Isol 531

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 1

Course Summary

Course Number and Name ISOL 531 – Access Control

Course Term and Delivery 2019 Spring – IG

Asynchronous Online Course

Course Instructor Dr. Dennis Backherms

Email: dennis.backherms@ucumberlands.edu

Office Hours: By appointment

Course Description The course provides an in-depth study of the three main security principles: availability, integrity and

confidentiality. The course examines mechanisms used to control what resources an entity can access,

and the extent of the entity’s capabilities to interact with the resource. The course also examines

approaches to auditing how the entity interacts with the resource.

Course Objectives 1. Define the authorization and the access to an IT infrastructure based on an access control policy

framework.

2. Mitigate risk to an IT infrastructure’s confidentiality, integrity, and availability with sound access

controls.

3. Analyze how a data classification standard impacts an IT infrastructure’s access control

requirements and implementation.

4. Develop an access control policy framework consisting of best practices for policies, standards,

procedures, and guidelines to mitigate unauthorized access.

5. Assess the consequences of failed access controls and mitigate unauthorized access.

6. Apply various access control methods to solve a range of business challenges.

7. Define proper security controls for information systems within IT infrastructures.

8. Explore ways to secure the facilities that house sensitive resources and use biometric technology

to verify identity.

mailto:dennis.backherms@ucumberlands.edu
University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 2

9. Design appropriate authentication solutions throughout an IT infrastructure based on user types

and data classification standards.

10. Utilize policies, standards, guidelines, and procedures to implement and maintain access control.

11. Implement a secure remote access solution.

Course Structure • Watch weekly lecture • Participate in class discussion via forums • Reading assigned texts • Complete quizzes based on labs • Complete homework assignments

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 3

Learning Materials and References

Required Resources

Textbook(s) Required:

 Chapple, Mike, Ballad, Bill, Ballad, Tricia, and Banks, Erin K. Access Control, Authentication, and Public Key Infrastructure, Second Edition. Jones & Bartlett Learning, 2014.

Recommended Materials/Resources

Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for

supplementary information to augment your learning in this subject.

 Official (ISC)2 Training Guide CISSP CBK, 2015  Harris, Shon. All in One CISSP Exam Guide, Sixth Edition. McGraw-Hill, 2013.  Rhodes-Ousley, Mark. The Complete Reference to Information Security, Second Edition.

McGraw-Hill, 2013.

Professional Associations

 International Association of Privacy Professionals (IAPP)

This Web site provides opportunity to interact with a community of privacy professionals and to

learn from their experiences. This Web site also provides valuable career advice.

https://www.privacyassociation.org/

 International Information Systems Security Certification Consortium, Inc., (ISC)²®

This Web site provides access to current industry information. It also provides opportunities in

networking and contains valuable career tools.

http://www.isc2.org/

 ISACA

This Web site provides access to original research, practical education, career-enhancing

certification, industry-leading standards, and best practices. It also provides a network of like-

minded colleagues and contains professional resources and technical/managerial publications.

https://www.isaca.org/Pages/default.aspx

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 4

Course Outline

Note: Assignments in the following table are listed when they are due.

Grading Category Activity Title

Week 1: Assessing Risk and the Access Control Framework

Required Readings  Chapter 1, “Access Control Framework”  Chapter 2, “Assessing Risk and Its Impact on Access Control”

Discussion Introduction

Lab #1 Configuring an Active Directory Domain Controller

Lab #1 Quiz

Lab #2 Managing Windows Accounts and Organizational Units

Lab #2 Quiz

Week 2: Business Access Control Needs and Requirements

Required Readings  Chapter 3, “Business Drivers for Access Controls”  Chapter 4, “Access Control Policies, Standards, Procedures,

and Guidelines”

Discussion Privacy and Compliance

Lab #3 Configuring Windows File System Permissions

Lab #3 Quiz

Assignment Identification, Authentication, and Authorization Techniques

Week 3: Security Breaches and Business Challenges

Required Readings  Chapter 5, “Security Breaches and the Law”  Chapter 6, “Mapping Business Challenges to Access Control

Types”

