Information Systems Security

General Course Information

Course Lecturer Name(s):  Keston Bhola

Course Director Name: N/A

Course Lecturer(s) Contact Information:, ext. 3750

Course Director Contact Information: N/A 

Course Lecturer(s) Office Hours:  10:00 – 3:00 | Tue & Thu 

Course Director Office Hours: N/A

Course Lecturer(s) Office Location:  Leeward Hall, 2nd Floor

Course Director Office Location: N/A

Course Support: Mary Celestine,, Ext. 3726

Course Management tool: To learn to use Sakai, the Course management tool, access the link

Course Curriculum Information

Course Description: 

Our world is increasingly becoming more dependent on data and the systems that accept, process, provide and store such. In addition, network technologies have facilitated interconnection among these various systems allowing access from virtually anywhere. As John Gage put it, the network is the computer (Graham-Cumming, 2019).[1] Highly sensitive economic, financial, military, ad personal information is stored and processed in a global network that spans countries, governments, businesses, organizations, and individuals. Regardless of the countless uses and advantages, this affordance comes with numerous risks. Securing cyberspace is now synonymous with securing the normal functioning of our daily lives (Jacobs, 2011)[2]

US Federal government committee, Committee on National Security Systems (CNSS), defines Information Systems Security as: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.” (Committee on National Security Systems, 2010)[3]

This course consequently provides students with such a knowledge ensure information assurance and security in the application of technology in an organization. It does so by covering topics related to the foundational principles of information and cybersecurity, namely Confidentiality, Availability, and Integrity, often referred to as the CIA triangle. It covers areas such as risk and threat analysis and appropriate mitigation techniques, installation and configuration of hardware and software security controls, disaster managements and recovery procedures. All these are discussed within the context of within applicable regulatory frameworks.

Course Objectives: 

  1. Identify various network components, both hardware- and software-based, to support organizational security.
  2. Analyze indicators of compromise and determine the type of attack.
  3. Perform basic penetration testing and vulnerability scanning
  4. Participate in risk mitigation activities
  5. Discuss cloud and virtualization concepts
  6. Explain cryptography algorithms and their basic characteristics.
  7. Draft IT policies
  8. Identify applicable regulatory frameworks

Student Learning Outcomes:

  1. Differentiate between threats, vulnerabilities, and attacks.
  2. Compare and contrast types of attacks.
  3. Perform threat analysis and respond with appropriate mitigation techniques
  4. Install and configure systems to secure applications, networks, and devices
  5. Compare and contrast identity and access management concepts
  6. Discuss and evaluate policies, laws and regulations that are relevant to safeguarding an organization’s information assets.
  7. Discuss incident response and recovery procedures.
  8. Compare and contrast cryptographic concepts

Program Outcomes Met By This Course:

CTPO1 - Analyse a problem, identify, and define the computing requirements appropriate to its solution

CTPO2 - Design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs

CTPO4 - Recognize the need for and engage in continuous professional development.

CTPO-5 - Apply current techniques, concepts, skills, tools, and best practices used in the core information technologie

SAS Grading Scale: Grades will be assigned as follows:

A  = 89.5% or better

B+ = 84.5 - 89.4%

B  = 79.5 - 84.4%

C+ = 74.5 - 79.4%

C  = 69.5 - 74.4%

D  = 64.5 - 69.4%

F = 64.4% or less 

Course Materials:

Primary Text: 

CompTIA Security+ SY0-601 Cert Guide (Certification Guide), 5th Edition, Omar Santos

(Author), Ron Taylor  (Author), Joseph Mlodzianowski (Author), Pearson IT Certification (October 2021)

Supplementary Readings/Resources: 

Numerous resources available from professional journals, web sites, magazines, news companies, manufacturers, industry trade groups and regulatory agencies. Access to these authors are usually facilitated using the world wide web.

