Networking/Authorized Training
Digital Forensics Wordmark

Certificate Programs in Information Security / Information Assurance

 

Certain courses at Richland College exceed the required outcomes by the Workforce Education Course Manual ( WECM ) by implementing guidelines set by the Committee on National Security Systems (CNSS). CNSS has established a set of standards for Information Systems Security professionals that provide the minimum training and education standards for properly executing the duties and responsibilities of many specific job positions in this industry. These certificates specify, in details, the outcomes that each student will gain by taking the courses approved by CNSS. A combination of approved courses and specific electives allow students to receive their applicable federal certification(s). The CNSS certificates are not state approved certificates rather ones granted by the federal government approved institutions like Richland College, for successful completion of courses that cover Committee on National Security Systems approved standards.

Program Enrollment Policies:

Personal:

  • be at least 18 years of age;
  • not have been convicted of two or more felony offenses, a single felony within the past twenty years; or a Class A misdemeanor within the past ten years;
  • no be currently charged with a Class A misdemeanor or felony offense, under an information or indictment
  • not have been adjudicated a having engaged in felony level delinquent conduct within the past ten years;
  • not have been found by a court to be incompetent by reason of a mental defect or disease and not have been restored to competency;
  • not have been dishonorably discharged from the United States armed services, discharged from the United States armed services under other conditions determined by the Board to be prohibitive, or dismissed by the United States armed services if a commissioned office in the United States armed services;
  • not be required to register in this or any other state as a sex offender;
  • not have charges pending for or have been convicted in any jurisdiction of a Class misdemeanor within the past five years, for an offense determined by the Board administrative rule to be disqualifying.

Technical:

  • Declared Major in Digital Forensics’ Cyber Crime or Information Assurance specialization or related area and sufficient experience in Information Technology.

Request to Issue Certificate(s)

  1. Complete the Digital Forensics A.A.S. Degree requirements in either Cyber Crime or in Information Assurance Specialization. Note: If you have completed the Information Assurance specialization, you should have the 4011 and 4012 requirements completed without any additional courses.
  2. Look at the CNSS certificate requirements on this site below. You must complete the CNSS 4011 requirements before you follow the CNSS 4012.
  3. Take the courses required and the electives specified in each certificate. Note: pre-requisites may apply in order to enroll in a particular course

    • required courses must be taken at Richland College ( results B or higher )
    • electives can be taken at Richland College or any other DCCCD campus ( results C or higher )
  4. Fill out the form to apply for a certificate or diploma after reviewing the requirements or consulting an advisor.

  5. Send me an email to zszabo@dcccd.edu confirming your graduation status from the previous step and requesting either or both 4011/4012 certificate evaluation.
  6. You will receive a confirmation of completion or missing courses. The certificates will be issued once a year in October as part of the National Cyber Security Awareness Month event.

Program News and Information

Center of Academic Excellence - In 2011, Richland College became the first CAE2Y institution in Texas to receive this national recognition.

RLC Information Assurance track receives recognition from U.S. government

CAE/CAE-R/CAE2Y Institutions in Texas

Keep up with the latest news on Facebook

CNSS Certificates available

Information Systems Security (INFOSEC) Professionals, NSTISSI 4011

Senior Systems Managers, CNSSI 4012

Contact:

Zoltan Szabo
Faculty and Director of Digital Forensics and Information Assurance Programs
Richland College of DCCCD
zszabo@dcccd.edu
972-238-6059

NSTISSI 4011 - Information Systems Security (INFOSEC) Professionals

This certification is 17-19 Credit Hours, depends on the electives chosen, that can be taken as 3 dedicated courses and two electives, in Information Assurance, chosen from the Digital Forensics AAS's "Specialty Elective" list.

Students in these courses will receive specialized INFOSEC assignments to satisfy CNSS requirements and to receive sufficient training beyond what the state requires.

Course Number Course Name Credit Hours
ITNW 1425 Fundamentals of Networking Technologies 4
ITSY 1400 Fundamentals of Information Security 4
ITDF 1370 Introduction to Cyber Crime 3
Elective 1   3-4
Elective 2   3-4
  Total 17-19

 



CNSSI 4012 Senior Systems Manager

This certification is 18-19 Credit Hours, depends on the elective chosen, that can be taken as 4 dedicated courses and one elective, in Information Assurance, chosen from the Digital Forensics AAS's "Specialty Elective" list.

Students in these courses will receive specialized INFOSEC assignments to satisfy CNSS requirements and to receive sufficient training beyond what the state requires.

