Feb 19, 2020  
2019 - 2020 Cowley College Academic Catalog 
2019 - 2020 Cowley College Academic Catalog



3 Credit Hours

Student Level:  

This course is open to students on the college level in either the freshman or sophomore year.

Catalog Description:

CIS1907 - Enterprise Security Management (3 hrs.)

An introduction to the project management techniques, topics, and policies involved in implementing security within an organization.

Course Classification:




Controlling Purpose:

This course is designed to meet the needs of students in explaining the various issues in assessing risk, implementing security policies, and the management of computer security within an organization.

Learner Outcomes:

Upon completion of the course, the student will gain an understanding of issues in risk management, various professional security models, employment considerations, development of policies, and actual implementation with an organization.

Unit Outcomes for Criterion Based Evaluation:

The following defines the minimum core content not including the final examination period. Instructors may add other content as time allows.

UNIT 1:  Introduction to the Management of Information Security

Outcomes: Understand the concept of security and management of information security

  • Explain what is security including the NSTISSC Security model
  • Explain what is management
  • List and explain the principles of information security management

UNIT 2:  Planning for Security

Outcomes: Understand the planning process

  • Explain the role of planning
  • Explain the precursors to planning
  • Explain strategic planning
  • Explain planning for information security implementation

UNIT 3: Planning for Contingencies

Outcomes: Understand planning for contingencies

  • Explain what is contingency planning
  • List and explain the components of contingency planning
  • Explain business resumption planning
  • Explain testing contingency plans

UNIT 4: Information Security Policy

Outcomes: Understand the various topics in risk management including identification, assessment and control

  • Explain the need for policies
  • Explain the enterprise information security policy
  • Explain issue-specific security policy
  • Explain system-specific security policy
  • List and explain guidelines for effective policy

UNIT 5: Developing the Security Program

Outcomes: Understand how to develop the security program

  • Explain how to organize security
  • Explain how to place information security within an organization
  • List the components of the security program
  • List and explain the information security roles and titles
  • Explain how to implement security education, training, and awareness programs.

UNIT 6: Security Technology: Security Management Models and Practices

Outcomes: Understand how to implement security using software and hardware

  • List and explain the security management models
  • Explain security management practices
  • Explain metrics in information security management
  • Discuss emerging trends in certification and accreditation

UNIT 7: Risk Management: Identifying and Assessing Risk

Outcomes: Understand the different components in identifying and assessing risk to the organization

  • Explain risk management
  • Explain risk identification
  • Explain risk assessment
  • Explain documenting the results of risk assessment

UNIT 8:  Risk Management: Controlling Risk

Outcomes: Understand the techniques for controlling risk

  • List and describe risk control strategies
  • Explain management of risk
  • Explain feasibility studies and cost-benefit analysis
  • List and explain risk control practices
  • Describe the OCTAVE Method
  • Describe the Microsoft Risk Management Approach

UNIT 9:  Protection Mechanisms

Outcomes: Understand the different components to protect your organization

  • List and describe access controls
  • Explain how firewalls work
  • Explain how intrusion detection systems work
  • Explain remote access protection
  • Explain wireless networking protection
  • Explain scanning and analysis tools
  • Explain cryptography

UNIT 10: Personnel and Security

Outcomes: Understand the employment considerations in the security professionals position

  • Explain staffing requirements for the security function
  • List and explain the various information security professional credentials
  • Describe employment policies and practices

UNIT 11: Law and Ethics

Outcomes: Understand the legal aspect of security management

  • Describe law and ethics in information security
  • List and explain the legal issues
  • Describe the ethical concepts in information security
  • List and explain the professional organizations and their codes of ethics
  • Describe organization liability and the need for counsel

UNIT 12:  Information Security Project Management

Outcomes: Understand the steps in managing security implementation

  • Explain project management
  • Apply project management to security
  • Describe project management tools

Projects Required:



Contact Bookstore for current textbook.

Materials/Equipment Required:

Attendance Policy:

Students should adhere to the attendance policy outlined by the instructor in the course syllabus.

Grading Policy:

The grading policy will be outlined by the instructor in the course syllabus.

Maximum class size:

Based on classroom occupancy

Course Timeframe:  

The U.S. Department of Education, Higher Learning Commission and the Kansas Board of Regents define credit hour and have specific regulations that the college must follow when developing, teaching and assessing the educational aspects of the college. A credit hour is an amount of work represented in intended learning outcomes and verified by evidence of student achievement that is an institutionally-established equivalency that reasonably approximates not less than one hour of classroom or direct faculty instruction and a minimum of two hours of out-of-class student work for approximately fifteen weeks for one semester hour of credit or an equivalent amount of work over a different amount of time. The number of semester hours of credit allowed for each distance education or blended hybrid courses shall be assigned by the college based on the amount of time needed to achieve the same course outcomes in a purely face-to-face format.

Refer to the following policies:

402.00 Academic Code of Conduct

263.00 Student Appeal of Course Grades

403.00 Student Code of Conduct

Disability Services Program:

Cowley College, in recognition of state and federal laws, will accommodate a student with a documented disability.  If a student has a disability, which may impact work in this class, which requires accommodations, contact the Disability Services Coordinator.