Course Design Document. Information Security Management. Version 2.0

Transcription

1 Course Design Document Information Security Management Version 2.0 January 2015

2 Table of Content 1 Versions History Overview of Security and Trust Course... 4 Synopsis Prerequisites Objectives Basic Modules Instructional Staff Output and Assessment Summary Midterm test (10%)... Error! Bookmark not defined. 3.2 In-Class Participation (20%) Graded Assignment (20%)... Error! Bookmark not defined. 3.4 Project (40%) Final Exam (10%) Grades release schedule Group Allocation for Groups/Assignments... Error! Bookmark not defined. 5 Classroom Planning Course Schedule Summary Weekly Plan List of Information Resources and References Tooling Tool 14 Description Remarks Learning Outcomes, Achievement Methods and Assessment... 14

3 1 Versions History Version Description of Changes Author Date V st Draft SITSA 22 June 2012 V nd Draft SITSA 29 August 2012 V 1.0 Final SITSA 7 January 2014 V st Draft SITSA 28 October 2014 V nd Draft SITSA 04 November 2014

4 2 Overview of Security and Trust Course Synopsis The Information Security (IS) Management course aims to provide students with insights to today s information security challenges, particularly in the area of Critical Information Infrastructure and the urgency to better secure these assets. Through case studies discussions and sharing of real life, on-the-job experiences in the areas of Consultancy, Critical Information Infrastructure Protection and Cyber Response, the course is designed to allow students to gain different perspectives to solving real world security problems from a professional and operational view point. 2.1 Prerequisites Students should have taken Basic Information Security and Trust Course. 2.2 Objectives Upon finishing the course, students are expected to: Understand how important security principles must be adhered to when securing the infrastructures. Understand the importance of balancing security, operational effectiveness and cost Be able to analyze and to aptly secure the cyber perimeter of the infrastructures against cyber attacks Be able to aid an organization in its response and recovery from cyberattacks and to further enhance its security implementations. 2.3 Basic Modules Prevention Risk Assessment Security Architecture Security Examination and Pro-Active Detection Response Incident Response Cyber Response - Malware Cyber Response - Forensics

5 Critical Information Infrastructure Protection (CIIP) 2.4 Instructional Staff SITSA officers 3 Output and Assessment Summary Week Output Weightage in % 1 2 Project Proposal Recess Week Project Report 40% 13 Presentation Exam 40% Class Participation 20% TOTAL 100% 3.1 In-Class Participation (20%) Evaluation will be based on o Attendance o Participation in in-class activities 3.2 Project (40%) Students are required to undertake a project that will allow them to apply the skills and the knowledge that they have been taught in class

6 1. BYOD: What are the cyber-security issues that you need to handle when you use your own smart devices for work purposes? What can be done about them and how effective are they? 2. Smart Nations: Discuss the potential cyber-security considerations. What are the threats and risks? What are the security implementations to put in place and how effective are they? 3. The Australian Government Department of Defense released 35 strategies that may be implemented to mitigate targeted cyber intrusions ( table.htm). They have singled out 4 top strategies to do so. Discuss the effectiveness of these top 4 strategies against APT. 4. Dynamic Encryption: Based on an article (the article will be provided in Week 1), understand the approach and evaluate its potential and usefulness in information security. 5. People, processes and technologies: Discuss the importance of people, processes and technologies in information technology security. Deliverables 1. Project Proposal Proposal to be submitted on Week 2, start of lecture It should not exceed 500 words, single column, Times New Romans/Arial, font size 13, 1.5 line spacing. Names of team members and project title must be included It should include key points/issues that the team is looking at as well as a brief workplan of how the team is going to approach the topic Proposals that are not approved must be resubmitted for subsequent approval 2. Project Report Report to be submitted on Week 12, 27 th March, Friday, 10am It should not exceed 3,000 words, single column Times New Romans/Arial, font size 13, 1.5 line spacing. Names of team members, project title, executive summary and references must be included 3. Project Presentation Oral presentation will be delivered by the team in 20 minutes, followed by a 10 minutes Q&A Report Grading: The grading is hugely based on o Whether the teams have shown a sound understanding of the issues revolving the selected topic o Whether the teams have shown sufficient width and depth to analysing the impact of their selected topic

