INFO 5514 Systems Security Management 1-3 Credits

Course Designator INFO 5514
Course Title: Systems Security Management
Course Length: Fifteen contact hours, five three hour sessions plus research time. Total duration 15 weeks.
Course Description: Establishes a framework for managing many systems and systems administrators operating in a secure and private computing environment. The course Deals with facilities management, contingency plans, laws, standards of contact and operations management. Management of Systems Administrators is included
Prerequisites INFO 5511 and INFO 5513
Course Learning Objective:

A systems Security manager is responsible for maintaining a plan for site security improvements and progress towards meeting the accreditation;

The learner must ensure the information systems is operated, used, maintained, and disposed of in accordance with security policies and practices and ensure the information system is accredited and certified if it processes sensitive information;

The course will deal with methods for ensuring users and system support personnel have the required security clearances, authorization and need-to-know; are indoctrinated; and are familiar with internal security practices before access to the information system is granted and how to enforce security policies and safeguards on all personnel having access to the for which the he is responsible;

The importance of frequent reviews of audit trails and that audit records are archived for future reference, if required;

The student should be aware about how to evaluate known vulnerabilities to ascertain if additional safeguards are needed.

Major Topics:
  • Site security improvement and plan and components
    • Facilities
    • Information Assurance Program Planning
  • Policies for operation use maintenance and disposal information contained within the assured system
    • Access Authorization
    • Access Control Model (ACM)
    • Accountability
    • Generally Accepted Systems Security Principles
    • Laws, Regulations, and Other Public Policy
    • Standards of Conduct (SOC)
  • Accreditation and Certification
    • Accreditation Function
    • Certification Function
  • Discussion of methods to determine if system support personnel have the required authorization, and need-to-know. Methods of indoctrination and increased awareness of internal security practices before access is allowed
    • Education, Training, & Awareness
    • General Information
    • Operations
    • Personnel
    • Policy & Procedures
  • Security policies and safeguards for all personnel with access to the Information System
    • Management of the Security Function
    • Oversight
  • Use, review and archival of Audit Trails
    • Audit
    • Auditing Tools
    • Configuration Management
    • Policies
  • Establishment and operation of protective or corrective measures
    • Assessments (surveys, inspections)
    • Environmental Controls
    • Handling Media
    • Intrusion Deterrents
    • Marking of Media
    • Network Security
  • Management of security failures and reporting to appropriate authorities and senior management
    • Law
    • Security Investigation Procedures
    • Security Violations Reporting Process (incident response)
  • Reporting and briefing status of systems to senior management. Including status of:
    • Administrative Security Policies and Procedures
    • Organization Specific Security Policies
    • Computer Emergency Response Team (CERT)
  • Fundamentals of Risk management and assessment
    • Countermeasures
    • Risks
    • Threats
    • Vulnerability Analysis
Competencies Students should submit the competencies form for evaluation prior to the examinations.
Method of Instruction: This course is conducted largely using the case method. The students select organizations and seek to review their security plans and operations. The class then analyzes each of these cases.
Evaluation Methods: Evaluation of students is done initially by peer evaluation. Then the faculty member involved works with the companies to determine the feasibility of recommendations and actions specified.
Student Enrollment:  

This ensures that all students in the program meet the requirements of CNSS 4014

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service