Info. Security and Risk Mgmt. and Operations Security

i have done Info. Security and Risk Mgmt. and Operations Security courses in this semester.i need reflect on how you will apply the knowledge gained in your classes this semester to a future employment opportunity. The reflection should be a minimum of 700 words.here uploading my course syllabus book
isol_syllabus_5___1_.docx

isol631_8week_2___1_.docx

Don't use plagiarized sources. Get Your Custom Essay on
Info. Security and Risk Mgmt. and Operations Security
Just from $13/Page
Order Essay

Unformatted Attachment Preview

ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Course Summary
Course Description
This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities
impact information systems. Areas of instruction include how to assess and manage risk based on
defining an acceptable level of risk for information systems. Elements of a business impact analysis,
business continuity plan, and disaster recovery plan will also be discussed.
Residency Session Date
Your residency will be held March 16 – March 18th, 2018 at UC Northern Kentucky
(https://www.ucumberlands.edu/downloads/NKYCampusGuide.pdf ).
Major Instructional Areas
1. Risk management basics
2. Risk assessment plan
3. Risk mitigation plan
4. Cost-benefit analysis
5. Business continuity plan
6. Disaster recovery plan
Course Objectives
1. Explain the basic concepts of and need for risk management.
2. Explain methods of mitigating risk by managing threats vulnerabilities, and exploits.
3. Identify compliancy laws, standards, best practices, and policies of risk management.
4. Describe the components of an effective organizational risk management program.
5. Describe techniques for identifying and analyzing relevant threats, vulnerabilities, and exploits.
6. Describe the process of performing risk assessments.
7. Identify assets and activities to protect within an organization.
8. Identify threats, vulnerabilities, and exploits.
9. Identify risk mitigation security controls.
10. Describe concepts for planning risk mitigation throughout an organization.
11. Describe concepts for implementing a risk mitigation plan.
12. Perform a business impact analysis.
13. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an
organization.
14. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an
organization.
Page 1
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
15. Create a computer incident response team (CIRT) plan for an organization.
Submission of Late Work
Assignments are due as stated in the due dates. The instructor reserves the right to accept late
work with or without an academic penalty. Late assignments will receive a 20% markdown if
submitted within a week of their due date. Assignments submitted after a week will not be
accepted or graded. No exam or quiz will be accepted after its due date.
Learning Materials and References
Available Resources
?
Gibson, Darril. Managing Risk in Information Systems, 2nd edition. Burlington, MA: Jones &
Bartlett, 2015
?
Student Lab Manual
Recommended Resources
Web References: Links to Web references in this document and related materials are subject to change
without prior notice. These links were last verified on June 26, 2014.
Books, Professional Journals
Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for
supplementary information to augment your learning in this subject.
?
Judy Bell
Disaster Survival Planning: A Practical Guide for Businesses
?
Thomas S. Coleman
A Practical Guide to Risk Management
?
Kenneth L. Fulmer and Philip Jan Rothstein
Business Continuity Planning, A Step-by-Step Guide with Planning Forms on CD-ROM
?
Ole Hanseth, et al.
Risk, Complexity, and ICT
?
Susan Snedaker
Business Continuity and Disaster Recovery Planning for IT Professionals
Page 2
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Other References
?
COBIT
This URL contains information regarding COBIT from ISACA.
http://www.isaca.org/cobit/pages/default.aspx
?
CIPA
This Web site contains information on the Children’s Internet Protection Act from Federal
Communications Commission.
http://www.fcc.gov/cgb/consumerfacts/cipa.html
?
FERPA
This URL provides information regarding the Family Educational Rights and Privacy Act from the
U.S. Department of Education.
http://ed.gov/policy/gen/reg/ferpa/index.html
?
FISMA
This URL contains actual final version of the Federal Information Security Management Act.
http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
?
GLBA
This URL provides information regarding the Gramm-Leach-Bliley Act from the Federal Trade
Commission.
http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
?
Guide for Conducting Risk Assessments
This URL contains NIST recommendations for conducting risk assessments for enterprise-wide
risk management.
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
?
Health Information Privacy
This URL provides information regarding the Health Insurance Portability and Accountability Act
of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, from the U.S. Department of
Health and Human Services.
http://www.hhs.gov/ocr/privacy/
?
ITIL
This Web site is an official site of for the Information Technology Infrastructure Library from
AXELOS, which contains information on ITIL and provides a cohesive set of best practice, drawn
from the public and private sectors internationally.
http://www.itil-officialsite.com/home/home.asp
?
