IS2621/TEL2813: Security Management (Spring-2014)

Tuesdays 3:00 - 5:50PM

IS 404 (may change)

James Joshi

Contact Info
706A, IS Building,






(Updated on March 25, 2014)


Reading List

(Updated on March 25, 2014)


Go to LERSAIS page


Course Description

This course covers issues related to administration and management of security of enterprise information systems and networks. Topics include intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, cyber defense/operations, and security program management and lifecyle. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation, accreditation and certification process; security planning, compliance issues ethical and legal issues in information; privacy, traceability and cyber-evidence;

Course Objective

The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. The course is aimed at developing capabilities to do the following:

  • Carry out a detailed analysis of cyber defense operations and planning, and enterprise security management by performing various types of analysis such as vulnerability analysis, penetration testing, audit trail analysis, system and network monitoring, and configuration management.
  • Carry out detailed risk analysis and assessment of enterprise systems using various practical and theoretical tools.
  • Understand and employ tools for forensics, including host forensics, network forensics, device and/or media forensics
  • Understanding of how to make enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment. 


  • TEL2300 (or equivalent)
  • IS2150/TEL2810 or TEL2821 or permission of the instructor

Students who have taken either of the following courses will benefit the most from this course:

  • IS2150/TEL2810 Introduction to Computer Security
  • IS2170/TEL2820 2820 Cryptography OR Network Security

If you have not taken either of these courses, have not taken other courses, and want to take this course, please talk to the instructor.

The course will include laboratory components hence basic knowledge of system environments (Window and Unix) will be essential. The students are expected to have adequate programming skills (C, C++ or Java).

Course Material

There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.

(More to add)

  • Management of Information Security, M. E. Whitman, H. J. Mattord
  • Guide to Disaster Recovery, M. Erbschilde
  • Guide to Network Defense and Countermeasures, G. Holden
  • Computer Security: Art and Science, Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003  
  • Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall
  • Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001

Additional reading list of journals and articles and NIST/GAO and federal reports will be provided.

Tentative Course Outline (Order of coverage in class may be different).

Introduction to Security Management & Cyber Defense/Operations (3-4 Weeks)

         Cyber Security Planning and Management

    • Security Management Principles, Models and Practices
      • Operational, Tactical, Strategic Plan and Management
      • Business Continuity / Disaster Recovery
      • Cybersecurity Strategy and Change Control
      • Security Planning and Asset Protection
    • Developing Security Programs and Disaster Recovery Plans

         Cyber Operations


Security Risk Management (3-4 Weeks)

         Risk Assessment/Analysis Methodologies

         Risk Management Measurement and Evaluation Methodologies

         Risk Management Models/Processes (NIST SP800-37)

         Risk Mitigation Strategies and Economics

         Risk Transference/Acceptance/Mitigation/Communication

Computer Forensics (tools and techniques) (3 Weeks)

         Host and Network Forensics

         Digital Forensics Overview

         Device/Media Forensics

         Forensic Accounting

Standards, Compliance and Security Certification/Accreditation Issues (2 Weeks)

         HIPAA, SO, FERPA, Data Breach Disclosure Laws, FISMA, Gramm Leach Bliley, PCI DSS

         Rainbow Series, Common Criteria

         Security Certification Process: DOD Policies and Directives, National and International Security Laws and Ethical Issues

Security and Privacy in Cloud computing/SN/Bigdata (2 Weeks)

Grading (Tentative)

Homework/Quiz/Paper review/Lab/Presentation/Class/Seminar Participation 50%
Exams/Paper/Project 50%

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.