Course Number Course Name Credit Hours
ITSY 2459 Security Assessment and Auditing 4
ITNW 1425 Fundamentals of Networking Technologies 4
ITSY 1400 Fundamentals of Information Security 4
ITDF 1370 Introduction to Cyber Crime 3
Elective 1   3-4
  Total 18-19

 

Digital Forensics / Information Assurance Course Descriptions ( detailed )

Course 1: ITDF 1300 Introduction to Digital Forensics

(on-line as well) (good computer skills and willingness to learn many new programs; good text comprehension and the ability to read between the lines; organized and someone who can multitask )

  • Learn how to write reports
  • Remove hidden data from office documents
  • File integrity ( MD5 )
  • Image cleanup lab to show importance of clean images before adding them to the database for authentication
  • CyberCiege, Hacker, and hackthissite.org SP800-50 and SP800-16 in relation to HPT
  • CODECS
  • Data and Password Storage
  • Phishing and reporting
  • Alternate Data Streams
  • E-Mail header analysis
  • Info 1 - Sarbanes-Oxley Act of 2002
  • Info 2 - Health Insurance Portability and Accountability Act (HIPAA) enacted by the U.S. Congress in 1996

 

Course 2: ITDF 1370 Introduction to Cyber Crime

(on-line as well) (no lab component, so reading comprehension and the ability to talk about computer concepts and business/security implications required for 4011)
Sample Syllabus

Course Designator/Course Number: ITDF 1370

Course Title: Introduction to Cyber Crime

Catalog Course Description: https://www1.dcccd.edu/catalog/courseDescriptions/detail.cfm?course=ITDF

Course Length: Richland College offers this course in a 16 week semester 3 hours lecture per week. This course also offered in an on-line format 6 week ( Flex Term ) and a 16 week ( Full Term ) configuration. For the scheduled 96 contact hours, students receive 3 college credit hours.

Major Topics and Detailed Outcomes:

1. An Overview of Ethics role in Information Assurance and NSTISS basic components

Outcomes:

  • Describe what is ethics, and why is it important to act according to a code of principles
  • Describe why is business ethics becoming increasingly important
  • Describe what are corporations doing to improve business ethics
  • Describe why are corporations interested in fostering good business ethics
  • Describe what approach can you take to ensure ethical decision making
  • Describe what trends have increased the risk of using information technology unethically

2. Ethics for IT Professionals and IT Users

Outcomes:

  • Describe the characteristics distinguish a professional from other kinds of workers, and what is the role of an IT professional
  • Describe the relationships must an IT professional manage, and what key ethical issues can arise in each
  • Describe how do codes of ethics, professional organizations, certification, and licensing affect the ethical behavior of IT professionals
  • Describe what are the key tenets of four different codes of ethics that provide guidance for IT professionals
  • Describe practical performance measures employed in designing security measures and programs
  • List the common ethical issues that IT users face
  • Identify approaches that can support the ethical practices of IT users

3. Computer and Internet Crime

Outcomes:

  • Describe what key trade-offs and ethical issues are associated with the safeguarding of data and information systems
  • Identify why has there been a dramatic increase in the number of computer-related security incidents in recent years
  • Define what are the most common types of computer security attacks
  • Describe what are some characteristics of common computer criminals, including their objectives, available resources, willingness to accept risk, and frequency of attack
  • Describe hostile intelligence service and human intelligence techniques
  • Describe what are the key elements of a multilayer process for managing security vulnerabilities, based on the concept of reasonable assurance
  • Describe what actions must be taken in response to a security incident

4. Privacy

Outcomes:

  • Describe what is the right of privacy, and what is the basis for protecting personal privacy under the law
  • List some of the laws that authorize electronic surveillance by the government, and what are the associated ethical issues
  • Define what are the two fundamental forms of data encryption, and how does each work
  • Describe what is identity theft, and what techniques do identity thieves use
  • Describe what are the various strategies for consumer profiling and the associated ethical issues
  • Define trust in relationship to privacy
  • Describe what must organizations do to treat consumer data responsibly
  • Describe why and how are employers increasingly using workplace monitoring
  • Describe what is spamming, and what ethical issues are associated with its use
  • Describe what are the capabilities of advanced surveillance technologies, and what ethical issues do they raise

5. Freedom of Expression

Outcomes:

  • Describe what is the legal basis for the protection of freedom of speech in the United States, and what types of speech are not protected under the law
  • Describe in what ways does the Internet present new challenges in the area of freedom of expression
  • Describe what key free-speech issues relate to the use of information technology
  • Describe what does the term intellectual property encompass, and why are companies so concerned about protecting it
  • Describe what are the strengths and limitations of using copyrights, patents, and trade secret laws to protect intellectual property
  • Describe what is plagiarism, and what can be done to combat it
  • Describe what is reverse engineering, and what issues are associated with applying it to create a look-alike of a competitor’s software program
  • Describe what is open source code, and what is the fundamental premise behind its use
  • Describe what is the essential difference between competitive intelligence and industrial espionage, and how is competitive intelligence gathered
  • Define the term trust in the competitive marketplace
  • Describe what is cybersquatting, and what strategy should be used to protect an organization from it

6. Software Development

Outcomes:

  • Describe why do companies require high-quality software in business systems, industrial process control systems, and consumer products
  • Describe what ethical issues do software manufacturers face in making tradeoffs between project schedules, project costs, and software quality
  • Describe what are the four most common types of software product liability claims, and what actions must plaintiffs and defendants take to be successful
  • Describe what are the essential components of a software development methodology, and what are its benefits
  • Describe how can Capability Maturity Model Integration improve an organization’s software development process
  • Describe what is a safety-critical system, and what actions are required during its development