Books from these authors are also highly recommended and are readily available online: Mike Meyers, Mike Chapple, Darril Gibson

Course Grading Requirement:

Course assessments are broken into these four broad categories

  • Assignments: assessments involving theory, research, and analysis.
  • Labs: practical assessments. Some may be recorded as mini-labs, which are labs which may not be graded. If graded, the weight is significantly less that the full ‘Labs’.
  • Forums: peer-based discussions. Post your thoughts on a particular subject. View and respond to your classmate’s own posts.
  • Exams: assessments under strict controlled conditions. Given using ExamSoft Examplify (with Exam Monitor). Include midterm and final exams.

May involve short/in-class quizzes (TurningPoint/Sakai) that assess your understanding of concepts at the end of class sessions. Short/in class quizzes may not be as rigorously controlled and even if graded, primarily contributes to you assessing your understanding of the material.

Grade weight distribution is as follows:

  • Assignments: 25%
  • Labs: 20%
  • Forums: 15%
  • Exams: 25%
  • Quizzes: 15%

Course Requirements:

Software required

-Oracle VM VirtualBox – virtualization software


Android: iOS:


Other software will be provided as needed

Course Schedule




Assessment and Activities


Syllabus Discussion


  • Syllabus [In Sakai]
  • Syllabus Addendum
  • CompTIA Security+ Exam objectives

Install TurningPoint on your device

Look up the requirements of the Security+ exam

Introduction to Information Systems Security

-Definitions, related fields

-Importance, relevance

-Security principles and goals (CIA triangle)

-Training and certifications

Chapter 1: pp. 3-8


Basic threats (Vulnerabilities and risk)

-think like a hacker

-actor types and attributes

Chapter 1, pp. 9-11

Chapter 1 Forum


Types of Attacks

-Social engineering



-Other application vulnerabilities and attacks

Chapter 5, pp. 144-158

Chapter 7, pp. 226-250

Chapter 9 pp. 285-294

Chapter 17, pp.583-590

Labs 2.1, 2.2 ,2.3 (A, B, C)



-Viruses, ransomware, worms, trojans, spyware/adware, rootkits

Chapter 2

Assignment 1: Social Engineering

Physical and Facilities Security Controls

Chapter 17, pp. 593-


Chapter 10, pp.321-326

End of Chapter Quiz

[Weeks 1,2,3]


Infrastructure Security: Computer

-OS security (applications and system), vendor recommendations

-Virtualization concepts

-Security applications

-Securing hardware and peripherals

Chapter 3, pp.53-66

Chapter 4

ADD Ch. 5 here (App. Security)

End of Chapter Quiz [not

given] Labs 4.1, 4.2


Infrastructure Security: Network

-design elements

-how a network works: IP address, ports, URLs, the


-cloud and server defense

-securing wired networks and devices

Chapter 6

Chapter 7, pp.217-225

Chapter 9, pp. 285-294

[See week 2 duplicate]

End of Chapter Quiz [not

given] Forum


Network security technology, tools and approaches

-Firewalls, VPNs, Routers, Gateways, Access Points

-Honeypots and honeynets

- Network Intrusion Protection Systems (NIPS) and

Network Intrusion Detection Systems (NIDS)

-Other command line tools

Chapter 3, pp. 53-57

Chapter 8


End of Chapter Quiz

Assignment 1 due



Infrastructure Security: Wireless and Mobile Devices

-management concepts

-deployment models (BYOD, VDI, Co-operate owned

-attacks and vulnerabilities

Chapter 3, pp. 66-78

Chapter 9, pp. 295-311


[Study for Midterm]

[Peer review…assignment



Midterm Exam


Risk and Vulnerability Management

-basic concepts

-application vulnerabilities

-penetration testing vs. vulnerability scanning

-vulnerability management

Chapter 5, 12 Remove Ch. 5 from here…place in week 4)

Assignment 2 given


End of chapter quiz


Monitoring and audit: use appropriate tools to assess the security posture of an organization

-monitoring and auditing

-network scanners, protocol analyzers, vulnerability scanners, exploitation frameworks

Chapter 13


End of chapter quiz


Identity and Access Management

  • authentication, authorization and accounting (AAA) - biometrics, physical access controls, two factor authentication
  • account types and policies


