CSIT 521 - Department of Computer Science at Hood College

wanderooswarrenΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

58 εμφανίσεις

HOOD COLLEGE

Department of Computer Science


Syllabus

CS
IT 5
21

Information Assurance

Fall 2011



Lectures



Wednesday
06:20PM
-
08:50PM, at H
odson
T
echnology (HT) room

237

Instructor:

Mr. Robert (Bob) J. Aiken

(aiken@
hood.edu)

Office Hours:


Wednesday

6
:20

to 8:50
pm.

Other times by appointment. Office: HT 261
-

also available
via email but

please plan and

allow time for a reply since I am an adjunct instructor
.




Course Description

This course examines the fundamental concepts of information assurance and security risk assessment. The
overarching theme is protecting the confidentiality, integrity and availability of data and their delivery systems.
Topics include security assessment

definitions and nomenclature, different approaches for risk assessment, high
assurance system design and techniques for quantitative and qualitative risk analysis. Throughout the course
numerous related security issues are examined such as threats, vulner
abilities, attack trends, tools, safeguards,
continuity of operations,
disaster recovery along with legal issues and policy.



Course Objectives

This course provides
both a
technical
and managerial examination of various security and information assurance
topics.
Upon completion of this course, students will be able to:



U
nderstand the concepts and purposes of information assurance (IA)



Understand the relationship between securing data, securing information technology and associated risks.



R
ecognize most
common risks to information systems

and
understand

basic security strategies

and technical
approaches



Understand
government policies and ethical issues related to information assurance



U
nderstand the concepts of multilevel and multilateral security

and und
erlying technologies to support
Information Assurance



Understand the
concepts and the appli
cations of security audits and incident

responses



A
ssess and evaluate the security of an Information System



Identify and
M
anage the risks
and costs
related to infor
mation assurance operations



E
stablish IA policies for various organizations


Text

Books:

Computer
Security:

Principles and Practice, by William Stallings

and Lawrie Brown, Pearson/Prentice Hall
-

ISBN: 0
-
13
-
600424
-
5

Principles of Information Security, by
Michael Whitman and Herbert

Mattord, Cengage Learning, ISBN
-
13: 978
-
1
-
111
-
13821
-
9 / ISBN
-
10:

1
-
111
-
13821
-
4

Recommended book: Information Security Governance, Krag Brotby, Wiley, ISBN 978
-
0
-
470
-
131118
-
3


Grading

Mid
-
Term Ex
am 35%, Final Exam 35%, Project

30%


Policies
-
Guidelines

CSIT 521 Information
Assurance


Aiken (FA11)

2
/
4

1.

Adhering to the Academic Honesty Policy/Honor Code is student responsibility. Deviation from the policy will
not be tolerated. Discussions with classmates are permitted
and encouraged;
but
,
deliverables must be your
own, individua
l work.

2.

Each person is responsible for a
research
project that includes
both
the research and

in
class

presentations
.
Information delivered in the student project presentations will be incorporated into the final

so make sure you
attend class
. If the cla
ss has
a

large
number of
student
s

then
two

students

may work on one project

upon
instructor approval
;

but
,

in those cases both students must do the research and presentation and the scope of the
project will be appropriate for 2 persons.

Project topics mu
st be approved by the instructor and are allocated on
a first come first ser
ve basis so chose quickly. Research project presentations, i.e.,

via

PowerPoint
, should be
submitted for review t
o the instructor no later than 1 week

before the topic presentation date. The instructor is
willing to do quick reviews of presentatio
ns for “appropriateness of scope

and depth of information” earlier than
the required two week delivery noted above.

3.

Attendance is expect
ed at each class mee
ting

since the classes will be a combination of
lecture and collaborative
discussion and discourse on the topics de jure

by the students and the instructor
.

Participation in class discussion
is required so make sure that you do your

reading assignments bef
ore the classes in which the topics will be
di
s
cussed
.

4.

The material in the course is, inherently, cumulative.
Be aware, if you fall behind, it may be difficult to catch up.



Topics

(tentative)

1
-

An Overview of Computer Security and Information Assurance

2


IT Security Planning

3


Security Personnel

4


Identity management

9
-

Risk management

10
-

Threats, Attacks, Malicious code

11


Intrusion Detection/Protection

12
-


Security and Information Assurance Policy

13
-

Cryptography

18


A
uthentication
and Access Control

21


Operating Systems security

22


Auditing, Monitoring, Maintenance


Tentative
Schedule

NOTE
:

The

examination dates

(Oct
12, Dec 16
)
are firm
. Mark your calendars.