7. Employer/Employee Issues

Outcomes:

  • Describe what are contingent workers, and how are they frequently employed in the information technology industry
  • Describe what key ethical issues are associated with the use of contingent workers, including H-1B visa holders and offshore outsourcing companies
  • Describe what is whistle-blowing, and what ethical issues are associated with it
  • Describe what is an effective whistle-blowing process
  • Describe the assignments of roles to defend resources

8. The Impact of Information Technology on the Quality of Life

Outcomes:

  • Describe what impact has IT had on the standard of living and worker productivity
  • Describe what is being done to reduce the negative influence of the digital divide
  • Define the benefits of flat mode to multilevel mode operation
  • Describe what impact has IT had on reducing the costs of healthcare

9. Security Planning and Risk Management

Outcomes:

  • Describe the process of security planning
  • Identify components for a successful security planning
  • Define risk management and its purpose
  • Describe the implementation of cost-effective controls
  • List the roles and responsibilities in a risk management process
  • Describe the process of risk management
  • Describe the separation of resources into systems and its benefit to operations and security
  • Describe roles and responsibilities of individuals in a first response team

10. Digital Rights Management (DRM)

Outcomes:

  • Describe the controversial nature of DRM
  • Identify components of major concerns in DRM
  • Describe DRM from an operating system point-of-view
  • Collect examples of a successful DRM implementation and its impacts

11. Federal Information Processing Standards (FIPS)

Outcomes:

  • Describe national policy and guidance availability
  • Describe the function of FIPS
  • Describe the benefits of national standards when it comes to effective security planning
  • Define the need and benefits of national standards
  • Identify when you would use the FIPS database
  • Identify FIPS recommended physical security measures

12. National Institute of Standards and Technology (NIST)

Outcomes:

  • Describe the function of NIST
  • Define the need and benefits of national standards
  • Identify when you would use the NIST database
  • Identify the purpose of the Special Publications 800 documents
  • Identify specific technological, policy, and educational solutions outlined by SP800 documents
  • Describe the way you would use NIST to prepare a workstation for production environment

Method of Instruction: Instruction is based on power point slides and discussion of chapter coverage. Students work in teams to develop a threat model for a chosen item and place the item in a work environment to learn how to manage risk so they will be able to describe investigative steps based on their developed threat model.

Evaluation Methods: Students graded based on quizzes and exams. Students are also graded on the completeness of their threat model. Students research security related topics, present them to the class ( Discovery Event ), and write report on their findings.

Course 3: ITDF 2470 Financial Cyber Crime

(on-line as well) (no lab component; exploratory mindset and the willingness to learn new ways to think about using the computer in a public network)

  • Viruses, Worms and Trojan Horses
  • SpyWare
  • AddWare
  • Physical Security
  • Firewalls
  • Wireless
  • Web Surfing
  • Instant Messaging & Chat Rooms
  • Spam
  • Fraud, Phishing, Social Engineering
  • Operating System Patches
  • Backups and Disaster Recovery
  • Disk & Registry Maintenance
  • Passwords
  • Protecting Personal and Confidential Information

 

Course 4: ITDF 1305 Fundamentals of Digital Data Storage

( solid understanding of how computers work and the willingness to go beyond the obvious; open mind to lean Base-2, Base-16 numbering systems and to learn an assortment of forensic tools; not being afraid to be challenged )

  • Computer Forensics and Investigation as a Profession
  • Understanding Computing Investigations
  • The Investigator's Office and Laboratory
  • Data Acquisitions
  • Processing Crime and Incident Scenes
  • Working with Windows and DOS Systems
  • Current Computer Forensics Tools
  • Macintosh and Linux Boot Processes and File Systems
  • Computer Forensics Analysis and Validation
  • Recovering Graphics Files
  • Network Forensics
  • E-mail Investigations
  • Cell Phone and Mobile Device Forensics
  • Report Writing for High-Tech Investigations
  • Expert Testimony in High-Tech Investigations
  • Ethics for the Expert Witness

 

Course 5: ITDF 2425 Digital Forensics Tools

( do not even attempt to enroll unless you have taken all previous courses or have some forensic experience; builds on the concept learned in previous courses; takes a concept and place it in a specific tool; logical ability to see patterns )

  • Creating your portable toolset
  • Computer Hardware
  • File Systems
  • First Response
  • Acquiring Digital Evidence
  • EnCase Concepts
  • EnCase Environment
  • Understanding, Searching For, and Bookmarking Data
  • File Signature Analysis and Hash Analysis
  • Windows Operating System Artifacts.
  • Advanced EnCase
  • Creating Paperless Reports

 

Course 6: ITDF 2330 Digital Forensics Analysis

( build on course 5, thus you will be lost if not taken that course or has no forensic experience; takes the same concepts as in course 5, but in a different tool; expands the concepts that can overwhelm someone with limited exposure to previously discussed topics )

