Delta College logo

Information Security

Course NumberCST 266
Lab Hours0
Lecture Hours60
Course DescriptionPrerequisites: CST 260 and one of CST 262 or 263 or 265. Analyzes, designs, defines, and troubleshoots security policies and procedures to maintain information integrity, confidentiality and availability. (60-0)

Outcomes and Objectives

Describe concepts of information security.
  1. Discuss security threats.
  2. Describe the goals of information security: integrity, confidentiality, and availability.
  3. Discuss ramifications involved in information security, like cost and technology barriers.

Describe concepts of authentication.
  1. Create and store passwords.
  2. Describe the Kerberos authentication process.
  3. Describe other authentication mechanisms like CHAP and KDC.
  4. Discuss multifactor authentication and why it is necessary.
  5. Create and use digital certificates.
  6. Describe tokens and their functions.
  7. Discuss the strengths and weaknesses of biometric authentication.

Recognize different types of attacks.
  1. Describe and discuss back door attacks.
  2. Describe and discuss spoofing attacks.
  3. Describe and discuss man-in-the-middle attacks.
  4. Understand the concept of social engineering.
  5. Describe and discuss TCP/IP hijacking.
  6. Describe and discuss birthday attacks
  7. Describe and discuss brute-force attacks.
  8. Describe and discuss dictionary attacks.
  9. Describe and discuss denial-of-service attacks.
  10. Describe and discuss a DDoS (distributed denial-of-service) attack.
  11. Describe and discuss ping-of-death attacks.

Identify malicious code.
  1. Identify and discuss viruses.
  2. Identify and discuss trojan horses.
  3. Identify and discuss logic bombs.
  4. Identify and discuss worms.

Identify and eliminate security weaknesses.
  1. Identify and disable nonessential services.
  2. Identify and disable nonessential protocols.
  3. Identify and disable nonessential programs.
  4. Identify and disable nonessential utilities.
  5. Identify and disable nonessential processes.

Describe how auditing is used for security awareness.
  1. Log system activities.
  2. Scan system for unusual activities.

Identify strengths and weaknesses of remote access.
  1. Differentiate between the 802.11 specifications.
  2. Identify and discuss vulnerabilities of VPNs (Virtual Private Networks).
  3. Identify and discuss vulnerabilities of remote access protocols like PPTP and L2TP.
  4. Discuss IPSec (IP security).

Identify strengths and weaknesses of email security.
  1. Identify email vulnerabilities.
  2. Outline the advantages and disadvantages of GP and S/MIME.
  3. Discuss the implications of email hoaxes and spam.

Identify different methods of web security.
  1. Describe SSL (Secure Socket Layer).
  2. Describe HTTPS as it relates to SSL.
  3. Describe other encryption methods, like symmetric & asymmetric key encryption.
  4. Describe encryption algorithms, like DES, IDEA, Diffie-Hellman, DSA, and RSA.
  5. Identify security weaknesses associated with instant messaging.
  6. Describe vulnerabilities associated with web technologies like Java applets, JavaScript, ActiveX controls, and cookies.
  7. Use packet sniffers.
  8. Discuss privacy concerns.

Identify security issues associated with file transfers.
  1. Identify and discuss vulnerabilities in secure FTP.
  2. Identify and discuss vulnerabilities in anonymous FTP.
  3. Identify and discuss vulnerabilities of file sharing.

Identify security issues associated with wireless data transfer.
  1. Identify and discuss vulnerabilities in the IEEE 802.11 wireless networking specifications.
  2. Describe WAP (Wireless Application Protocol).
  3. Describe the WTLS (Wireless Transport Layer Security) protocol.
  4. Describe WEP (Wired Equivalent Privacy).

Describe how hardware is used in information security policies.
  1. Compare and contrast hardware-enabled firewalls.
  2. Discuss how routers are used for security purposes.
  3. Identify the role of switches in information security.
  4. Discuss security issues involving mobile devices.

Describe security issues involving media.
  1. Compare and contrast network media.
  2. Compare and contrast storage media.

