IAS 2233 Introduction to Information Assurance and Security. Fall 2009

advertisement
Syllabus – IAS2233
OnLine
-1-
IAS2233 - Online
Introduction to Information Assurance/Security.
INSTRUCTOR:
Dr. Pedro A. Diaz-Gomez
OFFICE: 203D, Howell Hall
OFFICE PHONE: (580) 581-7934
E-MAIL: pdiaz-go@cameron.edu
OFFICE HOURS: Please look Blackboard under the Faculty Information Tab .
PREREQUISITE: EET 1063.
REQUIRED TEXT:
Michael E. Whitman and Herbert J. Mattord. Principles of Information Security, 4rd Edition. Course
Technology CENGAGE Learning. ISBN 1-111-13821-4
SUPPLEMENTAL READINGS:
Federal Information Processing Standards Publications (FIPSs): Publication 199 Standards
for Security Categorization of Federal Information and Information Systems; FIPS 200
Minimum Security Requirements for Federal Information and Information Systems; FIPS
Publication SP800-27 Rev A Engineering for Information Technology Security (A Baseline
for Achieving Security); National Institute of Standard and Technology (NIST) 800-34 Rev.
1 Contingency Planning Guide for Information Technology Standard; NIST FIPS 140-2.
You can look for these publications in the web page http://csrc.nist.gov/publications/
Internet Access
Students need internet access; so, it is the responsibility of the Student not only to have access to the
internet, but to have a word processor to write down projects. Cameron University facilitates these
resources on main Campus.
CATALOG COURSE DESCRIPTION:
Best practices, basic policies and procedures, ethics, and fundamental legal issues will be explored. Risk
Management and Disaster Recovery as applied to Information Assurance/Security will be investigated.
Ethics and vulnerability issues will be also be covered. Online 3 hours. Prerequisite: EET 1063.
EXPANDED COURSE DESCRIPTION:
This course provides the foundations of information assurance and security from a business
prospective. Topics covered include human factors, compliance with regulations, personnel security,
risk assessment and ethical considerations.
This course maps the following sections of National Security Telecommunications and Information
Systems Security 4011 and the Committee on National Security Systems 4012: Security Awareness
1
Syllabus – IAS2233
OnLine
-2(4011), Review Accreditation (4012), Grant Final Approval to Operate (4012), Planning and
Management (4011), Policies and Procedures (4011).
COURSE OBJECTIVES:

Understanding vulnerabilities, threats, and risks (INFOSEC, OPSEC, Software
Security, and Information Security – CNSS 4011 and 4012.
Understanding the concepts of security policies (Awareness CNSS 4011).
Understand basic security mechanisms used in order to protect information (NSTISS
Planning and Management, Access Control – CNSS 4011 and 4012).
Understand physical security and personnel security (Roles of Various
Organizational Personnel – CNSS 4011 and 4012).
Understand the development of the information assurance infrastructure and The




Security Systems Development Life Cycle. ( Introduced
AAS - SSLO1.1, Awareness
– CNSS 4011, Grant Final ATO, Review Accreditation, Verify Compliance –
CNSS 4012)

Understand the importance of human factors like ethics in the process of information
assurance. ( Reinforced AAS - SSLO4.1)
COURSE FORMAT:
The strategy for this course calls on the student to be an active participant in the learning
process. Students must prepare in advance each topic to be covered in class and as part of
their preparation they must make home works which come directly from the class’ book.
Usually students have to discuss topics with class mates. For doing that, you will be using
the corresponding topic under the Discussion Board in Blackboard. To begin with, look at
the forum Introduction under the Discussion Board and introduce yourself to the
classmates.
The instructor expands upon key concepts with comments and examples provided by the book
and class slides. The course includes virtual class room and chat sessions.
ACTIVE vs. PASSIVE LEARNING 1:
Studies indicate that students retain: 10% of what they read; 20% of what they hear; 30% of
what they see; 50% of what they see and hear; 70 % of what they say; and 90% of what they say
as they do. Adult learners learn better if they are ACTIVELY involved in the learning process!
The following has been adapted from the West Virginia Department of Psychology
Undergraduate Handbook
(http://www.as.wvu.edu/psyc/Undergraduate/Handbook/StudentSuccess/actpass.htm)


