COLEGIO DE SANTA RITA DE SAN CARLOS INC

SYLLABUS ON INFORMATION ASSURANCE AND SECURITY 2

Course Number : ITM 412 Course Descriptive Title : Information Assurance and Security 2
No of Units : 3 No of Hours per Week : Lec: 3
SCHEDULE: TTH: 10:30-12:00
Course Description
Provides an in depth investigation into meeting the security needs of modern IT systems. This course prepares the student to master the eight domains for
Certification in Information Systems Security Professional (CISSP) which are Security and Risk Management, Asset Security, Security Engineering, Communication and
Network Security Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.

Course Intended Learning Outcomes:

Specifically it aims to:

1. Equip students to exhibit the ability in establishing security policies and configure security devices and software.
2. Prepare students to the Certification in Information Systems Security Professional (CISSP).
Intended Learning Outcomes Content Teaching Learning Activities Time Resources Assessment
Allotment

Upon completion of this module, you MODULE 1 Security and Risk

should be able to: Management Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Test the concept of confidentiality, 1. Confidentiality, Integrity and Powerpoint Internet connection Homework
integrity, and availability of a Availability (CIA) Projector Graded Recitation
domain. 2. Security Governance Principles Recitation Board and Marker Check lists
2. Implement solid user awareness of 3. Control Frameworks Quizzes
CIA. Online Tests
4. Due Care vs. Due Diligence Standardized assessment (quiz,
5. CISSP for Legal and Investigation exam, assignment) Chapter Exam
Case studies
Regulatory Compliance
Reflection
6. Information Security Legal Issues Hands-on Activities
10 Periodic Exams
7. Security Policies, Standards,
Procedures and Guidelines Blended learning (via
8. Security Personnel Classroom Discussion, CANVAS,
9. Vendor, Consultant and Contractor Google Classroom)
Security
 10. Risk Management Concepts Threat
Modeling

Upon completion of this module, you MODULE 2 Asset Security

should be able to: 1. Information and Asset Classification Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Present important domain as it deals 2. Data and System Ownership (e.g. Powerpoint Internet connection Homework
with the issues related to the Projector Graded Recitation
data owners, system owners)
management of data and the Recitation Board and Marker Check lists
concept of ownership of 3. Protecting Privacy
Quizzes
information 4. Data Retention
Standardized assessment (quiz, Online Tests
Differentiate roles regarding data 5. Data Security Controls – how to
exam, assignment) Chapter Exam
processing as well as privacy concerns and protect data at rest or in transit, 10 Case studies
limitations of use. cryptography, etc. Reflection
6. Data Handling Requirements (e.g. Hands-on activities
Periodic Exams
markings, labels, storage) – also
includes destruction Blended learning (via
7. Public Key Infrastructure (PKI) Classroom Discussion, CANVAS,
Google Classroom)
Upon completion of this module, you MODULE 3 Security Engineering
should be able to: Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Create security engineering 1. Engineering processes using secure Powerpoint Internet connection Homework
processes, models, and design design principles Projector Graded Recitation
principles. Recitation Board and Marker Check lists
2. Security models fundamental
Detect vulnerabilities on database security, Quizzes
concepts
crypto systems, and clouds. Online Tests
3. Security evaluation models Standardized assessment (quiz,
exam, assignment) Chapter Exam
4. Certification and Accreditation Case studies
5. Security capabilities of information Reflection
systems Hands-on activities
Periodic Exams
6. Security architectures, designs, and
solution elements vulnerabilities Blended learning (via
7. Web-based systems vulnerabilities Classroom Discussion, CANVAS,
Google Classroom)
8. Mobile systems vulnerabilities
9. Embedded devices and
cyberphysical systems
vulnerabilities – includes IoT and
devices in networks 15
10. Database Architectures and Security
11. Cryptography – PKI, digital
signatures, keys, digital rights and
cryptanalytic
12. Site and facility design secure
principles
Physical security – concerns with water

