University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 1
Course Summary
Course Number and Name ISOL 531 – Access Control
Course Term and Delivery 2019 Spring – IG
Asynchronous Online Course
Course Instructor Dr. Dennis Backherms
Email: dennis.backherms@ucumberlands.edu
Office Hours: By appointment
Course Description The course provides an in-depth study of the three main security principles: availability, integrity and
confidentiality. The course examines mechanisms used to control what resources an entity can access,
and the extent of the entity’s capabilities to interact with the resource. The course also examines
approaches to auditing how the entity interacts with the resource.
Course Objectives 1. Define the authorization and the access to an IT infrastructure based on an access control policy
framework.
2. Mitigate risk to an IT infrastructure’s confidentiality, integrity, and availability with sound access
controls.
3. Analyze how a data classification standard impacts an IT infrastructure’s access control
requirements and implementation.
4. Develop an access control policy framework consisting of best practices for policies, standards,
procedures, and guidelines to mitigate unauthorized access.
5. Assess the consequences of failed access controls and mitigate unauthorized access.
6. Apply various access control methods to solve a range of business challenges.
7. Define proper security controls for information systems within IT infrastructures.
8. Explore ways to secure the facilities that house sensitive resources and use biometric technology
to verify identity.
mailto:dennis.backherms@ucumberlands.edu
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 2
9. Design appropriate authentication solutions throughout an IT infrastructure based on user types
and data classification standards.
10. Utilize policies, standards, guidelines, and procedures to implement and maintain access control.
11. Implement a secure remote access solution.
Course Structure • Watch weekly lecture • Participate in class discussion via forums • Reading assigned texts • Complete quizzes based on labs • Complete homework assignments
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 3
Learning Materials and References
Required Resources
Textbook(s) Required:
Chapple, Mike, Ballad, Bill, Ballad, Tricia, and Banks, Erin K. Access Control, Authentication, and Public Key Infrastructure, Second Edition. Jones & Bartlett Learning, 2014.
Recommended Materials/Resources
Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for
supplementary information to augment your learning in this subject.
Official (ISC)2 Training Guide CISSP CBK, 2015 Harris, Shon. All in One CISSP Exam Guide, Sixth Edition. McGraw-Hill, 2013. Rhodes-Ousley, Mark. The Complete Reference to Information Security, Second Edition.
McGraw-Hill, 2013.
Professional Associations
International Association of Privacy Professionals (IAPP)
This Web site provides opportunity to interact with a community of privacy professionals and to
learn from their experiences. This Web site also provides valuable career advice.
https://www.privacyassociation.org/
International Information Systems Security Certification Consortium, Inc., (ISC)²®
This Web site provides access to current industry information. It also provides opportunities in
networking and contains valuable career tools.
http://www.isc2.org/
ISACA
This Web site provides access to original research, practical education, career-enhancing
certification, industry-leading standards, and best practices. It also provides a network of like-
minded colleagues and contains professional resources and technical/managerial publications.
https://www.isaca.org/Pages/default.aspx
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 4
Course Outline
Note: Assignments in the following table are listed when they are due.
