Information SecurityCST 266
Prerequisites: Prerequisites: CST 164 and one of the following: CST 262, 263 or 265.
Analyzes, designs, defines, and troubleshoots security policies and procedures to maintain information integrity, confidentiality and availability. (60-0)
Outcomes and Objectives
Describe network security abilities.
- Implement security configuration parameters on network devices and other technologies.
- Given a scenario, use secure network administration principles.
- Explain network design elements and components.
- Given a scenario, implement common protocols and services.
- Given a scenario, troubleshoot security issues related to wireless networking.
Illustrate compliance and operational security practices in a network environment.
- Explain the importance of risk related concepts.
- Summarize the security implications of integrating systems and data with third parties.
- Given a scenario, implement appropriate risk mitigation strategies.
- Given a scenario, implement basic forensic procedures.
- Summarize common incident response procedures.
- Explain the importance of security related awareness training.
- Compare and contrast physical security and environmental controls.
- Summarize risk management practices.
- Given a scenario, select the appropriate control to meet the goals of security.
Explain threat and vulnerability awareness in a network environment.
- Explain types of malware.
- Summarize various types of attacks.
- Summarize social engineering attacks and the associated effectiveness with each attack.
- Explain types of wireless attacks.
- Explain types of application attacks.
- analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
- Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
- Explain the proper use of penetration testing versus vulnerability scanning.
Describe application, data, and host security.
- Explain the importance of application security and controls and techniques.
- Summarize mobile security concepts and technologies.
- Given a scenario, select the appropriate solution to establish host security.
- Implement the appropriate controls to ensure data security.
- Compare and contrast alternative methods to mitigate security risks in static environments.
Use access control and identity management functions.
- Compare and contrast the function and purpose of authentication services.
- Given a scenario, select the appropriate authentication, authorization or access control.
- Install and configure security controls when performing account management.
Use cryptography in a network security system.
- Given a scenario, utilize cryptography concepts.
- Given a scenario, use appropriate cryptographic methods.
- Given a scenario, use appropriate PKI, certificate management and associated components.