TEL2813IS2820SecurityManagement.ppt

TEL2813/IS2820 Security Management Lecture 1 Jan 10, 2006 Contact James Joshi 706A, IS Building Phone: 412-624-9982 E-mail: jjoshi@ Web: /~jjoshi/TELCOM2813/Spring2005/ Office Hours: Wednesdays: 1.00 – 3.00 p.m. or By appointments GSA: will be announced later Course objective The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise information system. Course objective After the course, ability to to carry out detailed analysis of enterprise security by performing various types of analysis vulnerability analysis, penetration testing, audit trail analysis, system and network monitoring, and Configuration management, etc. Carry out the task of security risk management using various practical and theoretical tools. Course objective After the course, ability to carry out Design detailed enterprise wide security plans and policies, and deploy appropriate safeguards (models, mechanisms and tools) at all the levels due consideration to the life-cycle of the enterprise information systems and networks, legal and social environment Be able to certify products according to IA standards (Common Criteria Evaluations) Course content Introduction to Security Management Security policies/models/mechanisms Security Management Principles, Models and Practices Security Planning/ Asset Protection Security Programs and Disaster Recovery Plans Standards and Security Certification Issues Rainbow Series, Common Criteria Security Certification Process National/International Security Laws and Ethical Issues Course Material Recommended course material Management of Information Security, M. E. Whitman, H. J. Mattord Guide to Disaster Recovery, M. Erbschilde Guide to Network Defense and Countermeasures, G. Holden Real Digital Forensics: Computer Security and Incident Response, 1/e; Keith J. Jones, Richard Bejtlich, Curtis W. Rose Computer Security: Art and Science, Matt Bish