Spring 2013 CS7493/CS5493 Course Syllabus Secure System Administration and Certification Instructor: James Childress Contact: james-childress@utulsa.edu Office Hours: MWF 10:00am-11:30am; MW 2:00pm-3:00pm Math and Computer Science Department Office: Rayzor 2090 Days Time Lecture T-Th 3:30pm-4:45pm KEP-U4 Course Home Page http://www.personal.utulsa.edu/~james-childress/ Prerequisite CS4153, Computer Security Textbook Title: Fundamentals of Information Systems Security Author: David Kim, et. al. Publisher: Jones & Bartlett Learning ISBN: 9780 76379 0257 Course Description Provisioning, procurement and installation of network, hardware and software systems for mission critical enterprises. System configuration and maintenance. Incident handling and response. System certification, testing and validation. This course partially satisfies requirements for the CNSS 4013 System Administrator certificate. Teaching Methods Lecture will be used to explain concepts that may or may not be covered in the textbook. Students will be responsible for topics assigned from the text as well as additional topics covered during lecture. Students will participate in group discussions and present their groups results to their peers. Projects and homework will be assigned in class and posted on the course web page. Exams, quizzes, in-class assignments, homework, and projects will be used to facilitate the learning process. Attendance is a requirement for many of the in-class activities and there are no make-up assignments granted for missing an in-class activity. Students are encouraged to bring a network accessible device to lecture. ADA Policy Students with special needs as outlined in the Americans with Disabilities Act: Academic accommodations will be provided when appropriate documentation is presented. Contact the Center for Student Academic Support in Lorton Hall for details. The Center for Student Academic Support will inform the instructor as to what special accommodations must be provided. Student Evaluation and Grade Assignments Students will be evaluated by their performance on exams, labs, homework, in-class exercises, projects, and quizzes. Final grades as well as all assignments will use the following criteria for assigning grades: Exceeds the instructor’s expectations: A Meets the instructor’s expectations: B Does not meet the instructor’s expectations: C Did not participate in the assignment: F Exam I 15% Final Exam 25% System Project 10% Individual Project 15% Group Project 30% Other 5% Assignment Submission Policy Assignments will be announced in class and posted on the course web page. Many assignments and the term project-milestones must be submitted by the due date. Any late work submitted by a student by definition cannot exceed the instructor’s expectations. No work will be accepted by the instructor after the instructor has graded and returned the completed assignments. Exam, Quiz, and Assignment Make-Up Policy You may be granted a make-up if a valid and excused absence is documented and approved by the Center for Student Academic Support. Valid and excused absences must be: A University sponsored event or trip. Extraordinary family or medical hardships. Hardships must have supporting documentation to receive special consideration. Supporting documentation does not entitle the student to a make-up. The decision to grant a make-up is at the discretion of the instructor. All other requests for rescheduling a make-up will be denied. Any make-up exams will be scheduled at the convenience of the instructor. If you miss an assignment, you must complete and return the assignment before the assignment is graded and returned to the other students. Attendance Absence is a detriment to your overall performance. Poor attendance fails to meet the instructor’s expectations. Some assignments will require students to present information during lecture. Some in-class activities cannot be rescheduled and no make-up assignment will be available. Electronic Devices Exams for this class have been of the essay type. The instructor will attempt to reserve a computer lab where students can write and submit an electronic copy of their exam. No other electronic device will be allowed during an exam. Accessing an unauthorized electronic device during an exam will result in no credit for the exam. Students are encouraged to bring a network accessible device to lecture. Failure to Withdraw Policy If you wish to withdraw from the course, you must fill out the necessary forms. Failure to follow through could result in a grade of F for the course in accordance with university policy. Student Competency Clause A student may be asked by a lab instructor or the course instructor to demonstrate a level of competency that is contained in any assignment completed by the student. It is possible to receive no credit for an assignment if a student is unable to demonstrate a level of competency contained in a completed assignment. Plagiarism Policy Plagiarism is claiming, indicating, or implying that the ideas, sentences, or words of another writer are your own. Plagiarism includes having another writer do work claimed to be your own, copying the work of another and presenting it as your own, or following the work of another as a guide to ideas and expression that are then presented as your own. Any work plagiarized by a student will receive no credit (zero points). Plagiarism is considered academic misconduct. Academic Dishonesty or Misconduct Academic dishonesty or misconduct is not condoned nor tolerated at Tulsa University. Academic dishonesty is behavior in which a deliberately fraudulent misrepresentation is employed in an attempt to gain undeserved intellectual credit, either for oneself or for another. Academic violations could result in no credit for an assignment, quiz, or exam; a failing grade for the course, or dismissal from the University. Deliberate misuse of the computing facilities falls under the heading of Academic Dishonesty or Misconduct. Examples of computing resource misuse includes but is not limited to the following: downloading or accessing information that is not used for academic purposes, copyright infringements, downloading or accessing illegal materials, personal business transactions for profit, malicious computer attacks designed to disrupt general computer activities, etc. See the University of Tulsa Undergraduate Bulletin for more details. Student Etiquette Students are expected to be attentive during class and not disrupt the learning process. Everyone is encouraged to participate in class discussions as directed by the instructor. Students are also encouraged to ask the instructor questions about the course material. Here is a list of activities that can disrupt the learning process: Forgetting to turn-off your cell phone during lecture, quiz, or exam time. Habitual tardiness. Leaving and re-entering the classroom during lecture, quiz or exam time. Engaging in conversation not relevant to the classroom activities. Exams will have assigned seating as directed by the course instructor. Any refusal to abide by the policies outlined in this document could result in any of the following: no credit for an assignment, a failing grade for the course, or dismissal from the university. Tentative Schedule of Activities The instructor may change the assignment schedule at any time by verbal or written notification in class and posted on the course web site. Important dates: First Mid-Term Exam February 28, 2013 @ 3:30pm Final Exam TBA* Presentations begin during the week of April 16-18, 2013 The final exam will be kept on file for a period of one year and will not be available to students. *The final exam will be scheduled in accordance with University policy. Confidential Information Grades will be posted using Web Advisor at the end of the semester after all exams, quizzes, projects, and assignments are graded. Point totals may be periodically posted using WebCT. No confidential information will be sent through the e-mail or given over the phone. All requests for grades by e-mail or phone will be denied. Be sure to check the web site for further information about grades. Avoid sending e-mails with attachments. You must make prior arrangements to send the instructor an e-mail message containing an attachment. Topics Course Introduction, vocabulary & student survey CSI Survey and critical evaluation Physical security by environmental design Breaking in: Malware, Social Engineering, & Emanations A brief history of computing security Computer Security Standards o Orange Book o NIST FISMA Guide, National Institute of Standards & Technology, Federal Information Security Management Act o CERT Guide o Common Criteria o SDLC – System Development Life Cycle Computer System o Deployment o Security o Maintenance o Incident Handling & Response Special topics chosen and presented by the students Acknowledgements Brett Bartow of Tripwire, Inc.