This course explores concepts and issues pertaining to information assurance architectures (IAA) and technologies, such as cryptographic commercial issues, layered security or defense-in-depth, methods and technologies for critical information infrastructure protection (CIIP), cloud-computing security architecture, and IAA and technologies applications. Topics include selected US and international CIIP and Comprehensive National Cybersecurity Initiative (CNCI) Trusted Internet Connections (TIC) multi-agency security information and event management (SIEM) issues. Commercial IAA examples of network security architecture and SIEM are also discussed for evolving enterprise wired and wireless services. The relationships of IAA and technologies with selected multitier architectures are discussed for applications such as risk management and enterprise architecture (EA) disciplines, security for virtualized environments, secure software engineering for services, and secure telecommunication for transport. IAA multitier architecture issues are illustrated with cases, such as the National Institute of Standards and Technology (NIST)-recommended three-tier approach for organization-wide risk management and a three-tier security controls architecture developed for cybersecurity standards for CIIP that is compatible with guidance from NIST and the International Telecommunication Union-Telecommunication Standardization Sector Study Group 17. Selected applied IAA and technologies are examined in large-scale programs, such as CNCI TIC; the Federal Aviation Administration (FAA) System Wide Information Management (SWIM) Program; and NIST Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements.
695.401 Foundations of Information Assurance or equivalent, and 605.471 Principles of Data Communications Networks or 635.411 Principles of Network Engineering.