COURSE DESCRIPTION
The world is run on computers. From small to large businesses, from the CEO down to level 1 support staff, everyone uses computers. This course is designed to give you a practical perspective on computer security. This course approaches computer security in a way that anyone can understand. Ever wonder how your bank website is secure when you connect to it? Do you ever wonder how other business owners secure their network? Do you ever wonder how large data breaches happen? This is practical computer security. It will help you answer the question – what should I focus on?
COURSE LEARNING OUTCOMES (CLOs)
On completion of this course, participants are expected to be able to:
- Explain the core information assurance (IA) principles
- Identify the key components of cybersecurity network architecture
- Apply cybersecurity architecture principles
- Describe risk management processes and practices
- Identify security tools and hardening techniques
- Distinguish system and application security threats and vulnerabilities
- Describe different classes of attacks
- Define types of incidents including categories, responses and timelines for response
- Analyze threats and risks within context of the cybersecurity architecture
- Appraise cybersecurity incidents to apply appropriate response
- Evaluate decision making outcomes of cybersecurity scenarios
- Access additional external resources to supplement knowledge of cybersecurity
Course Outline:
o Threats, vulnerabilities, and consequences
o Advanced persistent threats
o The state of security today
- Principles of Cybersecurity
o The interrelated components of the computing environment
o Cybersecurity models
o Variations on a theme: computer security, information security, and information assurance
- Cybersecurity Management Concepts
o Security governance
o Management models, roles, and functions
-
- Enterprise Roles and Structures
o Information security roles and positions
o Alternative enterprise structures and interfaces
- Strategy and Strategic Planning
o Strategy
o Strategic planning and security strategy
o The information security lifecycle
o Architecting the enterprise
- Security Plans and Policies
o Levels of planning
o Planning misalignment
o The System Security Plan (SSP)
o Policy development and implementation
- Laws and Regulatory Requirements
o Timeline of U.S. laws related to information security
o The Federal Information Security
o Management Act (FISMA)
- Security Standards and Controls
o Security standards and controls
o Certification and accreditation (C&A)
o Principles of risk
o Types of risk
o Risk strategies
o The Risk Management Framework (RMF)
- Security Metrics and Key Performance Indicators (KPIs)
o The challenge of security metrics
o What makes a good metric
o Approaches to security metrics
o Metrics and FISMA
- Physical Security and Environmental Events
o Physical and environmental threats
o Physical and environmental controls
o Developing a contingency plan
o Understanding the different types of contingency plan
o Responding to events
-
- Security Education, Training, and Awareness
o Human factors in security
o Developing and implementing a security training plan
o Cross-domain training (IT and other security domains)
- The future of cybersecurity
o Key future uncertainties
o Possible future scenarios
o How to apply what you’ve learned
Course Textbook
Developing Cybersecurity Programs and Policies, 3rd Edition
Omar Santos
Link: https://www.pearson.com/us/higher-education/program/Santos-Developing-Cybersecurity-Programs-and-Policies-3rd-Edition/PGM1985368.html
Feedback Given to Participants in Response to Assessed Work
- Individual written feedback on coursework
- Feedback discussed as part of a tutorial
- Individual feedback on request
- Model answers
Developmental Feedback Generated Through Teaching Activities
- Feedback is given at presentations and during tutorial sessions
- Dialogue between participants and staff in tutorials and lectures
GRADING AND SCORING
The course grade will be based on a final project presented by the participant and graded by the instructor. Participants much achieve a passing grade of 70% or more to be awarded a certificate of completion of the course.
