Hospital successfully installs back up/recovery hot site with zero

advertisement
Course Title:
PETROCELLI COLLEGE OF CONTINUING STUDIES
Term/
Computer Security Administration
Summer 2, 2014
Semester/Year:
Course Catalog MADS 6638
Number:
Instructor:
Dr. Eamon P.
Doherty
Course
Description:
This course will introduce the basics of computer (confidentiality, message
integrity, etc..) and investigate ways to prevent hackers from accessing
websites. Encryption processes and firewall protection may not be enough
for someone who wants to access data on your computer system. This
course will analyze formal criteria and properties of hardware, software,
and database security systems and will determine ways to improve overall
site and system security. Additional topics to be reviewed include: formal
specifications, verification of security properties, security policies that
includes hardening a site and preventing intrusion, detection of an
intrusion and how to react to such an intrusion, safeguards for systems
organizational training and protocols, and other methods for providing
data security in this technical age will be reviewed and assessed.
Prerequisites
(If any):
Goals and
Objectives:
None
The course has the following goals and objectives
1. The student will know enough of the basics about information assurance
/ network security to be able to speak to federal govt. authorities,
technicians, and colleagues about threats, vulnerabilities, security
policies, and the CIA Triangle - confidentiality, integrity, and availability
of data
2. The student will also be able to discuss the basics of measuring security,
protection profiles, evaluating assurance levels, and applying various
methodologies and then re-evaluating the assurance level.
3. Students should be able to discuss the Bell LaPadula Model, Access
controls, and have enough background to prepare their studies for the
SSCP security certification examination
4. Students will also learn the basics of Windows Security which include
some knowledge of the registry, user accounts, audits, and policies
5. Students should also be able to converse with others about the various
type of hackers that exist as well as some countermeasures such as
firewalls, stateful packet inspection, honeypots, intrustion detection
systems, and application level proxies.
6. The student will also be aware of many of the newer attacks carried out
on business such as: The Dan Kaminsky Attack, Cache Poisoning Attack,
and the DNS Rebinding Attack.
Course Topics: The following topics will be included in this class:
 Computer Security,
 Biometrics,
 Defcon
 Black Hat Hacker
 White Hat Hacker
 Audits
 SOHO Firewall
 Incident Response
 MAC Address,
 MAC Address Filtering,
 SSID Broadcasting,
 Network Security Certifications
 War Driving,
 Routers,
 802.11,
 Physical Security,
 Incident Response
 Security Plan,
 Steganography,
 VPN,
 Backups,
 Risk Assessment,
 Network Mapping
 Leak and Penetration Tests
Texts and
Readings:
Required: Computer Security by Dieter Golmann, 3rd Edition, Wiley
Publishing, ISBN 978-0-470-74115-3
(See FDU online Journals and Magazines if link is not given)
Chenoweth, T., Minch, R., & Tabor, S. (Feb 2010). Wireless insecurity:
Examining user security behavior on public networks. Communications of
the ACM, 53(2), pp. 134-138.
Khansa, L. & Liginlal, D. Quantifying the benefits of investing in information
security. Communications of the ACM, 52(11), pp. 113-117.
Lendino, J. (June 26, 2007). Share media safely. PC Magazine, 26(13), p.
108.
Metz, C. (Oct 1, 2003). Data protection: Steganography. PC Magazine,
22(17), p. 84.
Ten steps to a Successful Security Policy (2003)
http://www.computerworld.com/s/article/85583/10_steps_to_a_successfu
l_security_policy
Examples of Internet Usage Policy, Incident Response Policy, Computer
Usage Policy, Audit Policy, Antivirus Policy, Awareness and Training Policy,
Email Policy, Disaster Recovery Policy, Backup Policy (2011)
http://www.dmoz.org/Computers/Security/Policy/Sample_Policies/
Hot Site Backups (2011)
http://www.ibackup.com/hot-sites/
Hospital successfully installs back up/recovery hot site with zero
downtime (2004)
http://articles.techrepublic.com.com/5100-10878_11-5211388.html
Supplemental
Readings
The following list of suggested reading materials is not an exhaustive source
of published works that focus on this topic. Some of these appear to be
vintage sources, but they are considered seminal materials that are
appropriate for this topic. They are not required but just give more
information on the topics.
Berghe, H. & Uecher, J. (Dec 2004). Wireless infidelity II: Airjacking.
Communications of the ACM, 47(12), pp. 15-20.
Villasenor, J. (Aug 2010). The hacker in your hardware. Scientific
American, 303(2), pp. 82 – 87.
The Complete Guide To E-Security, Protect Your Privacy On the Internet
By Michael Chesbro, Citadel Press, ISBN 0-8065-2279-8
The book "Incident Response" by Douglas Schweitzer (ISBN 0-7645-2636-7)
Entrance
Competences
The student should be familiar with using a personal computer with a word
processor to write a paper, able to use email, and basic Internet usage.
