This course explores concepts and issues pertaining to information assurance architectures (IAA) and technologies, such as layered security architecture guidance and cases from the National Institute of Standards and Technology (NIST) and NIST Cybersecurity Center of Excellence (NCCoE); cryptographic commercial issues and evolving federal guidance; hypervisor and cloud computing security architecture; and IAA and technologies applications. Topics include critical infrastructure protection and Comprehensive National Cybersecurity Initiative (CNCI) Trusted Internet Connections (TIC) 2.0 multi-agency security information management (SIM) and selected security analytics issues. Commercial IAA examples of network security architecture and security analytics are also discussed for evolving enterprise mobility issues. The relationships of IAA and technologies with selected multi-tier architectures are discussed for applications such as enterprise risk management; security for virtualized environments; systems security engineering for services; and mobile device security. IAA multi-tier architecture issues are illustrated with cases, such as the NIST NCCoE use cases for Data Integrity: Recovering from Ransomware and Other Destructive Events; Access Rights Management for the Financial Services Sector; Situational Awareness for Electric Utilities; and Derived Personal Identity Verification (PIV) Credentials. Selected large-scale programs are discussed, such as enterprise risk management for the Federal Aviation Administration (FAA) Air Traffic Modernization process; and NIST Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements.
605.202 Data Structures; 695.601 Foundations of Information Assurance or equivalent, and 605.671 Principles of Data Communications Networks or 635.611 Principles of Network Engineering.