  • Understanding and Exploiting Windows Networks.
  • Network Investigation Overview.
  • Working with FTK Imager ( acquisition, hashes, CD/DVD, converting )
  • The Microsoft Network Structure.
  • Working with FTK ( overview, new case, case log, filter, copy special )
  • Beyond the Windows GUI.
  • Processing Case - Graphics
  • Windows Password Issues.
  • Processing Case - E-Mail
  • Windows Ports and Services.
  • Narrowing your focus ( custom hash analysis )
  • Live-Analysis Techniques.
  • Case Reporting
  • Windows File Systems.
  • Cryptography 101
  • The Registry Structure.
  • PRTK ( Password Recovery Tool Kit )
  • Registry Evidence.
  • Windows registry
  • Tool Analysis.
  • Registry Viewer
  • Text-Based Logs.
  • Advanced UTK ( Ultimate Toolkit )
  • Windows Event Logs.
  • Steps for successful password recovery
  • Logon and Account Logon Events.
  • Regular Expression Searching
  • Other Audit Events. d
  • dtSearch Search Request
  • Forensic Analysis of Event Logs.
  • Decryption technology
  • Presenting the Results. EFS ( Encrypting File System )

 

Course 7: ITDF 2435 Comprehensive Digital Forensics Project

( reports, research, and methodology must be that of the procedures learned from the previous courses; it will be enforced to have the specific structure; only those can complete this course who are familiar with these required elements from previous courses )

Project where students utilize all they have learned in the previous courses, in the degree plan. The project can involve actual cases or a research based on actual case needs. The research focuses on a complete analysis of a concept or technology to aid the digital forensic community as a whole. Outcome of this course will result in a investigative methodology of the chosen topic.

 

Certificate Course: ITNW 1425 Fundamentals of Networking Technologies

( This course gives you hands-on experience with network OSs and protocols as well as other concepts required to earn the 4011 certification )
Sample Syllabus

Course Designator/Course Number: ITNW 1425

Course Title: Fundamentals of Networking Technologies

Catalog Course Description: https://www1.dcccd.edu/catalog/courseDescriptions/detail.cfm?course=ITNW

Course Length: Course is defined in WECM ( WORKFORCE EDUCATION COURSE MANUAL, 2007-2008 ) with contact hour range of 80-112 hours per semester. Richland College offers the course in a 16 week semester with a combination of 3 hours lecture and 4 hours lab per week. WECM Search page http://www.thecb.state.tx.us/aar/undergraduateed/workforceed/wecm/

Course Description: Instruction in networking technologies and their implementation. Topics include the OSI reference model, network protocols, transmission media, and networking hardware and software. This course is cross-listed as ITNW 1325. The student may register for either ITNW 1325 or ITNW 1425, but may receive credit for only one of the two.

Course Learning Objective: Identify and use network transmission media; explain the OSI model; recognize the primary network topologies/protocols, identify their characteristics, and determine which would be most appropriate for a proposed network; identify the functions of a network operating system and distinguish between centralized, client/server, and peer-to-peer systems; and distinguish between Local Area Networks (LANs) and Wide Area Networks (WANs) and identify the components used to expand a LAN into a WAN.

Major Topics and Learning Outcomes:

1. An Introduction to Networking

Outcomes:

  • List the advantages of networked computing relative to standalone computing
  • Introduce the evolution of modern communications systems
  • Distinguish between client/server and peer-to-peer networks
  • List elements common to all client/server networks
  • Describe several specific uses for a network
  • Identify some of the certifications available to networking professionals
  • Identify the kinds of nontechnical, or “soft,” skills that will help you succeed as a networking professional

2. Networking Standards and the OSI Model

Outcomes:

  • Identify organizations that set standards for networking
  • Describe the purpose of the OSI Model and each of its layers
  • Explain specific functions belonging to each OSI Model layer
  • Understand how two network nodes communicate through the OSI model
  • Discuss the structure and purpose of data packets and frames
  • Describe the two types of addressing covered by the OSI Model
  • Discuss Historical vs Current Methodologies

3. Transmission Basics and Networking Media

Outcomes:

  • Describe vehicles of transmission
  • Explain basic data transmission concepts, including full duplexing, attenuation, and noise
  • Describe the physical characteristics of coaxial cable, STP, UTP, and fiber-optic media
  • Compare the benefits and limitations of different networking media
  • Identify the best practices for cabling buildings and work areas
  • Specify the characteristics of popular wireless transmission methods, including 802.11, infrared, and Bluetooth

4. Network Protocols

Outcomes:

  • Identify the characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk
  • Understand how network protocols correlate to layers of the OSI Model
  • Identify the core protocols of the TCP/IP suite and describe their functions
  • Identify the well-known ports for key TCP/IP services
  • Understand addressing schemes for TCP/IP, IPX/SPX, NetBEUI, and AppleTalk
  • Describe the purpose and implementation of DNS (Domain Name System) and WINS (Windows Internet Naming Service)
  • Install protocols on Windows XP clients