7 o Whether the teams are able to write the report and present in a coherent manner o The originality, the recommendations and the comprehensiveness of considerations on the selected topic Dates to Note: o Week 2: Proposal Due o Weeks 12: Report Due o Week 13/14: Presentation 3.3 Final Exam (40%) Week 15 Covers all materials in all lectures Include multiple choice questions and short answer questions 3.4 Grades release schedule Participation Final exam Project at the end of term at the end of term at the end of term 4 Classroom Planning There is one session of 3 hours classroom each week. 4.1 Course Schedule Summary Wk Topic Readings Classroom activity Assignment/Discussion/ Output/ Remarks Presentation + Lecture 1 Administrative/ Risk Assessment 2 Risk Assessment/Se curity Architecture/ Security Evaluation / Pro- Active Detection 4 Project work proposal sitthrough with Lecture + Case studies + Discussion + Game Play 3 Lecture + Case Studies + Discussion + Game Play Project work proposal discussion Project proposal due

8 teams 5 CIIP Lecture + Case Studies + Discussion + videos 6 Lecture + Case Studies + Discussion 7 Project work Project work discussion 8 Recess Recess Recess 9 Incident Lecture + Case Studies + Response Discussion Framework 10 Lecture + Demonstration + 11 Digital Forensics Hands-on Lecture + Case Studies + Hands-on Malware 12 Project work Project work discussion Project report due Project Presentation Project Presentation 13 Project Presentation 14 Study Week 15 Final Exam 4.2 Weekly Plan Week: 1 Session: Administrative briefing Risk Assessment Lecture Project: Project assignment and requirements Team Course material is available for download from the course website Students may either do the project on their own or in groups (2-3people) Week: 1/2/3 Case Study + Discussion Lecture Showing that cyber threats really happen and they may result in severe consequences for businesses o Differentiating amongst the different threat agents Defining and assessing the problems that cyber threats have on businesses from the perspectives of confidentiality, integrity and availability (CIA) Identifying the various assets of a typical IT system that needs to be protected Understanding the 5 security objectives Confidentiality, Integrity, Availability, Non-authentication and Non-repudiation Understanding and formulating threat scenarios Recommending high level security controls to mitigate

9 assessed threats Case Study + Discussion Examining new technologies with promises of benefits that comes with its share of security woes Game Play Engaging the students through game play to illustrate and put to play the concepts covered in the lecture Main Case Study: From SOHO to Enterprise Reference: Reading materials from various sources will be provided to the students one week before lecture Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture Students need to show clearly that cyber threats exist and the consequences of falling victim to them Students need to understand cyber threats from the perspectives of Confidentiality, Integrity, Availability, Non-authentication and Non-repudiation Week: 1/2/3 Lecture Revisiting what needs to be protected Formulating specific security requirements to mitigate threats surfaced, covering technical topics such as, o Cryptography o Sever Security o DB Security o Network Security Drawing up IT security architectures and developing strategies while taking business goals and the 5 security objectives into consideration Case Study + Discussion Illustrating the complexity of balancing security needs with operational and cost considerations Showing the importance of having security measures implemented at the very start Game Play Engaging the students through game play to illustrate and put to play the concepts covered in the lecture Main Case Study: Virtualisation and Cloud Computing Reference: Reading materials from various sources will be provided to the students one week before lecture Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture Students need to understand the importance of implementing security measures into the system architecture from the very start. Students need to know how to balance security requirements, operation considerations and cost Week: 1/2/3 Lecture + Case Study + Discussion Knowing and understanding the different cyber security tests and their purposes