PCI
This Web site is an official site of the PCI Security Standards Council, which provides details on
Page 3
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
payment card industry security standards.
https://www.pcisecuritystandards.org/index.shtml
?
Risk Management Framework Overview
This Web page provides an overview of the NIST Risk Management Framework (RMF), with links
to related resources.
http://csrc.nist.gov/groups/SMA/fisma/framework.html
?
Risk Management Association
This Web site contains information on the RMA, which is a non-profit organization focusing on all
aspects of risk management throughout the enterprise.
http://www.rmahq.org/about-rma
?
SOX
This Web site provides detailed information on the Sarbanes-Oxley Act of 2002.
http://www.soxlaw.com/
?
TechRepublic
This Web site contains articles, videos, pictures, white papers, webcasts, and other downloadable
materials on risk management.
http://techrepublic.com/
Page 4
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Course Outline
Course textbook: Managing Risk in Information Systems, 2nd edition (Gibson, 2015)
Note: Assignments in the following table are listed when they are due.
Grading Category
Activity Title
Week 1: Risk Management Fundamentals Due 1/10 11:59 P.M. EST
Required Readings
? Chapter 1, “Risk Management Fundamentals”
Discussion
? Introductions – DUE 1/10 11:59 P.M.
Week 2: Managing Risk: Threats, Vulnerabilities, and Exploits Due 1/21 11:59 P.M.
EST
Required Readings
? Chapter 2, “Managing Risk: Threats, Vulnerabilities, and
Exploits”
Lab 1
? Identifying Threats and Vulnerabilities in an IT Infrastructure
Assessment
? Complete Quiz Chapters 1 and 2
Week 3: Compliance to Laws, Standards, Best Practices, and Policies Due 1/28
11:59 P.M. EST.
Required Readings
? Chapter 3: “Maintaining Compliance”
? Case Study PCI/DSS Goals
Lab 2
? Aligning Risks, Threats, and Vulnerabilities to COBIT
Assessment
? Complete the Quiz
Discussion
? Compliance
Week 4: Developing a Risk Management Plan Due 2/4 11:59 P.M.EST.
Required Readings
? Chapter 4, “Developing a Risk Management Plan”
Lab 3
? Defining the Scope and Structure for an IT Risk Management
Plan
Assessment
? Complete the Quiz
Discussion
Risk Management Process
Week 5: Defining Risk Assessment Approaches – Due 2/11 11:59 P.M. EST
Required Readings
? Chapter 5, “Defining Risk Assessment Approaches”
? Handout – Risk Assessment Concepts
? Handout – Risk Assessment Roles
Assignment
? Risk Assessment Approaches
Page 5
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Grading Category
Lab 4
Activity Title
? Performing a Qualitative Risk Assessment for an IT
Infrastructure
Discussion
? Risk Assessment Approaches: Qualitative versus
Quantitative
Assessment
? Complete the Quiz
Week 6: Performing a Risk Assessment and Identifying Assets and Activities to Be
Protected – Due 2/18 11:59 P.M. EST
Required Readings
? Chapter 6, “Performing a Risk Assessment”
? Chapter 7, “Identifying Assets and Activities to Be Protected”
Assessment
? Complete Project 1: Threat Modeling Using STRIDE
Week 7: Mid-Term Exam – DUE 2/25 11:59 P.M. EST Late Exams Will NOT BE
ACCEPTED
Week 8 Identifying and Analyzing Threats, Vulnerabilities, and Exploits – DUE 3/4
11:59 P.M.
