In this course, learners examine the technology and security principles that apply throughout system and product life cycles. Learners identify the basic network components in an information technology system, analyze how they interact, and evaluate their role in system operation. Learners explore the basic role and function of network devices including routers, switches, firewalls, VPNs, and intrusion detection as well as the underlying protocols and controls that contribute to their operation. In addition, learners demonstrate their ability to use network security tools and network analysis.

Learners apply foundational concepts of cybersecurity and information assurance to select appropriate information security policies, procedures, and controls to defend enterprise information assets from breaches of confidentiality and integrity. Learners identify specific points of vulnerability that may be mitigated through the use of administrative security policies and operational information security tools. Learners also examine principles of cryptography and some of the security controls and methods that use it. Prerequisite(s): Completion of or concurrent registration in IAS5010 or PM5331.

Learners apply cyber-defense and information assurance controls in context of the rules and guidelines that influence them and with an understanding of the security standards, responsibilities, rules, regulations, and issues that impact a particular organization. Learners identify laws and policies related to cyber-defense and how they relate to the storage and transmission of data. Learners also study basic concepts of audit, evidence collection, and chain of custody rules.  Prerequisite(s): Completion of or concurrent registration in IAS5015.

Learners in this course explore the fundamental security issues related to operating system (OS) defense. Learners also employ best practices to harden operating systems and associated software applications using various tools as a part of a layered defense-in-depth strategy. Prerequisite(s): Completion of or concurrent regitration in IAS5020.

Learners identify common information security risk analysis methodologies, their characteristics, pros and cons, and applications. Learners examine the sources of risk, including external malicious attackers, intentional and accidental attacks by internal users, and threats from environmental and structural sources. Learners also identify vulnerabilities in hardware, software, locations, and procedures that provide an opening to attackers and create risk to organizations. Learners demonstrate risk assessment techniques through hands-on application of software vulnerability testing tools.  Prerequisite(s): IAS5025.