Quizzes Folder
advertisement
Course Management and Policies Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 IST 515 Angel Site – IST 515 Instruction • Welcome letter • Course contents and Syllabus • Post questions • Collaboration, record and post presentation • Reading materials Angel Site – IST 515 Instruction • Hands-on labs folder • Discussion activities folder • Software and tools • Quiz folder • Term project folder Adobe Connect Folder For team collaboration Reading Folder Materials common to all topics such as NIST 800 special series. Materials specifically for each topic. Common Materials Readings for Topic 1 Here are the readings for topic 1 about the course Hands-on Labs Folder • Lab User Guide • About the Lab Slide Lab Folder Discussion Activities Please check syllabus for due date! Quizzes Folder The quiz can be found in the Angel site under the “Quizzes” folder. The quiz will be available when they are assigned. The quiz will be available when they are assigned. Communicate For team work Syllabus ( Please refer to online or paper copy for reference ) Course Uniqueness This course covers conceptual, methodological, and practical foundations of information security and assurance, dividing into two categories: • • • • • Fundamental: Interdisciplinary: access control security architecture and design physical security application security operations security. • penetration testing • security and risk management • business continuity and disaster recovery planning • digital forensics • legal, regulations and compliance. Course Delivery The knowledge and skills to be covered are delivered in two major sections: • The first section will provide a basic understanding of information security and assurance, which will cover the common body of knowledge (CBK) developed by (ISC)2 (see http://www.isc2.org/). Eight topics to be covered. • The second section will be devoted to learning and practicing penetration testing. Eight hands-on exercises from the Certified Ethical Hacking (CEH) program will be explored in a virtual security lab (see http://www.eccouncil.org/ceh.htm). Interests and Expertise • Information and cyber security, especially in wireless security, intrusion detection, security and risk management, and cyber forensics. • Radio Frequency Identification (RFID) and Smart Sensing, with applications in healthcare, environmental monitoring, and supply chains. • Intelligent technologies and their applications in business, communication network design, and data mining. • Information technology for manufacturing/operations management. Manufacturing systems design and supply chain management and integration. Grading Weights Evaluation of knowledge and understanding of materials will be by: • Hands-on exercises (8): 800 points. • Quizzes (8): 400 points. • Team Project: 480 points. • Presentation: 120 points. • Discussion/participation: 200 points. Key References • Tipton, H. and Henry, K. (Eds.), Official (ISC)2 Guide to the CISSP CBK, Auerbach, 2007. • Hansche, S., Berti, J. and Hare, C., Official (ISC)2 Guide to the CISSP Exam, Auerbach, 2004. • These two references are key for preparing CISSP certification examination. Schedule • It is very important that you follow the schedule closely. Please check the syllabus for schedule. • Most of the assignments are scheduled to be due on Sunday, 5 minutes before midnight. • Please complete the introduction event and start to communicate to each other and form teams as soon as possible. Course Policies • Due date will be enforced according to the schedule. • Communication. Please use e-mail within Angel. • Academic Integrity. We committed to academic integrity, so do you. • Accommodating disabilities. We are working hard to meet the requirements. • Please refer to the syllabus for details Nature of the Quiz IST 515 quizzes are designed to emulate the Certified Information Systems Security Professional (CISSP) certification examination; therefore, its question format, style, coverage and study methods are similar to CISSP. Emulate Quiz Topics • Quiz 1: Information Security and Risk Management (Topic 2) • Quiz 2: Security Architecture and Design (Topic 3) • Quiz 3: Access Control (Topic 4) • Quiz 4: Application Security (Topic 5) • Quiz 5: Physical Security (Topic 6) • Quiz 6: Operations Security (Topic 7) • Quiz 7: Business Continuity and Disaster Recovery (Topic 8) • Quiz 8: Legal, Compliance, and Investigations (Topic 9) ( Please refer to syllabus for due date ) Quizzes Specifics • For each quiz, there are 25 questions (randomly drawn from more than 100 questions) and you will have about 15 minutes to complete the quiz once started the quiz. The quiz is a closed book exam, just like CISSP exam. • The quizzes are as difficult as CISSP certification. 70% is the passing grade for CISSP. The quiz average for the class is often below or just near 70%. • If you can find some test bank and practice, your score may increase (just like preparing for CISSP certification). Major References • Tipton, H. and Henry, K. (Eds.), Official (ISC)2 Guide to the CISSP CBK, Auerbach, 2007. • Hansche, S., Berti, J. and Hare, C., Official (ISC)2 Guide to the CISSP Exam, Auerbach, 2004. Taking the Quiz The quiz can be found in the Angel site under the “Quizzes” folder. The quiz will be available when they are assigned. The quiz will be available when they are assigned. Technical Assistance 1. Check the Angel Help Menu (left) 2. Take screenshot, contact Angel Support (below) 3. Contact us (with screenshot) Angel Project Folder Project Guideline • Purposes • Project Description • Project Details 1. Hands-on Lab Development 2. Practical Report 3. Research Paper • Deliverables 1.Project Proposal 2.Progress Report 3.Final Projects Report 4.Project Presentation • Overall Project Grading Drop Box Objectives The main purposes of this project are: To develop/enhance in-depth understanding on a subject in information security and assurance To provide students opportunities in practicing: – problem solving, – project management, – communication, – presentation, and – teamwork skills. Types of Project • This is a team-based project, which can be completed by a group of 3 or 4 participants. • You can select one of the following project types: – design and practice a hands-on penetration test lab, – write a paper/case to report security incidence or practice, and – write a paper to sharpen research skills. Hands-on Lab Development • Wireless Networks • Mobile Phone • Bluetooth devices • RFID devices • e-mail Accounts • Sensor Networks • Global Positioning System (GPS) • Web Servers • Session Hijacking • Spamming • USB Devices • Cloud Computing • Social Network • VoIP • … Research Type Paper • Economics of Information Security • Human Factors in Security, • Trust Negotiation / Management, • Threats/Risk/Security/Privacy of: – – – – – – – – RFID Networks/Systems, Sensor Networks, Internet of Things (IoT), Social Networks, Cloud Computing, Supply Chains, Healthcare. … Deliverables • Project Proposal (15 points). • Progress Report (20 points): Two scenarios (6 points); Related works (5 points); Framework, solution method or initial data collection (9 points). • Final Projects Report (45 Points): The report should be professionally written and should include both lab design and report (option 1) or paper. • Project Presentation/Slide (20 points): quality of visual aids, organization and content of the presentation, plus the poise and delivery of the speaker. • Please refer to Syllabus for due dates. Project Proposal • The title, description of the subject/issue/problem (what, why, how) and objectives of the project. (6 points) • Preliminary review of the literature and Internet resources. Citations to papers, books, programs, or URLs that you have consulted in exploring or designing your project. (5 points) • A description of your project plan. Discuss how the work will be divided among the team members. (2 points). • Writing style and professionalism (2 points). Recording & Posting 1. Test your computer 2. Record your presentation 3. Post your presentation For team collaboration Past Projects • • • • • • • • • • • Wireless Network Hacking Web Server Fingerprinting and Exploitation XSS and SQL Injection Web Server Attack Revealing the Threat Behind Social Networking Developing a Hands-on Spamming Lab Developing a Security Policy Penetration Testing on a Live Web-Application Radio Frequency Identification Security Concerns Layer 2/3 Network Attacks and Prevention Attacking a Mobile Phone Hands-on Lab Threats and Security of Cloud Computing Thank You? Any Question?