Exit
Competencies
The student will have learned enough to:
1. The student will understand what a network is, the components of a
network, and how to evaluate security.
2. The student will learn what a security audit is and what people in the
organization perform them and what permissions are needed.
3. The student will understand how the configuration of a computer
makes it vulnerable to local users as well as others on a network.
4. The student will understand the processes and mechanisms to help
block unauthorized access as well as examine logs to see intrusion
attempts
5. The student will understand the types of hackers that are on the
Internet, the types of attacks they use, and the dangers that they pose
to networks.
6. The student will know enough to write about security topics which
may include a basic plan to secure a small network.
Grading Policy Grade Scale: A = 95 - 100 B- = 80 - 82
A- = 90 - 94
B+ = 87 - 89
B = 83 - 86
Activity
C+ = 75 - 79
C = 70 - 74
F
= Below 70
Value
1. Discussion Board 20%
There are discussion sections at the end of each unit. The discussion
grade is based on relevancy of answer, amount of material written,
frequency of responses to each unit discussion.
Learning
Outcomes
Assessment
2. Assignments 20%
There are a series of weekly assignments to complete
3. Security Plan / Paper
20%
See Paper requirements later in syllabus
4. Midterm
20%
There is a midterm
5. Final Exam – 20 %
Each college program has identified outcome measures that indicate
whether students are successful in meeting the specific outcomes for the
program. The following are the four outcome measures that will be
assessed for the MAS program:
1. Strategic Orientation – An MAS graduate will demonstrate the ability
to develop, implement, coordinate, and/or manage a strategic plan
through a collaborative process.
2. Communication – An MAS graduate will demonstrate the ability to
prepare and deliver effective oral presentations and or write
documents that present and evaluate information and opinion in a
logical and analytical manner, incorporating research and
documentation, and using style, grammar, mechanics, and format
appropriate to an educated audience.
3. Information Literacy – An MAS graduate will demonstrate the ability
to carry out thorough and effective information search strategies
using traditional print, digital, and internet sources, evaluate
information accessed, and use this information along with existing
knowledge to create something new.
4. Critical Thinking – A MAS graduate will demonstrate competency in
critical thinking that encompasses dimensions of informal logic and
ethical analysis. In this class, we will be addressing the outcomes of
communications, information literacy, and critical thinking.
Assessment of
Learning
Class
Participation
Exams
Students are expected to bring their personal concepts and experiences to
assist the learning process. Participation in Discussion Boards is absolutely
necessary so that student colleagues can share these ideas. Moreover,
students must complete the assigned readings and assigned Questions and
Exercises and other assignments (case studies, simulations, etc.). Students
who are unable to keep pace due to illness or unforeseen professional
conflicts should advise the instructor immediately and provide a timeline
for catching up with assigned work. Non-participation, without good cause
(illness, work assignment conflicts, etc.) is unacceptable and will adversely
impact the grade earned for the course.
Examinations will involve short answer and comprehensive essays.
The mid-term exam will be returned the following week. The final exam
will be graded and returned by mail.
The exams will contain no surprises. All questions will be specifically
derived from class presentations/readings. There will be no questions
derived from materials not discussed in class. For the essay section of the
exams, students will be given a series of questions and will be asked to
respond to a specific number of items.
Exams are to be taken on the date assigned. Exams given on a date other
than the scheduled date without prior authorization will contain questions
from any aspect of the class presentations and readings, and there will be
no choice of questions to which to respond.
Examinations will involve short answer and comprehensive essays. The midterm exam will be returned the following week. The final exam will be
graded and returned within one week. The exams will contain no surprises.
All questions will be specifically derived from class presentations/readings.
There will be no questions derived from materials not discussed in class. For
the essay section of the exams, students will be given a series of questions
and will be asked to respond to a specific number of items. Exams are to be
taken during the period assigned. Exams given on during a time other than
that without prior authorization will contain questions from any aspect of
the class presentations and readings, and there will be no choice of
questions to which to respond.
Project
All class participants are expected to prepare a written term paper on a topic from the
course. The paper should be on something related to computer security or the administration
of computer security. Topics must be approved by the instructor.
Papers are expected to be 10 pages, double-spaced in APA format. The paper should
include the following:
a)
b)
b)
c)
d)
e)
g)
Cover
Table of Contents
Introduction
Equipment, Policies
The Main Topic
Summary or Conclusion or Closing Remarks
References
There should be at least six references from journal articles, textbooks, or government
publications, websites, and possibly the textbooks from this course. These can be from
various sources, but should include internet or online library resources.
As a student of FDU, you have access to the online library resources. There are thousands
of full text articles available through the library. To access the library, click on the library
button on either FDU’s homepage or on the webcampus homepage. You use your FDU
email username and password for access. Since there are numerous sources for any topic,
you must search through the different materials and select those materials that support your
position.
