Lewis University Master of Science in Information Security

Courses

This 35 credit-hour program provides a dynamic and comprehensive course of study, designed to prepare IT professionals for a leadership role in their chosen field. The courses required for completion of the Master of Science in Information Security provide all the tools necessary to advance your career, while offering the flexibility to enter the program at five different times throughout the year.

I. Foundation Courses (6 additional credit hours required for Non-IT professionals)

68-500 Computer Organization (3)

This course provides a thorough study of the principles of operation for computer systems. It covers the principal subsystems of a computer, including the central processing unit (CPU), memory, input/output, and the communications bus. Number systems and various schemes for the digital representation of numbers are also discussed.

Additional critical subjects covered include the principles of hierarchical computer organization, machine instruction sets, addressing modes, CISC vs RISC, input/output processing, and interrupt handling, as well as the application of many of these concepts to modern personal computers. The student will also gain insight into the boot process by installing multiple operating systems on a single PC.

^ top

68-501 Principles of Programming (3)

An introduction to problem solving and algorithm design using C++ or Java. The following topics will be presented: program structure, data types, input/output, flow of control, sub-algorithms, and an introduction to classes.

^ top

II. Core Courses (18 credit hours)

68-505 Introduction to Information Security (3)

This course provides a broad overview of the threats to the security of information systems, the responsibilities and basic tools for information security, and the levels of training and expertise needed in organizations to reach and maintain a state of acceptable security.

Topics include: an introduction to confidentiality, integrity, and availability, authentication models, protection models, security kernels, secure programming, audit, intrusion detection and response, operational security issues, physical security issues, personnel security, policy formation and enforcement, access controls, information flow, legal and social issues, identification and authentication in local and distributed systems, classification and trust modeling, risk assessment.

^ top

68-510 Data Networking (3)

This course covers fundamental concepts, principles, and practical issues relevant to the design, analysis, and implementation of enterprise-level trusted networked information systems. Topics include networking, security architectures and techniques, and the protocols defined at the various layers of the Internet model.

Note: This course requires the previous completion of course 68-500 as a pre-requisite.

^ top

68-515 Operating Systems and Distributed Systems (3)

This course presents the concepts and principles of multiple user operating systems: memory, CPU, I/O device allocation, scheduling and security, memory hierarchies, performance evaluation, analytic models, simulation, concurrent programming and parallel processors.

Explores distributed computing principles, theory, implementations, and security; models of distributed systems, interprocess communications, distributed objects and remote invocation, coordination and agreement, distributed transactions, interoperability, and replication; component frameworks and middleware such as CORBA and DCE. Also discussed are security problems in distributed application environments and possible solutions to them.

Note: This course requires the previous completion of course 68-500 as a pre-requisite.

^ top

68-520 Intrusion Detection, Response and Recovery (3)

Information security ultimately depends on identifying and applying available security features appropriately. This course discusses the development of a secure information infrastructure consisting of servers, networks, firewalls, workstations, and intrusion detection systems. Also covered are principles and practice related to secure operation of existing distributed systems, and principles of penetration testing for assessment of system security.

In addition, students will explore network security management systems that gather and analyze information to identify possible security breaches, including intrusions (attacks from outside the organization) and misuse (attacks from within the organization). Students learn the use of vulnerability assessment and scanning technologies to determine the security of a network.

Note: This course requires the previous completion of courses 68-505 and 68-500.

^ top

68-525 Encryption and Authentication Systems (3)

This course will present key cryptologic terms, concepts, and principles. Topics include traditional cryptographic and cryptanalytic techniques, successes and failures in cryptologic history, single-key and double-key algorithms, issues in network communications, network security, and security throughout the different layers of the OSI model for data communications, the use of cryptologic protocols to provide a variety of security services in a networked environment. In addition, issues in authentication, access control, non-repudiation, data integrity and confidentiality, key generation, control, distribution, and certification will be explored.

Note: This course requires previous completion of courses 68-505 and 68-501.

^ top

68-530 Legal and Ethical Issues in Information Security (3)

Legal and ethical issues are important concepts in the field of information security. This course covers: policy implications of the use of computers with emphasis on the security of computers in modern society; fundamentals of American law with particular regard to the legal aspects of the use of computers and of computer security; the organization and use of the American legal system; ethical challenges in a technological environment; identification of organizations and materials that can be of assistance in resolving or responding to policy, legal, and ethical issues; and social and public policy issues pertaining to the commercial development, availability, and marketing of both software and hardware for encryption.

Note: This course requires previous completion of courses 68-505 and 68-500.

^ top

Concentration Courses (12 total credit hours)

(9 credit hours in chosen area of concentration plus 3 elective credit hours from either concentration)

Management Concentration

68-523 Computer Forensics (3)

A hands-on survey of computer investigation tools used by cyber forensics specialists to trace the activity of intruders.

