You are here: Home instructional_framework official_framework Business and Information Technology Education Enterprise Security Management
Navigation
Log in


Need a new SSL certificate?
 

View Career Major Course

Course Information
Business and Information Technology Education
BT00034
Enterprise Security Management
90.00
Students will understand the principles of risk management, security architectures, incident handling, disaster recovery, and secure systems administration.
Carrie DeMuth
405-743-5426
cdemu@okcareertech.org

Robert Hamilton
405-743-5552
rhami@okcareertech.org
Network Security
1. Contingency Planning: In this topic, you will take a look at various types of disasters
that can befall an organization and put it out of business-unless the organization has implemented some form of business continuity planning. You will look at how such plans can be
developed and tested.

Objectives:
a. Identify disaster types, examine issues relate to contingency planning, and consider the
role of security policies as part of an overall contingency planning strategy.
b. Analyze contingency planning goals, and review the testing of such plans.
c. Study the effect of electrical power loss for networks and the backup planning required to prevent such events.
d. Examine data-backup strategies for various operating systems and perform tasks related
to backups.

2. Performing a Risk Analysis: In this topic, you will be introduced to the concepts and issues surrounding one of the more debated areas of security - Risk Analysis. You will see different
methods of risk analysis, different standards, and different techniques to minimize risk. All of these issues, concepts, and techniques lead up to the same goal, to perform a risk analysis.

Objectives:
a. Define the concepts of risk analysis.
b. Examine the methods of risk analysis.
c. Describe the process of risk analysis.
d. Describe the techniques available to minimize risk.
e. Examine the principles of performing a continuous risk assessment.

3. Creating a Security Policy: In this topic, you will examine the concepts of security
policies and their implementation. You will be introduced to different methods of policy creation and implementation, and you will create a policy document. You will also examine the methods of security response and how response is related to policy.

Objectives:
a. Describe the concepts of security policies.
b. Examine the standards of security policy design.
c. Describe the individual policies in a security policy.
d. Examine a detailed, complete policy template.
e. Describe the policy procedures for incident handling and escalation.
f. Define the common procedures for strategic partner connections in a security policy.
g. Create a scenario-based security policy document.

4. Certification and Accreditation: In this topic, you will examine the certification and
accreditation process of information systems as outlined for the federal government. You will study in detail the four phases of the process used and the duties and responsibilities of the key participants. You will also explore applications of the certification and accreditation process for non-government organizations.

Objectives:
-Examine and understand the background information for the Certification and Accreditation Process.
-Identify the laws and regulations governing the Certification and Accreditation Process.
-List the phases of the Certification and Accreditation Process and give a definition for each of those phases and their associated activities and tasks.
-List and define the roles and responsibilities of the individuals involved in the Certification and Accreditation Process.
-Understand the System Security Authorization Agreement (SSAA) and practice using tools and templates used to create a SSAA.
-Examine the NIST Special Publication 800-37 "Guide for the Security Certification and Accreditation of Federal Information Systems". Compare the NIST SP 800-37 methodology to the DITSCAP and DIACAP processes and identify the differences.

5. Introduction to Trusted Networks: In this topic, you will be introduced to the fundamental concepts of building trusted networks and the Public Key Infrastructure.

Objectives:
a. Define the need to develop trusted networks.
b. Identify the function of both authentication and identification.
c. Examine the components of a Public Key Infrastructure (PKI).
d. Indentify the applications of PKI.

6. Cryptography and Data Security: In this topic, you will be introduced to the concepts of
cryptography and its function in data security. You will examine how cryptography has evolved, encryption and decryption systems, private key and public key algorithms, and key lengths.

Objectives:
a. Describe the history of cryptography.
b. Describe the function of math in cryptography.
c. Describe the process of private key cryptography.
d. Describe the process of public key cryptography.
e. Identify the function of message authentication.

7. Law and Legislation: In this topic, you will be introduced to the common laws and pertinent legislation regarding information security, computing, and network technologies. You will be
exposed to laws and legislation, and although the concepts in this topic are global, every state and/or country has different laws and regulations; those in this topic are primarily from the United States regarding security, computers, and network technologies.

Objectives:
a. Examine the concepts of intellectual properties.
b. Identify the primary categories of law.
c. Examine the process of handling evidence for a trail.
d. Examine computer-related laws and legislation.