Describe various security topologies.
  1. Identify and discuss security zones.
  2. Identify and discuss a DMZ.
  3. Identify and discuss intranets and extranets.
  4. Identify and discuss VLANs.
  5. Examine NAT (Network Address Translation).
  6. Discuss tunneling.

Describe intrusion detection systems.
  1. Differentiate between host-based and network-based intrusion detection.
  2. Discuss the advantages and disadvantages of honeypots.
  3. Identify active and passive detection features of intrusion detection.
  4. Describe the role of a security incident response team in an organization.

Describe security baselines.
  1. Explain the concept of OS/NOS hardening.
  2. Explain the concept of network hardening.
  3. Explain the concept of application hardening.
  4. Describe how to install and apply updates, service packs, and patches.

Identify and explain cryptography algorithms.
  1. Describe hashing.
  2. Compare and contrast symmetric versus asymmetric algorithms.
  3. Differentiate between DES and Triple DES.
  4. Compare and contrast other algorithms like AES, CAST, RC, Blowfish, IDEA, RSA, Diffie-Hellman, El Gamal, Merkle-Hellman, and Elliptic Curve.

Discuss the advantages and disadvantages of cryptography.
  1. Discuss integrity and confidentiality.
  2. Discuss digital signatures.
  3. Discuss nonrepudiation.

Describe the concept of PKI (Public Key Infrastructure).
  1. Define different types of certificates.
  2. Compare certificate policies.
  3. Understand certificate revocation.
  4. Understand certificate trust models.

Examine physical security methods.
  1. Identify different types of physical barriers.
  2. Identify and describe different types of biometrics.
  3. Discuss the role of physical location in information security.

Describe the concept of Disaster Recovery.
  1. Identify and describe backup plans.
  2. Discuss the importance of offsite storage.
  3. Create a disaster recovery plan.

Describe the concept of Business Continuity.
  1. Identify Business Continuity utilities.
  2. Understand the concept of fault tolerance.

Discuss the importance of policies and procedures.
  1. Determine acceptable use.
  2. Understand the need for privacy.
  3. Understand separation of duties.
  4. Discuss methods of password management.
  5. Identify ways to dispose of or destroy obsolete information.
  6. Discuss employee hiring procedures relating to security.
  7. Discuss employee termination procedures relating to security.
  8. Develop a code of ethics.
  9. Develop an incident response policy.

Describe computer forensics.
  1. Understand chain of custody.
  2. Discuss ways to collect evidence.
  3. Identify methods of evidence preservation.

Discuss risk identification.
  1. Explain asset identification.
  2. Explain risk assessment.
  3. Explain threat identification.

Discuss the need for proper training of end users.
  1. Discuss effective communication of policies and procedures.
  2. Identify methods of user awareness.
  3. Explore online resources.

Describe the need for proper documentation.
  1. Determine standards and guidelines.
  2. Identify system architecture.
  3. Keep logs and inventories.
  4. Develop change control procedure.
  5. Identify methods of documentation retention and storage.
  6. Identify methods of destroying old documentation.

Communicate effectively in reading and writing: gather information about information security by reading technical text.
  1. Identify and utilize information from technical text.
  2. Derive meaning from technical text.

Think critically and access, analyze and use information including using current Internet programming technology; interpret technical statements, texts, theories, problems, symbols, and observations.
  1. Clarify and analyze the meanings of technical words, phrases, and statements.
  2. Learn the meanings of terms and acronyms used with information security and ways to use them.
  3. Generate and collect relevant observable or measurable information or data using intrusion detection software and hardware.
  4. Organize and present information or data in written form.

Think critically and access, analyze and use information including using current Internet programming technology; formulate a question or need, develop a strategy to meet that question or need to solve a technical problem.
  1. Generate, assess, and validate solutions to a security problem involving web or network access.
  2. Develop and question alternative formulations of a security problem involving web or network access.
  3. Search and access information via the Internet.
  4. Evaluate information or data for quality, validity, and bias to determine if it is objective and reliable.
  5. Question assumptions, data, and formulations of problems and proposed answers.

1961 Delta Road, University Center MI 48710 | 989-686-9000 |
Delta College is an Equal Opportunity Organization, committed to excellence through inclusiveness and diversity.
Copyright ©