1 / 33

IST-456 MPS Online

Understand security management issues, techniques and technologies. Discuss system vulnerabilities and mitigation strategies. Learn about security inspections, certification, and accreditation.

juanjohnson
Download Presentation

IST-456 MPS Online

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Management IST-456 MPS Online

  2. understand issues, techniques and technologies for security management • discuss system vulnerabilities and mitigation strategies • understand role of security inspections, certification and accreditation • Understand interactions between systems design, systems management, social factors and socio-political environment as pertains to security management • Basic understanding of emerging ISO/IEC 27000 (ISMS) standards Objectives

  3. Dr Gerry Santoro • Founding Assoc. Prof. of IST • 35+ years IT, network and security experience • 301-J IST Building • (814) 571-8306 (SMS is OK) Your Instructor

  4. About your instructor • Education • BS – PSU 1976 (Business Economics) • MSIS – Pitt 1983 • PhD – PSU 1988 (Communication and Information Sciences) • Professional Experience • 1976-1983 – Univ. of Pittsburgh Computer Center – Manager of Application and System Software • 1984-2002– PSU Information Technology Services – Asst. Director Microcomputing/Workstation Applications • 2002-Present – IST faculty

  5. About your instructor • Research Interests: • Cyber-crime, security management, digital forensics, network security, privacy, cyber-warfare • Computer-Mediated Communications • Popular Culture and Technology

  6. About your instructor • Other courses I have developed and/or taught: • IST-110 (Intro. To IST) • IST-130 (Pop Culture and Technology) • IST-250 (Web Design and Development) • IST-402 (Content-Driven Web Services) • IST-440W (Entrepreneurial Option) • IST-451 (Network Security) • IST-452 (Privacy Law) • IST-454 (Cyber and Digital Forensics) • IST-456 (Security Management) • SRA-111 (Intro to SRA) • SRA-311 (Risk Analysis)

  7. About your instructor • Married (Suzi) • 4 kids (Gerald, Travis, Brandi, Kelsey) • 1 grandson (Logan) • Hobbies: Motorcycles, Guitar, Astronomy, Aikido (2’nd Dan) • Advisor to: SRA Club, IST Interest House, Penn State Aikido Club

  8. Ranjani Sundareswaran Please use Angel e-mail to contact Ranjani Teaching/Learning Assistants

  9. Located on Drupal site • read it carefully! • make note of due dates! • contains • list of sessions • list of readings • quiz dates • due dates Syllabus

  10. the class Drupal site is located at: https://online.ist.psu.edu/ist456/home • you will want to bookmark this site and our class angel site Drupal Site

  11. Michael E. Whitman and Herbert. Mattord, “Management of Information Security” Fifth Edition ISBN-13: 978-1-305-50125-6 • Optional readings will also be provided Readings

  12. Introduction to Management of Information Security • Compliance: Law and Ethics • Governance and Strategic Planning for Security • Information Security Policy • Developing the Security Program • Identifying and Assessing Risk • Controlling risk Topics

  13. Vulnerabilities and Threats • Security Management • Models • Security Management • Practices • Planning for Contingencies • Personnel and Security • Protection Mechanisms Topics (cont.)

  14. Content of the topics • There will also be other (online) optional readings and occasional news items – these are on a delicio.us site linked to Canvas • I have created a Resources Web site that is linked from Canvas

  15. Emphasis of IST-456 is on MANAGEMENT of security Emphasis • Methods, techniques, standards, approaches, best practices etc. • Goal is to control risk • Perhaps largest IT-related challenge for 21’st Century • Job outlook is very positive • Most problems with security come down to how it is managed This is as much an art as it is a science!

  16. Late assignments will receive a 10% penalty unless prior approval is given • All Course-related communication must use Canvas However you are free to call me or SMS me in the case of an emergency or simple question I promise to read Canvas daily and respond within 1 business day if not sooner Course Policies

  17. You are required to abide by the Penn State Policy on Academic Integrity As posted in the syllabus • You are required to abide by the Penn State policy on non-discrimination and respect Please respect each other – everyone has something to contribute although skill levels may vary Integrity

  18. Video Lectures • A number of video lectures are be available for each course topic • These correspond to the textbook chapters • Except for the topic on vulnerabilities and threats • Be sure to keep up with the lectures as you read the textbook chapters

  19. Video lecture slides will be available on Canvas Other Nuggets

  20. Quizzes (individual) (35%) 350 points • Mini-Problems and Exercises (team) • (45%) 450 points • Security News Presentation (Team) • (10%) 100 points • Discussion Activity (individual) (5%) 50 points • Self and Team Evaluation (5%) • 50 points •  Total (100%) 1000 points Deliverables

  21. There will be 8 quizzes this semester The lowest quiz score will be dropped for each student • Quiz due dates are listed in the syllabus • Quizzes will cover required readings and video lectures • The format will be multiple-choice • Your goal is to select or provide the BEST answer based on course material! Beware of semantics! • Each quiz will include one extra point question Quizzes (35%) http://www.openclipart.org/detail/137011/simple-question-sign-by-boobaloo

  22. Three team projects 15% each) • You will be provided with some initial resource or information • article, Web site, situation problem, video, etc. • Team will produce report essay (with references) providing analysis and answering questions Mini Problems and Exercises (45%) http://www.openclipart.org/detail/85003/computer-rage-by-eady

  23. Your team will examine Penn State security policies and select 6 for analysis • Policy is the basis for security programs, processes and controls – they also can protect an organization from liability Mini Problem 1Security Policy

  24. Your team will examine 5 of the standards published under ISO/IEC 27000 and provide an analysis of each • ISO/IEC 27000 is an emerging international set of standards for security management and auditing Mini Problem 2Security Auditing and Standards

  25. Your team will examine Penn State security policies and select a few for analysis • Policy is the basis for security programs, processes and controls – they also can protect an organization from liability Mini Problem 1Security Policy

  26. Your team will examine the standards published under ISO/IEC 27000 and provide an analysis of a subset • ISO/IEC 27000 is an emerging international set of standards for security management and auditing Mini Problem 2Security Auditing and Standards

  27. Your team will develop a set of contingency plans for a small organization • The purpose is to have an understanding of how contingency plans may be developed to prepare for an incident Mini Problem 3Security Planning

  28. Team project • Research an incident, methodology, approach, technology or other issue/technique in security news • Develop outline and presentation materials for 5-8 minute presentation • Be sure to relate it to Security Management and course content Security News Presentation (10%)

  29. I will post 2 security news videos during the semester • There will also be an accompanying discussion forum for each • you are to post a response to one of the videos if you post to both of them the higher score will be used Discussion Activity (5%)

  30. Get familiar with Canvas • Canvas e-mail • Find where the components are located • Read the syllabus and project • descriptions • You are responsible for knowing the information provided in the syllabus! (due dates, readings, etc.) • Look over the team problem descriptions Getting Started

  31. Use a personal calendar to plan your semester Stay on top of the readings Be sure to check your grades Contact both Dr. Santoro and the TA if you have any questions or problems I will have online office hours scheduled on a weekly basis – the exact day/time will be determined after I have a feeling for class composition Tips for Success

  32. Your success is our success! Use the course as a launch pad for exploration Be careful not to do anything that breaks the law or Penn State Policy! We want you to succeed!

  33. Post them in the general class discussion forum. Questions? End of class 1

More Related