Send More Info
Apply Now
Classroom Login
Call Now
Call Now 855-300-1469

CYB 5275 Enterprise Information Security

Course Description

Cybersecurity must operate within real-world constraints. In this course, students will explore interconnections between security solutions and the enterprise. Topics include legal and regulatory considerations, attack and trust models, risk, and the economics of security.

Course Objectives

Upon completion of this course, students should be able to

  • Understand the classification and valuation of information
  • Understand the relevant legislation and legal obligations of security professionals
  • Understand risk-based security decision making
  • Understand security frameworks
  • Derive the processes used in security operations, including: Device hardening, Asset management, Vulnerability remediation, Incident response, and Computer forensics
  • Attack models and testing
  • The impact of human factors on security technology

Week 1

Lecture: Introduction & Interview
Lecture: Information


  • Understand the objectives of the class
  • Understand the work expected from the student
  • Understand the student evaluation process
  • Understand the concept of the enterprise
  • Define information in the context of the enterprise
  • Understand information classification methodologies
  • Explain why classification of information is necessary

Week 2

Lecture: Risk-Based Security
Lecture: Frameworks


  • Understand the concept of risk
  • Understand why risk management is the keystone of a security program
  • Understand the continuous nature of risk assessment
  • Understand the various security frameworks 
  • Understand which frameworks apply to a given enterprise
  • Understand how the frameworks differ

Week 3

Lecture: Legislation
Lecture: Legal Obligations


  • Understand local, state, and federal cyber laws
  • Understand the issues associated with cyber legislation creation
  • Understand the issues associated with cyber enforcement
  • Understand the term “best effort”
  • Understand the term “industry standard”
  • Understand contractual requirements
  • Understand lawful and unlawful intercept

Week 4

Lecture: Security Operations, Part 1


  • Explain asset management as it relates to security
  • Explain configuration management
  • Understand the concept of device hardening
  • Understand how the security architecture is derived

Week 5

Lecture: Security Operations, Part 2
  • Understand the elements of incident response
  • Understand the concept of event management
  • Understand the concept of continuous monitoring
  • Understand the concept of computer forensics

Week 6

Lecture: Attack Models


  • Be able to explain red team/blue team exercises
  • Understand flaw hypothesis testing
  • Understand social engineering

Week 7

Lecture: Security Testing


  • Understand the various types of security testing
  • Understand when to perform security testing
  • Understand when it is appropriate to have outside test resources

Week 8

Lecture: Human Factors


  • Understand why security features are not used
  • Understand the concept of transparency
  • Understand how to be a helpful help desk

The course description, objectives and learning outcomes are subject to change without notice based on enhancements made to the course.