ITNT304 : Security Policy and Procedures

Department

Department of Computer Networks

Academic Program

Bachelor in Computer Networks

Type

Elective

Credits

03

Prerequisite

ITNT314

Overview

This course provides students with an introduction to information security policies. The course discusses the entire lifecycle of policy creation and enactment and presents students with issue specific policies in different domains of security. The structure of the policy is also discussed to assist the students in design and modification of policies. Several examples from different domains are incorporated to assist students to learn in context of real life situations.

The topics covered by this course include General Overview of Policies, Policy Lifecycle, and Writing Security Policies, Information Classification and Privacy Policies, Network Security and Email Policies, Application, Operating System and Software Security Policy, Encryption and Key Management Policy, Security Policy: Audit and Compliance, Acceptable Use Policies and Training /Awareness, Security Policy: Enforcement and Effectiveness.

Intended learning outcomes

Knowledge &understand

  • Understand the basic elements of information security policies as well as the lifecycle of policy development
  • Understand the difference between policies, procedures, standards and guidelines
  • Understand the relationship between risk, threats, vulnerabilities and countermeasures
  • Understand risk mitigation strategies and disaster recovery plans

mental skills

  • Discuss how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs
  • Able to use critical thinking skills as they go through the material rather than accepting facts at face value
  • Able to Critique a security policy for its effectiveness and completeness

Practical & professional skills

  • Students will complete an activity that involves developing a security plan based on risk assessment
  • Students will complete activities that involve identifying example policy and procedures related to physical security measures, personnel security practice and procedures
  • Students will complete activities that involve creating Group Policy Objects using Active Directory Server

General and transferable skills

  • Enhance teamwork skills by collaborating with other professionals on developing comprehensive solutions for protecting organizational data and systems.
  • Strengthen critical thinking skills by learning how to analyze potential threats to an organization’s data and systems and develop appropriate countermeasures based on risk assessment techniques.
  • Improve organizational skills by learning how to create, implement, and maintain effective information security policies that are tailored to an organization’s specific needs while taking into account legal requirements, ethical considerations, budget constraints.
  • Enhance communication skills by learning how to effectively explain complex technical concepts related to information security policies in a clear and concise manner that is accessible to non-technical audiences.

Teaching and learning methods

  • Lectures
  • Tutorials
  • Problem-based learning
  • Mini-projects

Methods of assessments

  • Midterm exam 1= 25
  • Midterm exam 2 = 15
  • Mini-Project = 10
  • Final exam = 50

Course contents

  • Introduction to Information Security policies.
  • Security policy Standards and Procedures
  • Information Classification and Privacy Policies
  • Security Policy Development Life Cycle
  • Network Security and Email Policies
  • Encryption and Key Management Policy
  • Encryption and Key Management Policy
  • Legal and Regulatory Issues (Sarbanes-Oxley, HIPAA,FDA)
  • Security Policy: Audit and Compliance
  • Acceptable Use Policies and Training /Awareness
  • Security Policy: Enforcement and Effectiveness
  • Theoretical foundations and concepts of Risk, Risk management, Risk- Assessment, & Risk Mitigation
  • Disaster Recovery and Business Continuity
  • Mini-Project Presentation

Multimedia over IP networks (ITNT405)
Cloud Computing (ITNT404)
Fundamentals ubiquitous computing (ITNT403)
Wireless Sensor Networks (ITNT402)
Personal Area Networks (ITNT401)
Security Policy and Procedures (ITNT304)
Human Computer Interaction (ITNT302)
Modeling and Performance Evaluation (ITNT301)
Arabic language 1 (ITAR111)
General English1 (ITEL111)
Physics (ITPH111)
Intro to Information Technology (ITGS111)
Problem solving Technic (ITGS113)
Mathematics I (ITMM111)
Arabic language 2 (ITAR122)
Mathematics II (ITMM122)
General English2 (ITEL122)
Introduction to Programming (ITGS122)
System Analysis and Design (ITGS124)
logic Circuit Design (ITGS126)
Introduction to Statistics (ITST211)
Object Oriented Programmin (ITGS211)
Introduction to Software Engineering (ITGS213)
Introduction to Networking (ITGS215)
Discrete Structures (ITGS217)
Numerical analysis (ITGS219)
Information Security (ITGS224)
Foundation of Information Systems (ITGS222)
Computer Architucture & Organization (ITGS223)
Introduction to Internet Programming (ITGS226)
Introduction to Databases (ITGS228)
Data Structure (ITGS220)
Design and Analysis algorithms (ITGS301)
Data Communication (ITNT311)
Local Area Networks (ITNT312)
Networks Programming (ITNT313)
Cryptographic Algorithms and Protocols (ITNT314)
Wireless and Mobile Networks (ITNT324)
Operating System (ITGS302)
Digital Communication (ITNT323)
Network Protocols (ITNT322)
Wide Area Networks (ITNT321)
Scientific Writing (ITGS304)
IT Project Management (ITGS303)
Distributed Systems (ITNT411)
Network Design and Management (ITNT412)
Network QoS (ITNT421)
High speed Networks (ITNT422)
Graduation Project (ITNT500)