Need Assistance? 01384 442752 (UK)

INFORMATION SECURITY MANAGEMENT - VIT203

Duration (approx) 100 hours
Qualification Statement of Attainment

Learn to Make Electronic Information more Secure

Information Security has always been a vital component of information systems, and ever since the rise of the Internet back in the early 1990’s, information systems have become increasingly accessible by people across the globe.

Today, security is one of the highest priorities in most organisations and more and more home users are getting the message and becoming aware of the importance of information security.

  • Learn to keep Information on your computer secure - a course equally important for the individual through to the largest corporation.

Courses can be started anytime from anywhere in the world!

towergatelogo.jpg PROFESSIONAL LIABILITY INSURANCE FOR ACS GRADUATES
Towergate Insurance welcomes Professional Liability insurance applications from ACS graduates across all disciplines. Click here for more details.
 

It's easy to enrol...

1
Select a payment plan:  

2
Select a learning method  

3
Protect Your Intellectual Property
 
You may be very vulnerable to online crime, but you don't need to be.

Information Security has always been a vital component of information systems, and ever since the rise of the Internet back in the early 1990’s, information systems have become increasingly accessible by people across the globe.

Today, security is one of the highest priorities in most organisations and more and more home users are getting the message and becoming aware of the importance of information security.

Just think for a moment - how much data is stored electronically by businesses - banks, building societies, insurance companies, supermarkets, and so on - records for each individual customer or client?  How often do you use the internet? How many websites do you have information recorded on? This may give you some idea of just how much data there is out there.
 
With this course:
  • Learn to keep information on your computer secure.
  • Understand the need for security and different ways in which it can be compromised.
  • Understand about data integrity and how it can be backed up.
  • Learn baout vulnerabilities of different operating systems and how these are exploited.
  • Understand the need for security policies and planning and implementation of disaster recovery plans.



COURSE STRUCTURE AND CONTENT
Course Duration: 100 hours.

Start Date:
Start at any time - study at a pace that suits you, and with full tutor support for the duration of your studies.

Lessons:
The course comprises 11 lessons as outlined, below.

1.   Introduction to Information Security

  • Need for Security.
  • Basic Security Concepts.
  • Security Breaches and Intrusions.
  • Types of Threats.
  • Threat Assessment.
  • Vulnerability Assessment.
  • Security through Obscurity.
  • Hackers.
  • Crackers.
  • The Difference between Hackers and Crackers.
  • IP Spoofing.
  • Blind Spoofing.
  • Man in the Middle Attack.
  • Denial of Service.
  • Distributed Denial of Service.
  • Phishing.
  • How to Defend against Spoofing.
  • What is a Botnet.
  • Types of bots and their Malicious Use.


2.   Information Security Ethics

  • Ethical Issues facing IT Professionals.
  • Legal Issues facing IT Professionals.
  • Intellectual Property Rights.


3.   Data Integrity and Backing up

  • What is Data Integrity.
  • Protection.
  • Detection.
  • Correction.
  • What is Data backup.
  • Full backup.
  • Incremental backup.
  • Mirror backup.
  • Offsite backup.
  • Offsite versus Onsite backup.
  • Disk based versus Tape based backup.
  • Online backup.


4.   Vulnerabilities of Operating Systems and Information Systems

  • What is Vulnerability.
  • Operating Systems and Software Vulnerability.
  • Running Virus Protection Software.
  • Updating Security Patches for Software.
  • Approved Software.
  • FTP Vulnerability.
  • Trojan Horses.
  • Who is at Risk of Trojan Horses.
  • Protection against Trojans .


5.   Risk Management

  • What is Risk Management.
  • Key Roles in the Risk Management Process.
  • Risk Assessment.
  • Characterising the System.
  • Identifying Threats.
  • Control Analysis.
  • Determining Likelihood Ratings.
  • Analyzing the Impact.
  • Determining the Risks.
  • Controls Recommendations.
  • Risk Mitigation.
  • Risk Evaluation.


6.   Information Security Technologies, Developments and Initiatives

  • What is VPN (Virtual Private Network).
  • Features and Benefits of VPN.
  • Components of Remote Access VPN.
  • Protocols Used in VPN Connections.
  • Advantages and Disadvantages of VPN.
  • What is a Firewall.
  • Main Functions of Firewalls.
  • Packet Filtering.
  • Circuit Relay.
  • Application Gateway.
  • Firewall Rules.
  • What are Intrusion Detection Systems (IDS).
  • Types of IDS.
  • IDS versus Firewalls.


7.   Physical Security

  • What is Physical Security?
  • Natural Disasters and Controls.
  • Lightning.
  • Power Loss.
  • Fire.
  • Earthquake.
  • Liquid Leakage.
  • The Human Factor.
  • Locks.
  • Tokens.
  • Challenge-response Tokens.
  • Dumb Cards.
  • Smart Cards.
  • Biometric Devices.
  • Fingerprint Scanners.
  • Retnal Scan Devices.
  • Palm Scan Devices.
  • Hand Geometry Devices.
  • Facial Recognition Devices.