5. Networking Hardware

Outcomes:

  • Identify the functions of LAN connectivity hardware
  • Install and configure a NIC (network interface card)
  • Identify problems associated with connectivity hardware
  • Identify the unique nature of telecommunication hardware and software
  • Describe the factors involved in choosing a NIC, hub, switch, or router
  • Discuss the functions of repeaters, hubs, bridges, switches, routers, and gateways, and the OSI Model layers at which they operate
  • Describe the use and types of routing protocols

6. Topologies and Access Methods

Outcomes:

  • Recognize the changes in historical vs current networking technology
  • Describe the basic and hybrid LAN physical topologies, and their uses, advantages and disadvantages
  • Describe the backbone structures that form the foundation for most LANs
  • Compare the different types of switching used in data transmission
  • Understand the transmission methods underlying Ethernet, Token Ring, FDDI, and ATM networks
  • Describe the characteristics of different wireless network technologies, including Bluetooth and the three IEEE 802.11 standards

7. WANs and Remote Connectivity

Outcomes:

  • Identify a variety of uses for WANs
  • Explain different WAN topologies, including their advantages and disadvantages
  • Describe an Automated Information Systems environment
  • Describe different WAN transmission and connection methods, including PSTN, ISDN,
  • T-carriers, DSL, broadband cable, SONET, and wireless Internet access technologies
  • Compare the characteristics of WAN technologies, including throughput, security, and reliability
  • Describe the software and hardware requirements for remotely connecting to a network

8. Network Operating Systems and Windows Server 2003-Based Networking

Outcomes:

  • Discuss the functions and features of a network operating system
  • Define the requirements for a Windows Server 2003 network environment
  • Provide language of an Automated Information Systems
  • Describe how Windows Server 2003 fits into an enterprise-wide network
  • Perform a simple Windows Server 2003 installation
  • Manage simple user, group, and rights parameters in Windows Server 2003
  • Understand how Windows Server 2003 integrates with other popular network operating systems

9. Networking with UNIX and Linux

Outcomes:

  • Describe the origins and history of the UNIX operating system
  • Identify similarities and differences between popular implementations of UNIX
  • Describe the features and capabilities of servers running Solaris, Linux, and Mac OS X Server
  • Explain and execute essential UNIX commands
  • Install and configure Linux on an Intel-based PC
  • Manage users, groups, and file access permissions in Solaris, Linux, and Mac OS X Server
  • Explain how computers running other operating systems can connect to UNIX servers
  • Describe of hardware, software, firmware components of an Automated Information Systems, to integrate into information systems security aspects/behaviors

10. NetWare-Based Networking

Outcomes:

  • Identify the advantages of using the NetWare network operating system
  • Describe NetWare’s server hardware requirements
  • Understand NetWare’s file system and directory structure
  • Plan for and perform a simple NetWare server installation
  • Explain how NetWare supports multiple clients and integrates with other network operating systems

11. Networking with TCP/IP and the Internet

Outcomes:

  • Understand methods of network design unique to TCP/IP networks, including subnetting, CIDR, NAT and ICS
  • Explain the differences between public and private networks
  • Describe protocols used between mail clients and mail servers, including SMTP, POP3, and IMAP4
  • Employ multiple TCP/IP utilities for network discovery and troubleshooting

12. Troubleshooting Network Problems

Outcomes:

  • Describe the steps involved in an effective troubleshooting methodology
  • Follow a systematic troubleshooting process to identify and resolve networking problems
  • Describe the steps for complex environment troubleshooting like distributed and mainframe processors
  • Document symptoms, solutions, and results when troubleshooting network problems
  • Use a variety of software and hardware tools to diagnose problems

13. Ensuring Integrity and Availability

Outcomes:

  • Identify the characteristics of a network that keeps data safe from loss or damage
  • Discuss agency specific access differences
  • Protect an enterprise-wide network from viruses
  • Explain network- and system-level fault-tolerance techniques
  • Discuss issues related to network backup and recovery strategies
  • Describe the components of a useful disaster recovery plan and the options for disaster contingencies

14. Network Security

Outcomes:

  • Identify security risks in LANs and WANs and design security policies that minimize risks
  • Explain how physical security contributes to network security
  • Discuss hardware- and design-based security techniques
  • Use network operating system techniques to provide basic security
  • Understand methods of encryption, such as SSL and IPSec, that can secure data in storage and in transit
  • Describe how popular authentication protocols, such as RADIUS, TACACS, Kerberos, PAP, CHAP, and MS-CHAP, function
  • Understand wireless security protocols, such as WEP, WPA, and 802.11i

15. Implementing and Managing Networks

Outcomes:

  • Describe the elements and benefits of project management
  • Manage a network implementation project
  • Recognize agency specific installation differences
  • Understand network management and the importance of baselining to assess a network’s health
  • Plan and follow regular hardware and software maintenance routines
  • Describe the steps involved in upgrading network hardware and software

16. Plan/implement a network on your own

Outcomes:

  • Identify and define topology, NeworkOS, and user settings to implement a small organization’s network.

