1 / 26

IST-456 Fall 2011

Security Management. IST-456 Fall 2011. http://xkcd.com/538/. understand issues, techniques and technologies for security management discuss system vulnerabilities and mitigation strategies understand role of security inspections, certification and accreditation

margarita-vargas
Download Presentation

IST-456 Fall 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Management IST-456 Fall 2011 http://xkcd.com/538/

  2. understand issues, techniques and technologies for security management • discuss system vulnerabilities and mitigation strategies • understand role of security inspections, certification and accreditation • Understand interactions between systems design, systems management, social factors and socio-political environment as pertains to security management • Basic understanding of emerging ISO/IEC 27000 (ISMS) standards Objectives http://www.freefoto.com/preview/04-07-9/CCTV-Security-Camera

  3. Dr Gerry Santoro • Founding Assoc. Prof. of IST • 25+ years IT, network and security experience • 301-J IST Building • (814) 571-8306 (SMS is OK) Your Instructor

  4. About your instructor • Research Interests: • Cyber-crime, security management, cyber-warfare • Computer-Mediated Communications • Popular Culture and Technology

  5. About your instructor • Married (Suzi) • 4 kids (Gerald, Travis, Brandi, Kelsey) • Hobbies: Motorcycles, Guitar, Astronomy, Aikido (2’nd Dan) • Advisor to: SRA Club, IST Interest House, Penn State Aikido Club

  6. TA: • Adan Ortiz-Cordova • LA: • Timothy Sangjun Woo Teaching/Learning Assistants http://www.freefoto.com/preview/22-32-5/RAF-Falcons-Parachute-Display-Team

  7. Located on Angel • read it carefully! • make note of due dates! • contains • list of sessions • list of readings • quiz dates • due dates Syllabus http://www.openclipart.org/detail/89995/stack-of-books-01-by-anonymous

  8. Michael E. Whitman and Herbert. Mattord, • “Management of Information Security” • Third Edition • ISBN-13: 978-1-4354-8884-7 • Other required readings will be assigned • Optional readings will also be provided Readings http://www.openclipart.org/detail/89995/stack-of-books-01-by-anonymous

  9. Introduction to Management of • Information Security • Planning for Security • Planning for Contingencies • Information Security Policy • Developing the Security Program • Security Management Models • Security Management Practices Topics

  10. Risk Management • Vulnerabilities and Threats • Protection Mechanisms • Personnel and Security • Law and Ethics Topics (cont.)

  11. Content of the topics • There will also be other (online) required readings and occasional news items • These will be listed in the Syllabus and on Angel • Class meetings will include a weekly summary of current security and security management news and issues • It is important that the information security manager be aware of recent developments, attacks, vulnerabilities, etc. • I will post important Web links at www.delicious/gmsantoro/456-fall-tags • News articles, journals, documents, resources, etc.

  12. Emphasis of IST-456 is on MANAGEMENT of security Emphasis • Methods, techniques, standards, approaches, best practices etc. • Goal is to control risk • Perhaps largest IT-related challenge for 21’st Century • Job outlook is very positive • Most problems with security come down to how it is managed This is as much an art as it is a science!

  13. During lectures you are not allowed to use classroom computers, cell phones, iPods, iPads or other technology • If you need these due to a documented learning disability please see me • Time will be given during class for team and individual use of these technologies • Late assignments/labs will receive a 20% penalty unless prior approval is given Course Policies

  14. If you have a disability and require special assistance please see me • I will only require documentation in case of need for use of assistive technology • Course-related communication must use Angel • However you are free to call me or SMS me in the case of an emergency or simple question • You are also welcome to stop by my office during office during office hours or any other time I am there • I promise to read Angel daily and respond within 1 business day if not sooner Course Policies

  15. You are required to abide by the Penn State Policy on Academic Integrity • As posted in the syllabus • You are required to abide by the Penn State policy on non-discrimination and respect • Please respect each other – everyone has something to contribute although skill levels may vary Integrity

  16. Attendance is required and is factored into your final grade. • Attendance policy: • Planned absence – notify ‘all course faculty’ using Angel before the absence • Unplanned absence – notify ‘all course faculty’ using Angel as soon as technically possible! • If you follow the attendance policy you will be excused and allowed to make up missed work Attendance http://xkcd.com/140/

  17. Class meeting slides will be available on Angel • Extra credit will be provided, although the nature and amount of that credit will not be determined until sometime during the semester Other Nuggets

  18. Quizzes (individual) (35%) 350 points • Mini-Problems and Exercises (team) • (45%) 450 points • Security News Presentation (Team) • (10%) 100 points • Self and Team Evaluation and • Participation (10%) 100 points •  Total (100%) 1000 points Deliverables

  19. There will be 8 quizzes this semester • The lowest quiz score will be dropped for each student • Quizzes will be administered in class • Quiz dates are listed in the syllabus • Quizzes will cover required readings, material • covered in class, and labs • The format will be multiple-choice, true-false, and short answer • Your goal is to select or provide the BEST answer based on course material! Beware of semantics! • Each quiz will include one free question Quizzes (35%) http://www.openclipart.org/detail/137011/simple-question-sign-by-boobaloo

  20. Three team projects 15% each) • You will be provided with • some initial resource or • information • article, Web site, situation problem, video, etc. • Team will produce report • essay (with references) • providing analysis and • answering questions Mini Problems and Exercises (45%) http://www.openclipart.org/detail/85003/computer-rage-by-eady

  21. Team project • Research an incident, methodology, approach, technology or other issue/technique in security news • Develop outline and presentation materials for 5-8 minute presentation and present to class • Be sure to relate it to Security Management and course content Security News Presentation (10%) http://www.openclipart.org/detail/131587/newspaper-icon-by-jhnri4

  22. Get familiar with ANGEL • Use ANGEL to read/send emails via the • Communicate Tab in ANGEL • Team space will be provided • Find where the components are located • Read the syllabus and project • descriptions • You are responsible for knowing the information provided in the syllabus! (due dates, readings, etc.) • Look over the team problem descriptions Any questions on Syllabus? http://www.openclipart.org/detail/50287/%C3%89l%C3%A8ve-posant-une-question-/-student-asking-a-question-by-lmproulx

  23. Use a personal calendar to plan your semester Stay on top of the readings Attend all classes – have short meetings with your team after class time Be sure to retrieve your graded quizzes and labs Contact Dr. Santoro or one of the assistants if you have any questions of problems Tips for Success http://www.flickr.com/photos/buschap/2224160715/sizes/m/in/photostream/

  24. Your success is our success! Use the course as a launch pad for exploration Be careful not to do anything that breaks the law or Penn State Policy! We want you to succeed! http://www.publicdomainpictures.net/view-image.php?image=5520&picture=thumbs-up

  25. each student takes one index card • on card put your name and Penn State access ID • If you wish to be on a team with another student, hand in card WITH their card • If there is a student that you do NOT wish to be on a team with – send me that info by 6 pm today on Angel email • Teams will have 6-7 students • I will TRY to follow your wishes • Teams may adjust until end of drop/add Team cards

  26. Questions? End of class 1

More Related