Chapter 10, 11


Forum discussion

End of chapter quiz


Cryptography and PKI

-Uses cases including authentication and nonrepudiation

-Symmetric and asymmetric algorithms

-Steganography and obfuscation

Chapter 14


Forum discussion

End of chapter quiz



Cryptography and PKI

-digital signatures and certificates

-random number generation

-PKI discussion

-wireless security settings

-Cryptographic Attacks

Chapter 15


End of chapter quiz


Redundancy and Disaster Recovery

-Redundancy and backup

-Incident response

-Continuity and recovery

Chapter 16

Forum discussion

End of chapter quiz


Policy, Legal Regulations & Compliance

-Operating procedures

-Personnel management: Separation of duties, principles of least privilege, hiring, background checks, exit checks

-Security policies: SGU Computing guidelines and policies examples

Chapter 18                      



End of chapter quiz


Policy, Legal Regulations & Compliance

  • Legislative Regulation of Electronic Conduct in Grenada
  • Other regulatory frameworks (Caribbean, international and other jurisdictions)

Organizations Policies

  • data sanitization

Guest Lecture

Forum Discussion


Final Exam


School of Arts and Sciences Master Syllabi — Info for All Sections

Plagiarism Policy

Academic Integrity

The St. George’s University Student Manual (2019/2020) states as follows:

Plagiarism is regarded as a cardinal offense in academia because it constitutes theft of the work of someone else, which is then purported as the original work of the plagiarist. Plagiarism draws into disrepute the credibility of the Institution, its faculty, and students; therefore, it is not tolerated” (p. 48).

Plagiarism also includes the unintentional copying or false accreditation of work, so double check your assignments BEFORE you hand them in.

Be sure to do good, honest work, credit your sources and reference accordingly and adhere to the University’s Honor Code. Plagiarism and cheating will be dealt with very seriously following the university’s policies on Plagiarism as outlined in the Student Manual.

Your work may be subject to submission to plagiarism detection software, submission to this system means that your work automatically becomes part of that database and can be compared with the work of your classmates.

Attendance Requirement

The St. George’s University Student Manual (2019/2020) states as follows:

Students are expected to attend all classes and or clinical rotations for which they have registered. Although attendance may not be recorded at every academic activity, attendance may be taken randomly. Students’ absence may adversely affect their academic status as specified in the grading policy. If absence from individual classes, examinations, and activities, or from the University itself is anticipated, or occurs spontaneously due to illness or other extenuating circumstances, proper notification procedures must be followed. A particular course may define additional policies regarding specific attendance or participation” (p. 9).

Examination Attendance

The St. George’s University Student Manual (2019/2020) states as follows:

All matriculated students are expected to attend all assigned academic activities for each course currently registered. Medical excuses will be based on self-reporting by students. Students who feel they are too sick to take an examination or other required activity on a specific day must submit the online SAS medical excuse, which is available on Carenage. Students are only allowed two such excuses a year. Upon consultation with the Director of University Health Service, the third excuse will result in a mandatory medical leave of absence. The policies regarding make-up examinations are at the option of the Course Director” (p.46).

For additional specific examination policies and procedures, refer to the St. George’s University Student Manual (2019/2020), pages 31 through 37.

Student Accessibility and Accommodation Services Policy

The St. George’s University Student Manual (2019/2020) states as follows:

A student with a disability or disabling condition that affects one or more major life activities, who would like to request an accommodation, must submit a completed application form and supporting documentation to the Student Accessibility and Accommodation Services (SAAS) located in the Dean of Students Office. It is highly recommended that students applying for accommodations do so at least one month before classes begin to allow for a more efficient and timely consideration of the request. If a fully completed application is not submitted in a timely fashion, an eligibility determination may not be made, and accommodations, where applicable, may not be granted prior to the commencement of classes and/or examinations” (p. 8).


It is the responsibility of the student to read and understand the policies, laws, rules and procedures that while they could affect your grade for a course, have not been specifically outlined in the course syllabus. These are contained in the St. George’s University Student Manual.