Method of Instruction: Instructional methods in course, include, lecture aided by in-class digital projector displaying digital slides for students to follow that is also made available for students to print so they can pay attention to the lecture better. Each student work on his/her workstation to practice basic networking utilities and concepts. The lab environment encourages team work by assigning students to 2-3 person teams and lab assignments are solved in teams. Courses are also accessible to students on-line using Blackboard software where students can collaborate outside the class. Open lab available to students to access the lab for hands-on exercises in a virtual environment using third party software ( TestOut LabSim ).

Evaluation Methods: Students take chapter quizzes on covered topics. Students are required to attend lab and lecture sessions for a grade. Students take midterm and final exams. Students research network related topics, present them to the class ( Discovery Event ), and write report on their findings.

 

Certificate Course: ITSY 1400 Fundamentals of Information Security

(This course gives you hands-on experience with information security and management concepts as well as other concepts required to earn the 4011 certification)
Sample Syllabus

Course Designator/Course Number: ITSY 1400

Course Title: Fundamentals of Information Security

HTTP Link: https://www1.dcccd.edu/cat0809/courseDescriptions/detail.cfm?course=ITSY

Course Length: This course is a 16 week course that meets 6 hours a week for 16 weeks in a face-to-face configuration.

Course Description: Basic information security goals of availability, integrity, accuracy, and confidentiality. Vocabulary and terminology specific to the field of information security are discussed. Identification of exposures and vulnerabilities and appropriate countermeasures are addressed. The importance of appropriate planning and administrative controls is also discussed. This course is cross-listed as ITSY 1300. The student may register for either ITSY 1300 or ITSY 1400, but may receive credit for only one of the two.

Course Learning Objective: Students completing this course will able to outline best practices for the information security goals of confidentiality, integrity and availability; explain ethical practices; define vocabulary/terminology related to information security; explain the importance of planning and administrative controls; identify security threats, vulnerabilities, and countermeasures; and identify procedures for security risk management.

Major Topics and Detailed Outcomes:

1. Introduction
      1.1 Introduction to Information Security
      1.2 The CIA ( Confidentiality, Integrity, Availability ) of information security and security
            countermeasures
      Outcomes:
                  § Describe the challenges of securing information
                  § Define information security and explain why it is important
                  § Describe the roles and responsibilities related to information security in an organization
                  § Identify the types of attackers that are common today
                  § List the basic steps of an attack
                  § Describe the five steps in a defense
                  § Explain the different types of information security careers and how the Security+ certification
                      can enhance a security career

2. SYSTEMS SECURITY

      2.1 System Threats and Risks
      2.2 Operations Security
      2.3 ESI ( electronically stored information ) states and protection measures
      2.4 Protecting Systems
      Outcomes:

    • Describe the different types of software-based attacks
    • List types of hardware attacks
    • Define virtualization and explain how attackers are targeting virtual systems
    • Define risk and risk management
    • Describe the components of risk management
    • Identify the need for system life cycle management
    • Describe the survey and planning needs of operations security
    • Review Agency Automated Information Systems and telecommunications security policies
    • Label components for successful contingency planning/disaster recovery

3. NETWORK SECURITY

      3.1 Auditing and Monitoring
      3.2 Network Vulnerabilities and Attacks
      3.3 Network Defenses
      3.4 Wireless Network Security
      3.5 TEMPEST
      Outcomes:

    • List the methodologies used for monitoring to detect security-related anomalies
    • Describe the different monitoring tools
    • Explain how to harden operating systems
    • List ways to prevent attacks through a Web browser
    • Define SQL injection and explain how to protect against it
    • Explain how to protect systems from communications-based attacks
    • Describe various software security applications
    • Explain the types of network vulnerabilities
    • List categories of network attacks
    • Define different methods of network attacks
    • Explain how to enhance security through network design
    • Define network address translation and network access control
    • List the different types of network security devices and explain how they can be used
    • Describe the basic IEEE 802.11 wireless security protections
    • Define the vulnerabilities of open system authentication, WEP, and device authentication
    • Describe the WPA and WPA2 personal security models
    • Explain how enterprises can implement wireless security

4. ACCESS CONTROL

      4.1 Access Control Fundamentals
      4.2 Authentication
      Outcomes:

      • Define access control and list the four access control models
      • Describe logical access control methods
      • Explain the different types of physical access control
      • Define authentication
      • Describe the different types of authentication credentials
      • List and explain the authentication models
      • Define authentication servers
      • Describe the different extended authentication protocols
      • Explain how a virtual private network functions

5. ASSESSMENTS AND AUDITS

      5.1 Performing Vulnerability Assessments
      5.2 Conducting Audits
      Outcomes:

      • List and describe vulnerability scanning tools
      • Define penetration testing
      • Define privilege audits
      • Describe how usage audits can protect security