1
Active: Attend virtual class room and chat sessions. Pay attention, participate in
discussions, and asks questions.
Active: Skim assignments first, make up a list of questions they want answered, and
then read the assignment to answer the questions.
Kimberly Merrit. Sillabus MIS Spring 2007. Cameron University. Computing & Technology Department.
2
Syllabus – IAS2233
OnLine
-3

Active: Participates in the learning environment, making choices, looking for answers
outside of the class environment.
Active learners want deep learning. Deep learning is insightful learning. Deep learners
look for the meaning behind the learning.
There will be extra credit points for students that participate in virtual class rooms, group
discussions and other interactions programmed for this course. No more than 50 points will be
grant for this Extra credit.
BLACKBOARD:
Blackboard (http://blackboard.cameron.edu/ ) will be used throughout the course to provide a
forum for disseminating information, group work, discussions, projects, and for exams. The
correct blackboard course in which to enroll is: Intro Information Assurance/Security.
EVALUATIONS:
Exams. Exams are done individually. There are three (3) scheduled exams for this course. This
includes the final. Please see at the end of this syllabus the schedule and Blackboard. The exam
format will typically be multiple choices, short answers and essays. Exams are open notes and
book. Every exam covers all the content covered in the book, home works and projects. Every
exam has two parts. For the first part, you have 1:30 hours and for the second part you have at
most 1:00 hour. After those periods of time the exam will not be available. Once you begin an
exam, you have to finish it.
You are going to use Blackboard for presenting your exams. Under Assignments, you will find
the option exams and in there you will find the scheduled exam. You can take the exam only once
and in the due day the exam is scheduled.
Exams will not be curved and must be taken individually.
Midterms will be available from 6:00 am. To 8:00 pm. As University Policy Students have to take
an exam proctored, saying that the final will proctored and you have to e-mail the corresponding
party (to be announced) about the place on campus where you will take it in the specific date
given by your Instructor.
Every exam cover all the content studied in the book and assigned by the instructor as
home works, projects and readings. The answer to the question if this is going to be in the
exam is YES. The answer to the question of what chapters are going to be in the exam is
ALL.
Quizzes. There will be no quizzes in this course.
Make-up Exams. As a general rule, there will be no make-up examinations. If extenuating
circumstances beyond the student’s control exists (e.g. immediate family member death,
hospitalization, serious illness or accident), email the instructor. Make-ups are at the instructor’s
discretion and will be made on a case-by-case basis. No consideration will be given after the fact
unless the gravest circumstances exist and no late that one week after the due date of the exam.
3
Syllabus – IAS2233
OnLine
-4Projects. There will be three projects which apply and expand concepts covered in this course.
All projects must be done in a word processor. No handmade reports are accepted and only
electronic copies have to have submitted through Blackboard. Look under assignment using the
tab projects and after that look for the corresponding project submission, in order to submit the
corresponding project.
Projects are done in teams of two students. No hardcopies or e-mail attachments are accepted.
It is mandatory to keep electronic copy of projects and scripts submitted. No changes can be
made to documents, scripts and files submitted for evaluation. Students must keep backups of
those files which may be asked for the Instructor for revision and evaluation.
Lateness penalties for projects

Projects must be done the due date, if not, students will get 0 (zero) points in it.

