IMSC521-1900-IT Security Policies and Procedures-SP11 ...

shoulderslyricalΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

75 εμφανίσεις


1












IMSC521ONL

1900



IT Security Policies and Procedures


Spring 2011

Prerequisite: None

Administrative Information:


Class Duration:
4/4/2011 6/26/2011


Day/Time:

ONL


Annandale

Campus Phone numbers
:

Annandale: 703
-
941
-
0949

Kings Pa
rk: 703
-
537
-
0755

Manassas:

703
-
392
-
0487




Instructor

Contact Information
:


Instructor:

Sayed I. Hussein

E
-
mail:

shussein.faculty@unva.edu


Phone number:

703
-
941
-
0949


Instructional Material:


Mark Merkow, Jim Breithaupt
, “Information Security, Principles and Practices”

Pe
a
rson, Prentice Hall, 2006,
I
SBN:

0
-
13
-
154729
-
1

Course Description:


In this course the students will s
tudy
and learn
the
Information security ,Security
Management,
Security Architecture and Models,
Phys
ical security, security
Operation, Cryptography, Internet Security,



2

Course Learning Outcome
:



Upon successfully completing this course the student will be able to



Develop a strategy for pursuit of a career in Information Security.



Comprehend the Importa
nce of risk analysis and risk management tools
and techniques for balancing the needs of business.



Define and d
escribe

the role of international Information systems security
Certifications Consortium.



Security management, Organize a typical Standards and p
ol
icies library.



Summarize the concept of a trusted computing base (TCB).



Apply the Trusted Computer Security evaluation Criteria (TCSEC) for
software evaluation.



Distinguish between the business continuity plan (BCP) and the disaster
recovery plan (DRP).



Distinguish between Logical and physical Security,
outline the major
categories of physical security threats.



Outline the types of controls needed for secure operations of a data center



Implement the major terms and concepts related to access control and
r
elate them to system security.



Outline what mechanisms constitute a strong cryptosystem,
the role of
cryptography in e
-
commerce systems, Purpose and uses of Digital
signature.



Classify the various configurations and architectures for Firewalls,
Elements o
f IPsec.



The Future of Information Technology (IT) software security developments








Course Outline/ Expected weekly Learning Outcome

Week
-
1
: Introduction,
Growing

IT Security importance and new career opportunities,

Contextualizing Information Securi
ty.


Week
-
2
:
Absolute Security, Security Goals, Computer Security, Security=Risk
management, Security Controls,

Week
-
3
:
Certification and Information Technology, The Information Security Common
body of knowledge.

Week
-
4
:
Security Policies, Development an
d management of security policies,
policies
support documents,

Week
-
5
:
Defining the trusted computing base, system security Assurance concepts,
Computer security evaluation criteria, information technology security evaluation
criteria Confidentiality and
Integrity models.

Week
-
7
:
Understanding the physical security domain, Physical security threats,
Providing physical security.


3

Week
-
8
:
Operations Security Principles,
Operations Security

process controls,

Week
-
9
:
Applying Cryptography to Information Techn
ology, Strength of cryptosystem,
Examining Digital cryptography.

Week
-
10
:
Network security, OSI Reference model, Basic security infrastructure,
Firewalls, Intrusion detection system, Virtual Private Networks (VPN)

Week
-
1
1
:

Software Development Life Cycle
s, Sistributed System, Malware, Antivirus
Software, The rosy future for InfoSec specialists.


Teaching
Method
:


The class format will include
class lecture
readings, multimedia based
prese
ntations, and case discussion.
Small development projects will be
i
ncluded for both individual and team work. Significant class time will be used
to discuss, explore and analyze recent developments and technologies.


This course emphasizes the importance of relating the gained knowledge to real
world applications so prac
tical development projects will be an integral part of
course. These practical projects will be part of each unit; this allows continuous
integration of theory and practice.


This class is taught as a lecture, with demonstrations of key processes and hom
ework
that require students to use the programs and processes so that they are practicing
their skills outside the classroom. This class does not include a formal laboratory
component.


Students should use the computer laboratories at either campus if the
y do not have
easy computer access elsewhere to complete necessary homework and class
projects. Students should take this practical aspect of the course very seriously, and
ask questions in class if they do not understand any aspect of the software we use.


4




Course Schedule and Outline:

Week

Lecture Topic

Assignment
Given

Assignment
Due

Textbook
Reading

1

4/
4
/11

Ch.1, Why study
Information security?


Discussion1


Discussion1


Chapters 1

2

4/11/11

Ch.2, Information
Security Principles of
Success

Discuss
ion2

Discussion2

Chapters 2

3

4/18/11

Ch.3, Certification
Programs and the
common Body of
Knowledge


Q
uze
1

Q1

Chapters 3

4

4
/25/11

Ch.4, Security
Managements


Discussion3

Discussion3

Chapters 4

5

5/2/11

Ch.5, Security
Architecture and
Models

Assignment



Chapters 5

6

5/9/11

Mid Term Exam

Mid
-
Term

Mid
-
Term

Chapters
1
-
5

7

5/16/11

Ch.8,
Physical
Security Control

Discussion4

Discussion4

Chapters
8

8

5/23/11

Ch.9, Operations
Security

Assignment


Chapters
9

9

5/30/11

Ch.11, Cryptography


Q2

Q2

Chapter
1
1

10

6/6/11

Ch.12, Telecomm,
Network, and Internet
Security




Chapters
12

11

6/13/11

Ch.13, Application
Development
Security,

Ch.14, Securing the
Future

Assignment

Assignment

Chapter
13,14

12

6/20/11

Final Exam

Final

Final

Chapter
8
-
1
4


5

Course Requirem
ents
:



Assignment


Value

Points

TOTAL

Quizzes




1
0
%

2

quizzes each
50

points

100

Discussions



1
0%

4
Discussion

each 25 points 100

Assignment



20
%


3 Assignment 200

Mid Te
rm



25
%

250

Fina
l

Exam



35
%

350

----------------------
--------------------------------------------------------------
----------------------------------------------------

Total






100%





1000


A
cademic honesty is non
-
negotiable. All assignments submitted in fulfillment
of cour
se requirements must be the student's own work. Plagiarism and/or
any other form of academic dishonesty will not be tolerated and will result in
a grade of zero on the assignment. Students should consult the Student’s
Handbook on the University web
-
site or

in the University catalog.




