Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Course name Code/No Units Credit Units Prerequisite Lecture Lab
Document related concepts
Next-Generation Secure Computing Base wikipedia , lookup
Cryptanalysis wikipedia , lookup
Unix security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Airport security wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyberattack wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Information security wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
3 0 0 3 Prerequisite COIT 324 Credit Units Information Security Training Code/No Lab Course name Lecture Units - Course Objectives: To discuss the important of system and network security To explain the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and remediation. To describe of how to manage information security. To explain the encryption technologies. To explain about the privacy and access management To describe of how digital forensics fits with the other forensic disciplines. To discuss various issues related to storage, physical, and advanced security. Course Description: Since IT systems are increasingly under attack, knowledge of Information Security (IS) is of paramount importance to the profession of IT. The IT professional must understand, apply, and manage information assurance and security in computing, communication, and organizational systems. It is also important for the IT professional to provide users with a framework to be sufficiently security aware to be an asset to the organization rather than a liability. Course Outlines: Fundamental Aspects o History and Terminology, Security Mindset (reasoned paranoia) o Design Principles (Defense in Depth), System/security life-cycle o Security implementation mechanisms (gates, guards, guns; cryptography) o Information assurance analysis model o (MSR model; threats; vulnerabilities; attacks; countermeasures) o Disaster recovery (natural and man-made) o Forensics Security Mechanisms (Countermeasures) o Cryptography , Cryptosystems, Keys: symmetric & asymmetric, Performance (software/hardware) , Implementation o Authentication "Who you are, what you have, what you know" , Bioauthentication (use of biometrics) o Redundancy, Intrusion Detection Operational Issues o Trends Auditing Cost / benefit analysis, Asset Management, Standards Enforcement, Legal issues, Disaster recovery (natural and man-made) Policy o Creation of Policies, Maintenance of Policies, Prevention Avoidance, Incident Response (Forensics), Domain integration (physical, network, internet, etc.) Attacks o Social Engineering, Denial of Service, Protocol attacks, Active attacks, Passive Attacks, Buffer Overflow, Attacks Malware (Viruses, Trojan Horses, Worms) Security Domains o Human-Computer Interaction, Information Management, Programming Networking, Program Fundamentals, Technologies o System Administration, System Integration and Architecture o Social and Professional Issues o Web Systems o Physical plant Integrative Platform Forensics o Legal Systems, Digital Forensics and its relationship to other Forensic disciplines, Rules of Evidence, Search and Seizure ,Digital Evidence, Media Analysis Security Services o Availability Integrity, Confidentiality, Authentication (source reliability), Non-repudiation Threat Analysis Model o Risk assessment, Cost benefit Vulnerabilities o Perpetrators, Inside attacks, External attacks, Black Hat, White Hat o Ignorance, Carelessness, Network, Hardware (design, implementation, installation, etc.) o Software (design, implementation, installation, etc.), Physical access Course Outcomes: Upon finishing this course, the student should: Briefly describe the history of the field of Information Assurance and Security. Explain the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and remediation. Give examples of how IT system components (e.g. servers, routers, people, and software) can be countermeasures, vulnerabilities, and also threats. Describe the three key factors involved in authentication and how they are used to verify identity and grant access to a system. Explain the process and value of two-factor authentication. Describe the characteristics of an effective password. Describe and compare physical access control to logical access control. Identify the key types of biometric information utilized in authentication from the perspectives of accuracy, intrusiveness and efficiency. Specify what constitutes admissible evidence in a legal proceeding and how to acquire and maintain this information Describe the role of policy and procedure in the IS Model. Explain and give examples of the social engineering techniques used to gain access to computing and network assets in an organization. Describe how a Denial of Service attack works against an organization’s network. List some different protocol attacks to which TCP/IP is susceptible. Describe how the different protocol attacks (e.g. TCP/IP) works against an organization’s network. Give examples of shared concerns across a specified set of security domains. Give examples of concerns that are specific to specified security domains. List three types of legal systems used by countries in the world. Describe how digital forensics fits with the other forensic disciplines. Describe the possible availability levels for a web service. Describe how redundancy and geographic dispersion relate to availability. Define integrity as a security service. Describe how one-way cryptographic functions are used to implement integrity in document transfer. Identify the aspects of a business that may be impacted by a security breach or interruption of operation. Explain the differences between a hacker and a cracker. Consider white hat, black hat, culture, community, tools, and technologies used Describe the role of the user in information assurance and how they fit into an Overall information assurance plan for an organization. Explain how ignorance and carelessness leads to vulnerabilities for an Organization. Assessment Strategy: Students will be assessed in this course based on a set of exams, quizzes and practical parts of it. Text Book: John R. Vacca, Computer and Information Security Handbook (The Morgan Kaufmann Series in Computer Security), 2nd Edition, Morgan Kaufmann publisher, 2009, ISBN-10: 0123743540 Other reference: Mark Stamp, Information Security : Principles and Practice, WileyInterscience publisher, 2005, ISBN 0471738484 Time table for distributing theoretical course contents Week 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Theoretical course contents Introduction Fundamental Aspects of Building a Secure Organization ch1 Modern Cryptography ch ch2, 24, Preventing System Intrusion ch3 ,ch4 ,ch21,ch22 Security Mechanisms (Countermeasures) ch7,ch10 Policy Attacks Security Domains Computer Forensic 19, p307 Security Services ch21, ch22 Threat Analysis Model ch22 Vulnerabilities ch23 p. 383-393 Encryption Technology ch24,25,26,27 from stamp book Managing Information Security ch15, ch16 p.255-267 Privacy and Access Management ch17, ch 29 p.269-292 Final exam. Remarks Exam 1 Exam 2
