IT Help Desk/End-User Support

IS:237
Fundamentals of Information Assurance/Security
Unit Objectives

A) DETERMINE THE FACTORS INVOLVED IN A COMPUTER AND NETWORK SECURITY

STRATEGY

1. Define information security

2. Recount the history of computer security, and explain how it evolved into information security
3. Define key terms and critical concepts of information security
4. Enumerate the information security roles of professionals within an organization

B) EXPLAIN DENIAL OF SERVICE (DOS) ATTACKS

C) EXPLAIN HOW A COMPUTER VIRUS WORKS AND WHAT IT DOES
D) IDENTIFY THE MAJOR COMPONENTS USED IN A DISTRIBUTED DENIAL OF SERVICE
(DDOS) ATTACK

1. Demonstrate that organizations have a business need for information security

2. Explain why a successful information security program is the responsibility of both an
organization’s general management and IT management
3. Identify the threats posed to information security and the more common attacks associated
with those threats, and differentiate threats to the information within systems from attacks
against the information within systems
4. Describe the issues facing software developers, as well as the most common errors made by
developers, and explain how software development programs can create software that is more
secure and reliable

E) CREATE STRONG PASSWORDS AND STORE THEM SECURELY

F) EXPLAIN THE KERBEROS AUTHENTICATION PROCESS
G) COMPARE, CONTRAST, AND DETERMINE THE BEST USE OF RADIUS, TACACS, PPTP, L2TP,
SSH, AND IPsec
H) COMPARE AND CONTRAST THE DIFFERENT TYPES OF TECHNOLOGY USED TO SECURE
NETWORKS CONNECTED THROUGH A ROUTER

1. Recognize the important role of access control in computerized information systems, and
identify and discuss widely-used authentication factors
2. Describe firewall technology and the various approaches to firewall implementation
3. Identify the various approaches to control remote and dial-up access by means of the
authentication and authorization of users
4. Discuss content filtering technology
5. Describe the technology that enables the use of virtual private networks

I) EXPLAIN HOW DIGITAL CERTIFICATES ARE CREATED AND WHY THEY ARE USED
J) LIST THE MAJOR ATTACKS USED AGAINST ENCRYPTED DATA

1|Page
 IT Help Desk/End-User Support
IS:237
Fundamentals of Information Assurance/Security
Unit Objectives

K) EXPLAIN THE ACTIONS THAT CAN BE TAKEN TO COUNTER THE DANGERS POSED BY
EMAIL HOAXES AND SPAM
L) EXPLAIN THE PROTOCOLS RELATED TO WEB SECURITY AND HOW TO IMPLEMENT
SECURITY ON A WEB SERVER

1. Explain the basic principles of cryptography

2. Describe the operating principles of the most popular cryptographic tools
3. List and explicate the major protocols used for secure communications
4. Discuss the nature and execution of the dominant methods of attack used against cryptosystems

M) CONDUCT A WIRELESS SITE SURVEY

1. Discuss the relationship between information security and physical security

2. Describe key physical security considerations, including fire control and surveillance systems
3. Identify critical physical environment considerations for computing facilities, including
uninterruptible power supplies

N) IDENTIFY SOME OF THE MAJOR CHARACTERISTICS OF INTRUSION DETECTION AND

INTRUSION PREVENTION PRODUCTS
O) EXPLAIN BIOMETRIC AUTHENTICATION AND PROCESSES AND THEIR STRENGTHS AND
WEAKNESSES

1. Identify and describe the categories and operating models of intrusion detection and prevention
systems
2. Define and describe honeypots, honeynets, and padded cell systems
3. List and define the major categories of scanning and analysis tools, and describe the specific
tools used within each of these categories
4. Explain the various methods of access control, including the use of biometric access mechanisms

P) CREATE A DETAILED DISASTER RECOVERY PLAN

1. Define management’s role in the development, maintenance, and enforcement of information

security policy, standards, practices, procedures, and guidelines
2. Describe what an information security blueprint is, identify its major components, and explain
how it supports the information security program
3. Discuss how an organization institutionalizes its policies, standards, and practices using
education, training, and awareness programs
4. Explain what contingency planning is and how it relates to incident response planning, disaster
recovery planning, and business continuity plans

2|Page
 IT Help Desk/End-User Support
IS:237
Fundamentals of Information Assurance/Security
Unit Objectives

Q) COMPLETE AN INDIVIDUAL OR GROUP CASE STUDY TO CONDUCT A THREAT ANALYSIS

1. Define risk management, risk identification, and risk control
2. Describe how risk is identified and assessed
3. Assess risk based on probability of occurrence and likely impact
4. Explain the fundamental aspects of documenting risk via the process of risk assessment
5. Describe the various risk mitigation strategy options
6. Identify the categories that can be used to classify controls
7. Recognize the existing conceptual frameworks for evaluating risk controls and formulate a cost
benefit analysis
8. Describe how to maintain and perpetuate risk controls

MoHealthWINs
This workforce solution was funded by a grant awarded by the U.S. Department of Labor’s Employment and Training Administration. The solution was created by the
grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of
the information or its completeness, timeliness, usefulness, adequacy, continued availability, or ownership.

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

3|Page