This page contains tentativelecture plan and the lecture slides.




Week 1

(Jan 8)

Cancelled (NSF-SFS Symposium)


Week 2

(Jan 15)


Course Introduction

Overview of Security Management and Security Planning

(Based on Chap 1 and 2 of Whitman book – notes in the reading list section)


Lecture 1




Week 3

(Jan 22)


Contingency Planning, Information Security Policy &Programs,

(Chap 3-5 of Whitman book; notes in reading list section)


Additional Reading: 

Contingency Planning Guide for Information Technology System (NIST 800-34

Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST 800-14)


(Covered till Slide 58)


Lecture 2


Week 4

(Jan 29)


Continue Lecture 2


Overview of Computer Forensics

(Source: Guide to Integrating Forensic Techniques into Incident Response (NIST SP800-86)


(Covered: Lecture 3, and Slide 100 of Lecture 2)


Lecture 3


Week 5

(Feb 5)


Class will be held at Pitt’s CSSD Unit (Bellefield Hall)

-       Overview of CSSD’s InfoSec Infrastructure/Team/Program

-       Presentation and Discussion on Pitt’s InfoSec IRP/DRP (Sean Sweeney, Jay Graham, CSSD)

-       Demo and some hands-on on Computer Forensics at CSSD


READ NIST DOCUMENTS LISTED ABOVE BEFORE THIS CLASS – Actively participating in the discussion about CSSD is expected


(CSSD Proprietary slides on DR plan, Info Sec plan and a Computer forensics lab/case study (this should be done by all as there was a limited time at CSSD)

Week 6

(Feb 12)


Remaining from Lecture 2


Risk Management

(Chaps on Security Management of Whitman book; notes in reading list section)

(NIST: Managing Information Security Risk: Organization, Mission, and Information System View (SP 800-39))


Lecture 4




Week 7

(Feb 19)

On Feb 18 (Tuesday) – Visit to Pitt’s NoC and Guest Lecture

Louis Passarello (NoC Director) At 10-12Noon

(NoC process, support features, physical security, server/data center overview; tools overview)

Lecture/NoC and

Datacenter Tour

Overview onsite

Week 8

(Feb 26)


Guests from US Steel

D.J. Mance, (Director of Global Communications Technologies) &

Nicholas Hewlett (Network Security Manager)

Risk Management (Continued)


Week  9

(March 5)


Guests from PNC Bank 

Luis Guzman Jr.  (Cyber Threat Analysis Manager | PNC-CERT)


Continue with remaining slides from earlier lectures

Management Models/Practices


Lecture 5

Spring Break

Week  10

(March 19)


Cloud Computing: Security and Privacy Issues

(See the Reading list for the required/recommended readings)

Project discussion


Lecture 6

Week  11

(March 26)


Guest lecture by Prof. Balaji Palanisamy

Topics: Location Privacy + MapReduce/Cloud S&P


Guest Lecture

Week  12

(April 2)

Guest: Amirreza Masoumzadeh (LERSAIS PhD Student) – Brief overview of Social Network Anonymity


Paper presentations:  Security and Privacy in Cloud Computing (See reading list for schedule)

Guest Lecture


(see reading

list for papers)

Week 13

(April 9)

Guest: Nathalie Baracaldo (LERSAIS PhD Student) – Towards Tackling the Insider Threat: risk aware access control approach


Paper presentations: Security and Privacy in Social Networks (See reading list for schedule)

Guest Lecture


(see reading

list for papers)

Week  14

(April 16)

Paper presentations: Security and Privacy SmartGrid Environments (See reading list for schedule)


Reading for all:

(see reading

list for papers)

Week 2

(April 23)


Legal Issues


Reading assignments

·         Legal, Ethical, and Professional Issues in Information Security

·         Information Security Governance

·         The State of Information Security Law A Focus on the Key Legal Trends

·         A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace

·         Homeland Security Act, Patriot Act, Freedom of Information Act, and HIM (Updated)

·         ADA Section 9 Resources

·         Legal Issues within Corporate "Bring Your Own Device" Programs


(Submit Projects and schedule demos as necessary)

Lecture 7