Start Here On First Day

 

File: Course Summary


Course Summary

Syllabus

Course Summary

Course Overview

Welcome to your Capella University online course, TS5311 – Enterprise Security. In this course you will examine how to secure the mixed environment that will confront you in today’s enterprise. You will learn how to:

  • Assess where the enterprise stands in its security posture.
  • Choose the best methodology to access the enterprise.
  • Mitigate software vulnerabilities that exist, and be ready for ones that have yet to be discovered.

You will also discover defensive techniques to ensure enterprise network security.

This course gives you a glimpse into the world of cyberterrorism, and the impact it has on securing the enterprise. You will delve into the shadowy world of so-called social engineers and learn how they stalk the enterprise using the weakest link in the enterprises security —the human factor. You also will learn how to train your enterprise employees to not fall for a social engineer scam.

You will also:

  • Consider how security policies allow the enterprise to grow and acquire other companies with diverse information technology and still maintain a secure organization.
  • Get some hands-on training with security compliance issues, and learn how to insure that your enterprise is in compliance with legislative mandates.
  • Learn how your enterprise competition might be able to learn key information to use against you from your operations.
  • Consider the physical location of your enterprise and how to consider logistical and physical threats that might impact your organization.

Finally, you will apply the concepts learned to an enterprise of your choice for your course project.

Course Competencies

To successfully complete this course, you will be expected to:

  1. Implement information assurance policies and procedures.
  2. Analyze cyberterrorism and the tools and techniques used for malicious intent.
  3. Analyze enterprise system weaknesses.
  4. Create a security plan for an organization.
  5. Consider the security requirements of enterprise networks.
 

File: Learner Expectations


Learner Expectations
Font Size:

Syllabus

Learner Expectations

 

File: Grading


Grading
Font Size:

Syllabus

Grading

Course requirements include the following major independent measures of learner competency.

Learning Activity Weights and Scoring Guides
Activity Weight Scoring Guide
1. Discussion Participation 20% Discussion Participation Scoring Guide
2. Unit Activities 20%
u05a1: Cyberterrorism Analysis 15% Cyberterrorism Analysis Scoring Guide
u06a1: CSO Competencies 5% CSO Competencies Scoring Guide
3. Course Project Components 60%
u02a1: Organization Description 5% Organization Description Scoring Guide
u04a1: Preliminary Security Evaluation 10% Preliminary Security Evaluation Scoring Guide
u05a2: Annotated Bibliography 5% Annotated Bibliography Scoring Guide
u07a1: Security Requirements 15% Security Requirements Scoring Guide
u09a1: Security Plan 15% Security Plan Scoring Guide
u10a1: Final Project 10% Enterprise Security Plan Project Description and Scoring Guide
Total:
100%

Final Course Grade

Your final course letter grade is determined by a cumulative percentage, a total of the graded percentages you receive for each weighted activity above.

A = 90–100%
B = 80–89%
C = 70–79%
F = 69% and below

 

File: Project Description and Scoring Guide


Project Description and Scoring Guide
Font Size:

Syllabus

Enterprise Security Plan Project Description and Scoring Guide

Overview

Most organizations become enterprises not by controlled growth but by mergers and acquisitions.

Enterprise organizations, by their nature, are a mixture of sites, people, and information resources. This characteristic translates into a variety of operating systems, databases, enterprise management systems, and corporate culture. While securing an enterprise may seem like a hopeless undertaking, it is possible to rework the various policies and practices into a coherent set of enterprise security policies to secure the enterprise.

Throughout the course you will learn about best practices and strategies for assessing and protecting an enterprise against security threats. For your course project, you will use this information to assess the current state of an enterprise system, analyze security requirements, and develop a plan to secure the system from risks and threats.

Your project will include the following components:

Organization Description

For this component:

  • Select an organization for your course project. This organization may be a current or past employer or an organization you can access information about via the Internet.
  • Describe the purpose and key characteristics of the organization including an overview of the organization's security posture.

