ISM 4330 - Information Security Policy Administration and Management

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Summer 2021 (590)

Requisites

Admission to Technology Development and Management (Bachelor of Applied Science) (TMGT-BAS) or
Admission to Cybersecurity (Bachelor of Applied Science) (CYSEC-BAS)

Course Description

This course develops the information security knowledge and skills necessary for the successful management of information security technology in an organization. Students will understand an organization’s information assets. Students will also learn how to develop and implement policies, procedures and standards as they relate to an information security plan. The course focuses on information classification, risk assessment, business continuity planning and enterprise security architecture, as well as the key concepts of enterprise information security planning and administration.

Learning Outcomes and Objectives

  1. The student will demonstrate an understanding of the planning, organization and roles in securing an organization’s information assets by:
    1. describing the roles of individuals responsible for securing an organization’s information assets.
    2. discussing the core principles of information security.
    3. describing the need for key information security requirements and frameworks.
  2. The student will demonstrate an understanding of the difference between policies, standards and guidelines as they apply to security administration and management by:
    1. explaining information technology security requirements.
    2. describing the information security pyramid and how it creates the common thread of good information security objectives.
    3. discussing the importance of functional and assurance requirements.
    4. discussing the impact of business requirements on the information security plan.
  3. The student will demonstrate an understanding of the importance of risk management as it relates to the reduction of risk to information assets by:
    1. defining key risk management terms.
    2. identifying the importance of risk analysis.
    3. conducting the two types of risk analysis – quantitative and qualitative.
    4. discussing the various factors that affect information valuation and identifying those factors in the information architecture.
  4. The student will become familiar with security models by:
    1. identifying the key security models.
    2. explaining such models as the Brewer and Nash or Chinese wall model.
    3. discussing the relationship of models like the Bell La Padula and Biba Integrity models.
    4. explaining the impact of transactions in security models using a model such as the Clark-Wilson model.
  5. The student will develop the necessary design skills to assemble effective security architectures and designs by:
    1. explaining the various security issues and controls that can be associated with architectures and designs.
    2. describing the principles of common computer and network organization.
    3. discussing enterprise architecture and designs that are common in effective security architectures.
    4. assembling key components of the enterprise architecture into a comprehensive security plan architecture through common documentation tools.
  6. The student will demonstrate an understanding of the preparation of procedures to insure the continued operation of critical business operations through the development of appropriate continuity plans by:
    1. describing the key components of a responsible business continuity plan.
    2. discussing the scope of a defined disaster.
    3. discussing the phases of business continuity planning.
    4. identifying appropriate restoration actions.

Criteria Performance Standard

Upon successful completion of the course the student will, with 70% accuracy, demonstrate mastery of the above stated objectives through classroom measurements developed by individual course instructors.

History of Changes

C&I 10/24/06, BOT 11/21/06, Eff 20062(0375). (submitted as 34XX, State assigned # 3330.) C&I 3/23/2010, BOT 4/21/2010, Effective 20093(0425). Was ISM 3330, changed to ISM 4330 in 9/16/2011 C&I. C&I Approval: 09/16/2011, BOT Approval: 10/01/2011, Effective Term: Spring 2014 (480). C&I Approval: 11/20/2015, BOT Approval: 03/15/2016, Effective Term: Fall 2016 (520). C&I Approval: , BOT Approval: , Effective Term: Fall 2020 (580).
C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590)

Related Programs

  1. Cybersecurity (CYSEC-BAS) (610) (Active)
  2. Technology Development and Management (TMGT-BAS) (625) (Active)