DOC PREVIEW
Pitt IS 2150 - LECTURE NOTES

This preview shows page 1-2-3-19-20-39-40-41 out of 41 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssistant Professor, SISLecture 1August 30, 20072Contact Instructor: James B. D. Joshi 706A, IS Building Phone: 412-624-9982  E-mail: [email protected] Web: http://www.sis.pitt.edu/~jjoshi/ Office Hours: Tuesdays: 2.00 – 4.00 p.m. By appointments GSA: TBD  Lab help: Carlos E Caicedo Bastida3Course Goals to develop a broader understanding of the information security field, Recognize, analyzeand evaluate security problems and challenges in networks and systems. Applytheir knowledge to synthesize possible approaches to solvethe problems in an integrated way.Analyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsAnalyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsApply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Apply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.4Certified for IA Standards SAIS Track is certified for 5 CNSS standards This course accounts for about 85% of the first three CNSS standards Hence CORE course for SAIS track Course webpage: http://www.sis.pitt.edu/~jjoshi/IS2150/Fall07/5Course Outline Security Basics General overview and definitions Security models and policy issues Basic Cryptography and Network security Crypto systems, digital signature, authentication, PKI IPSec, VPN, Firewalls Systems Design Issues and Information assurance Design principles Security Mechanisms Auditing Systems Risk analysis System verification Intrusion Detection and Response Attack Classification and Vulnerability Analysis Detection, Containment and Response/Recovery Legal, Ethical, Social Issues Evaluation, Certification Standards Miscellaneous Issues Malicious code, Mobile code Digital Rights Management, Forensics Watermarking,  E/M-commerce security, Multidomain Security  Identity/Trust Management6Course Material Textbook Introduction to Computer Security, Matt Bishop, Errata URL: http://nob.cs.ucdavis.edu/~bishop/ Computer Security: Art and Science, Matt Bishop – is fine too Other Recommended Security in Computing, Charles P. Pfleeger, Prentice Hall Inside Java 2 Platform Security, 2ndEdition, L. Gong, G. Ellision, M. Dageforde Security Engineering: A Guide to Building Dependable DistributedSystems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001 Additional readings will be provided Required or Optional7Prerequisites Assumes the following background Programming skill Some assignments in Java Working knowledge of  Operating systems, algorithms and data structures, database systems, and networks Basic Mathematics Set, logic, induction techniques, data structure/algorithms Not sure? SEE ME8Grading Lab + Homework/Quiz/Paper review 50% Exams 30% includes Midterm: 15% Final: 15% Paper/Project 20% List of suggested topics will be posted;  Encouraged to think of a project/topic of your interest Some other Seminar (LERSAIS) and participation Borderline cases will be helped9Course Policies Your work MUST be your own Zero tolerance for cheating/plagiarism You get an F for the course if you cheat in anything however small – NO DISCUSSION Discussing the problem is encouraged Homework Penalty for late assignments (15% each day) Occasionally you can seek extension under pressing circumstances Ensure clarity in your answers – no credit will be given for vague answers Sample solutions will be provided Check webpage for everything! You are responsible for checking the webpage for updates10LERSAIS11LERSAIS Laboratory of Education and Research in Security Assured Information Systems Established in 2003 National Center of Academic Excellence in Information Assurance Education Program A US National Security Agency program initiated in 1998 through a presidential directive to SECURE the Cyberspace Partnered by Department of Homeland Security since 2003 There are 80+ such centers now LERSAIS is Pitt’s representative center Website: http://www.sis.pitt.edu/~lersais/ Check out for Friday Seminars:  2:00PM Welcome Coffee/Cake 2:30-3:30PM Talk12A Word on SAIS Track Pitt’s IA curriculum has been certified for  Committee on National Security Systems IA Standards CNSS 4011: Information Security Professionals CNSS 4012: Designated Approving Authority CNSS 4013: System Administrator in Information Systems Security CNSS 4014: Information Systems Security Officer  CNSS 4015: System Certifiers Pitt is one among 13 Institutions in the US and only one in the State of Pennsylvania to have all certifications Website: http://www.sis.pitt.edu/~sais/13What is Information Security?Overview of Computer Security14Information Systems Security Deals with Security of (end) systems Examples: Operating system, files in a host, records, databases, accounting information, logs, etc. Security of information in transit over a network Examples: e-commerce transactions, online banking, confidential e-mails, file transfers, record transfers, authorization messages, etc.“Using encryption on the internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench” –Gene Spafford15Basic Components of Security


View Full Document

Pitt IS 2150 - LECTURE NOTES

Documents in this Course
QUIZ

QUIZ

8 pages

Assurance

Assurance

40 pages

Load more
Download LECTURE NOTES
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view LECTURE NOTES and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view LECTURE NOTES 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?