Security Management

			IS2621/TEL2813: Security Management (Spring-08) Tuesdays 6:00 - 8:50PM IS 406
Instructor James Joshi Contact Info 721, IS Building, Tel:412-624-9982 jjoshi[AT]mail.sis.pitt.edu Announcement Lectures Homework HW1 Due Jan 26 HW2 Due Feb 6 Lab 1 Due Feb 12 Lab 2 Pre-lab Due Feb 29 Final version Paper Presentations on Feb 26 (Go to Reading List) Reading List Seminar Go to LERSAIS page Previous course offerings Spring 2007 Spring 2006 Spring 2005			Course Description This course covers issues related to administration and management of security of enterprise information systems and networks. Topics include intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, digital immune systems, and alarms and responses. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation and certification process; security planning, ethical and legal issues in information; privacy, traceability and cyber-evidence; Course Objective The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. The course is aimed at developing capabilities to do the following: Carry out a detailed analysis of enterprise security by performing various types of analysis such as vulnerability analysis, penetration testing, audit trail analysis, system and network monitoring, and configuration management. Carry out detailed risk analysis and assessment of enterprise systems using various practical and theoretical tools. Design detailed enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment. Prerequisites TEL-2300 (or equivalent) IS-2150-TEL2810 or TEL-2821 or permission of the instructor Students who have taken either of the following courses will benefit the most from this course: IS2150/TEL2810 Introduction to Computer Security IS2170/TEL2820 2820 Cryptography If you have not taken either of these courses, have not taken other courses, and want to take this course, please talk to the instructor. The course will include laboratory components hence basic knowledge of system environments (Window and Unix) will be essential. The students are expected to have adequate programming skills (C, C++ or Java). Course Material There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course. Management of Information Security, M. E. Whitman, H. J. Mattord Guide to Disaster Recovery, M. Erbschilde Guide to Network Defense and Countermeasures, G. Holden Computer Security: Art and Science, Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003 (Available online for Pitt Students) Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001 Software Security: Building Security In (by Gary McGraw) The Art of Software Security Assessment : Identifying and Preventing Software Vulnerabilities (by Mark Dowd, John McDonald, Justin Schuh) Additional reading list of journals and articles and NIST/GAO and federal reports will be provided. Tentative Course Outline Introduction to Security Management (3 Weeks) Overview of security policies, models and mechanisms Security Management Principles, Models and Practices Security Planning and Asset Protection Developing Security Programs and Disaster Recovery Plans Case Studies Risk Management (2 Weeks) Security Analysis and Safeguards (tools and techniques) (3-4 Weeks) Vulnerability analysis (Tools and Techniques) Penetration testing Protection Mechanisms and Incident handling Access Control and Authentication architecture Auditing systems and audit trail analysis Configuration Management Network defense and countermeasures Intrusion Detection Systems (SNORT) Architectural configurations and survivability issues Firewall configurations and network design Virtual private networks Dial-up security Computer and network forensic Privacy Protection Case studies on OS and application software (e.g., SELinux, Unix and Windows) Standards and Security Certification Issues (2-3 Weeks) Rainbow Series, Common Criteria Security Certification Process Case studies National and International Security Laws and Ethical Issues (2 Weeks) Grading (Tentative) Homework/Quiz/Paper review/Lab/Presentation/Class/Seminar Participation 50% Exams 20% Paper/Project 30% If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.

IS2621/TEL2813: Security Management (Spring-08)