There is no exception to this policy.
Home works. There will be review questions and exercises from the end of each chapter that will
not be received by the instructor for grading. However, some of those could be part of extra
credit according to the discretion of the Instructor. No more than 50 points will be grant for
homework extra credit.
Preparation for Class and studying together: Students must be adequately prepared for each
exam. Students must have into accounted that exams, and projects are made individually and that
students must give credit were credit must be done giving the corresponding citation. In addition,
the instructor may call upon students/student groups to discuss topics assigned from assignments.
Because the virtual class room are designed to expand upon and clarify text concepts, students
who fail to read the assigned material may not understand the material and may not draw full
benefit from discussion.
GRADING:
Grades are computed on the basis of points earned according to the Tables bellow. Exams, and
Projects could have different points according to the difficulty of each one and those are at the
discretion of the instructor.
ACTIVITY
Points
Exam 1
Exam 2
Final Exam
Projects
200
200
200
400
Total
1000
Grading Criteria:
4
Syllabus – IAS2233
OnLine
-5Grade
A
B
C
D
F
Percentage
>= 900
800 – 899
700- 799
600 – 699
< 600
Note: The instructor reserves the right to adjust the grading plan to account for unusual
circumstances.
Grades will be posted on blackboard at most 36 hours after the corresponding evaluation takes place, and
if there is any question or concern about a grade, students have 1 week to e-mail the instructor.
CONDUCT:
Please refer to the Common Syllabus under Cameron Links in Blackboard, this is part of
this syllabus.
Academic Honesty. Each student is expected to engage in all academic pursuits in a
manner that is above reproach. Students are expected to maintain complete honesty and
integrity in the online academic experiences. Any student found guilty of academic
dishonesty will be subject to disciplinary action as outlined in the Cameron University
Student Handbook, Cameron University Code of Student Conduct. If in doubt about
proper conduct for graded activities, please ask the instructor.
DROP DATES:
It is the student’s responsibility to withdraw from the class on or before the appropriate drop date.
Failure to withdraw by the appropriate deadline may result in a failing grade.
ATTENDANCE:
Attendance: If a student does not “login” to the course within the first 2
weeks of class, the student can be dropped from the course.
NETIQUETTE:
e-mails. 2 Whenever you send an e-mail to me please pay attention to the following
guideline:
Tom Russell. Work shop on “Three quick WAC strategies to get your semester off to a great start” Cameron
University Jan. 7 2008. trussell@cameron.edu
2
upon entering the lab. The telephone number of the Burch Hall lab is (580)-581-2338.
5
Syllabus – IAS2233
OnLine
-6
Writte down the subject indicating what class you belong to. For example
IAS2233 Project # 1 submission date.

Begin the body of the e-mail greeting.

After greeting explain clearly the purpose of your e-mail. The more information
you provide the better.

