Information Security Program Course Descriptions

We will continue to update and add course descriptions as they change in the program. You can view descriptions our current courses below. Please also refer to the School of Business section of the graduate bulletin at: http://www.albany.edu/graduatebulletin/school_business.htm to get additional access to course descriptions.

ITM 604 Data Communications, Computer Networking and Computer Security (3)

This class introduces communications and networking concepts, including types of networks, data/signal transmission, basic ideas such as error control and multiplexing, as well as the costs and benefits of different wired and wireless media and communications hardware.  It covers network topologies, the OSI/Internet models, associated protocols (TCP/IP), network architectures, and network routing and switching.  Information security concepts are introduced, including common risks to information systems and their controls.  Specific areas covered include wireless security, application security, password security and access control, cryptography and secure electronic commerce (PKI, digital certification, digital signatures, and other electronic authentication), intrusion detection/prevention, incident response, and computer forensics.  Students also perform a risk analysis exercise using a real-world case and learn to develop information security policy.  Prerequisite: ITM 522 or permission of instructor. 

ITM 640 Information Security Risk Assessment (3)

This course provides students with an introduction to the field of information security risk assessment. Initially, the students will be introduced to basic definitions and nomenclature in the area of security assessment. Thereafter they will be taught different approaches for assessment of risk. The course will incorporate cases in risk analysis derived from actual state and law enforcement agencies or private firms. Students will learn how to use a risk analysis matrix for performing both quantitative and qualitative risk analysis. As a part of the course, students learn of the different threats that they need to incorporate in their risk analysis matrices. The purpose of the course is to train students in the practice of risk analysis by elucidating the concepts through examples and case studies. Students are expected to use critical thinking skills as they go through the material rather than accepting facts at face value.

ITM 641 Security Policies (3)

This course provides students with an introduction to information security policies. Students will be introduced to sociological and psychological issues in policy implementation in general and then provided with a focused dialogue on information security specific policies. The class discusses the entire lifecycle of policy creation and enactment and presents students with issue specific policies in different domains of security. The structure of the policy is also discussed to assist the students in design and modification of policies. Several examples from different domains are incorporated in the curriculum to assist students to learn in context of real life situations.

ITM 642 Computer Forensics (3)

This course prepares students to conduct a computer forensics investigation as prescribed by the National Institute of Justice (NIJ). Students will be introduced to computer forensics concepts, as well as techniques for identifying, collecting, preserving and triaging digital evidence consistent with industry standards and best practices. Students will become familiar with assorted hardware and software utilized by computer forensic practitioners

ITM 643 Incident Handling (3)

The course primarily involves management of computer security incidents, including detailing different types of incidents, identification, preparation, and analysis of incidents; as well as gathering of evidence, recovery and follow-up to computer security incidents.

ITM 644 Introduction to Information & Cyber Security (3)

In this class, vulnerabilities of computer networks and techniques for protecting networks and data are discussed. Basic elements of symmetric and asymmetric cryptography, secure e-commerce, involving secure transmission, authentication, digital signatures, digital certificates and Public Key Infrastructure (PKI) is presented. Issues in privacy and piracy are also discussed where students study and debate controversial topics such as media piracy and government surveillance.

ITM 645 Psychology & Information Security (3)

This course provides students with an appreciation for and understanding of the psychological processes that impact information security. Three broad themes are covered. The first explores the psychology of the attacker, and examines the motivation and techniques of cyber criminals and hackers. The second theme stresses the importance of the user in the success of security systems. Students will be introduced to basic perceptual, cognitive, and motivational processes and biases that compromise security and increase vulnerability to attacks. The third theme examines how humans interact with machines and technology and how this interaction affects security in organizations.

ITM 646 Mathematical Models for Information Security (3)

This course teaches students to navigate sections of classical mathematics and computer science used to construct mathematical models of information security. This course will help students understand the need for mathematical models in different security paradigms along with the essential definitions, concepts and results for developing the models. The course will also help students figure out the limitations of the mathematical model: its strengths and weaknesses, and, consequently, its application to practical problems. The student will know what specific areas of mathematics and computer science will be necessary for the problems at hand and where further investigation is required.

ITM 647 Security Implementation

This course will teach students how to implement security in networks. Students learn how to harden their information security environment and set up secure infrastructure. The course covers both wired and wireless network security, database security, and general computer security practices.

ITM 691 Field Study in Information Technology Management (3)

Field projects are conducted by students under faculty supervision in a variety of business and not-for-profit organizations. The projects provide students with an opportunity to apply and further develop their skills in information technology management. Must be repeated for 3 credits. Prerequisites: ITM 522 and permission of the department chairperson.

ITM 695 Independent Study in Information Systems or Information Technology (3)

The student and instructor jointly develop a plan of independent study on an advanced topic in information systems or operations management. The student is usually required to prepare a report or paper. May be repeated for a total of 3 credits. Prerequisites: ITM 522 and permission of instructor and department chairperson.

ACC 522 Statistical Methods for Forensic Accounting and Assurance (3)

Exploratory descriptive data analysis using Data Analysis & Mining Software.  Basic graphics commands in S-Plus including trellis graphics.  Descriptive data exploration and statistical modeling.  Data processing for Datamining. Classification: Induction of Decision trees, Association Rules in Large Databases. Multivariate Methods; Clustering and other multivariate statistical methods. Anomaly detection.  Prerequisites: ITM 220 or MAT 108 or equivalent.

ACC 553 Digital Forensics (3)

The objectives of the course are to learn what are incidents, why they occur, who/what causes them, how to detect them, what are the preventive/protective measures that organizations can take, what to do when they do occur, when do they need to be reported and to whom. We will learn the various types of incidents, what to do in case of each to protect the evidence, prevent gaps in chain of their custody. In particular, we will learn how and what kinds of evidence to obtain, how to prevent evidence from getting lost or destroyed, how to ensure that the evidence is admissible. We also will learn what is evidence, what are different types of evidence, basic rules on collecting, handling, and documenting evidence.  Prerequisite:  ACC 512. 

ACC 561 Auditing (3)

The independent auditor's attest function. Topical coverage includes audit objectives and planning, evidence gathering, internal control (achieving and evaluating) and audit procedures, all set against the backdrop of generally accepted accounting principles and auditing standards. Problems of independence, ethics, and legal liability are introduced. The application of various audit tools is integrated throughout the course. Prerequisite: ACC 512 or equivalent .

ACC 581 Internal Controls and Financial Information Systems (3)

This course addresses the design and evaluation of computer-based accounting information systems with a focus on the recognition and identification of information technology risks. General and application internal controls for information systems environments are examined across client/server, end-user computing, and service bureau internal control environments. Both computerized auditing techniques as well as techniques for auditing computerized systems are analyzed. Risks of emerging technologies and computer-based business models for planning and control are considered.

To discuss courses and availability, contact:

Sanjay GoelSanjay Goel, Ph.D. 
Director,
Information Security Certificate Program 
Chair, Information Technology Management Department
Director of Research, NYS Center for Information Forensics and Assurance

School of Business
University at Albany, State University of New York
1400 Washington Avenue, BB 311
Albany, NY 12222
PH: (518) 956-8323 |  | Email: goel@albany.edu
Website: http://www.albany.edu/~goel