INFO 4414 System Security Management 1-3 Credits
||System Security Management
||Fifteen contact hours, five three hour sessions plus research time. Total duration 15 weeks.
||Establishes a framework for managing many systems and systems administrators operating in a secure and private computing environment. The course Deals with facilities management, contingency plans, laws, standards of contact and operations management. Management of Systems Administrators is included
||INFO 4411 and INFO 4413
|Course Learning Objective:
A systems Security manager is responsible for maintaining a plan for site security improvements and progress towards meeting the accreditation;
The learner must ensure the information systems is operated, used, maintained, and disposed of in accordance with security policies and practices and ensure the information system is accredited and certified if it processes sensitive information;
The course will deal with methods for ensuring users and system support personnel have the required security clearances, authorization and need-to-know; are indoctrinated; and are familiar with internal security practices before access to the information system is granted and how to enforce security policies and safeguards on all personnel having access to the for which the he is responsible;
The importance of frequent reviews of audit trails and that audit records are archived for future reference, if required;
The student should be aware about how to evaluate known vulnerabilities to ascertain if additional safeguards are needed.
- Site security improvement and plan and components
- Information Assurance Program Planning
- Policies for operation use maintenance and disposal information contained within the assured system
- Access Authorization
- Access Control Model (ACM)
- Generally Accepted Systems Security Principles
- Laws, Regulations, and Other Public Policy
- Standards of Conduct (SOC)
- Accreditation and Certification
- Accreditation Function
- Certification Function
- Discussion of methods to determine if system support personnel have the required authorization, and need-to-know. Methods of indoctrination and increased awareness of internal security practices before access is allowed
- Education, Training, & Awareness
- General Information
- Policy & Procedures
- Security policies and safeguards for all personnel with access to the Information System
- Management of the Security Function
- Use, review and archival of Audit Trails
- Auditing Tools
- Configuration Management
- Establishment and operation of protective or corrective measures
- Assessments (surveys, inspections)
- Environmental Controls
- Handling Media
- Intrusion Deterrents
- Marking of Media
- Network Security
- Management of security failures and reporting to appropriate authorities and senior management
- Security Investigation Procedures
- Security Violations Reporting Process (incident response)
- Reporting and briefing status of systems to senior management. Including status of:
- Administrative Security Policies and Procedures
- Organization Specific Security Policies
- Computer Emergency Response Team (CERT)
- Fundamentals of Risk management and assessment
- Vulnerability Analysis
||Students should submit the competencies form for evaluation prior to the examinations.
|Method of Instruction:
||This course is conducted largely using the case method. The students select organizations and seek to review their security plans and operations. The class then analyzes each of these cases.
||Evaluation of students is done initially by peer evaluation. Then the faculty member involved works with the companies to determine the feasibility of recommendations and actions specified.
This ensures that all students in the program meet the requirements of CNSS 4014
All material on this site is copyright unless otherwise noted.
Please respect the authors rights by requesting permission for use and ensuring proper attribution and credit.