6. CRYPTOGRAPHY

      6.1 Basic Cryptography
      6.2 Cryptographic Protocols and Public Key Infrastructure
      Outcomes:

      • Define cryptography
      • Describe hashing
      • List the basic symmetric cryptographic algorithms
      • Describe how asymmetric cryptography works
      • List types of file and file system cryptography
      • Explain how whole disk encryption works
      • Define digital certificates
      • List the various types of digital certificates and how they are used
      • Describe the components of Public Key Infrastructure (PKI)
      • List the tasks associated with key management
      • Describe the different cryptographic transport protocols
      • Describe the application of cryptographic systems

7. ORGANIZATIONAL SECURITY

      7.1 Administrative Security Procedural Controls
      7.2 Business Continuity Planning and Procedures
      Outcomes:

      • Define environmental controls
      • Describe the option of cryptographic systems’ role in security policies
      • Describe the components of redundancy planning
      • List disaster recovery procedures
      • Describe incident response procedures
      • Define organizational security policy
      • Describe the concepts of system life cycle management
      • List the types of security policies
      • Describe how education and training can limit the impact of social engineering
      • Describe Agency "control points" for purchase and maintenance of Agency AIS and telecommunications systems
      • Define administrative Security procedural controls

Method of Instruction: This course utilizes 3 hours of instructor led lecture and 3 hours of instructor lead lab with 1 hour of self directed open lab per week. Lectures are based on electronic presentations ( MS PowerPoint ) and videos. The lab portion of the course enforces team work and hands-on labs to re-enforce the lecture materials. The self directed lab allows students to explore topics related to lectures and labs every week and practice harder concepts on their own for better comprehension.

Evaluation Methods: The course is evaluated based on chapter quizzes, midterm and a comprehensive final exam.

 

Certificate Course: ITSY 2459 Security Assessment and Auditing

(This course gives you hands-on experience with information security and management concepts as well as other concepts required to earn the 4011 certification)
Sample Syllabus

Course Designator/Course Number: ITSY 2459

Course Title: Security Assessment and Auditing

HTTP Link: https://www1.dcccd.edu/catalog/courseDescriptions/detail.cfm?course=ITSY

Course Length: Course is defined in WECM ( WORKFORCE EDUCATION COURSE MANUAL, 2009-2010 ) with contact hour range of 80-128 hours per semester. Richland College offers this course in a 16 week semester with a combination of 3 hours lecture and 4 hours lab per week. WECM Search page
http://www.thecb.state.tx.us/aar/undergraduateed/workforceed/wecm/

Course Description: Capstone experience for the security curriculum. Synthesizes technical material covered in prior courses to monitor, audit, analyze, and revise computer and network security systems to ensure appropriate levels of protection are in place to assure regulatory compliance.

Course Learning Objective: Review security plan to ensure appropriate level of protection; assess network security design; audit network system based on security design; use relevant tools to assure security requirements; and review all security policies and procedures on a regular basis.

Major Topics and Detailed Outcomes:

1 .Ethical Hacking Overview
    1.a. Role of an ethical hacker
    1.b. Legality
    1.c. Illegal activities

Outcomes:

  • Describe the role of an ethical hacker
  • Describe what you can do legally as an ethical hacker
  • Describe what you cannot do as an ethical hacker

2. TCP/IP Concepts Review
    a. TCP/IP protocol stack
    b. Basic concepts of IP addressing
    c. Binary, octal, and hexadecimal numbering systems

Outcomes:

  • Describe the TCP/IP protocol stack
  • Explain the basic concepts of IP addressing
  • Explain the binary, octal, and hexadecimal numbering systems

3. Network and Computer Attacks
    a. Types of malicious software
    b. Protecting against malware attacks
    c. Types of network attacks
    d. Physical security attacks and vulnerabilities

Outcomes:

  • Describe the different types of malicious software
  • Describe methods of protecting against malware attacks
  • Describe the types of network attacks
  • Identify physical security attacks and vulnerabilities

4. Footprinting and Social Engineering
    a. Web tools for footprinting
    b. Conducting competitive intelligence
    c. DNS zone transfers
    d. Types of social engineering

Outcomes:

  • Use Web tools for footprinting
  • Conduct competitive intelligence
  • Describe DNS zone transfers
  • Identify the types of social engineering

5 Port Scanning
    a. Port scanning methodology
    b. Different types of port scans
    c. Various port-scanning tools
    d. Ping sweeps usage
    e. Shell scripting to automate security tasks

Outcomes:

  • Describe port scanning
  • Describe different types of port scans
  • Describe various port-scanning tools
  • Explain what ping sweeps are used for
  • Explain how shell scripting is used to automate security tasks

6. Enumeration
    a. Enumeration step of security testing
    b. Enumerate Microsoft OS targets
    c. Enumerate NetWare OS targets
    d. Enumerate *NIX OS targets

Outcomes:

  • Describe the enumeration step of security testing
  • Enumerate Microsoft OS targets
  • Enumerate NetWare OS targets
  • Enumerate *NIX OS targets

