PAMANTASAN NG LUNGSOD NG MUNTINLUPA

COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 1 of 9

City Vision :
We envision Muntinlupa City Course Title: INFORMATION ASSURANCE AND
as one of the leading
investment hubs in the
SECURITY II
country, with educated,
healthy, and God-loving Course Code: IAS42
people, living peacefully and
securely in a climate change
adaptive and disaster- Pre-Requisite: INFORMATION ASSURANCE AND
resilient community, under
the rule of transparent, SECURITY1
caring and accountable
leadership.
Credit Units: 3 UNITS (3 UNITS - LECTURE)
PLMUN Vision
A dynamic and highly Class Schedule: 18 WEEKS (3 HOURS LECTURE PER
competitive Higher Education
Institution committed to
WEEK)
people empowerment
towards building a humane
society. A. COURSE DESCRIPTION
PLMUN Mission
This course provides an introduction to information
To provide quality, affordable assurance. It covers fundamental concepts necessary to
and relevant education
responsive to the changing understand the threats to security as well as various
needs of the local and global defenses against those threats. The material includes an
communities through
effective and efficient understanding of existing threats, planning for security,
integration of instruction, technology used to defend a computer system and
research and extension; to
develop productive and God- implementing security measures and technology.
loving individuals in the
society.

B. COURSE LEARNING OUTCOMES

After completing this course, the student must be able to:
1. Discuss policies and practices to systems integration
and architecture to ensure secure system operation and
information assurance.
2. Perform vulnerability analysis of a system and explain
how design implementation of hardware and software
contribute to vulnerabilities of the organization
3. Propose strategies on how to counter attack threats.
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 2 of 9

C. REQUIRED TEXTBOOK
Information Assurance Handbook: Effective Computer
Security and Risk Management Strategies, Corey Schou
& Steven Hernandez McGraw Hill Education, 2016,
ISBN-13: 978-0-07-182631-0

D. COURSE OUTLINE, SCHEDULE AND READINGS

WEEK DATE READINGS/DISCUSSIONS

I. Orientation:
Class Orientation
Course Syllabus Distribution
Course Objectives/Course Intended Learning
1 Outcomes
Course Policies
Course Requirements

II. Developing an Information Assurance Strategy

2 Comprehensive
Independent
Legal and Regulatory Requirements
Living Document
Long Life Span
Customizable and Pragmatic
Risk-based Approach
Organizationally Significant
Strategic, Tactical, and Operational
3 Concise, Well-structured, and Extensible

III. The Need for Information Assurance

Protection of Critical and Sensitive Assets
Compliance to Regulations and Circular Laws
Meeting Audit and Compliance Requirements
Providing Competitive Advantage

IV. Information Assurance Concepts

 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 3 of 9

4 Defense in Depth
Confidentiality, Integrity, and Availability
Confidentiality
Integrity
Availability
CIA Balance
Non repudiation and Authentication
Non repudiation
Identification, Authentication, Authorization
and Accountability
Identification
Authentication
Authorization
5
Accountability
Privacy’s Relationship to Information
Assurance
Assets, Threats, Vulnerabilities, Risks and
Controls
Common Threats
Vulnerabilities
Controls
Cryptology
Codes and Ciphers

V. Approaches to Implementing Information Assurance

6 Key Components of Information Assurance
Approaches
Levels of Controls in Managing Security
Top-Down Approach
Bottom-Up Approach
Outsourcing and Cloud
Balancing Information Assurance and Associated
Costs

VI. Asset Management

Type of Assets
Responsibilities for Assets
Inventory of Assets
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 4 of 9

Ownership of Assets
Acceptable Use of Assets
Information Classification and Handling
Classification Guidelines
Information Labeling and Handling
Information Classification Example

VII. Information Assurance Risk Management

Benefits of Risk Management
Risk Management Process
Background Planning
Asset Analysis
Threat Analysis
7
Vulnerability Analysis
Risk Identification
Risk Analysis
Risk Treatment
Monitoring Risk
Integration with Other Management Practices
VIII. Information Assurance Policy
Importance of Policy
Policy and Other Governance Functions
Policy in Relation to Standards
Policy in Relation to Guidelines
Policy in Relation to Procedures
8
Policy Development Steps
Information Gathering
Policy Framework Definition
Policy Development
Review and Approval
Enforcement
Policy Layout
9 MIDTERM EXAMINATION
IX. Information Assurance in System Development and
Acquisition
10 Benefits of Incorporating Security Considerations
Overview of the SDLC
Information Assurance in the SDLC
Information Assurance in the System or
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 5 of 9

Service Acquisition Life Cycle

System Development
System Acquisition
Change Management
Configuration Management

X. Physical and Environmental Security Controls

Benefits
Physical and Environmental Security Controls
Physical Security of Premises and Offices
Handling of Media

XI. Information Assurance Awareness, Training, and

11 Education (AT&E)
Purpose of the AT&E Program
Benefits of the AT&E Program
Design, Development. And Assessment of Programs
Types of Learning Programs
Information Assurance Awareness
Information Assurance Training
Information Assurance Education

