ACS-2821-001

Syllabus

Course Objectives

Information Security in Business will focus on the business aspect of information security, the why and what is information security and it importance to a business. Aside from security technologies that can be implemented to safeguard these assets, aspect of governance and management of information security will be consider as part of Information Security. The development of good corporate information technologies policies and procedures, management and operational framework and controls, and information security culture and awareness will be discussed in this course.

Course Outline (Tentative)

1. Introduction to Information Security
• What is information security
• Why is information security important in a business
• What are the key objectives of information security
• Who are the attackers
2. Information Security Management
• Governance and Risk Management
• IT Security Management
• IT Risk Assessment
• IT Security Controls, Plans, and Procedures
• IT Security Awareness Program and Initiatives
• Business Continuity Planning and Disaster Recovery Planning
• Law, Investigations, and Ethics
3. Information Security Technology
• Physical Security Control
• Operations Security
• User Authentication and Access Control
• Cryptography
• Telecommunications, Network, and Internet Security
• Firewall and Intrusion Detection/Prevention System
• Malicious Software and Denial of Services Attacks
• Software Development Security
4. Securing the Future

Note: All topics listed may not be covered and may be offered in a slightly different time order.

Required Text Book(s)/Reading List

Information Security: Principles and Practices
Merkow & Breithaupt
2nd Edition, 2014
Pearson Education, Inc.
ISBN-13: 9780789753250

Course Syllabus

For the complete course outline, the link is here (PDF).