8.   Developing a Security Policy

  • Introduction.
  • Need for Security.
  • Importance of Security Policy.
  • Developing a Security Policy.


9.   Implementing and revising a security policy

  • Introduction.
  • Communicating the Security Policy.
  • Enforcing the Security Policy.
  • Assessing the Security Policy.
  • Common Security Policies.
  • Password Policy.
  • Access Control Policy.
  • Displaying a Warning Notice.
  • Audit Policy.
  • Server Security Policy.
  • Automatically Forwarded Emailsa Policy.
  • Information Sensitivity Policy.
  • Anti Virus Policy.
  • Remote Access Policy.
  • Wireless Communication Policy.


10. Business Continuity and Disaster Recovery Planning

  • Difference between Disaster Recovery and Business Continuity.
  • Disaster Recovery Plan.
  • Business Continuity Plan.


11. Information Security Maintenance


THREATS TO INFORMATION SECURITY

IP Spoofing
IP spoofing refers to the technique used by people to unlawfully access computer and information systems, by using an IP address of a trusted host to connect to a network or to communicate with a computer or a server.
Before a hacker can use IP spoofing, they will first need to find a valid IP address for a trusted host by applying various techniques, and then once they obtain an IP address, they will need to modify the packet headers and include the new IP address to make it look like the packets are originating from the trusted host, not from the hacker.

Note that many routers and firewall devices (hardware and software) can protect against IP spoofing.

Non-blind Spoofing
Non-blind spoofing is a type of IP spoofing attack that requires the attacker and the victim to be on the same subnet. The most common form of non-blind spoofing attack occurs when the hacker corrupts the data stream of an established connection, and then re-establishes the connection by using the correct sequence and acknowledgment numbers with the attack machine. Note that it is possible for an attacker to sniff the sequence number and acknowledgment numbers by using dedicated software, instead of going through the complex task of manually calculating those numbers. By using a non-blind spoofing technique, the attacker can use a pre-established connection, thus bypassing any authentication measures required before establishing a new connection.

Blind Spoofing
Blind spoofing is a type of sophisticated IP spoofing attack whereby the attacker needs to sample the sequence numbers because the sequence number and the acknowledgment numbers are unreachable. To do so, the attacker will need to send many packets to the target computer and attempt to sample sequence numbers. This task was relatively easy in the past because computers used to generate sequence numbers using basic techniques. Sampling sequence numbers is becoming increasingly difficult today with the advances in technology, because most operating systems generate random sequence numbers, so it’s pretty difficult to predict them accurately.

“Man in the Middle” attack
A man in the middle attack (also called “MITM attack”) is a term used to refer to both blind spoofing and non-blind spoofing attacks. A man in the middle attack occurs when a malicious party intercepts a communication between 2 legitimate parties. By doing so, the intruder will be able to view, modify, or delete information flowing between the 2 parties without being noticed by the sender or the receiver.

A man in the middle attack is mainly used by attackers who would spoof the identity of the original sender and then proceed to fool a victim into disclosing confidential information to them. The sender will most likely disclose the requested information because they would believe that they are dealing with a trusted recipient.

“Denial of Service (DOS)” and “Distributed Denial of Service (DDOS)” attacks
Denial of service attack is one of the most common and most harmful types of IP spoofing attacks used by crackers to flood a computer network with requests which will consume the network bandwidth and network resources. It is very difficult to defend against a denial of service attack. To perform a denial of service attack, crackers will need to flood the victim network with as many packets as possible in a short amount of time. The reason why this type of attack is difficult to track and avoid is because crackers can spoof the source IP address for the attacker machine and make it look like the packets are being sent from a legitimate computer connected to the network.
A distributed denial of service attack is another type of harmful IP spoofing attack and very similar to a denial of service attack. The main difference between a DOS and a DDOS is that a DDOS requires multiple machines to participate in the attack and sending spoofed traffic to a victim network, whereas a DOS attack only requires one machine to send the spoofed traffic.

Phishing
Phishing is term used in the world of information security; it refers to a fraudulent attempt to steal a user’s personal information (such as usernames, passwords, date of birth, credit card numbers, bank account logins and passwords, etc.). The main purpose of phishing is to steal money form users, whether from their emails, phone calls, or websites logins (such as internet banking logins).

When an attacker installs malicious software on a computer, they will be able to steal the personal information of the users off that computer (note that these attackers are known as “cyber criminals”). Another way cyber criminals can steal the personal information of computer users is by applying social engineering to convince them to hand over their personal information or to install malicious applications under false pretenses.