Preliminary Security Evaluation

For this component:

  • Analyze the organization's system weaknesses.
  • Describe the system vulnerabilities and potential exposures on the network.
  • Examine and describe the software and hardware risks.
  • Analyze and describe the types of attacks the system is vulnerable to, for example, denial-of-service (DoS), identity theft, buffer flows, or spyware.
  • Be sure to consider the larger system view to ensure a comprehensive current state assessment.

Security Requirements

For this component:

  • Analyze your current state assessment to develop a list of security requirements for your organization.
  • Describe how the risks you identified affect the overall security requirements of the organization.
  • Describe the different elements that must be included in a successful security policy for your organization.

Security Plan

For this component:

  • Create a security plan for your selected organization.
  • Prioritize risks and propose actions to improve the security of the organization. Be sure to include an incident response plan.
  • Explain the rationale for your proposed actions and the importance of developing your security plan.
  • Develop information assurance policies and procedures to support your security plan.
  • Develop an implementation plan for policies, procedures, and overall security plan. Be sure to include potential implementation barriers and solutions.

You will submit each component as a separate assignment throughout the course. You will also submit an annotated bibliography in Unit 5. In the final unit, you will submit the components as a cohesive proposal for the final course project. Be sure to incorporate instructor and peer feedback to improve your project components for the final submission.

Project Objectives

To successfully complete this project, you will be expected to:

  1. Analyze an organization's enterprise system weaknesses.
  2. Analyze and describe the security requirements of an enterprise network.
  3. Create a security plan appropriate to an enterprise.
  4. Develop information assurance policies and procedures.
  5. Develop an implementation plan for policies, procedures, and security plan.

Project Components

Project Component Course Grade Weight Unit Due
Organization Description 5% Unit 2
Preliminary Security Evaluation 10% Unit 4
Annotated Bibliography 5% Unit 5
Security Requirements 15% Unit 7
Security Plan 15% Unit 9
Final Project 10% Unit 10
Total:
60%

Project Requirements

To achieve a successful project experience and outcome, you are expected to meet the following requirements.

  • Written communication: Written communication should be free of errors that detract from the overall message.
  • Style and formatting: Each component must adhere to APA style guidelines, including grammar, punctuation, and proper in-text citation and referencing of any sources you use. APA formatting is also required (font, double-spacing, indentation, heading levels, et cetera). Refer to the APA Style and Formatting module on iGuide for more information.The following components are also required for your paper:
    • Title Page or Cover Sheet.
    • Table of Contents.
    • Executive Summary.
    • Introduction.
    • Conclusion Summary.
    • Reference Page.
    • Appendix.

Final Project Grading Criteria

Final Project Grading Criteria Grading Rubric
Criteria
(15 total points)
0
Non-performance
1
Basic
2
Proficient
3
Distinguished
Analyzes an organization's enterprise system weaknesses.
(3 points)
Does not describe enterprise system weaknesses. Describes some enterprise system weaknesses. Analyzes an organization's enterprise system weaknesses. Analyzes an organization's enterprise system weaknesses. Applies a larger system view to provide a comprehensive assessment of system.
Analyzes and describes the security requirements of an enterprise network.
(3 points)
Does not describe security requirements of an enterprise network. Describes some security requirements of an enterprise network. Analyzes and describes the security requirements of an enterprise network. Analyzes and describes the security requirements of an enterprise network. Illustrates requirements with specific examples of the enterprise network configuration.
Creates a security plan appropriate to an enterprise.
(3 points)
Does not develop security initiatives appropriate to an enterprise. Develops some security initiatives appropriate to an enterprise. Creates a security plan appropriate to an enterprise. Creates a comprehensive security plan appropriate to an enterprise. Integrates best practices and appropriate theory into security plan.
Develops information assurance policies and procedures.
(3 points)
Does not describe information assurance policies and procedures. Describes some information assurance policies and procedures. Develops information assurance policies and procedures. Develops a comprehensive set of information assurance policies and procedures. Explains how policies and procedures will provide system security.
Develops an implementation plan for policies, procedures, and security plan.
(3 points)
Does not describe strategies for implementing policies, procedures, and security plan. Describes strategies for implementing policies, procedures, and security plan. Develops an implementation plan for policies, procedures, and security plan. Develops a comprehensive implementation plan for policies, procedures, and security plan. Integrates best practices and appropriate theory into implementation plan.

