CT 201: Information Security and Risk Management
This course offers an overview of information security management and addresses the identification of an organization's information assets and development of policies and procedures to ensure availability, integrity, and confidentiality of information. Topics include data classification, risk assessment, and risk analysis, which are used to identify threats, classify assets, and rate vulnerabilities so effective security controls can be implemented. The impact of various aspects of risk management and the evaluation of risk management effectiveness are critically analyzed.
CT 202: Enterprise Security Architecture and Design
This course prepares students to develop concepts, principles, structures, and standards that are used in designing, monitoring, and securing a network infrastructure. The elements of the network infrastructure that are covered in the course are hardware, software (including operating systems), and all associated functions.
CT 203: Access Control Systems and Methodology
This course explores the CBK domain and access control systems and methodology, which cover the methods and processes to control the use and content of a system. Topics include access control, which determines the parameters of users' performance resources available. Critical issues will include evaluation of security threats and various access control mechanisms available.
CT 204: Application Security
This course describes the principles of design engineering and presents the concepts of database systems, software application, and development as they are applied to information security. Topics include concepts of data warehousing, data mining, and knowledge systems. Key concepts include the fundamentals of program interface functionality and protection mechanisms.
CT 205: Operations Security
This course explores operations security and the process of identifying security controls used for hardware and media as well as users and administrators. Topics include protection controls, such as directive controls, preventive controls, detective controls, corrective controls, recovery controls, and deterrent controls.
CT 206: Cryptography
This course investigates the principles and tools of cryptography to include symmetrical and asymmetrical key algorithms, public key infrastructure, hashing algorithms, and the types of attacks on systems implementing cryptography. Additional topics include the history of cryptography, cryptography components, and government involvement in cryptography.
CT 207: Physical Security
This course examines the physical security of the entire facility in terms of identifying threats and vulnerabilities and countermeasures. The impact of risk regarding physical security will be analyzed.
CT 208: Telecommunications and Network Security
This course offers the student a comprehensive overview of the CBK. Topics include principles and concepts of telecommunications and network security in relation to LAN, WAN, and remote access. Key concepts include gateways, firewalls, and communication protocols.
CT 209: Business Continuity Planning and Disaster Recovery
This course analyzes how students can address the recovery of an organization in the case of disruptions due to natural and manmade disasters. The impact of how plans are developed and implemented with regard to business continuity and disaster recovery are reviewed.
CT 210: Legal, Regulations, Compliance, Investigations, and Ethics
This course prepares the student to understand the legal, ethical, and investigative aspects of information system security. Topics include computer crime laws and regulations, investigative measures and techniques, and information security ethics as applied to society, employees, and (ISC)2 members.