Security Management

			IS-2810/TEL-2813: Security Management (Spring-05) (IS-2810 is the new IS number for this course) Thursdays 6:00 - 8:50PM Chvrn 135 (Changed to First floor conference room in SIS building)
Instructor James Joshi Contact Info 721, IS Building, Tel:412-624-9982 jjoshi[AT]mail.sisl.pitt.edu GSA TBA Announcement (Update Feb 8) Homework Homework 1 (Due: Jan 26) (Papers assigned) Homework 2 (Presentations: Feb 3) Homework 3 (Due: Feb 16) (Papers assigned) (Extended Due: Feb 19) Homework 3 (Due: Feb 16) (Papers assigned) (Extended Due: Feb 19) Homework 4 Comment on Pittsburgh’s “Information Technology Security Plan – Security Architecture Strategy and Roadmap fro 2004-2006” (Some of you did it as part of HW 3) Projects 1 (Groups of Two) Due date April First Week) Topics [1] Computer Forensic [2] Network Vulnerability Assessment [3] Systems Vulnerability Assessment [4] Intrusion Detection [5] Security Evaluation based on Common Criteria Projects 2 (Possibly Two Groups) Seminar (click) Lectures Lecture 1 (Slides, PDF) Lecture 2 (Slides, PDF) Lecture 3 (Slides, PDF) Lecture Notes Lecture 4-6 (Slides, PDF) (Slides, PDF) (Slides, PDF) (Chap 4, 5 and 6) Guest Speaker Matt Tolbert, CISSP CISO-University of Pittsburgh (will bring material) Lecture 7, 8 (Slides, PDF) (Slides, PDF) Lecture 9 (Slides, PDF) Lecture 10 (Slides, PDF) Lecture 11 (Slides, PDF) Lecture 12 (Slides, PDF) Final Presentation			Course Description This course covers issues related to administration and management of security of enterprise information systems and networks. Topics include intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, digital immune systems, and alarms and responses. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation and certification process; security planning, ethical and legal issues in information; privacy, traceability and cyber-evidence; Course Objective The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. The course is aimed at developing capabilities to do the following: Carry out a detailed analysis of enterprise security by performing various types of analysis such as vulnerability analysis, penetration testing, audit trail analysis, system and network monitoring, and configuration management. Carry out detailed risk analysis and assessment of enterprise systems using various practical and theoretical tools. Design detailed enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment. Prerequisites TEL-2300 (or equivalent) IS-2150-TEL2810 or TEL-2821 or permission of the instructor Students who have taken either of the following courses will benefit the most from this course: IS2150/TEL2810 Introduction to Computer Security IS2170/TEL2820 2820 Cryptography If you have not taken either of these courses, have not taken other courses, and want to take this course, please talk to the instructor. The course will include laboratory components hence basic knowledge of system environments (Window and Unix) will be essential. The students are expected to have adequate programming skills (C, C++ or Java). Course Material There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course. Management of Information Security, M. E. Whitman, H. J. Mattord Guide to Disaster Recovery, M. Erbschilde Guide to Network Defense and Countermeasures, G. Holden Computer Security: Art and Science, Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003 Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001 Additional reading list of journals and articles will be provided Tentative Course Outline Introduction to Security Management (3 Weeks) Overview of security policies, models and mechanisms Security Management Principles, Models and Practices Security Planning and Asset Protection Developing Security Programs and Disaster Recovery Plans Case Studies Security Analysis and Safeguards (tools and techniques) (6 Weeks) Vulnerability analysis (Tools and Techniques) Penetration testing Risk Management Protection Mechanisms and Incident handling Access Control and Authentication architecture Auditing systems and audit trail analysis Configuration Management Network defense and countermeasures Intrusion Detection Systems (SNORT) Architectural configurations and survivability issues Firewall configurations and network design Virtual private networks Dial-up security Computer and network forensic Privacy Protection Case studies on OS and application software (e.g., SELinux, Unix and Windows) Standards and Security Certification Issues (4 Weeks) Rainbow Series, Common Criteria Security Certification Process Case studies National and International Security Laws and Ethical Issues (2 Weeks) Grading (Tentative) Homework/Quiz/Paper review/Presentation 50% Exams 20% Paper/Project 20% Misc. (Seminar, Participation in class) 10% If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.

IS-2810/TEL-2813: Security Management (Spring-05)