Information Security Operations – CSIS 344

CG • Section 8WK • 11/08/2019 to 04/16/2020 • Modified 07/28/2020

Course Description

This course will cover the issues and tasks involved in the day to day operation of an Information Security System. The topics included in this course would be: risk management, auditing and monitoring, regulations and compliance, disaster recovery, incidence response, key management, information systems hardware and software operation, networks and transmission security, operational security, and cryptography. (Formerly CSCI 352)

Prerequisites

CSCI 340 or BMIS 340 or CSIS 340

Rationale

In an Internet-centric world, organizations require business processes designed to protect critical or confidential information using cost-effective IT security methods and controls. This course will provide the student with the information and skills necessary to implement and maintain an effective information security program supporting business operations. To support effective information security program operations, the student will learn the operational concepts, principles, and activities of a security program as well as how to manage a program within an organization. The student will learn to consider the organization’s culture, business needs, processes, risk factors, and tolerance as well as regulatory compliance requirements when operating a security program.

Measurable Learning Outcomes

Upon successful completion of this course, the student will be able to:

  1. Describe the purpose, value, and requirements of an information security system in support of business operations.
  2. Describe the industry best practices and current trends in technical and physical information security methods necessary to maintain the confidentiality, integrity, and availability of digital information at rest, in transit, and in use during business operations as part of an information security system.
  3. Demonstrate the ability to institute information security systems operations using industry best practices as a part of business activities including risk anaylsis and management, regulatory compliance, business continuity, governing policy management, incident response actions, cryptographic infrastructure management, network security methods, operational security, and other information security systems practices.
  4. Discuss the relevance and value of course material relative to a biblical worldview.

Course Assignment

Textbook readings and lecture presentations/notes

Course Requirements Checklist

After reading the Course Syllabus and Student Expectations, the student will complete the related checklist found in Module/Week 1.

Discussion Board Forums (6)

Discussion Boards are collaborative learning experiences. Therefore, the student is required to create a thread in response to the provided prompt for each forum. Each thread must be at least 300 words and demonstrate course-related knowledge. In addition to the thread, the student is required to reply to 2 other classmates’ threads. Each reply must be at least 100 words.

Article Reviews (2)

The student is required to provide a written review of the information found on the websites in the Reading & Study folder for the assigned module/week. Each Article Review must be a minimum of 750 words, be in current APA format, and demonstrate course-related knowledge with biblical implications.

Research Paper – Topic Proposal/Outline

As a case study, the student will conduct a risk assessment for an organization of his/her choosing. Based on the results of the assessment, the student will draft a disaster recovery plan (DRP) and an incident response plan as part of an information security program. To that end, the student will submit for approval a topical outline and a topic proposal that will be used toward the requirements of the Research Paper – Final. The outline must be at least 3 tiers and must include at least 1 reference in addition to the course textbooks and the Bible. The topic proposal must be at least 250 words.

Case Study

For the Case Study, the student will conduct a risk assessment for an organization of his/her choosing. He/she will write a research-based paper of at least 1,000 words in current APA format. The paper will report the result of the risk assessment in support of implementing an Information Security program or improving the program the organization already has in place. The paper must include at least 5 references in addition to the course textbooks, the Bible, and the resource(s) used in the Research Paper – Topic Proposal/Outline. The information from the Case Study must be incorporated into the Research Paper – Final.

Research Paper – Final

The student will write a research-based paper of at least 2,000 words in current APA format. The paper must focus on the implementation and operation of the disaster recovery plan (DRP) and incident response team (IRT) portions of an Information Security Program in relation to the risk assessment conducted by the student in the Case Study assignment. The paper must include at least 5 references in addition to the course textbooks, the Bible, and the resources used in the Research Paper – Topic Proposal/Outline and in the Case Study.

Quizzes (2)

Each quiz will cover the Reading & Study material for the modules/weeks in which it is assigned. Each quiz will be open-book/open-notes, contain 50 multiple-choice, true/false, and essay questions, and have a 1-hour time limit.