IT 342

Information Security Management (3 credits)

Text:  Management of Information Security, 5th edition by M. Whitman and H. Mattord, Cengage Learning, 2017

Course Information: The objective of this course is to present topics related to the administration and management of information security. Topics to be covered include: security fundamentals, operational issues, cost-benefit analysis, asset management, security risk management, security policies and enforcement, risk avoidance, risk prevention, risk transfer, security services, security forensics, contingency planning, security auditing. A laboratory component will provide hands-on experience with security management and administration.

Prerequisite: IT 340 and upper-level IT eligibility

Required/Elective: Required

Course Outcomes:

Students should be capable of:

  1. Discussing information security and assurance and their standards, the security mindset and the role of “paranoia,” and information security assets
  2. Discussing security risk management, physical security, and the system life-cycle and its relationship to security
  3. Discussing incident response and the key elements involved in incident tracking
  4. Describing redundancy and a disaster recovery scenario
  5. Defining forensics, forensics investigation, digital evidence, and admissible evidence
  6. Performing security configuration, administration, and management tasks, including VPNs, firewalls, IDSs, antivirus software, securing email, and Web services, and securing individual desktop, laptop, and mobile devices

Student Outcomes: 

E. An understanding of professional, ethical, legal, security and social issues and responsibilities

M. An understanding of best practices and standards and their application

Course Topics:


  1. Security mindset
  2. System and security life cycle
  3. Security fundamentals
  4. Developing and establishing a security program
  5. Risk management and cost-benefit analysis
  6. Policy development, maintenance, and enforcement
  7. Avoidance, prevention, and transfer of risks
  8. Forensics investigation
  9. Incidence response (forensics)
  10. Legal issues, digital forensics
  11. Security auditing
  12. Physical security
  13. System and network security
  14. Rules of evidence, search and seizures, media analysis, and digital evidence
  15. Redundancy and planning for contingencies and disaster recovery
  16. Security awareness, training
  17. Personnel and security

One of 34 U.S. public institutions in the prestigious Association of American Universities
44 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
5th nationwide for service to veterans —"Best for Vets: Colleges," Military Times
KU Today