ist-456 mps online security management. objectives understand issues, techniques and technologies...
TRANSCRIPT
![Page 1: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/1.jpg)
IST-456 MPS Online
Security Management
![Page 2: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/2.jpg)
Objectives
• understand issues, techniques and technologies for security management
• discuss system vulnerabilities and mitigation strategies
• understand role of security inspections, certification and accreditation
• Understand interactions between systems design, systems management, social factors and socio-political environment as pertains to security management
• Basic understanding of emerging ISO/IEC 27000 (ISMS) standards
![Page 3: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/3.jpg)
Your InstructorDr Gerry Santoro
• Founding Assoc. Prof. of IST• 35+ years IT, network and security experience
• 301-J IST Building
• (814) 571-8306 (SMS is OK)
![Page 4: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/4.jpg)
About your instructor• Education
• BS – PSU 1976 (Business Economics)• MSIS – Pitt 1983• PhD – PSU 1988 (Communication and Information
Sciences)
• Professional Experience
• 1976-1983 – Univ. of Pittsburgh Computer Center – Manager of Application and System Software
• 1984-2002– PSU Information Technology Services – Asst. Director Microcomputing/Workstation Applications
• 2002-Present – IST faculty
4
![Page 5: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/5.jpg)
About your instructor• Research Interests:
– Cyber-crime, security management, digital forensics, network security, privacy, cyber-warfare
– Computer-Mediated Communications
– Popular Culture and Technology
5
![Page 6: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/6.jpg)
About your instructor• Other courses I have developed
and/or taught:– IST-110 (Intro. To IST)– IST-130 (Pop Culture and Technology)– IST-250 (Web Design and Development)– IST-402 (Content-Driven Web Services)– IST-440W (Entrepreneurial Option)– IST-451 (Network Security)– IST-452 (Privacy Law)– IST-454 (Cyber and Digital Forensics)– IST-456 (Security Management)– SRA-111 (Intro to SRA)– SRA-311 (Risk Analysis)
6
![Page 7: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/7.jpg)
About your instructor
• Married (Suzi)• 4 kids (Gerald, Travis, Brandi, Kelsey)• 1 grandson (Logan)• Hobbies: Motorcycles, Guitar,
Astronomy, Aikido (2’nd Dan)• Advisor to: SRA Club, IST Interest
House, Penn State Aikido Club
7
![Page 8: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/8.jpg)
Teaching/Learning Assistants
• Ranjani Sundareswaran
Please use Angel e-mail to contact Ranjani
![Page 9: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/9.jpg)
Syllabus
• Located on Drupal site• read it carefully!• make note of due dates!
• contains • list of sessions• list of readings• quiz dates • due dates
![Page 10: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/10.jpg)
Drupal Site
• the class Drupal site is located at:
https://online.ist.psu.edu/ist456/home
• you will want to bookmark this site and our class angel site
![Page 11: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/11.jpg)
Readings• Michael E. Whitman and Herbert. Mattord, “Management of Information Security” Third Edition ISBN-13: 978-1-4354-8884-7
• Optional readings will also be provided
![Page 12: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/12.jpg)
Topics
• Introduction to Management of Information Security• Planning for Security• Planning for Contingencies• Information Security Policy• Developing the Security Program• Security Management Models• Security Management Practices
![Page 13: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/13.jpg)
Topics (cont.)
• Risk Management• Vulnerabilities and Threats• Protection Mechanisms• Personnel and Security• Law and Ethics
![Page 14: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/14.jpg)
Content of the topics• There will also be other (online) optional
readings and occasional news items– These will be available through the Angel
RESOURCES tab
• I have created a Resources Web site that is linked from the Angel RESOURCES page
14
![Page 15: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/15.jpg)
Emphasis
Emphasis of IST-456 is on MANAGEMENT of security
• Methods, techniques, standards, approaches, best practices etc.• Goal is to control risk • Perhaps largest IT-related challenge for 21’st Century• Job outlook is very positive• Most problems with security come down to how it is managed
This is as much an art as it is a science!
