Principles of Information Security Firewall Chapter 6 - PDF

					IT 462
Information Security Principles Fall 2010

Instructor: James R. Durie

Class Meets: August 30 – Dec 21, 2010
      Day: Thursday

 Time: 7:20PM to 10:00PM
 Where: Prince William – Bull Run Hall 131

Course Description:
        Studies security policies, models, and mechanisms for secrecy, integrity,
availability, and usage controls. Topics include models, and mechanisms for mandatory,
discretionary, and role based access controls, authentication technologies, control and
prevention of viruses, and other rogue programs, common system vulnerabilities and
countermeasures, privacy and security policies and risk analysis, intellectual property
protections, legal and social issues

        Computer security has evolved into a comprehensive discipline called
“information security.” The increased reliance on automated systems and the lack of
adequate security plans place privacy and organizational information at risk.
“Information security” has become a greater concern and effective security is critical to
an organizations success. This course will build upon the student’s knowledge of
technology based controls by focusing on the management of threats to information. This
course is intended to develop an holistic approach to information security, thus preparing
the student to assume a leadership or managerial role in an organization.

Course Objective:
         At the conclusion of this course, the student will be able to identify information
assets; identify and prioritize threats to information assets; develop information security
strategies, policies and plans; respond to threats to information assets; describe legal and
public relations implications of security and privacy issues.

            Week 1
            Course overview: Introduction to the course.
               Chapter 1 Trust in information Infrastructure

            Week 2
            Security Policies.
               Chapter 8 Security Policies and Risk Analysis
            Current Event
Week 3
Privacy and Security Policies.
    Chapter 4 Security, Anonymity, and Privacy

Week 4
Risk Analysis.
   Chapter 9 Security Policies Assessment and Assurance
   Chapter 8 Security Policies and Risk Analysis

Week 5
Access Control.
   Chapter 10 Access control, Authentication and Authorization

Week 6
Security Models and Mechanisms.
Research Paper Due

Week 7

Week 8
Mechanisms for Secrecy and Integrity.
   Chapter 14 Biometrics for Access Control
Current Event

Week 9
Vulnerabilities and Threats.
   Chapter 7 Security Threats and Vulnerabilities
   Chapter 5 Software Reliability, Safety, and Risk
Current Events

Week 10 (Prevention and Control )
  Chapter 11 Perimeter Defense – The Firewall
  Chapter 12 Intrusion Detection and Prevention

Week 11
   Chapter 2 Morality and Ethics
   Chapter 3 Building an Ethical Framework for Decision Making
Current Events
           Week 12
           Intellectual Property
           Legal Issues.
               Domain 9, Chapter 25, 26 Recommended text

           Week 13
           Digital Evidence and Crime
              Chapter 15 Digital Evidence and Computer Crime
              Chapter 16 Digital Crime, Investigations and Forensics
           Ethics Paper Due

           Week 14
           Social Issues
           Trends in Information Security
              Chapter 13 Security in Wireless Systems
              Chapter 17 Trends
           Current Event

           Week 15 (May 13)
           Final Exam

Prerequisite: The prerequisite for this course is IT 212. A grade of C or better must be
achieved in the prerequisite before a student is qualified to take this course. The
prerequisite must be completed prior to, not concurrently with, this course.

                This requirement will be strictly enforced. Any student who does not meet
the prerequisite requirement will be dropped by the Instructor at the start of the semester.

           (b) Required Reading and Reference Material

            Securing the Information Infrastructure (Hardcover)
               By: Joseph Migga Kizza & Florence Migga

              By: Neal Stephenson
              Harper Collins Publisher

               Not required but recommended:

            Information Security Management Handbook, Sixth Edition, Volume 3
              By: Harold F. Tipton
              (Editor), Micki Krause

           (c) Student Evaluation Criteria

           Mid-term:                           20%

           Research Paper/Project :            20%

           Ethics Paper                        15%

           Quizes:                             10%

           Current Events:                     5%

           Final:                              30%

The Instructor reserves the right to adjust the final grade for positive class

Research Paper/Project: The research paper is a “System Specific Security Plan”. It
should address all relevant aspects of information security for the proposed business in
the Cryptomonicon (assigned reading for IT 462). There is no minimum page count. You
must include relevant current events to illustrate requirements, and at least 10 references,
at least 5 of which must not be internet resources.

Ethics Paper: This paper is an analysis of the ethical issues raised in the novel
Cryptomonicon (assigned reading for IT 462). There is a 10 page minimum for this
paper. You must include relevant current events and at least 10 references, at least 5 of
which must not be internet resources.

Writing Guidance:

Style – follow GMU’s Writing Center guidance

For citing sources refer to

You should use footnotes for citations, alternate views, definitions, etc.

Exams: The format of exams will be a combination of multiple choice, true false, short
answer, and/or essay questions. Expect approximately 2 – 3 hours to complete the
examination. The Final Exam is cumulative.
The quizzes will be one hour long and a combination of multiple choice, true false, and
short answer.

Grades: Grades will be awarded according to George Mason University’s grading
system for undergraduate students.

Description: Principles of Information Security Firewall Chapter 6 document sample