This subject provides students with a general introduction to IT security with a focus on security as it relates to information systems and internetworking. The subject starts with general security concerns and then goes on to discuss them in detail. Topics covered include authentication protocols, communication and network infrastructure security, basics of encryption, application and user security, operational and organisational security and intrusion detection systems.
Upon successful completion of this subject, students should:
- be able to explain common attacks against network assets, the associated threats and vulnerabilities, and what network security personnel do to secure assets;
- be able to explain how to use cryptography to help protect information and how to choose an appropriate encryption method for an organization;
- be able to implement security-enhanced computing baselines in an organization;
- be able to help protect information in an organization by using authentication and access control;
- be able to deploy and manage certificates;
- be able to help protect transmission of data by identifying threats to network devices and implementing security for common data transmission, remote access and wireless network traffic;
- be able to help protect web servers against common attacks and configure security for web browsers;
- be able to help protect e-mail messages and instant messaging from common security threats;
- be able to identify common security threats and vulnerabilities to directory services and DNS, and then apply security methods to help protect them;
- be able to identify network perimeter threats and monitor perimeter security for a network;
- be able to identify types of security policies to manage operational security, and then use these policies to ensure compliance by users in an organization;
- be able to preserve business continuity by implementing a security-enhanced disaster recovery strategy, communicating risks to others and performing secure backup and recovery; and
- be able to identify, respond to and assist in the formal investigation of security incidents.
The subject will cover the following topics:
Based on the International Computer Technology Industry Association Certificate Curriculum
Please note that the information above should be used as a guide only as the actual content of subjects is changed regularly to reflect the latest industry trends and student feedback.