Information Forensics, Compliance and Risk Management – BMIS 664
CG • Section 8WK • 11/08/2019 to 04/16/2020 • Modified 02/01/2024
Course Description
This course covers a diverse set of topics in information security and incident response. Risk Management domain involves the identification of an organization’s information assets and the development, documentation, and implementation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. The Legal, Regulations, Investigations and Compliance domains addresses computer crime laws and regulations, the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence. Incident handling provides the ability to react quickly and efficiently to malicious technical threats or incidents.
For information regarding prerequisites for this course, please refer to the Academic Course Catalog.
Rationale
Competitive firms today will have the ability to proactively identify and prevent information loss. Such losses can occur by security breaches, poorly planned information systems, and by the lack of managerial guidance. To ensure a firm is compliant and prepared for information threats, risks need to be identified and prevented. Additionally, countermeasures must be implemented to mitigate and manage the potential future loss of pertinent data and information. BMIS 664 prepares the student to address such activities by examining the topics of information forensics, compliance, and risk management in greater detail.
Course Assignment
Textbook readings and lecture presentations
Course Requirements Checklist
After reading the Course Syllabus and Student Expectations, the student will complete the related checklist found in the Course Overview.
Discussions (8)
Discussions are collaborative learning experiences. Therefore, the student will write a thread containing scholarly supported answers to 2 questions from the assigned module/week’s textbook readings. No more than 4 students may answer the same question. If necessary, the student may list within his/her threads any concepts on which he/she needs further clarification. The student must also reply to at least 2 classmates’ threads using scholarly support. The student may reply to a classmate’s request for clarification as 1 of his/her 2 required replies.
Information Controls Project
Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will create a presentation intended for the controlling board of an organization that evaluates security threats using IT controls.
Network Security Threat Project
Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will evaluate the likely threats to an organization’s network and will draft an examination of these and other threats. The student must include the likely impact each would have if they were successfully implemented.
Threat Interception Project
Using security-based virtual machines, Microsoft PowerPoint, Visio, or an alternate type of visual presentation software, the student will evaluate the strengths and weaknesses of 3 security protocols; Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Private Communications Transport (PCT) and one additional chosen protocol. The student must include an analysis of the threats each protocol is likely to mitigate or prevent.
Final Project
The student will be placed in a hypothetical scenario in which an organization has been attacked and unauthorized funds have been transferred. The student must utilize all of the information gained throughout the course to successfully complete the project.
Quizzes (3)
Each quiz will cover the Learn material up to and including the module: week in which it is assigned.
Midterm Exam
The exam will cover the Learn materials for the modules: weeks in which it is assigned.
