IS 2150 / TEL 2810 Introduction to SecurityContactCourse GoalsCertified for IA StandardsCourse OutlineCourse MaterialPrerequisitesGradingCourse PoliciesSlide 10LERSAISA Word on SAIS TrackWhat is Information Security?Information Systems SecurityBasic Components of SecurityCIA-based ModelSlide 17InterdependenciesSecurity - Years backInformation security todaySlide 21TerminologyAttack Vs ThreatCommon security threats/attacksClasses of Threats (Shirley)Policies and MechanismsGoals of SecurityAssumptions and TrustTypes of MechanismsSlide 30Information AssuranceAssuranceOperational IssuesHuman IssuesTying all together: The Life CycleSummary1IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssociate Professor, SISLecture 1August 30, 20112ContactInstructor: James B. D. Joshi706A, IS BuildingPhone: 412-624-9982 E-mail: [email protected]Web: http://www.sis.pitt.edu/~jjoshi/ Office Hours:Thursday: 1.30 – 3.00 p.m.By appointmentsGSA: Amirreza Masoumzadeh <[email protected]> Natalie Baracaldo <[email protected]>Mondays 2-4 p.m3Course Goalsto develop a broader understanding of the information security field, Recognize, analyze and evaluate security problems and challenges in networks and systems. Apply their knowledge to synthesize possible approaches to solve the problems in an integrated way.Analyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsAnalyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsApply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Apply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.4Certified for IA StandardsSAIS Track is certified for 5 CNSS standards85% of content address the requirements of the first three CNSS standardsHence CORE course for SAIS trackCourse webpage: http://www.sis.pitt.edu/~jjoshi/courses/IS2150/Fall10/5Course OutlineSecurity BasicsGeneral overview and definitionsSecurity models and policy issuesPrivacyBasic Cryptography and Network securityCrypto systems, digital signature, authentication, PKIIPSec, VPN, FirewallsSystems Design Issues and Information assuranceDesign principles; Security Mechanisms; Auditing Systems;Risk analysis; System verificationIntrusion Detection and ResponseAttack Classification and Vulnerability AnalysisDetection, Containment and Response/RecoveryLegal, Ethical, Social IssuesEvaluation, Certification StandardsMiscellaneous IssuesMalicious code; DRM, Watermarking, Identity/Trust Management; Etc.6Course MaterialTextbookIntroduction to Computer Security, Matt Bishop,Errata URL: http://nob.cs.ucdavis.edu/~bishop/Computer Security: Art and Science, Matt Bishop – is fine tooOther RecommendedSecurity in Computing, Charles P. Pfleeger, Prentice Hall Inside Java 2 Platform Security, 2nd Edition, L. Gong, G. Ellision, M. DagefordeSecurity Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001 (newer version)Practical Unix and Internet Security, Simon Garfinkel and Gene SpaffordAdditional readings will be providedRequired or Optional7PrerequisitesAssumes the following backgroundProgramming skillSome assignments in JavaWorking knowledge of Operating systems, algorithms and data structures, database systems, and networksBasic MathematicsSet, logic, induction techniques, data structure/algorithmsNot sure? SEE ME8GradingAssignments (55%)Homework/paper review: 35%Labs and quizzes: 20%Programming project 15%Exams (30%) includesMidterm: 15%Final: 15%OtherSeminar (LERSAIS) and/or participation9Course PoliciesYour work MUST be your ownZero tolerance for cheating/plagiarismYou get an F for the course if you cheat in anything however small – NO DISCUSSIONDiscussing the problem is encouragedHomeworkPenalty for late assignments (15% each day)Seek extension under pressing circumstancesEnsure clarity in your answers – no credit will be given for vague answersSample solutions will be providedCheck webpage for everything!You are responsible for checking the webpage for updates10LERSAIS11LERSAISLaboratory of Education and Research in Security Assured Information SystemsEstablished in 2003National Center of Academic Excellence in Information Assurance Education - Research ProgramA US National Security Agency program initiated in 1998 through a presidential directive to SECURE the CyberspacePartnered by Department of Homeland Security since 2003LERSAIS is Pitt’s representative centerWebsite: http://www.sis.pitt.edu/~lersais/Check out for Friday Seminars:12A Word on SAIS TrackPitt’s IA curriculum has been certified for Committee on National Security Systems IA StandardsCNSS 4011: Information Security ProfessionalsCNSS 4012: Designated Approving AuthorityCNSS 4013: System Administrator in Information Systems SecurityCNSS 4014: Information Systems Security Officer CNSS 4015: System CertifiersPitt is one among few Institutions in the US and one of two in the State of Pennsylvania to have five certificationsOne of the first group of schools to be designated as CAE-Research13What is Information Security?Overview of Computer Security14Information Systems SecurityDeals withSecurity of (end) systemsExamples: Operating system, files in a host, records,
View Full Document