![Page 16: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/16.jpg)
Course Policies• Late assignments will receive a 10% penalty unless prior approval is given
• All Course-related communication must use Angel
However you are free to call me or SMS me in the case of an emergency or simple question
I promise to read Angel daily and respond within 1 business day if not sooner
![Page 17: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/17.jpg)
Integrity• You are required to abide by the Penn State Policy on Academic Integrity
As posted in the syllabus
• You are required to abide by the Penn State policy on non-discrimination and respect
Please respect each other – everyone has something to contribute although skill levels may vary
![Page 18: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/18.jpg)
Video Lectures
• A number of video lectures are be available for each course topic
• These correspond to the textbook chapters
• Except for the topic on vulnerabilities and threats
• Be sure to keep up with the lectures as you read the textbook chapters
![Page 19: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/19.jpg)
Other Nuggets
• Video lecture slides will be available on Angel
![Page 20: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/20.jpg)
Deliverables
• Quizzes (individual) (35%) 350 points• Mini-Problems and Exercises (team) (45%) 450 points• Security News Presentation (Team) (10%) 100 points•Discussion Activity (individual) (5%) 50 points• Self and Team Evaluation (5%) 50 points
Total (100%) 1000 points
![Page 21: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/21.jpg)
Quizzes (35%)• There will be 8 quizzes this semester
The lowest quiz score will be dropped for each student
• Quiz due dates are listed in the syllabus
• Quizzes will cover required readings and video lectures
• The format will be multiple-choice• Your goal is to select or provide the BEST answer based on course material! Beware of semantics!• Each quiz will include two free questions
http://www.openclipart.org/detail/137011/simple-question-sign-by-boobaloo
![Page 22: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/22.jpg)
Mini Problems and Exercises (45%)
• Three team projects 15% each)• You will be provided with some initial resource or information
• article, Web site, situation problem, video, etc.
• Team will produce report essay (with references) providing analysis and answering questions
http://www.openclipart.org/detail/85003/computer-rage-by-eady
![Page 23: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/23.jpg)
Mini Problem 1Security Planning
• Your team will develop a set of contingency plans for a small organization
• The purpose is to have an understanding of how contingency plans may be developed to prepare for an incident
![Page 24: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/24.jpg)
Mini Problem 2Security Policy
• Your team will examine Penn State security policies and select 7 for analysis
• Policy is the basis for security programs, processes and controls – they also can protect an organization from liability
![Page 25: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/25.jpg)
Mini Problem 3Security Auditing and Standards
• Your team will examine 6 of the standards published under ISO/IEC 27000 and provide an analysis of each
• ISO/IEC 27000 is an emerging international set of standards for security management and auditing
![Page 26: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/26.jpg)
Security News Presentation (10%)• Team project
• Research an incident, methodology, approach, technology or other issue/technique in security news
• Develop outline and presentation materials for 5-8 minute presentation
• Be sure to relate it to Security Management and course content
![Page 27: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/27.jpg)
Discussion Activity (5%)• I will post 2 security news videos during the semester
• There will also be an accompanying discussion forum for each
• you are to post a response to one of the videos
if you post to both of them the higher score will be used
![Page 28: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/28.jpg)
Getting Started• Get familiar with ANGEL
• Use ANGEL to read/send emails via the Communicate Tab in ANGEL• Team space will be provided• Find where the components are located
• Read the syllabus and project descriptions
•You are responsible for knowing the information provided in the syllabus! (due dates, readings, etc.)•Look over the team problem descriptions
![Page 29: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/29.jpg)
Tips for SuccessUse a personal calendar to plan
your semesterStay on top of the readingsBe sure to check your gradesContact both Dr. Santoro and the
TA if you have any questions or problems
I will have online office hours scheduled on a weekly basis – the exact day/time will be determined after I have a feeling for class composition
![Page 30: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/30.jpg)
We want you to succeed!
Your success is our success!
Use the course as a launch pad for exploration
Be careful not to do anything that breaks the law or Penn State Policy!
![Page 31: IST-456 MPS Online Security Management. Objectives understand issues, techniques and technologies for security management discuss system vulnerabilities](https://reader036.vdocument.in/reader036/viewer/2022062804/56649ede5503460f94beedd0/html5/thumbnails/31.jpg)
Questions?
End of class 1
Post them in the general class discussion forum.