ist-456 spring 2015 security management. objectives understand issues, techniques and technologies...
TRANSCRIPT
IST-456 Spring 2015
Security Management
Objectives
• understand issues, techniques and technologies for security management
• discuss system vulnerabilities and mitigation strategies
• understand role of security inspections, certification and accreditation
• Understand interactions between systems design, systems management, social factors and socio-political environment as pertains to security management
• Basic understanding of emerging ISO/IEC 27000 (ISMS) standards
Your InstructorDr Gerry Santoro
• Founding Assoc. Prof. of IST• 25+ years IT, network and security experience• Program Coordinator for SRA/BS
• 301-J IST Building
• (814) 571-8306 (SMS is best!)
About your instructor• Research Interests:
– Cyber-crime, security management, cyber-warfare
– Computer-Mediated Communications– Popular Culture and Technology
4
About your instructor
• Married (Suzi)• 4 kids (Gerald, Travis, Brandi, Kelsey)• Hobbies: Motorcycles, Guitar,
Astronomy, Aikido (2’nd Dan)• Advisor to: SRA Club, IST Interest
House, Penn State Aikido Club
5
About your instructor
New additions …
6
• First Grandson “Logan”
• German Sheperd Puppy “Thor”
Teaching Assistant
TA:
• Leila Hoseini
• Please use Angel e-mail to reach TA!
Syllabus
• Located on Angel• read it carefully!• make note of due dates!
• contains • list of sessions• list of readings• quiz dates • due dates
Readings• Michael E. Whitman and Herbert. Mattord, “Management of Information Security” Fourth Edition ISBN-13: 978-1-285-06229-7
• Optional readings will also be provided on a Web site
Topics
• Introduction to Management of Information Security• Planning for Security• Planning for Contingencies• Information Security Policy• Developing the Security Program• Security Management Models• Security Management Practices
Topics (cont.)
• Risk Management• Vulnerabilities and Threats• Protection Mechanisms• Personnel and Security• Law and Ethics
Content of the topics• Class meetings will include a weekly summary
of current security and security management news and issues– It is important that the information security
manager be aware of recent developments, attacks, vulnerabilities, etc.
• I will post important optional readings on a Web site connected to the Angel resources page
– You should only read these if you are serious about having a well-paid and successful career in Information security
12
Class Meetings• Will focus on discussion, activities, team presentations,
security news, quizzes, guest speakers, etc.– Minimal summary of major topics– We will meet one day a week on average– I will be available in my office during scheduled class time on days
when we are not having a class meeting
• I strongly urge you to use the other available class time for team meetings!
• Lectures are videotaped and online
– I have also posted the lecture slides and my notes on Angel
13
Emphasis
Emphasis of IST-456 is on MANAGEMENT of security
• Methods, techniques, standards, approaches, best practices etc.• Goal is to control risk • Perhaps largest IT-related challenge for 21’st Century• Job outlook is very positive• Most problems with security come down to how it is managed
This is as much an art as it is a science!
Course Policies• During class meetings you are not allowed to use classroom computers, cell phones, iPods, iPads or other technology – unless we are actively using them for a class activity
If you need these due to a documented learning disability please see me
• Late assignments/labs will receive a 10% penalty unless prior approval is given
• after 1 week late you will need special permission
Course Policies• If you have a disability and require special assistance please see me
I will only require documentation in case of need for use of assistive technology
• Course-related communication must use Angel
However you are free to call me or SMS me in the case of an emergency or simple questionYou are also welcome to stop by my office during office during office hours or any other time I am thereI promise to read Angel daily and respond within 1 business day if not sooner
Integrity• You are required to abide by the Penn State Policy on Academic Integrity
As posted in the syllabus
• You are required to abide by the Penn State policy on non-discrimination and respect
Please respect each other – everyone has something to contribute although skill levels may vary
Attendance• Attendance is required and is factored into your final grade.
Attendance policy:
Planned absence – notify ‘all course faculty’ using Angel before the absence
Unplanned absence – notify ‘all course faculty’ using Angel as soon as technically possible!
If you follow the attendance policy you will be excused and allowed to make up missed work
Other Nuggets
• Class meeting slides will be available on Angel
Deliverables
• Quizzes (individual) (35%) • Mini-Problems and Exercises (team) (45%) • Security News Presentation (Team) (10%) •Self and Team Evaluation and Participation (10%)
Total (100%)
Extra credit is built into the quizzes.
Quizzes (35%)• There will be 8 quizzes this semester
The lowest quiz score will be dropped for each student
• Quizzes will be administered in classQuiz dates are listed in the syllabusQuizzes are open-book and open notes – with a 20-minute time limit
• Quizzes will cover required readings, material covered in class, and labs
• The format will be multiple-choice, true-false, and short answer• Your goal is to select or provide the BEST answer based on course material! Beware of semantics!• Each quiz will include at least one extra-credit question.
Mini Problems and Exercises (45%)
• Three team projects 15% each)• You will be provided with some initial resource or information
• article, Web site, situation problem, video, etc.
• Team will produce report essay (with references) providing analysis and answering questions
Security News Presentation (10%)• Team project
• Research an incident, methodology, approach, technology or other issue/technique in security news
• Develop outline and presentation materials for 5-8 minute presentation and present to class
• Be sure to relate it to Security Management and course content• check your topic with me beforehand
Any questions on Syllabus?• Get familiar with ANGEL
• Use ANGEL to read/send emails via the Communicate Tab in ANGEL• Team space will be provided• Find where the components are located
• Read the syllabus and project descriptions
•You are responsible for knowing the information provided in the syllabus! (due dates, readings, etc.)•Look over the team problem descriptions
Tips for SuccessUse a personal calendar to plan
your semesterStay on top of the readingsAttend all classes – have short
meetings with your team after class time
Be sure to retrieve your graded quizzes and labs
Contact Dr. Santoro or one of the assistants if you have any questions or problems
We want you to succeed!
Your success is our success!
Use the course as a launch pad for exploration
Be careful not to do anything that breaks the law or Penn State Policy!
Team cards • each student takes one index card
• on card put your name and Penn State access ID
• If you wish to be on a team with another student, hand in card WITH their card
• If there is a student that you do NOT wish to be on a team with – send me that info by 6 pm today on Angel email
• Teams will have 6-7 students• I will TRY to follow your wishes• Teams may adjust until end of drop/add
Questions?
End of class 1