Required Readings
? Chapter 8, “Identifying and Analyzing Threats, Vulnerabilities,
and Exploits”
Discussion
? Threat Identification
Lab 5
? Identify Risks, Threats, and Vulnerabiltities using Zenmap GUI
Nmap and Nessus Reports
Week 9: Identifying and Analyzing Risk Mitigation Security Controls – Due 3/11
11:59 P.M. EST
Required Readings
? Chapter 9, “Identifying and Analyzing Risk Mitigation Security
Controls”
? Chapter 10, “Planning Risk Mitigation Throughout Your
Organization”
? Handout Risk Mitigation Roles
Lab
? Developing a Risk Mitigation Plan Outline for an IT Infrastructure
Assessment
? Quiz
Week 10: Residency!! 3/16 – 3/18 Assigned On-SIte
Week 11: Turning Your Risk Assessment into a Risk Mitigation Plan – DUE 3/25
11:59 P.M. EST
Required Readings
? Chapter 11 “Turning Your Risk Assessment into a Risk
Mitigation Plan”
? Chapter 12, “Mitigating Risk with a Business Impact Analysis”
? Handout Risk Plan Roles
Lab
? Performing a Business Impact Analysis for a Mock IT
Infrastructure
Page 6
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Grading Category
Assessment
Activity Title
? Complete the Quiz
Week 12: Mitigating Risk with a Business Continuity Plan – DUE 4/1 11:59 P.M. EST
Required Readings
? Chapter 13, “Mitigating Risk with a Business Continuity Plan”
Lab
? Developing an Outline for a Business Continuity Plan for an IT
Infrastructure
Assessment
? Complete the Quiz
Assignment
? Case Scenario: IT Facility
Week 13: Mitigating Risk with a Disaster Recovery Plan – DUE 4/8 11:59 PM EST
Required Readings
? Chapter 14, “Mitigating Risk with a Disaster Recovery Plan”
Lab
? Developing Disaster Recovery Backup Procedures and
Recovery Instructions
Assessment
? Complete the Lab Assessment Quiz
Discussion
? Disaster Recovery
Week 14: Mitigating Risk with a Computer Incident Response Team Plan – DUE 4/15
11:59 P.M. EST
Required Readings
? Chapter 15, “Mitigating Risk with a Computer Incident Response
Team Plan””
Lab
? Creating a CIRT Response Plan for a Typical IT Infrastructure
Assessment
? Complete the Lab Assessment Quiz
Week 15: FINAL EXAM – Due 4/22 11:59 P.M.
Final Exam Due by 4/22 11:59 P.M. This is subject to change,
depending on notification from the University, however late
exams will NOT be accepted.
Exam
Evaluation and Grading
Evaluation Criteria
The graded assignments will be evaluated using the following weighted categories:
Category
Labs
Case Study
STRIDE Project
Discussions
Weight
10
5
5
10
Page 7
ISOL533—Information Security & Risk Management
Spring 2018 – IG Asynchronous Online Course
Category
Weight
Quizzes
Residency Project
Midterm Exam
Final Exam
10
20
20
20
TOTAL
100%
Grade Conversion
The final grades will be calculated from the percentages earned in the course, as follows:
Grade
A
B
C
F
Percentage
90–100%
80-89.5%
70-79.5%
<69.5% Course Expectations Class Participation Students are expected to: 1. Be fully prepared for each class session by studying the assigned reading material and preparation of the material assigned. 2. Participate in group discussions, assignments, and panel discussions. 3. Complete specific assignments when due and in a professional manner. 4. Take exams when specified on the attached course schedule Submission of Late Work Students are responsible for the timely submission of all work in accordance with assigned deadlines. Late work may be marked down 20%. No work will be accepted after the course ends. Academic Integrity At a Christian liberal arts University committed to the pursuit of truth and understanding, any act of academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty involves the abuse and misuse of information or people to gain an undeserved academic advantage or evaluation. The common forms of academic dishonesty include: a. cheating - using deception in the taking of tests or the preparation of written work, using unauthorized materials, copying another person’s work with or without consent, or assisting another in such activities b. lying—falsifying, fabricating, or forging information in either written, spoken, or video presentations Page 8 ISOL533—Information Security & Risk Management Spring 2018 – IG Asynchronous Online Course c. plagiarism—using the published writings, data, interpretations, or ideas of another without proper documentation The University of the Cumberlands places the highest importance on the integrity of its programs. Any student guilty of violating our policy will receive a grade of ‘0’ on that assignment, reported to the college, and a notification from the professor. If the student is a repeat offender, more severe punishment will be enforced by the University. Episodes of academic dishonesty are reported to the Vice President for Academic Affairs. Episodes of academic dishonesty are reported to the Vice President for Academic Affairs. The potential penalty for academic dishonesty includes a failing grade on a particular assignment, a failing grade for the entire course, or charges against the student with the appropriate disciplinary body. Note that in our course, I will assign a 0 to the assignment if there is any copied content and will publish a notice to you in the assignment feedback. In the event that the copying is egregious (submitting a paper copied from another student’s work), you will not be provided the privilege of making that assignment up. Do NOT copy content from other students, or any textbook or published site (i.e. Course Hero or others). All work is to be your own effort. Assignments are submitted to SafeAssign or otherwise checked for plagiarism. If this becomes a repeated problem, I will submit the issue to the Dean for resolution Students with Disabilities Students who may have a disability meriting an academic accommodation should contact Mr. Jacob Ratcliff, the Disabilities Services Coordinator, in the Student Services Office. For accommodations to be awarded, a student must complete an Accommodations Application and provide documentation of the disability to the Disability Services Coordinator. Any accommodations for disabilities must be recertified each semester by the Academic Affairs Office before course adjustments are made by individual instructors. Student Responsibilities 1. Students are expected to login several times per week to participate in class discussions. 