Fall 2023 - CMPT 479 D300

Special Topics in Computing Systems (3)

Enterprise Security

Class Number: 8026

Delivery Method: In Person


  • Course Times + Location:

    Sep 6 – Oct 6, 2023: Tue, 11:30 a.m.–1:20 p.m.

    Oct 11 – Dec 5, 2023: Tue, 11:30 a.m.–1:20 p.m.

    Sep 6 – Dec 5, 2023: Thu, 11:30 a.m.–12:20 p.m.

  • Exam Times + Location:

    Dec 9, 2023
    Sat, 3:30–6:30 p.m.

  • Prerequisites:

    CMPT 300 with a minimum grade of C-.



Current topics in computing systems depending on faculty and student interest.


  • In this course, students will study the leading and practical approaches for Security Management and Security Operations at an enterprise.
  • The course comprises of two major components:
    • Aspects of Enterprise Security Management conducted primarily at the management level by the likes of a Chief Information Security Officer (CISO) including how it is orchestrated in an organization at various levels of the functional hierarchy in the business, in IT and within the security function; and how it is held together through an Information Security Management Systems (ISMS). Key aspects of Security Management would include:
      • Strategic alignment with organization mission and business strategy,
      • Integration with Business & IT processes, Development of management systems,
      • Close cooperation and coordination with other enterprise stakeholder functions,
      • Governance through a cross functional Security Council,
      • Detailed tactical security metrics rolling up to business level risk metrics,
      • Public/press relations.
    • Aspects of Integrated Security Operations conducted mostly at operational levels by the SecOps function usually under the CISO including how it is orchestrated in an organization at various levels of the functional hierarchy in the business, in IT and within the security function; and coming together at the Security Operations Center (SOC). Key aspects of Security Management would include:
      • Asset lifecycle management including hardening & configuration management,
      • Vulnerability assessment and Penetration Testing; Security logging and monitoring,
      • Collation, correlation & event management,
      • Security incident management and orchestration; Mitigation and auto-remediation,
      • Breach response and Forensics; Recovery and rebuild; RCA (root cause analysis),
      • SLAs (service level agreements); RTO & RPO (recovery time/point objective),
      • Reporting and interaction with internal stakeholders (management and the Board), and external stakeholders (customers, shareholders, public, press and law enforcement),
      • Integration with risk management/assessment and security awareness.
    • Students will learn about key aspects of Security Management through Information Security Management Systems (ISMS) and Security Operations through a Security Operations Center (SOC), and a Security Incident Response program, their implications for all domains of security, and further to all types of security roles in an average enterprise.
    • Students will understand how the strategic approach of Security Management through ISMS is complemented by a tactical capability built around Security Operations, and how the two programs orchestrate value together.
    • Students will learn about the key domains associated with Security Management and Security Operations, key technologies in vogue across enterprises globally, how these technologies integrate and collaborate for enterprise business protection.
    • Students will explore the Capability Maturity Model (CMM) for assessing Security Management and ISMS, and benchmarking practices across industry sectors using various global standards and industry frameworks.
    • Students will understand the leading technology platforms and vendors serving the domains of security operations, and best practices around effective deployment and integration of such technologies.
    • Students will learn about the Security Kill Chain and how Integrated Security Operations provides approaches to deal effectively with threats and vulnerabilities across the kill chain.


 *Cross-listed with CMPT980 D2







As most of the aspects covered in this course are practically prevalent in the industry, albeit in a specific customized manner in a specific corporation/entity, students can learn better by having an opportunity to interact with industry practitioners sharing their real-life experiences aligned to the course curriculum. Students will interact with industry practitioners who shall share real-life scenarios and experiences showcasing Security Management and Security Operations executed with an understanding of the business context, connect the dots between the needs or problems of the enterprise and the likely solutions built through a combination of technologies, processed and people. Industry guests will be invited to share with students their real-life experiences and provide informed perspectives on what expectation industry carries from new members of the work force, and what approaches will make students successfully break into a career in Security.


Course Learning Outcomes:

After successful completion of this course, the students will be able to:

  • Describe how to build an Information Security Management Systems (ISMS) and orchestrate security management in an enterprise.
  • Explain how Information Security aligns strategically with enterprise goals and business processes and works in sync with a host of enterprise collaborators.
  • Have clarity on Security Governance through enterprise level Security Risk Management, Architecture, Compliance, Security Operations and Metrics.
  • Develop and deploy an enterprise security awareness program.
  • Describe how to build a Security Operations Center (SOC) and orchestrate security operations in an enterprise by leveraging various technical & operational capabilities.
  • Enumerate the benefits of building incremental security maturity in an enterprise and achieving
  • Analyze and discuss case studies on synergistic orchestration of Security Management and Security Operations and bring out lessons to be learnt and opportunity areas.
  • Present assignments (in writing and presentation) on building and implementation of an Information Security Management System (ISMS) and a Security Operation Center (SOC).






(a) Quiz - 10%

(b) Midterm - 25%

(c) Research Assignment - 25%

(d) Final exam - 30%

(f) Active Participation - 10%



Your personalized Course Material list, including digital and physical textbooks, are available through the SFU Bookstore website by simply entering your Computing ID at: shop.sfu.ca/course-materials/my-personalized-course-materials.

Registrar Notes:


SFU’s Academic Integrity website http://www.sfu.ca/students/academicintegrity.html is filled with information on what is meant by academic dishonesty, where you can find resources to help with your studies and the consequences of cheating. Check out the site for more information and videos that help explain the issues in plain English.

Each student is responsible for his or her conduct as it affects the university community. Academic dishonesty, in whatever form, is ultimately destructive of the values of the university. Furthermore, it is unfair and discouraging to the majority of students who pursue their studies honestly. Scholarly integrity is required of all members of the university. http://www.sfu.ca/policies/gazette/student/s10-01.html


Students with a faith background who may need accommodations during the semester are encouraged to assess their needs as soon as possible and review the Multifaith religious accommodations website. The page outlines ways they begin working toward an accommodation and ensure solutions can be reached in a timely fashion.