Topics
are tentative

and may

change in terms of the ord
er,
breadth
and depth of examination.

The
number of students taking the course may dictate additional day(s) for class presentations.


The guest lecturer date is tentative on the availability of the lecturer.



S: Stallings book, W :Whitman and Mattord book


Session

D
ate

Topic

Reading Assignments

1

Aug. 24

Introduction

and

Overview of Computer Security

S: 1,

W:2
,3

2

Aug. 31

Introduction to Information
Assurance
,

S: 13

W: 2,3,9,11,10

3

Sep. 7

IT security planning, physical
security, personnel, identity

S:
18

W: 5,7

4

Sep. 14

IT security planning, physical
security, personnel, identity

S: W5

5

Sep. 21

Risk Management

S:
15,16
,17

CSIT 521 Information
Assurance


Aiken (FA11)

3
/
4

W: 4

6

Sep. 28

Threats, Attacks, Malicious Logic

S:
7,8,11,12

W: 2,11

7

Oct. 5

Intrusion Detection, Firewalls,
Implementing Information
Security

S: 6
,9,10

W: 6,10

8

Oct. 12

Midterm Examination


9

Oct. 19

Midterm review and
Guest
lecturer


tbd


10

Oct. 26

Policy and security

S: 13,14,15,16,17,18

W: 5


11

Nov. 2

Cryptography and PKI

S
2,19,20,21,22

W: 8


12

Nov. 9

Authentication and Access Control

S: 3,5

C: 2,3,12,15

13

Nov. 16

OS security, Auditing, Monitoring
,
Maintenance

S: 15,23,24

W: 12

14

Nov. 23

NO CLASS (Thanksgiving)


15

Nov. 30

Student Presentations


16

Dec. 7

Student Presentations


17

Dec. 14

Final Examination



Exams

The exams consist of expository and
short answer questions. The exams are closed book.

Their content is
cumulative, i.e. they address the material covered up to the day of the exam.

If a student misses the midterm exam due to an emergency (as agreed in advance by the instructor and/or by
providing definite proof of medical or

legal reason), there will be
no

makeup exam: the final will become
proportionally more important

(i.e 70%) of

the total grade
.

If a student misses the midterm exam without prior agreement by the instructor and/or definite proof as to the
medical or legal reasons, the student receives a zero grade for the exam.

The final exam is mandatory.



Grading Scale(s)

Unde
rgraduate Scale


Graduate Scale

%
3
.
93


A

%
90



A
-

%
6
.
86


B+

%
3
.
83


B

%
80



B
-

%
6
.
76


C+

%
3
.
73


C

%
70



C
-

%
6
.
66


D+

%
3
.
63


D

%
60



D
-


%
3
.
93


A

%
90


A
-

%
6
.
86


B+

%
3
.
83


B

%
80


B
-

%
6
.
76


C+

%
3
.
73


C

%
70


C
-

%
69


F






CSIT 521 Information
Assurance


Aiken (FA11)

4
/
4

Potential Project Topics:


-

Security challenges and approaches of Enterprise Data Centers vs Cloud Computing

-

Active Directory Domain Architecture for a 2 data center service center with 6 field sites

-

Trusted Internet Connections

-

Forensics

-

COOP/DR

and Archiving



Architecture,
approach
, and challenges

as well as pros and
cons



must address old disks, laptops, etc.

-

HSPD
-
12 : ICAM

-

BOTnets

-

Contamination: Identifying, techniques, challenges (especially
with Clouds)

-

New techniques and challenges with Data Protection

-

Addressing and Naming: help or hinder
security
? (see Handle)

-

Worms


history and future as well as
mitigations
-

use 3 well known recent worms

-

End to End encryption and IPv6 : Must address NA
Ts and hidden architectures

-

Cyber Crime

-

Virtual machines and security

-

Intellectual Property & Right to Privacy and Fair Use: Issues and challenges at national
and international levels

-

Data Protection via DAR or DIF

-

FISMA 800
-
53 (Overview)

and
the

Federal
Information Security Management Act of
2002

-

Federations and Trust: A comparison of Active Directory, Oracle’s ICAM, and
Shibboleth

-

In depth analysis of the
Stuxnet

Worm

-

Skype and VOIP Security

-

Wireless security and challenges