2. Students are expected to find out if any changes have been made in the class or assignment schedule. 3. Students are expected to be self-motivating in an online, asynchronous course. Page 9 University of the Cumberlands School of Computer and Information Sciences ISOL 631 – Operations Security Course Summary Course Number and Name ISOL 631 – Operations Security Course Term and Delivery Spring 2018 – IIG Asynchronous Online Course Course Instructor Name: Jacquelyne Lewis, Ph.D. Email: jacquelyne.lewis@ucumberlands.edu Office Hours: By Appointment Catalog Course Description The course examines controls over personnel, hardware, software, and systems. It also covers possible abuse channels and proper countermeasures. Course Objectives Course Competencies/ Learning Objectives Course Learning Objectives Assessment Method Recognize the activities involved Labs, case project, and exa ms in securing the operations of an enterprise and identify the technologies used to maintain network and resource availability. Identify the effects of various Labs, case project, and exa ms hardware and software violations on the system, and recognize how different types of operational and life-cycle assurance are used to secure operations. Page 1 University of the Cumberlands School of Computer and Information Sciences ISOL 631 – Operations Security Determine the effects of different Labs, case project, and exa ms attacks on the network and identify the consequences of those effects. Recognize how different auditing and monitoring techniques are against system and network attacks. Labs, case project, and exa ms used to identify and protect Recognize the need for resource Labs, case project, and exa ms protection, distinguish between e- mail protocols, and identify different types of e-mail vulnerability. Identify basic mechanisms and Labs, case project, and exa ms security issues associated with the Web, and recognize different technologies for transferring and sharing files over the Internet. Recognize key reconnaissance Labs, case project, and exa ms attack methods and identify different types of administrative management and media storage c ontrol. Page 2 University of the Cumberlands School of Computer and Information Sciences ISOL 631 – Operations Security Identify the appropriate security Labs, case project, and exa ms measures and controls for creating a more secure workspace. Course Structure • Watch weekly lecture • • • • • Participate in class discussion via iLearn forums Reading assigned texts Complete quizzes based on assigned reading and lecture Complete cases based upon a given scenario Complete homework assignments from the text and other sources Learning Materials and References Required Resources Textbook(s) Required: ? Johnson, Rob. Security Policies and Implementation Issues, Second Edition. Jones and Bartlett Learning, 2015. Recommended Materials/Resources Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for su pplementary information to augment your learning in this subject. Please note that there is one required book for this course, but much of the material will be drawn from Security Policies and Implementation Issues, and the Official CISSP Training Seminar Student Handbook. ? Johnson, Rob. Security Policies and Implementation Issues, Second Edition. Jones and Bartlett Learning, 2015. ? Official (ISC)2 CISSP Training Seminar Student Handbook. International Information Systems Se curity Consortium, 2014. ? Harris, Shon. All in One CISSP Exam Guide, Sixth Edition. McGraw-Hill, 2013. ? Rhodes-Ousley, Mark. The Complete Reference to Information Security, Second Edition.McGrawHill, 2013. Page 3 University of the Cumberlands School of Computer and Information Sciences ISOL 631 – Operations Security Professional Associations ? International Association of Privacy Professionals (IAPP) This Web site provides opportunity to interact with a community of privacy professionals and to learn from their experiences. This Web site also provides valuable career advice. https://www.privacyassociation.org/ ? International Information Systems Security Certification Consortium, Inc., (ISC)²® This Web site provides access to current industry information. It also provides opportunities in networking and contains valuable career tools. http://www.isc2.org/ ? ISACA This Web site provides access to original research, practical education, career-enhancing certification, industry-leading standards, and best practices. It also provides a network of likeminded colleagues and contai ... Purchase answer to see full attachment

GradeAcers
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Order your essay today and save 15% with the discount code DISCOUNT15