flooding, fires, storage security and more

strictly “physical” issues
Upon completion of this module, you MODULE 4 Communication and Network
should be able to: Security Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Create secure communication Powerpoint Internet connection Homework
channels. 1. Secure network architecture design Projector Graded Recitation
Simulate aspects of network architecture, 2. Secure network components – Recitation Board and Marker Check lists
communication protocols, access control, transmission media, Quizzes
segmentations, routing and wireless communication hardware Online Tests
Standardized assessment (quiz,
transmissions. 5 Chapter Exam
3. Secure communication channels – exam, assignment)
VPN, VLAN, instant messaging, Case studies
remote collaboration Reflection
Hands-on activities
Periodic Exams
4. Firewalls, IDS & IPS
Network attacks and countermeasures Blended learning (via
Classroom Discussion, CANVAS,
Google Classroom)
Upon completion of this module, you MODULE 5 Identity and Access
should be able to: Management Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Defend attacks that exploit the Powerpoint Internet connection Homework
human component to gain access 1. Access Control Categories Projector Graded Recitation
to data and ways to identify those 2. Identification and Authentication of Recitation Board and Marker Check lists
who have rights to access to people and devices Quizzes
servers and information. Online Tests
3. Authorization Standardized assessment (quiz,
Differentiate the concept of sessions, multi- 5 Chapter Exam
4. Identity as a Service (e.g. cloud exam, assignment)
factor authentication, proofing, Case studies
credentials, role-based or rule-based identity)
Reflection
access control, MAC, and DAC. 5. Third-party identity services (e.g. on Hands-on activities
Periodic Exams
premise)
6. Access Control Attacks Blended learning (via Classroom
7. Identity and Access Provisioning Discussion, CANVAS, Google
Lifecycle (e.g. provisioning review) Classroom)
Upon completion of this module, you MODULE 6 Security Assessment and
should be able to: Testing Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Apply the tools and techniques 1. Assessment and test strategies 2. Powerpoint Internet connection Homework
used to assess the security of Security process data (e.g. Projector Graded Recitation
systems and find vulnerabilities, Recitation Board and Marker Check lists
management and operational
errors in coding or design, Quizzes
controls)
weaknesses and possible areas of Online Tests
3. Security control testing Standardized assessment (quiz,
concerns not corrected by policies 5 Chapter Exam
4. Test outputs (e.g. automated, exam, assignment)
and procedures. Case studies
2. Perform vulnerability assessment manual)
Reflection
5. Security architectures Hands-on activities
 and penetration testing.
3. Create disaster recovery and
business continuity plans, and
awareness training for users.
Upon completion of this module, you
should be able to:
1. Perform simulated digital forensic
and investigations to intrusion
prevention and detection tools,
firewalls and sandboxing.
vulnerabilities Periodic Exams
Blended learning (via Classroom
Discussion, CANVAS, Google
Classroom)
MODULE 7 Security Operations
1. Investigations support and Lecture/Discussion using Computer Units with Pre-tests/Post tests
requirements – digital forensics, Powerpoint Internet connection Homework
regulatory concerns Projector Graded Recitation
10
2. Logging and monitoring activities – Recitation Board and Marker Check lists
IDPS, event management, Quizzes
monitoring of systems Standardized assessment (quiz, Online Tests
3. Provisioning of resources exam, assignment) Chapter Exam
4. Foundational security operations Case studies
Reflection
concepts – assign roles, monitor Hands-on activities
Periodic Exams
access privileges, information
lifecycle Blended learning (via Classroom
5. Resource protection techniques Discussion, CANVAS, Google
6. Incident management – from Classroom)
incident to remediation to
afterincident review
7. Preventative measures – IDPS,
sandboxing, honeypots, firewall,
malware prevention
8. Patch and vulnerability
management
9. Change management processes
10. Recovery strategies – backup,
multiple operation sites
11. Disaster recovery processes and
plans
12. Business continuity planning and
exercises
13. Physical security
14. Personnel safety concerns
Upon completion of this module, you MODULE 8 Software Development Security
should be able to: 1. Security in the software Lecture/Discussion using Computer Units with Pre-tests/Post tests
1. Implement security controls on development lifecycle Powerpoint Internet connection Homework
software within the environment 2. Development environment security Projector Graded Recitation
5
for which the security information controls Recitation Board and Marker Check lists
system expert is responsible. Quizzes
2. Perform auditing, risk analysis and 3. Software development models Standardized assessment (quiz, Online Tests
the identification of vulnerabilities 4. Software security effectiveness – exam, assignment) Chapter Exam
in source codes. auditing, risk analysis Case studies
5. Acquired software security impact Hands-on activities Reflection
Periodic Exams
6. Software testing
Blended learning (via Classroom
Discussion, CANVAS, Google
Classroom)
Course Requirements 1. At the end of the semester, a student is required to pass the Certification in Information Systems
Security Professional (CISSP) practice examination.
Required Textbook:
NONE
References:
Cloud +, Wilson, Scott and Vanderburg, Eric. 2016
Security, Privacy and Digital Forensics in the Cloud, Chen, Lei, Takabi, Hassan, 2019 Information
security fundamentals, Khalil Mohammad, 2018
Management of information security, Michael E. Whitman ; Herbert J. Mattord., 2017
Big data : storage, sharing and security, Fei Hu, 2016 Web Sites:
http://users.cs.cf.ac.uk/Y.V.Cherdantseva/UnderstandingIAS.pdf
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/61288/information-security.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf http://www.pnp.gov.ph/images/Downloads/computer_security_reviewer.pdf

Prepared by: Date: Approved by: Date:

BRITTANEY BATO AUGUST 8, 2022 ERICSON J. BATUTU AUGUST 8, 2022

Head, Computer Education
Dept.
Percentage allocations: A. For subject with researches and project (Religious Education, English, Filipino, Laboratory Sciences, Philosophy, P.E. etc.) 1. Reading & Written
Assignments (Reflection & Reaction papers) 30% 2. Projects/Research & Presentation 35% 3. Examination (Prelim, Midterm & Final) 35% B. Related Learning Experience (RLE)
Performance & Quizzes : 70% Deportment & Attendance : 30% 100% Total 100