Information Forensics, Compliance and Risk Management – BMIS 664

CG • Section 8WK • 11/08/2019 to 04/16/2020 • Modified 01/29/2020

Course Description

This course covers a diverse set of topics in information security and incident response. Risk Management domain involves the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability. The Legal, Regulations, Investigations, and Compliance domains addresses computer crime laws and regulations, the investigative measures and techniques which can be used to determine if a crime has been committed, and methods to gather evidence. Incident handling provides the ability to react quickly and efficiently to malicious technical threats or incidents.

Prerequisites

BMIS 663 and BMIS 510 and BMIS 520

Rationale

Competitive firms today will have the ability to proactively identify and prevent information loss. Such losses can occur by security breaches, poorly planned information systems, and by the lack of managerial guidance. To ensure a firm is compliant and prepared for information threats, risks need to be identified and prevented. Additionally, countermeasures must be implemented to mitigate and manage the potential future loss of pertinent data and information. BMIS 664 prepares the student to address such activities by examining the topics of information forensics, compliance, and risk management in greater detail.

Measurable Learning Outcomes

Upon successful completion of this course, the student will be able to:

  1. Discuss the relevance of course material and the use of technology to a biblical worldview.
  2. Compare risk management frameworks.
  3. Conduct risk management assessments.
  4. Evaluate risk management assessments.
  5. Illustrate business compliance laws and regulations pertaining to information systems.
  6. Support corporate computer investigations.
  7. Analyze cyber forensic theories and principles.
  8. Apply cyber forensic theories and principles.
  9. Diagram appropriate steps to monitor and respond to security incidents.

Course Assignment

Textbook readings and lecture presentations

Course Requirements Checklist

After reading the Course Syllabus and Student Expectations, the student will complete the related checklist found in Module/Week 1.

Discussion Board Forums (8)

Discussion Boards are collaborative learning experiences. Therefore, the student will write a thread containing scholarly supported answers to 2 questions from the assigned module/week’s textbook readings. No more than 4 students may answer the same question. If necessary, the student may list within his/her threads any concepts on which he/she needs further clarification. The student must also reply to at least 2 classmates’ threads using scholarly support. The student may reply to a classmate’s request for clarification as 1 of his/her 2 required replies.

Information Controls Project

Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will create a presentation intended for the controlling board of an organization that evaluates security threats using IT controls.

Network Security Threat Project

Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will evaluate the likely threats to an organization’s network and will draft an examination of these and other threats. The student must include the likely impact each would have if they were successfully implemented.

Threat Interception Project

Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will evaluate the strengths and weaknesses of 3 security protocols; Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Private Communications Transport (PCT) and one additional chosen protocol. The student must include an analysis of the threats each protocol is likely to mitigate or prevent.

Final Project

The student will be placed in a hypothetical scenario in which an organization has been attacked and unauthorized funds have been transferred. The student must utilize all of the information gained throughout the course to successfully complete the project.

Quizzes (3)

Each quiz will cover the Reading & Study material up to and including the module/week in which it is assigned.

Midterm Exam

The exam will cover the Reading & Study materials for the modules/weeks in which it is assigned.