XII. Preventive Information Assurance Tools

12 Preventive Information Assurance Tools
Content Filters
Cryptographic Protocols and Tools
Firewalls
Network Intrusion Prevention System
Proxy Servers
Public Key Infrastructure
Virtual Private Networks
Preventive Information Assurance Controls
Backups
Change Management and Configuration
Management
IT Support
Media Controls and Documentation
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 6 of 9

Patch Management

XIII. Access Controls

Access Control: The Benefits
Access Control Types
Access Control Models
Access Control Technique
Rule-Based Access Control
Access Control Matrix
13 Access Control Lists
Capability Tables
Constrained User Interfaces
Content-Dependent Access Control
Access Control Administration
Centralized Access Control Administration
Decentralized Access Control Administration

XIV. Information Assurance Monitoring Tools and

14 Methods
Intrusion Detection Systems
Host Intrusion Detection System
15 Network Intrusion Detection System
Log Management Tools
Security Information and Event Management
Honeypot/ Honeynet
Malware Detection
Signature Detection
Change Detection
State Detection
Vulnerability Scanners
Vulnerability Scanner Standards
Host-based Scanner
Network-Based Scanner
Database Vulnerability Scanner
Distributed Network Scanner
Penetration Test
External Penetration Test
Internal Penetration Test
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 7 of 9

Wireless Penetration Test

Physical Controls
Personnel Monitoring Tools
Network Surveillance
The Concept of Continuous Monitoring and
Authorization

XV. Information Assurance Measurements and Metrics

Importance of information Assurance Measurement
Information Assurance Measurement Process
Develop Measurements
Collect Data
Analyze and Report
Integrate Measurement Output
Improve Measurement Process
Importance of Information Assurance Metrics
Information Assurance Metrics Program
Data Collection and Preparation
Data Collection and Analysis
Corrective Action and Identification
16 Business Case Development
Corrective Action Applications

XVI. Incident Handling

Importance of Incident Handling
Incident Reporting
Incident Handling Process
Phase 1: Preparation
Phase 2: Detection/Identification
Phase 3: Containment
Phase 4: Eradication
Phase 5: Recovery
Phase 6: Review

17 XVII. Computer Forensics

Importance of Computer Forensics
Prerequisites of a Computer Forensic Examiner
Forensic Skills
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 8 of 9

Supplemental Forensic Skills

Rules of Computer Forensics
Chain of Custody
Computer Forensic Steps
Rule of Evidence
Computer Forensics Team
Establishing a Computer Forensics Team

18 FINAL EXAMINATION

E. METHODOLOGY
 Lecture/ Discussion
 Class Interaction
 Homework
 Seat Work
 Oral Recitation
 Problem Analysis
 Video Clips
 Reading Assignments

F. COURSE REQUIREMENTS
 Attendance (A)
 Class Participation (CP)
 Quizzes / Long test (Q)
 Major Exam (ME)

G. GRADING SYSTEM
 MIDTERM: 60% (30% A & CP + 20% 4Q + 50% ME) + 40% (LG) = MG
 FINAL: 60% (30% A & CP + 20% 4Q + 50% FE) + 40% (LG) = FG
 FINAL AVE: (MG + FG)/2
 A grade of 5.00 (Failed) is given to the following reason:
o Inability to satisfy the minimum requirements of the subject/s

H. CLASSROOM POLICIES
Attendance:
 PAMANTASAN NG LUNGSOD NG MUNTINLUPA
COURSE
SYLLABUS COLLEGE OF INFORMATION TECHNOLOGY
AND COMPUTER STUDIES
University Road, Poblacion, Muntinlupa City

QD/CITCS/002 INFORMATION ASSURANCE AND SECURITY II

Issue No. 0 Revision No. 0 Effectivity Date 01 March 2018 Page No. 9 of 9

 A student is considered late if he arrives after the first 15 minutes of a one hour
class, first 25 minutes of a one and half-hour class and first 45 minutes of a three
hour class.
 A student is held responsible for all lessons and assignments missed during his/her
absence.
 Maximum number of absences allowed a student per semester is 20% of the
number of class hours. A total of three (3) absences for a three hour class or 1
session per week and six (6) absences for one and a half hour class or 2 sessions
per week.
Examination
 Any form of cheating during an examination results to an automatic failure for
that particular examination.
Dress code
 All students shall wear the appropriate attire. They should be properly groomed at
all times. The prescribed attire is clean, safe modest, and non-disruptive. Wearing
of inappropriate attire is subject to disciplinary action.
Other matters:
 Refer to the CITCS College Manual and PLMUN Student Handbook

I. CONSULTATION HOUR

MWF: 1:00 P.M. – 3:00 P.M.

Prepared by: Reviewed by: Noted: Approved By:

MANOLO A RICKY C. DIMAAPI, ALAIN J. ANUEVO, DR. REMEDIOS R.

BILOG JR MIT MIT CUNANAN
Course Professor Program Chair College Dean VP for Academic Affairs