10 Understanding the need for security examination and certification of cyber security products/technologies/solutions Lecture Appreciating the different types of security testing and their purpose (e.g. SSAT, PT) Knowing and understanding the various stages of testing that needs to be conducted on IT systems to assure that security objectives have been met. For e.g. o Test objective definition o Test plan formulation o Test execution o Reporting Importance of security examination and certification Game Play Student presentation and debrief of game play Engaging the students through game play to illustrate and put to play the concepts covered in the lecture Reference: Reading materials from various sources will be provided to the students one week before lecture Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture Students need to understand the importance of doing security examination on cyber security products/technologies/solutions Students need to understand the various stages of testing to ensure that security objectives have been met Students need to realise and appreciate the implications that secure systems have on businesses Week: 4 Project Proposal Discussion Week: 5/6 Lecture + Discussion Introducing what Critical Information Infrastructure (CII) is o Introducing CII Security o Definition of CII (Singapore context) o Differences between the Enterprise and SCADA systems o The concerns on SCADA Cyber security concepts Availability Integrity Confidentiality (AIC) and Confidentiality Integrity Availability (CIA) Security breaches and their impacts o To Singapore s national security, economy and public safety o Looking at CIIs becoming targets at the national level Case Studies + Discussion Illustrating the impact of damages resulting from CIIs security breaches. Case studies presented are in order of increasing scale of damages, ranging from prankster attacks to targeted ones, from local to national level scale attacks Main Case Study: StuxNet

11 Reference: Reading materials from various sources will be provided to the students one week before the actual lecture Students need to understand what CIIs are Students need to understand the impact of damages resulting from security breaches and to appreciate the need to protect the CIIs Week: 5/6 Lecture + Discussion Critical Information Infrastructure Protection Illustrating the vulnerabilities of the control systems (SCADA) used in CIIs o Myth of ICS invulnerability Understanding how to manage the risks, threats and attacks Understanding the security mechanisms and the attack routes o Improving cyber security of ICS networks o Being security aware o Knowing the security management implementation issues and guidelines and being aware of the impression that management has of ICS security Being aware and understanding the heightened vulnerabilities of the ICS due to increased interconnectivity amongst systems Main Case Study: StuxNet Reference: Reading materials from various sources will be provided to the students one week before the actual lecture Students need to understand the mechanisms used to protect SCADA systems Students need to be aware of the industry standards Students need to be aware of the various current security products available in the industry Week: 7 Project Report Discussion Week: 8 (Recess week: no class) Week: 9 Incident Response Lecture Incident Response Framework o Focusing on the Incident Response Framework, its key components and the critical role that incident response play in current times. o Understanding what is required for an Incident Response Framework to be put in place o Knowing how to communicate with other Incident Response teams effectively and efficiently. Case Study + Discussion APEC 2009 and the role that Incident Response played o headers in incident response Main Case Study: APEC 2009 Reference: Handbook for Computer Security Incident Response Teams (CSIRTs) by Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003 Computer Security Incident Handling Guide (Draft), Special Publication , Revision 2

12 (Draft) by NIST (National Institute of Standards and Technology) A Step-by-Step Approach on How to Set Up a CSIRT Deliverable WP2006/5.1 (CERT-D1/D2) by ENISA Good Practices for Security Incident Management ENISA (European Network and Information Security Agency) CSIRT Services RFC 2350 Expectations for Computer Security Incident Response SANS 504 Hacker Techniques, Exploits and Incident Handling Student need to understand the importance, the purpose of cyber incident response and the role it plays in today s landscape Students need to know the key components of cyber incident response Students need to be aware of what is needed for efficient and effective communication with other incident response teams Week: 10 Digital Forensics Lecture Cyber forensics o Covering principles, cyber footprints, transiting from traditional static forensics to cloud-based forensics, forensics for SCADA systems, forensic challenges, virtualisation and chain-of-custody procedures o Covering the mind-set of an investigator and examiner Discussion APEC 2009 incident and the applications of forensics to this case. Role of forensics in Incident Response Life Cycle Concerns of forensics investigators Importance of following proper chain-of-custody procedure Main Case Study: APEC 2009 Reference: Real Digital Forensics (Computer Security and Incident Response), Keith J.Jones Chapter 9 Digital Forensics for Network, Internet and Cloud Computing, Terence V. Lillard Chapter 12 Virtualization and Forensics, Diane Barrett Chapter 5 7, Windows Forensics Analysis Toolkit, Advanced Analysis Techniques for Windows 7 3E, Harlan Carvey Chapter 1 Techno Security s Guide to E-discovery and Digital Forensics, Jack Wiles Chapter 2 Alternate Data Storage Forensics, Tyler Cohen & Amber Schroader Chapter 1 Hands-on/Lab: Academic-licensed forensic tools Students need to be aware of how digital tools may be used to uncover information and critical data Students need to be aware of the challenges pose to forensics and uncovering of digital tracks in view of emerging new technologies such as cloud and virtualization Students need to understand the importance of following forensic procedures Week: 11 Malware Analysis Lecture Malware 101 o Introducing various categories and types of malware, common attack vectors and mechanisms, APT, basic malware analysis processes, tools o Showing the issues and challenges of malware