Finally, write down your complete name as it appears in blackboard.
I always reply e-mails at most 24 hours after I receive it, but if you do not follow this
guideline, your e-mail will be automatic deleted and you will receive an automatic reply in
this regard.
As Cameron University policy, you have to use your Cameron e-mail account for every email used in this course.
If for any reason you cannot contact your Instructor by e-mail, you can call him at his
office (580)-581-7934.
6
Syllabus – IAS2233
OnLine
-7-
Tentative Schedule
DATES
Jan 06 - 12
SEMEST
ER
WEEKS
1
COURSE TOPICS
Syllabus.
Beginning of Project # 1.
Introduction to Information Security: What is
security? CNSS (NSTISSI-4011) Security Model.
Components of an Information System.
Approaches to Information Security
Implementation. The system Development Life
Cyle. The Security Systems Development Life
Cycle.Security professionals and the Organization.
TEXT
CHAPTERS
Chapter 1
Chapter Summary Pag 33.
Review questions Pag. 33 & 34.
Exercises Pag 34 #2, 3, & 5.
Jan 13 - 26
2-3
The Need for Security: Business Needs First,
Threats, Attacks, Secure Software Development.
Chapter 2
Chapter Summary Pag. 82.
Review Questions Pag 83 & 84 .
Exercises Pag. 84 # 1, 3, & 5.
Jan 27 – Feb
2
4
Project 1 Submission on Feb 2nd.
Beginning of Project # 2.
Legal, Ethical, and Professional Issues in
Information Security: Laws and Ethics in
Information Security. Relevant U.S. Laws.
International Laws and Legal Bodies. Ethics and
Information Security. Codes of Ethics and
Professional organizations.
Chapter 3
Chapter Summary Pag. 113.
Review Questions Pg. 114 & 115.
Exercises pag. 115 #1, 4 & 5.
Feb 3 - 9
5
Risk Management: Overview, Risk identification,
Risk Assessment, Risk Control Strategies,
Quantitative vs. Qualitative Risk Control
Practices. Risk Management.
Chapter 4
Chapter Summary Pag. 166 & 167.
Review questions Pa. 167-168.
Exercises Pag. 168 & 169 # 1, 3, & 5.
Exam # 1on Feb. 9th .Online.
7
Syllabus – IAS2233
OnLine
-8DATES
Feb 10 - 23
SEMEST
ER
WEEKS
6-7
COURSE TOPICS
Planning for Security: Information Security
Planning and Governance, Information Security
Policy Standards, and Practices, The Information
Security Blueprint, Security education, Training,
and Awareness program, Continuity Strategies.
TEXT
CHAPTERS
Chapter 5
Chapter Summary Pag. 240 & 241.
Review Questions Pag 241 & 242.
Exercies Pag 242 # 5.
Feb 24 –
March 1
8
Project # 2 Submission on March 1st.
Beginning of Project # 3.
Security Technology: Firewalls and VPNs: Access
Control, Firewalls, protecting remote Conections.
Chapter 6
Chapter Summary Pag. 286.
Review Questions Pag. 287.
Exercises Pag. 288 # 5.
March 2 - 8
9
Security Technology: Intrusion Detection, Access
Control, and other Security Tools: Intrusion
Detection and Prevention Systems, Honeypots,
Honeynets, and Padded Cell Systems, Scanning
and Analysis Tools, Biometric Access Controls.
Chapter 7
Chapter Summary Pag. 344 & 345.
Review Questions Pag. 345 & 346.
Exercises Pag. 346 # 1.
March 9 - 23
10-11
Cryptography: Foundations of Cryptography,
Cipher Methods, Cryptographic Algorithms,
Cryptographic Tools, Protocols for Secure
Communications, Attacks on Cryptosystems
Chapter 8
Chapter Summary Pag. 392 & 393.
Review Questions Pag. 393 & 394.
Exercises Pag. 394 # 1.
Exam # 2 on March 16th. Online
March 26 29
12
Physical Security: Physical Access Controls, Fire
Security and safety, Failure of Supporting Utilities
and Structural Collapse, Interception of Data,
Mobile and Portable Systems.
Chapter 9
Chapter Summary Pag. 427.
Review Questions Pag. 428.
Exercises Pag. 429 # 1, 2 and 4.
8
Syllabus – IAS2233
OnLine
-9DATES
March 30 –
April 5
SEMEST
ER
WEEKS
13
COURSE TOPICS
Implementing Information Security: Information
Security Project Management, Technical and
Non-Technical Aspects of Implementation,
Information Systems Security Certification and
Accreditation.
TEXT
CHAPTERS
Chapter 10
Chapter Summary Pag. 465.
Review Questions Pag. 466.
Exercises Pag. 467 # 1.
Project # 3 on April 5th Submission.
April 6 - 19
14-15
Security and Personnel: Positioning and Staffing
the security Function, Credentials of Information
Security Professionals, Employment Policies and
Practices, Security Considerations for
Nonemployees, Internal Control Strategies,
Privacy and the security of Personnel Data.
Chapter 11
Chapter Summary Pag. 503.
Review Questions Pag. 505.
Exercises Pag. 506 # 1, 2, 3, 4, and 5.
April 20 - 26
16
Information Security Maintenance: Security
Management Maintenance Models. Digital
Forensics.
Chapter 12
Chapter Summary Pag. 574.
Review Questions Pag. 575.
Exercises Pag. 576 # 1, 2, 3, 4, and 5.
Final Exam. Online Proctored On Campus
from April 27th to May 4th and from 8:00 am to
5:30 pm. Students have to register.
Campus Labs
The labs on the second floor of the Howell Hall Building are open five days each week as follows:
M-Fri 8:00 AM – 5:00 PM
The Campus Lab at Burch Hall is open most holidays. Be prepared to show your current student ID card.
9
Download