Approved Course Outline

CIS 1358 - Operating System Security

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47

Effective Term Spring 2022 (600)

Requisites

Prerequisite CTS 1120

Course Description

This course introduces the student to securing personal computer operating systems, specifically the current versions of Windows and Linux. In this course the student will acquire knowledge and skills to perform audit assessments and implement enterprise-wide operating systems security. The objective of the course is to provide hands-on instruction, from the desktops, servers and the network infrastructure and understand how to control the privacy, integrity and authenticity of data. (Note: Credit is only given for CIS 1358 or CJE 1665.)

Learning Outcomes and Objectives

The student will perform systems security administration by:
1. reviewing security principles and goals.
2. developing policies and standards.
3. establishing procedures and guidelines.
4. securing information assets.
5. managing security with the current versions of Windows.
6. managing security with Unix/Linux.
7. recognizing threats to the current versions of Windows/Linux operating systems and executing the appropriate countermeasures.
8. reviewing the current versions of Windows and Linux based security mechanisms and using them proactively to defeat potential attacks.
9. discussing patch and upgrade management.
The student will implement security access control techniques by:
1. establishing control access on the current versions of Windows and Linux.
2. securing the server based on roles.
3. limiting superuser privileges.
4. controlling root access.
5. establishing secure user account usage.
6. managing security with Windows Group Policy.
7. defining and protecting shared resources.
8. managing user accounts and groups.
9. customizing administrative control, i.e. Active Directory with Group Policy, Organizational Units, and delegations.
10. enabling tough authentication with Kerberos 5 and Public Key Infrastructure (PKI.)
11. utilizing access control lists and Encrypting File Systems.
The student will execute audit analysis and perform vigilant monitoring by:
1. analyzing threats and vulnerability.
2. examining case studies related to top security blunders.
3. discussing audit functions, in determining systems operations in accordance with industry best practices.
4. establishing system compliance with policy and standards.
5. exploring monitoring tools and strategies.
6. identifying mechanics of auditing.
7. identifying and preventing attacks.
8. reviewing third party audit tools.
The student will evaluate the systems security administration role as it relates to risk analysis, emergency response and business recovery by:
1. discussing risk analysis audit and procedures.
2. exploring disaster recovery methods.
3. identifying correct emergency response mechanisms.
4. analyzing the assessment of system vulnerabilities.
5. reviewing and testing recovery plans and procedures.
6. exhibiting knowledge of incident handling.
7. implementing hands-on disaster recovery with the current versions of Windows and Linux.
The student will analyze the cryptographic principles to certify integrity and confidentiality of business enterprise data by:
1. reviewing cryptographic principles.
2. discussing how to achieve data integrity and confidentiality besides authenticity.
3. evaluating encryption techniques.
4. identifying authentication methods.
5. addressing and evaluating cryptographic tools.
The student will explain the principles of business data communication to secure data transmission via the enterprise network by:
1. reviewing concepts of data communication.
2. addressing how to safeguard vital data by securing local and network file systems.
3. exploring and using security tools and utilities.
4. minimizing threats to network services.
The student will examine hacking as a means of proactive deterrence by:
1. evaluating case studies.
2. exploring computer hacking methods.
3. reviewing the current versions of Windows and UNIX/Linux incident reports and published materials.
The student will evaluate software viruses and deceptive and infectious codes that impact the reliable operations of systems and networks by:
1. identifying software viruses and their total impact.
2. identifying and managing attacks.
3. reviewing a case study and incident report.
The student will classify security tools, industry best practices, and emerging technologies of the trade by:
1. evaluating security tools.
2. discussing industry best practices.
3. researching emerging technologies for adoption.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

3 Year Review 2005, effective 20061(0370). Prereq # chg SCNS eff 20091(0415). Flex Access 20091. 3-Year Review 2009. C&I Approval: 05/28/2002, BOT Approval: 07/29/2002, Effective Term: Fall 2009 (415). C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590).

C&I Approval: , BOT Approval: , Effective Term: Spring 2022 (600)

Related Programs

Applied Cybersecurity PTC (CYSECTC-AR) (615) (Active)
CompTIA Security+ (to CJPSS-AS) (TIASEC7IC-AR) (600) (Active)
CompTIA Security+ (to DIGFORN-AS) (TIASEC6IC-AR) (600) (Active)
CompTIA Security+ (to ITSC-AS) (TIASEC2IC-AR) (600) (Active)
CompTIA Security+ (to ITSC-CT) (TIASEC5IC-AR) (600) (Active)
Cybersecurity (CYSEC-TR) (670) (Active)
Cybersecurity (CYSEC-BAS) (610) (Active)
Cybersecurity (ITSC-AS) (640) (Active)
Cybersecurity (ITSC-AS) (640) (Draft)
Cybersecurity (ITSC-CT) (510) (Active)
Digital Forensics and Computer Investigations (DIGFORN-AS) (620) (Active)
Public Safety (CJPSS-AS) (645) (Active)
Technology Development & Management (TMGT-TR) (670) (Active)