7. Programming for Security Professionals
    a. Basic programming concepts
    b. C programming
    c. HTML programming
    d. Perl programming
    e. Object-oriented programming concepts

Outcomes:

  • Explain basic programming concepts
  • Write a simple C program
  • Explain how Web pages are created with HTML
  • Describe and create basic Perl programs
  • Explain basic object-oriented programming concepts

8. Microsoft Operating System Vulnerabilities
    a. Tools available to assess Microsoft system vulnerabilities
    b. Vulnerabilities of Microsoft operating systems
    c. Vulnerabilities of services running on Microsoft operating systems
    d. Harden Microsoft systems against common vulnerabilities
    e. Best practices for securing Microsoft systems

Outcomes:

  • Conduct and explain Risk Analysis and Risk Analysis reporting
  • Describe the tools available to assess Microsoft system vulnerabilities
  • Describe the vulnerabilities of Microsoft operating systems
  • Describe the vulnerabilities of services running on Microsoft operating systems
  • Explain techniques to harden Microsoft systems against common vulnerabilities
  • Describe best practices for securing Microsoft systems

9. Linux Operating System Vulnerabilities
    a. Fundamentals of the Linux operating system
    b. Vulnerabilities of the Linux operating system
    c. Linux remote attacks
    d. Countermeasures for protecting the Linux operating system

Outcomes:

  • Conduct and explain Risk Analysis and Risk Analysis reporting
  • Describe the fundamentals of the Linux operating system
  • Describe the vulnerabilities of the Linux operating system
  • Describe Linux remote attacks
  • Explain countermeasures for protecting the Linux operating system

10. Hacking Web Servers
    a. Web applications
    b. Web application vulnerabilities
    c. Tools used to attack Web servers

Outcomes:

  • Conduct and explain Risk Analysis and Risk Analysis reporting
  • Describe Web applications
  • Explain Web application vulnerabilities
  • Describe the tools used to attack Web servers

11. Hacking Wireless Networks
    a. Wireless technology
    b. Wireless networking standards
    c. Process of authentication
    d. Wardriving
    e. Wireless hacking and tools used by hackers and security professionals

Outcomes:

  • Conduct and explain Risk Analysis and Risk Analysis reporting
  • Explain wireless technology
  • Describe wireless networking standards
  • Describe the process of authentication
  • Describe wardriving
  • Describe wireless hacking and tools used by hackers and security professionals

12. Cryptography
    a. The history of cryptography
    b. Symmetric and asymmetric cryptography algorithms
    c. Public key infrastructure (PKI)
    d. Possible attacks on cryptosystems

Outcomes:

  • Describe the history of cryptography
  • Describe symmetric and asymmetric cryptography algorithms
  • Explain public key infrastructure (PKI)
  • Describe possible attacks on cryptosystems

13 .Protecting Networks with Security Devices
    a. Network security devices
    b. Firewall technology
    c. Intrusion detection systems
    d. Honeypots

Outcomes:

  • Describe network security devices
  • Describe firewall technology
  • Describe intrusion detection systems
  • Describe honeypots

14 .Business and IA Policy Integration
    a. Defining Roles and Responsibilities
    b. Mandates and Law
    c. Policies ( people, operation, technology )
    d. Preparing for the Unknown

Outcomes:

  • Define the role roles and responsibilities in IA
  • Define the challenges of meeting business and IT needs
  • Explain the protection of proprietary information
  • Explain the cost/benefit analysis in IA
  • Evaluate information security policies
  • Define need to know controls

15. System Auditing (OVAL, nessus, MSBA )
    a. Existing and Recommended Security Controls
    b. Following Government guidelines
    c. PCI certification
    d. NIST 800-37

Outcomes:

Explain the process of accreditation

  • Discuss risks associated with certification and accreditation
  • Explain aggregation vulnerabilities
  • Discuss the challenges of classified/sensitive information
  • Discuss MOU and MOA
  • Discuss the accreditation process after certification
  • Define the types of accreditation

Method of Instruction: This course utilizes 3 hours of instructor led lecture and 4 hours of instructor lead lab with 1 hour of self directed open lab per week. Lectures are based on electronic presentations ( MS PowerPoint ) and videos. The lab portion of the course enforces team work and hands-on labs to re-enforce the lecture materials. The self directed lab allows students to explore topics related to lectures and labs every week and practice harder concepts on their own for better comprehension.

Evaluation Methods:
40% of the grade is based on a midterm and a final examination. Both examinations are cumulative and given in a varied format. An in-class review will be held prior to each examination.

20% of the grade is based on quizzes. Quizzes are announced one day in advance and can vary from three to five questions and that might be in any format.

40% of the grade is based on keeping a project notebook. Students are asked to obtain a small notebook or to use a lab notebook and keep notes on the results of Hands-on Projects and Case Projects at the end of each chapter in the text.

A   90 - 100
B   80 - 89
C   70 - 79
D   60 - 69
F   59 below

Copyright © 2014 Richland College | DCCCD