IS 2150 / TEL 2810 Introduction to SecurityContactCourse GoalsCertified for IA StandardsCourse OutlineCourse MaterialPrerequisitesGradingCourse PoliciesSlide 10LERSAISA Word on SAIS TrackWhat is Information Security?Information Systems SecurityBasic Components of SecurityCIA-based ModelSlide 17InterdependenciesSecurity - Years backInformation security todaySlide 21TerminologyAttack Vs ThreatCommon security threats/attacksClasses of Threats (Shirley)Policies and MechanismsGoals of SecurityAssumptions and TrustTypes of MechanismsSlide 30Information AssuranceAssuranceOperational IssuesHuman IssuesTying all together: The Life CycleSummary1IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssociate Professor, SISLecture 1August 31, 20092ContactInstructor: James B. D. Joshi706A, IS BuildingPhone: 412-624-9982 E-mail: [email protected]Web: http://www.sis.pitt.edu/~jjoshi/ Office Hours:Monday: 1.30 – 3.00 p.m.By appointmentsGSA: Amirreza Masoumzadeh <[email protected]>3Course Goalsto develop a broader understanding of the information security field, Recognize, analyze and evaluate security problems and challenges in networks and systems. Apply their knowledge to synthesize possible approaches to solve the problems in an integrated way.Analyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsAnalyze and evaluate the fundamentals of security policy models and mechanisms, and their need for different types of information systems and applicationsApply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Apply the basics of Cryptographic techniques and network security for ensuring the basic security goals of security of information systems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Recognize the various security issues/terminologies related to software, networks and applications to show how they are interrelated and available techniques and approaches to solve/tackle security problems.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.Describe/identify the various basic social, legal and non-technical dimensions of security and its relation to technical counterparts.4Certified for IA StandardsSAIS Track is certified for 5 CNSS standardsThis course accounts for about 85% of the first three CNSS standardsHence CORE course for SAIS trackCourse webpage: http://www.sis.pitt.edu/~jjoshi/courses/IS2150/Fall09/5Course OutlineSecurity BasicsGeneral overview and definitionsSecurity models and policy issuesBasic Cryptography and Network securityCrypto systems, digital signature, authentication, PKIIPSec, VPN, FirewallsSystems Design Issues and Information assuranceDesign principlesSecurity MechanismsAuditing SystemsRisk analysisSystem verificationIntrusion Detection and ResponseAttack Classification and Vulnerability AnalysisDetection, Containment and Response/RecoveryLegal, Ethical, Social IssuesEvaluation, Certification StandardsMiscellaneous IssuesMalicious code, Mobile codeDigital Rights Management, ForensicsWatermarking, E/M-commerce security, Multidomain Security Identity/Trust Management6Course MaterialTextbookIntroduction to Computer Security, Matt Bishop,Errata URL: http://nob.cs.ucdavis.edu/~bishop/Computer Security: Art and Science, Matt Bishop – is fine tooOther RecommendedSecurity in Computing, Charles P. Pfleeger, Prentice Hall Inside Java 2 Platform Security, 2nd Edition, L. Gong, G. Ellision, M. DagefordeSecurity Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001 (newer version)Practical Unix and Internet Security, Simon Garfinkel and Gene SpaffordAdditional readings will be providedRequired or Optional7PrerequisitesAssumes the following backgroundProgramming skillSome assignments in JavaWorking knowledge of Operating systems, algorithms and data structures, database systems, and networksBasic MathematicsSet, logic, induction techniques, data structure/algorithmsNot sure? SEE ME8GradingLab + Homework/Quiz/Paper review 50%Exams 30% includesMidterm: 15%Final: 15%Paper/Project 20%List of suggested topics will be posted; Encouraged to think of a project/topic of your interestOtherSeminar (LERSAIS) and/or participation9Course PoliciesYour work MUST be your ownZero tolerance for cheating/plagiarismYou get an F for the course if you cheat in anything however small – NO DISCUSSIONDiscussing the problem is encouragedHomeworkPenalty for late assignments (15% each day)Occasionally you can seek extension under pressing circumstancesEnsure clarity in your answers – no credit will be given for vague answersSample solutions will be providedCheck webpage for everything!You are responsible for checking the webpage for updates10LERSAIS11LERSAISLaboratory of Education and Research in Security Assured Information SystemsEstablished in 2003National Center of Academic Excellence in Information Assurance Education - Research ProgramA US National Security Agency program initiated in 1998 through a presidential directive to SECURE the CyberspacePartnered by Department of Homeland Security since 2003There are 21 such centers nowLERSAIS is Pitt’s representative centerWebsite: http://www.sis.pitt.edu/~lersais/Check out for Friday Seminars: 2:00PM Welcome Coffee/Cake2:30-3:30PM Talk12A Word on SAIS TrackPitt’s IA curriculum has been certified for Committee on National Security Systems IA StandardsCNSS 4011: Information Security ProfessionalsCNSS 4012: Designated Approving AuthorityCNSS 4013: System Administrator in Information Systems SecurityCNSS 4014: Information Systems Security Officer CNSS 4015: System CertifiersPitt is one among few Institutions in the US and one of two in the State of Pennsylvania to have five certificationsAmong the first to be designated as CAE-Research13What is Information
View Full Document