Introduction to Web Security
Is your website secure? What are the security risks for web applications? How do you design for web security? What are the top ten security vulnerabilities and how do you mitigate them? If you need answers to these questions, this course provides the starting point.
This course presents the foundational principles of information and web security in the context of the systems development and security life cycle process. The focus is on both managerial as well as technical aspects. This course covers security principles; security needs, threats, and attacks; legal, ethical and professional issues; security technology including firewalls, VPNs, intrusion detection, access control; cryptography; physical security; security implementation; security maintenance and change management. The course is platform independent and supports the CISSP certification.
Course Objectives: at the completion of this course, you will:
- Understand security concepts, security professional roles, and security resources in the context of systems and security development life cycle
- Understand applicable laws, legal issues and ethical issues regarding computer crime
- Understand the business need for security, threats, attacks, top ten security vulnerabilities, and secure software development
- Understand risk management concepts, risk identification and assessment, risk control strategies, quantitative and qualitative risk control practices, risk management and risk control practices
- Understand information security policies, standards and practices, the information security blueprint
- Understand the use of firewall and VPN technologies in physical design
- Understand the use of intrusion detection, access control and other security tools in physical design
- Understand cryptography concepts, algorithms, and digital signatures used to protect information
- Understand the concepts and techniques for establishing physical security
- Understand how to implement and execute the information security blueprint
- Understand the information security function within the organization, HR and staffing issues, security credentials, and privacy
- Understand security maintenance issues, the use of security management models, and the use of digital forensics
Applicable Job Roles: web project manager, web programmers, and web application developers.
Week 1: Elements of Information and Web Security, Legal, Ethical, and Professional Issues in Information Security
- Security and its history
- NSTISSC Security Model
- Information system components
- Balancing security with access
- Security implementation
- System and Security Development Life Cycles
- Law and Ethics
- Relevant U.S. laws
- International laws
- Ethics and Codes of Ethics
Week 2: The Need for Security
- Business needs
- Top ten security vulnerabilities
- Secure software development
Week 3: Risk Management
- Risk management overview
- Risk identification
- Quantitative and qualitative risk control
- Risk management
- Risk control practice
- Risk assessment
- Risk control strategies and selection
Week 4: Security Planning
- Security policy, standards and practices
- Information security blueprint
- Security education, training and awareness
- Continuity strategies
Week 5: Security Technology: Firewalls and VPN, and Intrusion Detection and Access Control
- Physical design
- Protecting remote connections
- Intrusion detection and prevention systems
- Honey pots, honey nets and padded cell systems
- Scanning and analysis tools, access control devices
Week 6: Cryptography
- Cryptography Foundations
- Cipher methods
- Cryptographic algorithms
- Cryptographic tools
- Protocols for secure communications
- Attacks on cryptosystems
Week 7: Physical Security and Implementing Information Security
- Physical access controls
- Fire security and safety
- Supporting utility failure and structural collapse
- Data interception
- Mobile and portable systems
- Special considerations for physical security threats
- Project management
- Technical implementation topics
- Nontechnical implementation topics
- Certification and accreditation
Week 8: Security and Personnel, and Information Security Maintenance
- Positioning and staffing
- Information security professional credentials
- Employment policies and practices
- Security for nonemployees
- Internal control strategies
- Privacy and security of personnel data
- Security management models
- Maintenance model
- Digital forensics
Students must submit assignments in a PDF file format.
||Principles of Information Security. 4th Edition
Your place in the course is confirmed by your payment. Introductory courses are intended for students with no experience in the subject matter and are seeking beginner level training.
Refund Policy: Please read our Terms and Refund Policy before registering for this course.
Additional Cost: Book and software might be required for the course. Read the Requirements and Book section for more information. Course fee does not include the book and software cost .
How eClasses Work:Instructors post lectures (text-based, no video or audio), reading selections, and hands-on assignments once a week in the online classroom. Students can discuss the assignments with the instructor and amongst themselves in the classroom area. This format has no set meeting time, which allows students to attend class at a time most convenient to them, yet still provides logically organized communication between class participants. Students can apply for the completion certificate after finishing the class.
Sorry, no other session is scheduled for this course. You can add this course to your wish list and we will notify you when other sessions are scheduled.
Sandra Perez holds an MS degree in Computer Science from Stevens Institute of Technology. She is currently CEO of Concept Technology, Inc. Ms Perez has over 30 years experience in information technology and related areas. She has also held numerous computer related academic positions including department chair and professor. She has extensive teaching experience in professional adult training as well as academic graduate and undergraduate settings in both online and in-class formats. Ms. Perez specializes in software applications, database, security and web technology areas.
Before you register for this class, please read the Outline, Prerequisites, Requirements, Books, and Refund Policy sections carefully.