IS2621/TEL2813: Security Management (Spring-2015)

Thursdays 3:00 - 5:50PM

IS 411

James Joshi

Contact Info
706A, IS Building,




Lecture 6 up



Reading List


Go to LERSAIS page


Course Description

This course covers issues related to administration and management of security of enterprise information systems and networks. Topics include intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, cyber defense/operations, and security program management and lifecyle. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation, accreditation and certification process; security planning, compliance issues ethical and legal issues in information; privacy, traceability and cyber-evidence;

Course Objective

The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. The course is aimed at developing capabilities to do the following:

  • Carry out a detailed analysis of cyber defense operations and planning, and enterprise security management and understand various security management models/methods/standards.
  • Carry out detailed risk analysis and assessment of enterprise systems using various practical and theoretical tools.
  • Understand and employ tools for forensics, including host forensics, network forensics, device and/or media forensics
  • Understanding of how to make enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment. 
  • Understand emerging new technologies (such as Social network, smartgrid, cloud computing) within the context of organizational information security.


  • TEL2300 (or equivalent)
  • IS2150/TEL2810 or TEL2821 or permission of the instructor

Students who have taken either of the following courses will benefit the most from this course:

  • IS2150/TEL2810 Introduction to Computer Security
  • IS2170/TEL2820 2820 Cryptography OR Network Security

If you have not taken either of these courses, have not taken other courses, and want to take this course, please talk to the instructor.

The course will include laboratory components hence basic knowledge of system environments (Window and Unix) will be essential. The students are expected to have adequate programming skills (C, C++ or Java).

Course Material

There is no one book that covers all the topics considered in this course. Here are some reference books that will be recommended for the course.

(More to add)

  • [Highly Recommended] Management of Information Security, M. E. Whitman, H. J. Mattord (will cover several high level concepts from this)

[Other references]

  • NIST Special Publications and other InfoSec Standards publications
  • Managing Risk in Information Systems, Darril Gibson
  • Guide to Disaster Recovery, M. Erbschilde
  • Computer Security: Art and Science, Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003  
  • Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall
  • Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001

Additional reading list of journals and articles and NIST/GAO and federal reports will be provided.

Tentative Course Outline (Order of coverage in class may be different).

Introduction to Security Management & Cyber Defense/Operations

         Cyber Security Planning and Management

    • Security Management Principles, Models and Practices
      • Operational, Tactical, Strategic Plan and Management
      • Business Continuity / Disaster Recovery
      • Cybersecurity Strategy and Change Control
      • Security Planning and Asset Protection
    • Developing Security Programs and Disaster Recovery Plans

         Cyber Operations


Security Risk Management

         Risk Assessment/Analysis Methodologies

         Risk Management Measurement and Evaluation Methodologies

         Risk Management Models/Processes (NIST SP800-37)

         Risk Mitigation Strategies and Economics

         Risk Transference/Acceptance/Mitigation/Communication

Computer Forensics (tools and techniques)

         Host and Network Forensics

         Digital Forensics Overview

         Device/Media Forensics

         Forensic Accounting

Standards, Compliance and Security Certification/Accreditation Issues

         HIPAA, SO, FERPA, Data Breach Disclosure Laws, FISMA, Gramm Leach Bliley, PCI DSS

         Rainbow Series, Common Criteria

         Security Certification Process: DOD Policies and Directives, National and International Security Laws and Ethical Issues

Security and Privacy in Cloud computing/SN/Bigdata

Grading (Tentative)

Homework/Quiz/Paper review/Lab/Presentation/Class/Seminar Participation 50%
Exams/Paper/Project 50%

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.