pittlogo

           

IS-2820/TEL-2813: Security Management (Spring-07)

Thursday 6:00 - 8:50PM

Room IS 406

 

Instructor
Chris Hall

Contact Info
 hall[@]alumni.pitt.edu

GSA
Saubhagya Joshi
srjoshi@mail.sis.pitt.edu

 

 

Lab

 

(Lab 1)

Firewall

 

(Lab 2)

IDS/ IPS

 

(Lab 3)

Common Criteria

(Discussions, Tutorial)

 

 

Final Presentation

(Guidelines, List)

 

 

Lectures

Lecture 1

(Slides)

(Chapters 1 and 2)

 

Lecture 2

(Slides)

(Chapters 2, 3)

 

Lecture 3

(Slides)

(Chapter 4)

(Slides)

(Chapter 5)

(Slides)

(Chapter 6)

 

Lecture 4

(Slides)

(Chapter 7)

(Slides)

(Chapter 8)

(Lab Intro)

 

Lecture 5

(Slides)

(Other Material)

(Slides)

(Feb 14)

 

Lecture 6

(Slides)

 

Lecture 7

(Slides)

(On Generalized RBAC Model)

 

Lecture 8

(cc, le)

(Common Criteria + Legal Ethical)

 

Talks

(1)

 

(2)

 

Lecture Notes

(Chap1)

(Chap2)

(Chap3)

(Chap4)

(Chap5)

(Chap6)

(Chap7)

(Chap8)

(Chap11)

 

 

Other Material

A&P Risk Review

Plan(ppt)

 

A&P Approaches

(doc)

 

7 steps to Security

Awareness (pdf)

 

Additional Matter (pdf)

Course Description
 

This course covers issues related to administration and management of security of enterprise information systems and networks. Topics include intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, digital immune systems, and alarms and responses. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation and certification process; security planning, ethical and legal issues in information; privacy, traceability and cyber-evidence;

Course Objective

The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. The course is aimed at developing capabilities to do the following:

  • Carry out a detailed analysis of enterprise security by performing various types of analysis such as vulnerability analysis, penetration testing, audit trail analysis, system and network monitoring, and configuration management.

  • Carry out detailed risk analysis and assessment of enterprise systems using various practical and theoretical tools.

  • Design detailed enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels by providing due consideration to the life-cycle of the enterprise information systems and networks, as well as its legal and social environment. 

Prerequisites

  • TEL-2300 (or equivalent)
  • IS-2150-TEL2810 or TEL-2821 or permission of the instructor

Students who have taken either of the following courses will benefit the most from this course:

  • IS2150/TEL2810 Introduction to Computer Security
  • IS2170/TEL2820 2820 Cryptography

If you have not taken either of these courses, have not taken other courses, and want to take this course, please talk to the instructor.

The course will include laboratory components hence basic knowledge of system environments (Window and Unix) will be essential. The students are expected to have adequate programming skills (C, C++ or Java).

Course Material

There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.

  • Management of Information Security, M. E. Whitman, H. J. Mattord

  • Guide to Disaster Recovery, M. Erbschilde

  • Guide to Network Defense and Countermeasures, G. Holden

  • Real Digital Forensics: Computer Security and Incident Response, 1/e; Keith J. Jones, Richard Bejtlich, Curtis W. Rose
    Computer     Security: Art and Science, Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003

  • Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall

  • Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001

  • Additional reading list of journals and articles will be provided


Tentative Course Outline

Introduction to Security Management (3 Weeks)

  • Overview of security policies, models and mechanisms

  • Security Management Principles, Models and Practices

  • Security Planning and Asset Protection

  • Developing Security Programs and Disaster Recovery Plans

  • Case Studies

Security Analysis and Safeguards (tools and techniques) (6 Weeks)

  • Vulnerability analysis (Tools and Techniques)

  • Penetration testing

  • Risk Management

  • Protection Mechanisms and Incident handling

    • Access Control and Authentication architecture

    • Auditing systems and audit trail analysis

    • Configuration Management

    • Network defense and countermeasures

      • Intrusion Detection Systems (SNORT)

      • Architectural configurations and survivability issues

        • Firewall configurations and network design

        • Virtual private networks

        • Dial-up security

      • Computer and network forensic

    • Privacy Protection

  • Case studies on OS and application software (e.g., SELinux, Unix and Windows)

Standards and Security Certification Issues (4 Weeks)

  • Rainbow Series, Common Criteria

  • Security Certification Process

  • Case studies

National and International Security Laws and Ethical Issues (2 Weeks)

Grading (Tentative)

Homework + Class Participation 10%

Midterm Presentation 30%

Finals 30%

3 Labs 30%

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.