Securing Information System

1. SYSTEM VULNERABILITY AND ABUSE

1.1. WHY SYSTEMS ARE VULNERABLE

1.1.1. CONTEMPORARY SECURITY CHALLENGES AND VULNERABILITIES

1.1.2. Internet Vulnerabilities

1.1.3. Wireless Security Challenges

1.1.4. WI-FI SECURITY CHALLENGES

1.2. MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN HORSES, AND SPYWARE

1.3. HACKERS AND COMPUTER CRIME

1.3.1. Spoofing and Sniffing

1.3.2. Denial-of-Service Attacks

1.3.2.1. distributed denial-of-service (DDoS)

1.3.2.2. denial-of-service (DoS) attack

1.3.3. Computer Crime

1.3.4. Identity Theft

1.3.5. EXAMPLES OF COMPUTER CRIME

1.3.5.1. New Topic

1.3.6. Global Threats: Cyberterrorism and Cyberwarfare

1.4. INTERNAL THREATS: EMPLOYEES

1.4.1. Social Engineering

1.5. SOFTWARE VULNERABILITY

1.5.1. Bugs

2. BUSINESS VALUE OF SECURITY AND CONTROL

2.1. LEGAL AND REGULATORY REQUIREMENTS FOR ELECTRONIC RECORDS MANAGEMENT

2.1.1. HIPAA

2.1.2. Gramm-Leach-Bliley Act

2.1.3. Sarbanes-Oxley Act

2.2. ELECTRONIC EVIDENCE AND COMPUTER FORENSICS

2.2.1. Computer forensics

3. ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL

3.1. INFORMATION SYSTEMS CONTROLS

3.1.1. General controls

3.1.2. Application controls

3.2. RISK ASSESSMENT

3.2.1. risk assessment

3.3. SECURITY POLICY

3.3.1. security policy

3.3.2. acceptable use policy

3.3.3. Identity management

3.4. DISASTER RECOVERY PLANNING AND BUSINESS CONTINUITY PLANNING

3.4.1. Disaster recovery planning

3.4.2. Business continuity planning

3.5. THE ROLE OF AUDITING

4. TECHNOLOGIES AND TOOLS FOR PROTECTING INFORMATION RESOURCES

4.1. IDENTITY MANAGEMENT AND AUTHENTICATION

4.2. FIREWALLS, INTRUSION DETECTION SYSTEMS, AND ANTIVIRUS SOFTWARE

4.2.1. Firewalls

4.2.2. Intrusion Detection Systems

4.2.3. Antivirus and Antispyware Software

4.2.4. Unified Threat Management Systems

4.3. SECURING WIRELESS NETWORKS

4.4. ENCRYPTION AND PUBLIC KEY INFRASTRUCTURE

4.5. ENSURING SYSTEM AVAILABILITY

4.5.1. Controlling Network Traffic: Deep Packet Inspection

4.5.2. Security Outsourcing

4.5.2.1. managed security service provid- ers (MSSPs)

4.6. SECURITY ISSUES FOR CLOUD COMPUTING AND THE MOBILE DIGITAL PLATFORM

4.6.1. Security in the Cloud

4.6.2. Securing Mobile Platforms

4.7. ENSURING SOFTWARE QUALITY