The paper is due by the date provided in the class announcements. Papers should be
transmitted electronically. If a student needs to submit a hard copy, two copies should be
submitted without covers and with a single staple in the upper left hand corner. Papers late
without good cause will be reduced one letter grade for each day late.
Presentation
There will be a five to ten minute presentation of the paper on the last day
of class. The presentation should provide a summary of the term paper.
The presentation will provide an opportunity for other class participants to
suggest other aspects to consider.
There will be a specific Discussion Board set up for your presentation. This
can be either a PowerPoint presentation or an Executive Summary of your
paper. The presentation should provide a summary of the term paper. The
presentation will provide an opportunity for other class participants to
suggest other aspects to consider.
General Class
Procedures
Attendance
Classes will follow the University calendar and will start and end at stated
times.
For classes offered in a Saturday format, students must attend all five
sessions. If there are extenuating circumstances that prevent a student
from attending a scheduled class, that class must be made up in the next
term.
Classes will not be canceled unless ordered by the Provost or the Program
Director.
Online courses follow a 10-week format. It is important that students
respond to discussion questions during the week in which they are posted.
Students can respond to the instructor’s question or to responses of other
students. The quality and quantity of the student’s response will impact
the class participation part of the grade.
Late Work
Extra Credit
Students are expected to take the exams when they are scheduled. In the
event that the student cannot take the scheduled exam due to illness or
employment-related obligations, a make-up may be offered; however, only
one such exam will be scheduled for each exam.
Assignments received after the scheduled due date will be reduced one full
grade for each class session that the material is late. Emergency situations
that adversely impact the participant’s ability to meet the requirements
must be discussed with the professor to determine if there could be a
waiver of this policy.
There will be no extra credit work or extra credit assignments accepted at
any time during this course.
Grade
Notification
Grades will only be provided to the participants through the normal
reporting process. No grades will be provided to a participant through any
electronic medium.
Work Format
Students are expected to submit their work in Office 2003 format. This
may require students to convert their files from a more current version to
the 2003 version. The School of Administrative Science is concerned with
sustainability and conservation of resources. Students are encouraged to
email exams and term papers to the instructor rather than printing out
copies and using resources.
Reference
Sources
As a FDU student, you have access to the online library that has thousands
of full text articles available. To access this site, click on the library button
on the FDU homepage and use your user name and password from your
email account to search the various journals.
Plagiarism
The School of Administrative Science is concerned with Academic Integrity
and follows the University’s policy on this topic. All work in this course is
expected to be that of the individual student and/or the work of others
that is appropriately cited. Any term paper or examination that
misrepresents the work of others as that of the student will receive a grade
of “0” for that assignment.
Work in this course is also expected to be prepared specifically to fulfill
assignments in this course. Any duplication of material submitted for
course credit in this course and another course without appropriate
disclosure and approval of that duplication is also subject to a grade of ‘0’
and will be duly reported to the University.
(Example: Submitting the same, or essentially the same, term paper to two
different classes for course credit.) Plagiarism is taken seriously at the
University and may lead to disciplinary actions. The complete University
policy can be found on the University’s website.
Course Outline Week 1 - July 6 – 12, 2014 – Introduction
Discussion Board – Introduction
Week 2 - July 13-19, 2014 – Unit 1 – The History of Computer Security and Managing It
Readings - Chapters 1,2
Unit 1
Homework 1
Discussion Board – Topic on Computer Security History
Week 3 - July 20-26, 2014 – Unit 2- Foundations of Computer Security & Access Control
Readings – Chapters 3,4
Unit 2
Homework 2
Discussion Board – Topic on Access Control of Computer
Week 4 – July 27-August 2, 2014 – Unit 3 - Access Control and Windows Security
Readings – Chapters 5,8
Unit 3
Homework 3
Discussion Board – Topic on Windows Security
Week 5 – August 3-9, 2014 – Midterm
Week 6 – August 10-16, 2014 – Unit 4 - Software Security the Bell-LaPadula Model
Readings – Chapters 10,11
Unit 4
Homework 4
Discussion Board – Topic on Software Security
Week 7 – August 17-23, 2014 – Unit 5 - Security Evaluation and Cryptography
Readings – Chapters 13,14
Unit 5
Homework 5
Discussion Board – Topic on Security Evaluation
Week 8 – August 24-30, 2014 – Unit 6 –Communication & Network Security
Readings – Chapters 16,17
Unit 6
Discussion Board – Topic on VPNs
Week 9 – August 31 – September 6, 2014
Paper Due
Discussion Board – Post 5 slides about your paper
Week 10 -September -13, 2014
Final Exam
The instructor reserves the right to alter the syllabus where warranted.
Download