DESCRIPTION OF COURSE UNIT

Transcription

1 DESCRIPTION OF COURSE UNIT APPROVED by Faculty Council 16 april 2015 Resolution No. 1STH Code Course unit title Title of the degree programme SN215M Modelling and Management of Computer Networks Name of lecturer(s) Coordinator: Prof. Dr. Darius Štitilis a. o: Martynas Damkus Cybersecurity management Master`s Degree Programme, Full-time study Departament(s) Institute of Digital Technologies Cycle of course unit Level of course unit Type of course unit II cycle Not applicable Optional Mode of delivery Year of study and semester when the course unit is delivered Language of instruction Auditorial 2 semester Lithuanian Study requirements Prerequisites Co-requisites Internship Not applicable Not applicable Number of ECTS credits allocated 8. Recommended optional programme components Student's workload Management of IT Projects Contact work hours and planned learning activities Independent work hours Learning outcomes of the programme Knowledge to use a holistic approach in dealing with a wide variety of electronic information security (cyber security) threats. Purpose of the course unit: programme competences to be developed Provide knowledge of computer network attack simulations, security enhancement, electronic harassment, space expert analysis. Learning outcomes of the course unit Students who complete this subject: Information systems will be able to justify the validity of cyber harassment; Teaching and learning methods Lectures, workshops, group work Assessment methods Individual papers, presentation on selected topics, discussion and active participants Will be able to organize and manage human resources, technological platforms in cyber security field, and make the decisions in changing environments, to develop and manage cyber security Be able to analyze the following groups: Cybercrime; Social networking risk management; Cyber attacks on the risk assessment. Lectures, workshops, group work Individual papers, presentation on selected topics, discussion and active participants

2 development projects. Will be able to scientifically analyze creative solutions in the cyber security (cyber security) field, and evaluate development opportunities, to argue and create innovative ideas and creative solutions for their implementation in electronic and information security (cyber security) field, to the security of electronic information (cyber security) innovative projects, to integrate a new knowledge in new and unknown environments and in global multicultural context. Be able to competently prepare and submit to the company, organization, forensic analysis of documents (reports, for the security of the Republic of Lithuania who meets the applicable standards) Lectures, workshops, group work Individual papers, presentation on selected topics, discussion and active participants 9. Course contens Contact work hours and planned learning activities Independent work hours and tasks Topics Lectures Consultations Seminars Training exercises Laboratory work Internship Assessment Remote contact work hours All contact work hours Work in the computer classroom Independent work hours Tasks Introduction. Burglary and ethics. Basic concepts; Hacker hacking techniques; Resonance effect For practical purposes are considered hackers hacking techniques. Student groups of 4-5 students to discuss, considering: Response process; Couple; resources; Search mechanism. Command-line options.

3 Access, services and protocols. devices; topology; TCP / IP model; Examination of real networks. A group of students (3-5 people) introduces the topic is relevant to the situation, the identification of problems to look for alternative solutions. Applicable to the delivery of computer network simulators, visual aids, PowerPoint presentation, slides, handouts, remote (video) training - examples and so on.). IS identification, analysis attacks. Service identification; Features of the system; Packet analysis Students (in groups) will prepare an accurate packet data analysis report. PowerPoint software, network analysis program packet simulators. Slides, handouts, remote (video) training - examples and so on.).

4 Malicious Software Attacks and simulation. worms; Trojan horses; rootkits; Logic bombs; Spyware software; Botnet Specific (actually existing) attack or safeguard investigation (working groups). Self study are: Malware today; botnet; Anti-virus programs; Firewall; "Sandbox". Digital forensics. principles; methodology; process; Evidence Simulator developed the electronic crime situation (forensics). A group of students (3-5 people) introduces the topic is relevant to the situation (in the subject), adapted from the study (search for traces of evidence) methodology properly registered discovered evidence. Passwords. history; types; Crack passwords; Security measures Make a password security, development and cracking expert analysis. Strong / weak passwords simulators. Password encryption / decryption.

5 Usage of social engineering in cyber space Discussion on the usage of social engineering concepts in cyber space, analysis of real life examples. Computer network security model. The network simulator; Social network security simulator; Digital examination Future ekspertizininkai analyze the simulator networking, social networks from simple to complex ekeltroninių crimes. These service reports will be available for the company or organization, and judicial proceedings justification. 10. Assessment 2 2 Assesment strategy Overall Weighting percentage Period or date of assessment Written paper (Abstract) 50 During the semester Assessment criteria Assessed the following aspects: - The structure and scope: the structure of the letter is clear and logical, there are all necessary components (introduction, which presents the theme, goals, objectives, methods, and empirical materials, teaching, where the empirical material analysis and interpretation, conclusion), the work is a reasonable amount of (0.5 points); - Analysis and Conclusions: The analysis is very detailed, the findings are based, formulated on the basis of empirical material (2 points) if the analysis is done, but not complete, the findings are not always justified, given 1 point for a superficial analysis of the scores are not given. - Scientific research culture and style: the proper treatment of sources and quotes, wording and styles to meet the requirements of scientific work (0.5 points). Evaluation without written work - 0 points. Only written work with delivery. (Students in groups where there will be many, if not this one, will get a specific company (which may be a company with which to sign a cooperation partner's

6 Powered by TCPDF ( intentions or social protocols or companies that want to get the test for free / paid) will perform IT risk assessment report can be supply companies / organizations). Examination 50 According to the shedule Evaluation by criteria mentioned in University Study regulations 11. Required reading 1. Robertas Vageris. Rizikos analizės vadovas. Vilnius: Vagos leidykla, Threat Modeling Web Applications, J.D. Meier, Alex Mackman, Blaine Wastell, Microsoft Corporation, May Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan, Microsoft Corporation, June Threat Modeling, Frank Swiderski and Window Snyder, Microsoft Press, June 2004, ISBN Writing Secure Code, 2nd Edition, Howard and LeBlanc, (pp ), Microsoft Press, 2003, ISBN A Conceptual Model for Threat Modeling Applications, Saitta, Larcom, and Michael Eddington, July 2005 Recommended reading 1. Open Source Security Testing Methodology Manual Pete Herzog OSSTMM. Ispanija: Ispanijos saugumo universitetas, CVSS, U.S. Department of Homeland Security library, February The Business Model for Information Security. ISACA Mobile Application Security. - Himanshu Dwivedi, Chris Clark, David Thiel Securing WebGoat using ModSecurity -OWASP Foundation OWASP Application Security Verification Standard - Paulo Coimbra, 2011