Users need to protect themselves against phishing attacks, and the most important thing they need to do is to educate themselves about phishing attempts to be recognise them and avoid them.

For example, let’s consider phishing emails. When a user receives a phishing email, the email would appear to come from a well-known organisation (such as web mail sites, online banking sites, financial institutions, universities, government websites, etc.) and the email would generally ask the user to enter their personal information (such as their username, password, pin numbers, social security number, credit card number, bank account details, etc.). The easiest way to tell that a particular email is indeed a phishing email is if the email was sent from a site where the user doesn’t have an account. Another way to recognise a phishing email is when an email contains a link to another website. Often, phishing emails would contain a link that opens a new website when the user clicks the link, and the website with almost always request personal information from the user. The reason why such emails are classified as phishing emails is because legitimate organisations would never request the user’s personal information via email.

How to defend against spoofing
Spoofing is a very serious computer attack and it is very important to attempt to limit the damages and protect the computer systems and computer networks against the risks of spoofing attacks.

- Filtering at the router
The first step you need to take to implement a layer of defence against spoofing is to apply filtering at the border routers. This can be achieved by implementing access control lists (ACL) to block private IP addresses on the downstream interface, and block IP addresses outside the valid IP range on the upstream interface. This will prevent people connected to the network from sending spoofed traffic onto the internet.

- Encryption and authentication
You can also implement encryption and authentication to reduce spoofing threats and make sure that authentication is carried out over a secure and encrypted channel.


HOW THE COURSE WORKS
You can start the course at any time.

It is studied by distance learning, so you can study in the comfort of your own home. But this doesn't mean you are all alone in your studies.  Our highly qualified and friendly tutors are there to help you every step of the way.  If you have any questions at all, they are always happy to help.


THE ADVANTAGES OF STUDYING WITH ACS

  • You can start the course at any time and study at your own pace.
  • Fit your studies around your own busy lifestyle - we provide full tutor support for all the time you are studying.
  • Study where you want to - online studies offer the flexibility for you to determine where and when you study.

 


WHY SHOULD YOU STUDY THIS COURSE?

  • A course relevant to businesses, business users, and home users.

  • Protect your personal and business data - understand vulnerabilities and work to avoid these.

  • Understand about data integrity and the need for back up.

  • Learn how to plan and act in the face of unforseen events.

  • As more of us rely on electronic data, the need for understanding of information security only becomes greater - protect your business interests, or improve your career potential in a vital industry.



WHAT NEXT? 

ACT NOW - ENROL OR CONTACT US

 

Enrol

Go to “It’s Easy to Enrol” box at the top of the page and enrol now.

Get Advice

Email us at info@acsedu.co.uk or use our FREE COUNSELLING SERVICE to contact a tutor.

 

 


Meet some of our academics

Sarah RedmanOver 15 years industry experience covering marketing, PR, administration, event management and training, both in private enterprise and government; in Australia and the UK.
Dr. Sherif SakrResearch Scientist and University Lecturer in Computer Science and Engineering. Sherif has a PhD in Computer Science, MSc, BSc.
Josiane JoubranCSC consultant with IBM, Software QA Engineer, Course Writer and Tutor. Josiane is an I.T professional with extensive experience with computer hardware and engineering in Lebanon and Australia. Josiane has a B.Eng., Grad.Dip.I.T., Master Info.Tech., MCP, MCSE.


Check out our eBooks

Technical WritingThe Technical Writing ebook has been written for anybody who would like to become a technical writer, add technical writing to their repertoire of skills, or improve their technical writing skills. Technical Writing is not just limited to scientific or technical documents, is necessary for writing manuals, reports or promotional materials. To be a technical writer you must have a broad range of skills in order to secure employment or ongoing projects, if you are working as a freelance technical writer. To work successfully in this field you will need: - Excellent communication skills - Logic and precision - Excellent word processing skills - To be able to manage projects - To work efficiently and independently - A solid, broad education - Improving your skills and knowledge - Great networking skills
Business OperationsA text book for business students, or a guide book for anyone operating a business. Six chapters: Daily Challenges of Running a Business, Managing People, The Law, Fiance, Product Management and Risk Management.
ManagementManagement is the process of planning, organising, leading, and controlling an organisation’s human and other resources to achieve business goals. More importantly though, effective management needs to be a process of human interaction and compassion. Most bad managers don’t know they are bad. They may well admit that they are a bit erratic, or they are sometimes late to appointments, but it is rare that they will recognise that they are ineffective as managers. Never fear...read here. This book has something to offer even the best of managers.
Project ManagementThis ebook is designed to help improve your capacity to manage any type of project in any type of industry. It may be read as a stand- alone book; used as something to refer to during the process of managing projects, or used as a complementary reference to help enhance the overall learning experience when studying a project management course.