Note: This course requires previous completion of course 68-505.

^ top

68-550 Operational and Organizational Security (3)

This course covers several issues relating to operations and organizations security such as: the impact of environment and social engineering on physical security, security implications of disaster recovery plans, implications of business continuity issues, the security relevance of the education and training of users, as well as concepts of forensics and security documentation.

Note: This course requires previous completion of course 68-505.

^ top

68-551 Information Security Strategies and Risk Management (3)

This course explores the strategies, procedures and policies to manage and mitigate risk in information systems. Students will discuss risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. In addition to technological solutions, this course also explores organizational strategies and policies that can provide highly cost effective security to information systems.

Note: This course requires previous completion of course 68-505.

^ top

68-552 IT Governance and Compliance (3)

This is a hands-on case study course that will teach graduates how to implement the IT Governance process in a company using control objectives for IT and related technology, or "COBiT". The course demonstrates how to align IT strategy with the business planning process, how to monitor and measure the IT internal controls to meet internal and external compliance legislation like Sarbanes-Oxley, and FTC (Federal Trade Commission) requirements, and introduces students to planning and conducting an IT Audit.

Note: This course requires previous completion of courses 68-505 and 68-530.

^ top

68-555 Security Assurance Principles (3)

Security enforcement rests upon three principles: policy, mechanism, and assurance. Policy specifies the permitted use of an information system. The security policy defines the rules by which the trusted system governs access to its resources, and thus all information and services controlled by the trusted system. Mechanisms within the information system enforce the policy. Cryptographic protocols, audit logs, and access controls are examples of security mechanisms. Assurance is the basis for believing that the implementation of an information system enforces the policy as completely as necessary.

This course investigates fundamental assurance technologies that can be applied to interface specifications, architectures, and implementations of information security mechanism. It also explores formal security models, formal and semi-formal specification techniques, and the principles of demonstrative and vulnerability testing.

Note: This course requires previous completion of courses 68-505 and 68-530.

^ top

68-557 Project Management and Information Security (3)

This course explores the use of projects to support business objectives in modern organizations. Topics include the selection of projects, their initiation, implementation, control and termination; the roles of the project manager and project team members; as well as project management life cycle phases including scope, time, cost, human resources, quality, risk, and integration management.

Note: This course requires previous completion of course 68-505.

^ top

68-563 Database Management and Security (3)

Explores the design, deployment, management, and security of relational database systems and discusses best practices for protecting the integrity and privacy of data stored in online database systems.

Note: This course requires previous completion of course 68-505.

^ top

Technical Concentration

68-523 Computer Forensics (3)

A hands-on survey of computer investigation tools used by cyber forensics specialists to trace the activity of intruders.

Note: This course requires previous completion of course 68-505.

^ top

68-560 Securing Windows (3)

This is a hands-on course that focuses on current strategies hackers use to attack Windows systems and how system administrators can counteract such attacks.

Note: This course requires previous completion of course 68-505 and 68-515.

^ top

68-561 Securing Linux (3)

This hands-on course focuses on current strategies hackers use to attack Linux systems and how system administrators can counteract such attacks.

Note: This course requires previous completion of course 68-505 and 68-515.

^ top

68-563 Database Management and Security (3)

Explores the design, deployment, management, and security of relational database systems and discusses best practices for protecting the integrity and privacy of data stored in online database systems.

Note: This course requires previous completion of course 68-505.

^ top

68-564 Wireless Security (3)

This course explores the security of wireless data networks. It describes the standards that govern wireless communications and security, the physics of the various approaches to wireless data security, the attacks against wireless systems, and techniques for thwarting such attacks. The course covers the various 80.11 technologies as well as cell phone, satellite, and Bluetooth systems.

Note: This course requires previous completion of course 68-505 and 68-500.

^ top

68-565 Secure Programming (3)

This course presents best practices for writing code that is relatively impenetrable to attack. While it is impossible to write completely secure applications, it is possible to minimize the risk of exploitation by considering security issues at every stage of development. Familiarity with a modern programming language is required.

Note: This course requires previous completion of course 68-505 and 68-501.

^ top

Seminar Courses (2 credit hours)

Two credit hours of seminar coursework. Seminars are designed to present specific topics that are more appropriate for short workshop-style courses than for full-length courses.

Seminars:

68-596 Information Security Certification Prep I (1)

68-597 Information Security Certification Prep II (1)

^ top

Capstone (3 credit hours)

68-595 Information Security Project (3)

This course is an in-depth study of a given information system facility that analyzes and makes recommendations about the security of the facility to include an analysis of vulnerability and risk, a plan for security auditing, recommendations about possible use of trusted system technology and cryptography, and identification of the relevant regulatory, legal, and ethical issues. Prerequisite: Completion of at least 21 hours of credit within the program (including transfer credit) with a cumulative GPA of 3.0 or higher.

^ top