Points-to-Grade Conversion

The points you earn on this activity will be converted to a percentage grade according to the chart below and will be used to determine your final course grade.

  • 0 Points   =   0%     =   F
  • 1 Point    =   17%   =   F
  • 2 Points   =   34%   =   F
  • 3 Points   =   51%   =   F
  • 4 Points   =   69%   =   F
  • 5 Points   =   71%   =   C
  • 6 Points   =   75%   =   C
  • 7 Points   =   79%   =   C
  • 8 Points   =   80%   =   B
  • 9 Points   =   82%   =   B
  • 10 Points =   84%   =   B
  • 11 Points =   86%   =   B
  • 12 Points =   88%   =   B
  • 13 Points =   90%   =   A
  • 14 Points =   95%   =   A
  • 15 Points = 100%   =   A
 

File: Course Materials


Course Materials
Font Size:

Syllabus

Course Materials

Required

The materials listed below are required to complete the learning activities and projects in this course. Unless noted otherwise, the books, software, and coursepacks are available for purchase from the Capella University Virtual Bookstore. To purchase these texts, visit the bookstore and select your school and course ID.

Books

McClure, S., Scambray, J., & Kurtz, G. (2009). Hacking exposed (6th ed.). Emeryville, CA: McGraw-Hill Osborne Media. ISBN: 9780071613743.

Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston: Cengage Learning. ISBN: 9781435488847.

Articles

Library

The following required readings are provided to you in the Capella University Library. Ask a Librarian for assistance with any of these resources.

Cummings. J. (2007). How to build a data center in 6 months for $800,000. Network World.

Howard, C. E. (2007). Top secrets: Securing sensitive data. Military & Aerospace, 8(12), 24–28.

Ohlhorst, F. (2007). Doors shut tight. eWeek, 24(35), M1–M4.

Internet

These required articles are available on the Internet. Please note that URLs change frequently. While the URLs were current when this course was designed, some may no longer be valid. If you cannot access a specific link, contact your instructor for an alternative URL. Permissions for the following links have been either granted or deemed appropriate for educational use at the time of course publication.

National Institute of Standards and Technology. (2002). Risk management guide for information technology systems (special publication 800-30). Retrieved January 28, 2008, from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Optional

The following optional materials are offered to provide you with a better understanding of the topics in this course. These materials are not required to complete the course.

Optional Articles

Use Journal Locator to see if the library has access to the full text of an article. If the full text is not available, try using Interlibrary Loan to obtain a copy. You will receive interlibrary loan articles in 3–5 business days. Ask a Librarian for assistance.

Alberts, C., Dorofee, A., Stevens, J., & Woody, C. (2003, August). Introduction to the OCTAVE method. Retrieved January 25, 2008, from http://www.cert.org/octave/approach_intro.pdf

Broadleaf Capital International PYD LTD. (2007). Tutorial notes: The Australian and New Zealand standard on risk management, AS/NZS 4360:2004. Retrieved January 25, 2008, from http://www.broadleaf.com.au/pdfs/trng_tuts/tut.standard.pdf

Optional Web Sites

Please note that URLs change frequently. While the URLs were current when this course was designed, some may no longer be valid. If you cannot access a specific link, contact your instructor for an alternative URL. Permissions for the following links have been either granted or deemed appropriate for educational use at the time of course publication.