Grading Category Activity Title
Week 1: Assessing Risk and the Access Control Framework
Required Readings Chapter 1, “Access Control Framework” Chapter 2, “Assessing Risk and Its Impact on Access Control”
Discussion Introduction
Lab #1 Configuring an Active Directory Domain Controller
Lab #1 Quiz
Lab #2 Managing Windows Accounts and Organizational Units
Lab #2 Quiz
Week 2: Business Access Control Needs and Requirements
Required Readings Chapter 3, “Business Drivers for Access Controls” Chapter 4, “Access Control Policies, Standards, Procedures,
and Guidelines”
Discussion Privacy and Compliance
Lab #3 Configuring Windows File System Permissions
Lab #3 Quiz
Assignment Identification, Authentication, and Authorization Techniques
Week 3: Security Breaches and Business Challenges
Required Readings Chapter 5, “Security Breaches and the Law” Chapter 6, “Mapping Business Challenges to Access Control
Types”
Discussion Security Breach Evaluation
Lab #4 Managing Group Policy Objects in Active Directory
Lab #4 Quiz
Lab #5 Configuring Windows Firewall
Lab #5 Quiz
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 5
Grading Category Activity Title
Week 4: Humans and Access Control
Required Readings
Chapter 7, “Human Nature and Organizational Behavior” Chapter 8, “Access Control for Information Systems”
Discussion Mapping Business Challenges to Types of Control
Exam Midterm Exam
Week 5: Physical Security and Access Control
Required Readings Chapter 9, “Physical Security and Access Control” Chapter 10, “Access Control in the Enterprise”
Discussion Biometric System Evaluation
Lab #6 Managing Linux Accounts
Lab #6 Quiz
Assignment Implementation of Authentication Process
Week 6: Remote Workers and Access Control
Required Readings Chapter 11, “Access Control System Implementations” Chapter 12, “Access Control Solutions for Remote Workers”
Discussion Multilayer User Access Control
Assignment Internet/Web Access Management
Week 7: Public Key Infrastructure and Access Control
Required Readings Chapter 13, “Public Key Infrastructure and Encryption” Chapter 14, “Testing Access Control Systems”
Discussion Remote Access Method Evaluation
Assignment PKI and Encryption at Work
Week 8: Your Academic Journey Continues…
Discussion Personal Reflection
Assignment Executive Program Practical Connection
Exam Final Exam
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 6
Evaluation and Grading Evaluation Criteria The graded assignments will be evaluated using the following weighted categories:
Category Weight
• Discussions • 20 • Labs • 20 • Assignments • 20 • Midterm Exam • 20 • Final Exam • 20
• TOTAL • 100%
Grade Conversion The final grades will be calculated from the percentages earned in the course, as follows:
Grade Percentage
A 90–100% B 80–89.5% C 70–79.5% F <69.5%
Course Expectations
Academic Integrity At a Christian liberal arts University committed to the pursuit of truth and understanding, any act of
academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty
involves the abuse and misuse of information or people to gain an undeserved academic advantage or
evaluation. The common forms of academic dishonesty include:
a. cheating - using deception in the taking of tests or the preparation of written work, using unauthorized materials, copying another person’s work with or without consent, or assisting another in such activities
b. lying—falsifying, fabricating, or forging information in either written, spoken, or video presentations
c. plagiarism—using the published writings, data, interpretations, or ideas of another without proper documentation
University of the Cumberlands School of Computer and Information Sciences
ISOL 531 – Access Control
Page 7
Episodes of academic dishonesty are reported to the Vice President for Academic Affairs. The
potential penalty for academic dishonesty includes a failing grade on a particular assignment, a failing
grade for the entire course, or charges against the student with the appropriate disciplinary body.
Late Policy Students are expected to submit classroom assignments by the posted due date and to complete the
course according to the published class schedule. As adults, students, and working professionals I
understand you must manage competing demands on your time. Late assignments will not be accepted for a grade; no exceptions. Absolutely NO assignments will be accepted after the last day of the course.
Students with Disabilities University of the Cumberlands accepts students with certified disabilities and provides reasonable
accommodations for their certified needs in the online classroom or in other areas. For accommodations
to be awarded, a student must submit a completed Accommodations Application form and provide
documentation of the disability. Students who may have a disability meriting an academic
accommodation should contact the Disability Services Coordinator (Nate Clouse, in Boswell Campus
Center) to ensure that their needs are properly evaluated and that documentation is on file. Any
accommodations for disabilities must be re-certified each bi-term by the Disability Services Coordinator
before course adjustments are made by individual instructors.
Student Responsibilities 1. Students are expected to login several times per week to participate in class discussions. 2. Students are expected to find out if any changes have been made in the class or
assignment schedule. 3. Students are expected to be self-motivating in an online, asynchronous course.
Course Summary
Course Number and Name
Course Term and Delivery
Course Instructor
Course Description
Course Objectives
Course Structure
Learning Materials and References
Required Resources
Recommended Materials/Resources
Course Outline
Evaluation Criteria
Grade Conversion
Course Expectations
Academic Integrity
Late Policy
Students with Disabilities
Student Responsibilities