Discussion Security Breach Evaluation

Lab #4 Managing Group Policy Objects in Active Directory

Lab #4 Quiz

Lab #5 Configuring Windows Firewall

Lab #5 Quiz

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 5

Grading Category Activity Title

Week 4: Humans and Access Control

Required Readings

 Chapter 7, “Human Nature and Organizational Behavior”  Chapter 8, “Access Control for Information Systems”

Discussion Mapping Business Challenges to Types of Control

Exam Midterm Exam

Week 5: Physical Security and Access Control

Required Readings  Chapter 9, “Physical Security and Access Control”  Chapter 10, “Access Control in the Enterprise”

Discussion Biometric System Evaluation

Lab #6 Managing Linux Accounts

Lab #6 Quiz

Assignment Implementation of Authentication Process

Week 6: Remote Workers and Access Control

Required Readings  Chapter 11, “Access Control System Implementations”  Chapter 12, “Access Control Solutions for Remote Workers”

Discussion Multilayer User Access Control

Assignment Internet/Web Access Management

Week 7: Public Key Infrastructure and Access Control

Required Readings  Chapter 13, “Public Key Infrastructure and Encryption”  Chapter 14, “Testing Access Control Systems”

Discussion Remote Access Method Evaluation

Assignment PKI and Encryption at Work

Week 8: Your Academic Journey Continues…

Discussion Personal Reflection

Assignment Executive Program Practical Connection

Exam Final Exam

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 6

Evaluation and Grading Evaluation Criteria The graded assignments will be evaluated using the following weighted categories:

Category Weight

• Discussions • 20 • Labs • 20 • Assignments • 20 • Midterm Exam • 20 • Final Exam • 20

• TOTAL • 100%

Grade Conversion The final grades will be calculated from the percentages earned in the course, as follows:

Grade Percentage

A 90–100% B 80–89.5% C 70–79.5% F <69.5%

Course Expectations

Academic Integrity At a Christian liberal arts University committed to the pursuit of truth and understanding, any act of

academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty

involves the abuse and misuse of information or people to gain an undeserved academic advantage or

evaluation. The common forms of academic dishonesty include:

a. cheating - using deception in the taking of tests or the preparation of written work, using unauthorized materials, copying another person’s work with or without consent, or assisting another in such activities

b. lying—falsifying, fabricating, or forging information in either written, spoken, or video presentations

c. plagiarism—using the published writings, data, interpretations, or ideas of another without proper documentation

University of the Cumberlands School of Computer and Information Sciences

ISOL 531 – Access Control

Page 7

Episodes of academic dishonesty are reported to the Vice President for Academic Affairs. The

potential penalty for academic dishonesty includes a failing grade on a particular assignment, a failing

grade for the entire course, or charges against the student with the appropriate disciplinary body.

Late Policy Students are expected to submit classroom assignments by the posted due date and to complete the

course according to the published class schedule. As adults, students, and working professionals I

understand you must manage competing demands on your time. Late assignments will not be accepted for a grade; no exceptions. Absolutely NO assignments will be accepted after the last day of the course.

Students with Disabilities University of the Cumberlands accepts students with certified disabilities and provides reasonable

accommodations for their certified needs in the online classroom or in other areas. For accommodations

to be awarded, a student must submit a completed Accommodations Application form and provide

documentation of the disability. Students who may have a disability meriting an academic

accommodation should contact the Disability Services Coordinator (Nate Clouse, in Boswell Campus

Center) to ensure that their needs are properly evaluated and that documentation is on file. Any

accommodations for disabilities must be re-certified each bi-term by the Disability Services Coordinator

before course adjustments are made by individual instructors.

Student Responsibilities 1. Students are expected to login several times per week to participate in class discussions. 2. Students are expected to find out if any changes have been made in the class or

assignment schedule. 3. Students are expected to be self-motivating in an online, asynchronous course.

Course Summary
Course Number and Name
Course Term and Delivery
Course Instructor
Course Description
Course Objectives
Course Structure
Learning Materials and References
Required Resources
Recommended Materials/Resources
Course Outline
Evaluation Criteria
Grade Conversion
Course Expectations
Academic Integrity
Late Policy
Students with Disabilities
Student Responsibilities