TELCOM 2825 Information Systems and Network Infrastructure Protection

TELCOM 2825 Information System and Network Infrastructure Protection

Fall 2007 Course Schedule

Please, note that the following schedule contains dates of classes and reading assignments for these dates. While I will try to follow this schedule, we may turn out to go faster or slower depending on the difficulty that the class experiences with the material, in which case I will have to adjust the schedule. I will tell you about any possible schedule changes as we go. In case of larger changes, I will make an updated schedule available. The readings are from the main course textbooks, books on reserve, typed class notes and handouts. Assignments are due one week after they are posted.

August 29
        Organization, Overview of Information System and Network Infrastructure Protection
        [Reading: National Strategy for Physical Protection of Critical Infrastructure and Key Assets,
         Chapter 1, 2 of T. Lewis, National Infrastructure Protection Plan]
        Slides 1 ,

September 5
        Infrastructure Protection Challenges, Role/Strategy of the Government
        [Reading:, Chapter 3 in T. Lewis, Chapter 6 in Whitman and Mattord, IT SSP Report,
         National Strategy to Protect Cyber Space ]
        Slides 2, Assignment 1,

September 12
        Risk Management Approaches,
        [Reading: CHAPTER 4 ONLY pp 66-127 in   GAO Cybersecurity for Infrastructure Protection ISO article ]
        Slides 3, Octave Method , Class Project List

September 19
        Qualitative Risk Management Techniques for IT
        [Reading: NIST Risk Management Guide to IT Systems,]
        Slides 4,   Assignment 2

September 26
        Quantitative Model Based Risk Analysis
        [Readings: CHAPTER 4 and 5 in T. Lewis Book]
      Slides 5, Assignment 3, October 4th Seminar Announcement

October 3
       Quantitative Model Based Risk Analysis (example of Telecom Vulnerability)
        [Reading: Chapter 6 in T. Lewis Book], Slides 5 continued, Slides 6,   Carrier Hotels,

October 10
        Simulation Modeling of CI/KR and Risk
        [Reading:  Slides 7, Infrastructure Simulation Paper]
         Slides 7

October 17
          CIP policy/legal/insurance issues
          Slides 8, Sample CyberInsurance Policy , CyberLaw Chapter   Assignment 4

October 24
        CI/KR Risk Mitigation Techniques
       [Readings: Chapter 12,   in T. Lewis Book]
        Slides 9,

October 31
       CI/KR Risk Mitigation Techniques, SCADA
        [Readings: Chapter 13, 14 in T. Lewis Book]
         Slides 9 continued, Slides 10, NIST SCADA

November 7
        Availability Analysis and Network Survivability Techniques
        Slides 11, Assignment 5,

November 14
        Network Survivability continued
        Slides 12, Assignment 6

November 21
No Class Thanksgiving Break

November 28
Combined CIA modeling
Slides 13, Assignment 7,

December 5
Project Presentations

December 12
        Final Exam

TELCOM 2825 Information System and Network Infrastructure Protection

Fall 2007 Course Schedule

August 29 Organization, Overview of Information System and Network Infrastructure Protection [Reading: National Strategy for Physical Protection of Critical Infrastructure and Key Assets, Chapter 1, 2 of T. Lewis, National Infrastructure Protection Plan] Slides 1 ,

September 5 Infrastructure Protection Challenges, Role/Strategy of the Government [Reading:, Chapter 3 in T. Lewis, Chapter 6 in Whitman and Mattord, IT SSP Report, National Strategy to Protect Cyber Space ] Slides 2, Assignment 1,

September 12 Risk Management Approaches, [Reading: CHAPTER 4 ONLY pp 66-127 in GAO Cybersecurity for Infrastructure Protection ISO article ] Slides 3, Octave Method , Class Project List

September 19 Qualitative Risk Management Techniques for IT [Reading: NIST Risk Management Guide to IT Systems,] Slides 4, Assignment 2

September 26 Quantitative Model Based Risk Analysis [Readings: CHAPTER 4 and 5 in T. Lewis Book] Slides 5, Assignment 3, October 4th Seminar Announcement

October 3 Quantitative Model Based Risk Analysis (example of Telecom Vulnerability) [Reading: Chapter 6 in T. Lewis Book], Slides 5 continued, Slides 6, Carrier Hotels,

October 10 Simulation Modeling of CI/KR and Risk [Reading: Slides 7, Infrastructure Simulation Paper] Slides 7

October 17 CIP policy/legal/insurance issues Slides 8, Sample CyberInsurance Policy , CyberLaw Chapter Assignment 4

October 24 CI/KR Risk Mitigation Techniques [Readings: Chapter 12, in T. Lewis Book] Slides 9,

October 31 CI/KR Risk Mitigation Techniques, SCADA [Readings: Chapter 13, 14 in T. Lewis Book] Slides 9 continued, Slides 10, NIST SCADA

November 7 Availability Analysis and Network Survivability Techniques Slides 11, Assignment 5,

November 14 Network Survivability continued Slides 12, Assignment 6

November 21 No Class Thanksgiving Break

November 28 Combined CIA modeling Slides 13, Assignment 7,

December 5 Project Presentations

August 29
Organization, Overview of Information System and Network Infrastructure Protection
[Reading: National Strategy for Physical Protection of Critical Infrastructure and Key Assets,
Chapter 1, 2 of T. Lewis, National Infrastructure Protection Plan]
Slides 1 ,

September 5
Infrastructure Protection Challenges, Role/Strategy of the Government
[Reading:, Chapter 3 in T. Lewis, Chapter 6 in Whitman and Mattord, IT SSP Report,
National Strategy to Protect Cyber Space ]
Slides 2, Assignment 1,

September 12
Risk Management Approaches,
[Reading: CHAPTER 4 ONLY pp 66-127 in GAO Cybersecurity for Infrastructure Protection ISO article ]
Slides 3, Octave Method , Class Project List

September 19
Qualitative Risk Management Techniques for IT
[Reading: NIST Risk Management Guide to IT Systems,]
Slides 4, Assignment 2

September 26
Quantitative Model Based Risk Analysis
[Readings: CHAPTER 4 and 5 in T. Lewis Book]
Slides 5, Assignment 3, October 4th Seminar Announcement

October 3
Quantitative Model Based Risk Analysis (example of Telecom Vulnerability)
[Reading: Chapter 6 in T. Lewis Book], Slides 5 continued, Slides 6, Carrier Hotels,

October 10
Simulation Modeling of CI/KR and Risk
[Reading: Slides 7, Infrastructure Simulation Paper]
Slides 7

October 17
CIP policy/legal/insurance issues
Slides 8, Sample CyberInsurance Policy , CyberLaw Chapter Assignment 4

October 24
CI/KR Risk Mitigation Techniques
[Readings: Chapter 12, in T. Lewis Book]
Slides 9,

October 31
CI/KR Risk Mitigation Techniques, SCADA
[Readings: Chapter 13, 14 in T. Lewis Book]
Slides 9 continued, Slides 10, NIST SCADA

November 7
Availability Analysis and Network Survivability Techniques
Slides 11, Assignment 5,

November 14
Network Survivability continued
Slides 12, Assignment 6

November 21
No Class Thanksgiving Break

November 28
Combined CIA modeling
Slides 13, Assignment 7,

December 5
Project Presentations