ch. #13, 14, 15
Lab 13: Encrypting and Decrypting Files with PKI
Lab 14: Lab 9: Authenticating Security Communications with Digital Signatures
Lab 15: Encrypting and Decrypting Web Traffic with HTTPS
—
Review Course
No Lecture
Review Chapters
1- 15
Final Exam
Feb 26
*
1
