BCC - Spring 2010 Syllabus
Course Name : CIT-18
Course Description :
Igor.Kholodov@bristolcc.edu
Office : K211
Telephone: 508-678-2811 ext. 3328
URL of this file:
http://www.c-jump.com/CIT18/CIT18syllabus.htm
- Welcome!
- ________________________________________________________
- Posted May 24 :
- Please be sure to read carefully and understand
course policies and formats listed in this syllabus.
This course introduces students to security and data confidentiality. The course presents a broad overview to help the student become more aware of computer security. Topics include securing data, confidentiality, integrity of data, password policies, and issues related to liability. One hour of lecture per week.
At the end of this course, students will be able to:
Identify and classify security threats and vulnerabilities facing an organization
Understand basic security concepts
Evaluate the potential of security products to meet identified threats
Secure Windows-based software and hardware platforms
Identify attacks against networks
Understand cryptography techniques to secure information
Understand PKI (public key infrastructure) standards
Secure Windows desktop PC and user accounts
Work on practical assignments to defend PC against hacking attacks
Understand enterprise policy creation
Identify organizational and management roles relating to security infrastructure.
Prepare security policies and procedures
Identify the elements needed to create a disaster recovery plan
Provide input into security decisions facing an organization
Recommend changes to an organization to increase security awareness and effectiveness
|
Security Awareness, 3rd edition
|
This is a lecture course in which topics are presented by the instructor and are designed to promote classroom discussions.
Whenever possible, students will be given active learning exercises for both in and out of class.
Each student will also be asked to prepare a midterm paper on a security-related concept. (The topic must be pre-approved by the instructor.)
The class syllabus, assigned readings, and the class exercises and project details will all be available from the class Web page.
Late assignments will have five points deducted from its grade for each day late. Projects more than 1 week late will NOT be accepted.
Be sure to do the required reading and assignments before attending class. You cannot successfully enter into discussion without some understanding of the material.
Attendance and lateness: After two absences, a student may be withdrawn from the course. After one warning about lateness and/or absences, your final grade will be lowered ten points for each day the student is late or absent from that point. In Case You Are Late or Absent, it is your responsibility to get the course notes.
There will be a one-hour final exam at the end of the course. To receive a passing grade, you must:
Attend required class hours.
Prepare and submit a 2- to 3- page midterm paper on a security-related concept.
Pass the final exam.
Participate actively in the class.
| Attendance & Class Participation | 10% |
| Homework Assignments | 20% |
| In-class Projects | 20% |
| Midterm Paper | 25% |
| Final Examination | 25% |
Written assignments will be graded using the following system:
| Appearance | 25% |
| Content | 25% |
| Accuracy | 25% |
| English | 25% |
Final Grades will be assigned as follows:
| 97 - 100 | A+ |
| 94 - 96 | A |
| 90 - 93 | A- |
| 87 - 89 | B+ |
| 84 - 86 | B |
| 80 - 83 | B- |
| 77 - 79 | C+ |
| 74 - 76 | C |
| 70 - 73 | C- |
| 60 - 69 | D |
| Below 60 | F |
Attendance is mandatory. The instructor reserves the right to withdraw you from the class after three (3) absences.
If you choose to withdraw from the class it is your responsibility to withdraw formally from the class prior to the final withdrawal date. Failure to do so will result in an "F" grade for the course.
Office Hours will be posted and appointments can be arranged via e-mail or during class breaks.
Terminology and definitions
Security Attackers
The hacker mindset
Professional criminals
How attackers break in
Types of attacks
Week 2 Presentation: Introduction to Security (handout.)
Defending against Attackers
Building a Strategy
Chapter Review Test
Security is the security group's job
Internal vs. External attacks
Security incidents are no big deal ...
My systems are patched!
But we have antivirus!
Attacks and Defenses
Week 3 Presentation: Desktop Security (handout.)
Personal Computer Backup, Restore, and Recovery
Chapter Review Test
Internet Basics
Attacks from the Web
Attacks from E-mail
Defenses
Chapter Review Test
Week 5 Presentation: Digital IDs and Encryption Mechanisms (handout.)
Protecting Personal Data
Spyware and its Distribution
Personal Security Defense
Midterm Paper Assignment
Security is a process
Question all assumptions
Good security is simple
Principle of least privilege
Chapter Review Test
Network Basics
Attacks on Networks
Network Protection and Defenses
Chapter Review Test
The Need for Enterprise Policies
Personal Privacy
Business Continuity Plan
Disaster Recovery Plan
Personnel Training and Recovery Testing
Be aware of social engineering
Don't click on links in emails or IM's
Don't install software unless you know where it came from
Raise security awareness level
Use good data handling practices
Lock your screen
Choosing and remembering strong passwords
Protect sensitive files
Clean desk policy
Don't leave laptops unattended!
Don't speak about clients in public
Encrypt your data
Don't share your passwords
Plagiarism is not tolerated. Students are expected to take this course to learn, and you cannot learn unless you do the required homework assignments and turn in your own work for credit. Students who violate this rule may receive a penalty of the next lower letter grade or "F" for the course.
Note: This syllabus is a suggested course outline and will be generally followed, subject to change according to the instructor's discretion and needs. Academic flexibility is important.