13 o o analysis and demonstrating malware in action Understanding the need for containment Knowing the importance of preserving evidence to aid in malware eradication and system recovery Case Study + Discussion + Providing a wrap-up to Cyber Response segment Demonstration Combining both Incident Response and Malware Analysis Main Case Study: APEC 2009 Reference: Forensic Discovery, Dan Farmer, Wiestse Venema (Addison-Wesley Professional) M Trends 2010 the advanced persistent threat, Mandiant Students need to have a basic understanding of malware Students need to understand the essential concepts of malware investigation Week: 12 Project Report Discussion Report due Week: 13 Project Presentation Students should learn from each other Week: 14 (review week: no class) Week: 15 Final Quiz MCQs Short Application Questions Students may leave other the Quiz Students may choose to stay if they have questions 5 List of Information Resources and References Reading materials and reference websites will be made available in the course slides.

14 6 Tooling Tool Description Remarks Hex Editor Freeware Hands-on exercises and demo Lab exercises 8 Learning Outcomes, Achievement Methods and Assessment 1 2 Information Security Management Integration of business & technology in a sector context 1.1 Business IT value linkage skills 1.2 Cost and benefits analysis skills 1.3 Business software solution impact analysis skills IT architecture, design and development skills 2.1 System requirements specification skills 2.2 Software and IT architecture analysis and design skills YY YY 2.3 Implementation skills YY 2.4 Technology application skills YY Course-specific core competencies which address the Outcomes Analyzing the security requirement and the vulnerabilities of the infrastructures. Deploying security tools to harden it Analyzing the vulnerabilities of an infrastructure, the functional and non-functional requirements of it, to harden it through the application of security concepts Having the various security tools and concepts to harden infrastructures Using existing technologies to harden infrastructures Faculty Methods to Assess Outcomes Projects, In-class discussions and class activities Projects, In-class discussions, class activities and case studies analysis Class activities and case studies analysis In-class discussions, Class activities and case studies analysis 3 Project management skills 3.1 Scope management skills 3.2 Risks management skills 3.3 Project integration and time Y Develop and execute project Project proposal, in-

15 management skills plans and maintain it class activities 3.4 Configuration management skills 3.5 Quality management skills 4 Learning to learn skills 4.1 Search skills Y 4.2 Skills for developing a methodology for learning 5 Collaboration (or team) skills: 5.1 Skills to improve the effectiveness of group processes and work products Change management skills for 6 enterprise systems 6.1 Skills to diagnose business changes 6.2 Skills to implement and sustain business changes Skills for working across 7 countries, cultures and borders 7.1 Cross-national awareness skills 7.2 Business across countries facilitation skills 8 Communication skills 8.1 Presentation skills YY Y Study and search for information that may be applied to their case studies, assignments and projects Effectively communicate and resolve conflicts while working in a randomly chosen team Students will need to apply this when doing project presentation Projects and in-class activities In-class discussion and activities Project and in-class activities 8.2 Writing skills YY Students will need to submit a project proposal and a project report Project Y YY This sub-skill is covered partially by the course This sub-skill is a main focus for this course