Introduction to Information Systems Security
Sheridan College Logo
  I: Administrative Information   II: Course Details   III: Topical Outline(s)  Printable Version
Section I: Administrative Information
  Total hours: 42.0
Credit Value: 3.0
Credit Value Notes: N/A
Effective: Fall 2018
Prerequisites: MATH10025
Corequisites: N/A
Equivalents: N/A

Pre/Co/Equiv Notes: N/A

Program(s): Hon Bach CompSci - Mobile Comp
Program Coordinator(s): Magdin Stoica
Course Leader or Contact: Richard Pyne
Status: Approved (APPR)

Section I Notes: N/A

Section II: Course Details

Detailed Description
Students are introduced to the field of information security and assurance, and are presented with a spectrum of information systems security activities, methods, methodologies, and procedures.Students learn about the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Students learn through interactive lectures, hands-on exercises and assignment experiences about security solutions, threat assessment and risks to information systems. Additional students investigate topics which include determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Their investigation includes inspection and protection of information assets, detection of and reaction to threats to information assets, and an overview of the information security management and implementation.

Program Context

Hon Bach CompSci - Mobile Comp Program Coordinator(s): Magdin Stoica
This required second year course provides the foundation for understanding the key issues associated with protecting information assets, threat assessment and risks to information systems.

Course Critical Performance and Learning Outcomes

  Critical Performance:
By the end of this course, students will have demonstrated ability to evaluate security solutions, threats and risks to information systems.
Learning Outcomes:

To achieve the critical performance, students will have demonstrated the ability to:

  1. Prioritize threats to the information system.
  2. Identify security solutions including components of hardware, software and personnel.
  3. Define a security solution that addresses a specific vulnerability.
  4. Assess the security threats posed to corporate information assets.
  5. Describe the common approaches to information asset risk management.
  6. Use the components of an information risk assessment appropriately.
  7. Apply the main stages of a qualitative information risk analysis.

Evaluation Plan
Students demonstrate their learning in the following ways:

 Evaluation Plan: IN-CLASS
 Assignments (3 @ 13.33% approx. weeks 3, 6, 9)40.0%
 Mid Term Exam (approx. week 7)30.0%
 Final Exam (approx. week 13)30.0%

Evaluation Notes and Academic Missed Work Procedure:
To pass the course, students must achieve a 50% weighted average across the tests and the exams and at least 50% overall in the course.

Provincial Context
The course meets the following Ministry of Advanced Education and Skills Development requirements:


Prior Learning Assessment and Recognition
PLAR Contact (if course is PLAR-eligible) - Office of the Registrar

Students may apply to receive credit by demonstrating achievement of the course learning outcomes through previous relevant work/life experience, service, self-study and training on the job. This course is eligible for challenge through the following method(s):

  • Challenge Exam
  • Portfolio
  • Other
    Notes:Challenge exam, portfolio, and project are required for PLA.

Section III: Topical Outline
Some details of this outline may change as a result of circumstances such as weather cancellations, College and student activities, and class timetabling.
Instruction Mode: In-Class
Professor: Multiple Professors
RequiredTextbookPrinciples of Information Security, Whitman, E., M., & Mattord, J., H., Course Technology, Centage Learning, 5th ed., ISBN 9781285448367, 2012
RequiredTextbookInformation Security Risk Analysis, Peltier, R., T., CRC Press, 3rd ed., ISBN 9781439839560 OR EBOOK 9781439, 2010

Applicable student group(s): Bachelor of Applied Computer Science - Mobile Computing
Course Details:

1. Fundamentals of Information Security.
         - Critical characteristics of information and information
         - Approaches to information security implementation
         - The security systems development lifecycle
         - Threats to information assets
         - Types of attacks on information assets
         - Secure software development

2. Legal, Ethical, and Professional Issues in Information
         - Law and ethics in information security
         - Relevant Canadian, U.S.  and international laws and legal
         - Policy vs. law
         - Ethics and information security
         - Codes of ethics, certification,  and professional

3. Risk Management and Planning for Security
         - Risk identification, assessment, and control strategies
         - Selecting a risk control strategy
         - Information security planning and governance
         - Information security, policy, standards, and practices
         - Information security blueprint
         - Security strategies

4. Security Technology:
         Firewalls, VPNs, and Wireless
         - Access control, Firewalls, Protecting remote connections
           Intrusion Detection and Prevention Systems and Other
         Security Tools:
         - Intrusion detection and prevention systems
         - Honeypots, honeynets, and padded cell systems
         - Scanning and analysis tools
         - Biometric access control

5. Cryptography.
         - Cipher methods
         - Cryptographic algorithms
         - Cryptographic tools
         - Protocols for secure communications
         - Attacks on cryptosystems

6. Physical Security.
         - Physical access control
         - Interception of data
         - Mobile and portable systems
         - Special considerations for physical security

7. Implementing Information Security, Maintenance and
         - IS project management (Technical and non-technical aspects
           of implementation)
         - Security management maintenance models
         - Digital forensics

Note: The topics within each module are grouped semantically and are not meant to suggest a time sequence. A course plan must be provided by the professor identifying the class-by-class arrangement of topics.

Sheridan Policies

All Sheridan policies can be viewed on the Sheridan policy website.

Academic Integrity: The principle of academic integrity requires that all work submitted for evaluation and course credit be the original, unassisted work of the student. Cheating or plagiarism including borrowing, copying, purchasing or collaborating on work, except for group projects arranged and approved by the professor, or otherwise submitting work that is not the student's own, violates this principle and will not be tolerated. Students who have any questions regarding whether or not specific circumstances involve a breach of academic integrity are advised to review the Academic Integrity Policy and procedure and/or discuss them with the professor.

Copyright: A majority of the course lectures and materials provided in class and posted in SLATE are protected by copyright. Use of these materials must comply with the Acceptable Use Policy, Use of Copyright Protected Work Policy and Student Code of Conduct. Students may use, copy and share these materials for learning and/or research purposes provided that the use complies with fair dealing or an exception in the Copyright Act. Permission from the rights holder would be necessary otherwise. Please note that it is prohibited to reproduce and/or post a work that is not your own on third-party commercial websites including but not limited to Course Hero or OneNote. It is also prohibited to reproduce and/or post a work that is not your own or your own work with the intent to assist others in cheating on third-party commercial websites including but not limited to Course Hero or OneNote.

Intellectual Property: Sheridan's Intellectual Property Policy generally applies such that students own their own work. Please be advised that students working with external research and/or industry collaborators may be asked to sign agreements that waive or modify their IP rights. Please refer to Sheridan's IP Policy and Procedure.

Respectful Behaviour: Sheridan is committed to provide a learning environment that supports academic achievement by respecting the dignity, self-esteem and fair treatment of every person engaged in the learning process. Behaviour which is inconsistent with this principle will not be tolerated. Details of Sheridan's policy on Harassment and Discrimination, Academic Integrity and other academic policies are available on the Sheridan policy website.

Accessible Learning: Accessible Learning coordinates academic accommodations for students with disabilities. For more information or to register, please see the Accessible Learning website (Statement added September 2016)

Course Outline Changes: The information contained in this Course Outline including but not limited to faculty and program information and course description is subject to change without notice. Any changes to course curriculum and/or assessment shall adhere to approved Sheridan protocol. Nothing in this Course Outline should be viewed as a representation, offer and/or warranty. Students are responsible for reading the Important Notice and Disclaimer which applies to Programs and Courses.

[ Printable Version ]

Copyright © Sheridan College. All rights reserved.