8. Biometrics - Who You Are: In this topic, you will examine the process of biometrics, their accuracy, and their application. You will determine the characteristics of common biometrics, and examine methods of compromising biometric systems.

Objectives:
a. Describe the core concepts of biometrics.
b. Examine the accuracy of biometrics.
c. Identify applications of biometrics.
d. Implement and examine fingerprint scanning.
e. Examine facial scanning.
f. Implement and examine iris and retinal scanning.
g. Implement and examine vocal scanning.
h. Examine uncommon biometrics.
i. Examine methods of compromising biometrics.

9. Strong Authentication: In this topic, you will learn about strong authentication. You will step through examples of authentication solutions, such as tokens and biometrics.

Objectives:
a. Describe strong authentication.
b. Examine authentication tokens.
c. Implement an authentication token system.
d. Examine smart cards.

10. Digital Certificates: In this topic, you will examine various ways we establish our
identity in the real world, examine an important document recognized internationally, review various tamper-proofing methods and mechanisms for such documents, and look at the electronic equivalents for such documents.

Objectives:
a. Examine the various ways that identities are established in the world.
b. Examine the role of an authority that thoroughly examines applications and then issues
some form of identity document, such as a certificate.
c. Examine issues surrounding the protection of the sanctity of a Certificate Authority.
d. Distinguish between the purposes of certificates issued in the physical world versus the
digital world.
e. Examine key standards specified for digital certificates.
f. Examine the X.509 authentication standard as defined by the ITU and the information contained in an X.509 certificate.
g. Perform a case study of one of the leading Certification Authorities.

11. Digital Signatures: In this topic, you will work with message digest and symmetric-key encryption algorithms to define the structure of digital signatures.

Objectives:
a. Compare digital signatures with real world signatures.
b. Examine the features of digital signatures and their requirements for use in e-commerce.
c. Describe how digital signatures function.
d. Examine the various types and emerging standards for digital signatures.
e. Examine the digital signature applications and protocols used.
(Select from the following)

Security Certified Network Architect (SCNA): Enterprise Security Implementation (ESI)

Cyber Security Education Consortium End-of-Course Exam

CompTIA Server+ or Security+

CIW Security Analyst or Master CIW Administrator

Brainbench: Information Technology Security Fundamentals
SCNA - Security Certified Network Architect - http://www.securitycertified.net/SCNA_certifications.htm

CIW - Certified Internet Web Professional - http://www.ciwcertified.com/

Cisco - http://cisco.netacad.net/

CompTIA - http://certification.comptia.org/

CIW Security Analyst

Brainbench - http://www.brainbench.com
Security Certified Program (SCP) curriculum - Hardening the Infrastructure; Warren Peterson, Shrinath Tandur. ISBN 0-7580-5588-9

Strategic Infrastructure Security; Warren Peterson

Advanced Security Implementations; Warren Peterson, Uday O. Ali Pabrai. ISBN: 0-7580-6999-5


References:
Guide to Disaster Recovery, 1st Edition-Michael Erbschloe. ISBN: 0-619-13122-5

OMB Circular A-130

NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004

NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems, December 1998.

NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001.

NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems, January 2002.

NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, June 2002.

NIST Special Publication 800-47, Security Guide for Interconnecting Information Technology Systems, September 2002.

NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program, October 2003.

NIST Special Publication 800-64, Security Considerations in the Information System Development Life Cycle, October 2003.

NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems (Initial public draft), October 2003.

NIST Special Publication 800-60, Guide for Mapping Information and Information Types to Security Objectives and Risk Levels (Second public draft), March 2004.

NIST Special Publication 800-61, Computer Security Incident Handling Guide, January 2004.

Career Cluster Resources for Information Technology - http://www.careerclusters.org/resources/ClusterDocuments/itdocuments/ITFinal.pdf
Yes
8132
Yes
Yes
No
Career Majors That Sequence This Course
Career Cluster Pathway Career Major
Information Technology Network Systems Computer Security Specialist
Information Technology Network Systems Cyber Security Compliance Specialist
Information Technology Network Systems Cyber Security Forensics Specialist
Information Technology Network Systems Cyber Security Professional (Networking Emphasis)
Information Technology Network Systems Cyber Security Specialist (Networking Emphasis)
Information Technology Network Systems Network Security Professional (Networking Emphasis)
Information Technology Network Systems Network Security Professional (Systems Emphasis)