Assignments
& Grading
|
|
Labs
and Cases :
|
20%
|
|
|
Security
issues white paper:
|
20%
|
|
|
Exams:
|
40%
|
|
|
Class
Participation:
|
20%
|
|
|
Total:
|
100
|
Special Considerations:
The
course web site will be use as a repository for examples of course paper
problems, model solutions, examples of projects, and further required course
material that arises during the class. Students must arrange for their own
access to the World Wide Web (Internet access is available free in the GSU
labs). All student work submitted in fulfillment of course requirements is
deemed to be granted in the public domain (copyright-free) for the purposes of
use as instructional material or examples of student work in future courses. The
course syllabus provides a general plan for the course. Deviations may be
necessary.
Lab
and Case Preparation:
Students
will form teams of 3 individuals and prepare one assigned policy lab or case
presentation. There will be policy labs in which student teams select, critique
and expand organizational information security and privacy policies. There are
several discussion cases during the class. Student teams will be assigned to
present cases. Teams will focus on why events are unfolding as described in the
case; and alternatives, possible actions that IT management might take or
recommend in such settings and the potential outcomes of these
actions.
Security
Issues White Paper :
Choose
an area of information security management, ethics, or privacy that interests
you and research it through the electronic media and the library. Discuss the
topic with your instructor early in the term for counsel and approval. Write
about a ten page (or more), single-spaced paper on the subject. A bibliography
of references must be included.
Your
goal should be to address a managerially significant issue and to propose an
action plan to address it. Examples of interesting topics might be: "The
Viability of Encryption for Transactional Systems", “Security Aspects of
Peer-to-Peer Computing”, “The Impact of Wireless on Corporate (or Home)
Networks”.
Sample
Abstract:
After defining and describing cryptographic techniques in common use
in commercial applications today, this paper examines the risk-cost tradeoff for
businesses thinking of encrypting their transactional data. The paper estimates
the costs of encrypting even a small part of large volume transactions and
points out the circumstances under which it might be economically viable. An
action plan for security managers includes a suggestion that client-server
applications working with sensitive payroll data over public telecomm lines use
RSA signature encryption.
Deliverable:
One ten-fifteen page plus term paper in electronic form and a PowerPoint
presentation to be used when you deliver your paper in session.
Team
Assignment and Peer Appraisal:
All
course assignments and lab exercises will be team-executed in group. These groups should function as a
self-managed team and adopt the rules and practices of this organizational work
structure. Participation in the course assignments/lab exercises should be
relatively equal among the group members, with each member monitoring both one’s
own level and quality of participation and that of the other members of the
group.
Consonant with the concepts and principles of self-managed
teams, peer appraisals will be part of the overall grading/evaluation of
individual performance. In the best managed teams, consensus on the relative
contributions of each of the team members will be derived through assessment of
documented facts and records, evaluation of team output, and evaluation of team
processes.
Tentative Schedule of Classes:
|
Session
|
Topics/Readings |
Detailed
Learning Objectives |
|
1
|
Introduction
to the course
Protection,
Detection and Reaction
Confidentiality, Integrity, and Availability
PBS
Frontline “Hackers” and “Cyber War” |
Identify the top five
threats to information security.
Identify the top five
types of attack or misuse.
Identify the two most
costly threats.
Suggest why one
(businesses, people) might want to use the Internet if it is so dangerous.
|
|
2
|
Introduction
to topics; Attacks, Threats
|
Identify the two highest
perceived sources of threats.
Describe in general terms
how viruses and worms work.
Identify the two most
expensive/costly viruses/worms (and, if you can determine, how they were
stopped).
Understand why viruses are
more prolific today
|
|
3
|
Networked
/ Distributed System security
WWW
security
Firewall
Lab
|
Name two network attacks
and describe at a high level how they work (and how to protect, if it can
be done)
Give five components of a
network defense system.
Describe what a firewall
does?
What is the most common
firewall type?
What is a
DMZ?
Examine how a firewall
blocks some attacks
|
|
4
|
Encryption,
PKI, and Credentials Identification and Authentication
|
What is the goal of
encryption?
Describe how SSL
works
Describe the difference
between symmetric encryption and asymmetric encryption (including
advantages and disadvantages)
Define digital signature
and hash function
How does a digital
signature show authentication, integrity, and
non-repudiation?
|
|
5
|
Access
Controls, Computer Security
Identity
Management
|
Define access control,
authentication, identification, confidentiality, integrity, and
availability
Name four mechanisms for
implementing access control
Give five examples of
proactive access control measures
Know potential components
of physical access control
Understand how privacy and
access control balance |
|
6
|
Security
Policy and Standards
|
Understand what the SANS
Security Policy templates are and how to use
Identify
the typical policies within corporations |
|
7
|
EXAM
I (MIDTERM) |
|
|
8
|
Security
Tricks and the Human Factor
|
Define social engineering
Understand the typical
techniques
Know potential
countermeasures |
|
9
|
Security
Risk Analysis
Vulnerabilities
and the Vulnerability Landscape
Threat
modeling and risk assessment
|
Understand the concepts of
risk assessment, threat modeling, and getting the threat wrong.
Know how to calculate the
annual loss expectancy and compare to countermeasure
costs.
Understand how to
construct simple attack trees and to use them to calculate the cost of
achieving a given goal. |
|
10
|
Business
Continuity Planning |
Understand the general
concepts in disaster recovery and business continuity
planning
Know the seven phases of
BCP
Understand the concepts of
dispersal of organizational capital and of survivability |
|
11
|
Critical
Infrastructure & Homeland Security
|
Identify the eight
critical infrastructures
Know the three types of
members of the InfraGard partnership
Know
who you should call if you get hacked (in theory) and what the first step
is you should take |
|
12
|
Security
Management and Organization Leveraging External
Resources
The
Security Process |
Understand the role of the
CISO and security organization in a contemporary
setting
Identify the major
categories of IS Security Management
Discuss the functions of
information security when in a simple
hierarchy |
|
13 |
Privacy
|
Define
privacy
State the top consumer
privacy concerns
Name four international
privacy laws (including the one with the biggest impact on the United
States)
What is Safe
Harbor
Name two privacy acts
within U.S. Privacy Legislation
Give two examples of
privacy glitches and how these were settled
|
|
14
|
Security
Issues Presentations
|
|
|
15
|
Exam
2 |
|
|
16
|
Security
Issues Presentations
|
|