The course grades are assigned as:


91


100%

-----------

A


81


90%

-------------

B


71


80%

---------

C


Below 7
1
%

--------

F


The distribution of certain information about students is governed by the Federal
Educational Records Protection Act (FERPA). According
to FERPA, student grades
may not be posted or given over the phone or the Internet.

Classroom Policies:

Attendance, Absence, Lateness, Incomplete

policy



In accordance with the policies of the University of Northern Virginia, class attendance is
required,
and classes will start promptly at the scheduled time. In online courses,
attendance will be determined based on

login to the course shell at least Two days per
week and participation on

discussion
s/submission of assignments/quizzes by the due
date

partici
pation of at least two days per week each week. If a student does not attend
during [three] weeks of the [twelve] week course, he/she will be

referred to designated
UNVA officials or may be subject for an automatic withdrawal from automatic
from the
cou
rse.



For an on ground courses students are expected to attend every class meeting unless if
they have documented

(egg Medical, family emergency leave….)

reason for missing

the
class session. Students who have 3 unexcused, (undocumented absentees
)

will be


6

referred to designated school officials.



A course grade of “incomplete” will be given only under very unusual circumstances, and
only if the student has completed at least 75% of the assigned work by the last day of
class and only when an incomplete cont
ract is signed and approved.



Students receiving Veteran’s benefits and International students in the US on F
-
1 visas
are reminded that regular attendance is required. The university is required by law to
report excessive absenteeism by students in these t
wo categories.


Library Usage

Library usage is required and will be expected in the development of one or
more of your class projects. Library resources provide essential sources of
data and information that you will need to successfully complete this cour
se.


The UNVA library offers a large number of resources, particularly online, for
the student to use in this course for literature reviews, annotated
bibliographies, and other projects or papers. Students can gather information
on current events, case stu
dies, and scholarly research. Examples include
current newspapers (Wall Street Journal), magazines (Business Week),
databases (ProQuest, Business Source Complete), other online resources
and access to the Internet. Students will become familiar with the l
ibrary
resources and shall incorporate them into assignments or projects as
appropriate.


Internet Usage:

You will be expected to have daily access to the internet and e
-
mail.
Assignment updates, additions and changes may be sent by e
-
mail.


If you do no
t own a computer, there are computers accessible to you in UNVA
computer labs and the UNVA Library.


Related to internet usage, it is also expected that you are able to:



Attach files to e
-
mails and retrieve attached files



Use proper grammar and etiquette
when writing e
-
mail



Use virus protection utilities on your computer



Use common applications such as word processor, spreadsheet, and
presentation software.


E
-
mail Usage:

You should use your UNVA e
-
mail account when sending an e
-
mail message
to any member
of the teaching team. To set up an account please use the
directions below.

UNVA Student E
-
mail Account Activation Directions


1.

E
-
mail box set up rules:



7



First letter of first name + last name + last four numbers of student ID;


For example a student na
me is John Lee and his student id is 107
-
00
-
2545


Then his e
-
mail account should start be jlee2546



Default password is unvaunva (lower case)


2.

Website
s




http://stud.unva.edu

(wit
hout WWW) . You will be able to access UNVA
email, login to your online course and student portal.



You may access your account via the homepage of
www.unva.edu

directly


3.

Regarding UNV
A student e
-
mail
, student portal otr technical issues with
Moodle assistance please

contact
:



itsupport@student.unva.edu




Please be aware of the limitations of e
-
mail and adhere to the followi
ng
guidelines.. Unfortunately, because of past experience, the guidelines now
include those e
-
mail behaviors to which no response will be given.




Write the Course Code in subject line,
then the topic (example: CSCI
518_1220:



Include a greeting and salutat
ion in all your e
-
mails.



Include your name as listed on class roster.



Retain all related e
-
mails at the bottom of any response you send and
place your response at the top. I will not search through previous e
-
mails
to attempt to discover the topic of our e
-
mail exchange, nor will I search
through a message for new information.



Content questions that require in
-
depth explanation are inappropriate for
e
-
mail and you will receive a response asking you to come to office hours
to have the question answered. In
online courses, or blended courses, you
may be directed to post your question or comments to the appropriate
online discussion forum.



Do not use e
-
mail in emergency situations or when you need a response
in less than 24 hours.


The following types of e
-
mai
l will receive no response:




Any e
-
mail which contains hostile or accusatory language will remain
unanswered and the sender may be reported to the appropriate
authorities.



Any e
-
mail sent requesting a change of grade for any reason other than an
error in c
alculation or recording of points will remain unanswered.


8



Any e
-
mail sent which contains student opinions about the “fairness” of the
course or exams will remain unanswered.

These concerns should be
written on Students Opinion Poll that will be reviewed fo
r by UNVA
administration for appropriate corrections/action.


--------------------------------------------------------------------------