Syllabus: AIT 671 - Information Systems Infrastructure Lifecycle Management



Similar documents
Syllabus: AIT Information Systems Infrastructure Lifecycle Management

Syllabus: AIT 673 (Online) - Cyber Incident Handling/Response

PREREQUISITES Completion or concurrent enrollment in all other required general education courses, GOVT 300, and 18 credits in the major.

4ECE 320 Signals and Systems II Department of Electrical and Computer Engineering George Mason University Fall, 2015

Looking at the SANS 20 Critical Security Controls

Fall Syllabus. College of Health and Human Services. HAP 700: Introduction to Health Informatics. Course information

Critical Controls for Cyber Security.

PUAD 502 Administration in Public and Non-Profit Organizations Term Offered Fall, 2015 Syllabus

HAP 750 Legal Issues in Health Administration Summer 2014

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

This four (4) credit hour. Students will explore tools and techniques used penetrate, exploit and infiltrate data from computers and networks.

ITS425: Ethical Hacking and Penetration Testing

George Mason University Electrical and Computer Engineering Department ECE 201: Introduction to Signal Analysis Syllabus Fall 2015

CS4320 Computer and Network Security. Fall 2015 Syllabus

Psychological Testing (PSYCH 149) Syllabus

Common Syllabus Revised

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline

WAYLAND BAPTIST UNIVERSITY VIRTUAL CAMPUS SCHOOL OF BUSINESS SYLLABUS

WAYLAND BAPTIST UNIVERSITY ONLINE CAMPUS SCHOOL OF BUSINESS SYLLABUS

IT 342 Operating Systems Fundamentals Fall 2014 Syllabus

COURSE SYLLABUS BMIS 342 CYBER SECURITY

ITS425: Ethical Hacking and Penetration Testing

COURSE SYLLABUS FIREWALLS & NETWORK SECURITY. ITSY-2301 Number Lecture - Lab - Credit. ITSY-1342 Prerequisites. April 16, 2015 Revision Date

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

CS 464/564 Networked Systems Security SYLLABUS

Brazosport College Syllabus for PSYC 2301 General Psychology

Borough of Manhattan Community College Department of Social Science. POL American Government Spring 2014

Applied Network Security Course Syllabus Spring 2015

IT 101 Introduction to Information Technology

Collin College Business and Computer Systems

POFT 1309 Administrative Office Procedures I COURSE SYLLABUS

ITM 641: Information Security Policies Syllabus Sanjay Goel School of Business University at Albany, State University of New York

PSYCH 105S: General Psychology Tuesdays and Thursdays 11:00 12:50 CERAS, Room 300

TOUR 412 Tourism and Events Marketing Spring 2016

IST359 - INTRODUCTION TO DATABASE MANAGEMENT SYSTEMS

CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY. Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS:

MSIS 630 Project and Change Management (Fall 2014) Course Syllabus

COURSE TEXTBOOK [Insert required course text academic format for book listing with ISBN# and edition]

ERP 5210 Performance Dashboards, Scorecard, and Data Visualization Course Syllabus Spring 2015

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

DSCI 3710 Syllabus: Spring 2015

CS 340 Cyber Security Weisberg Division of Computer Science College of Information Technology & Engineering Marshall University

ITSY1342 Section 151 (I-Net) Information Technology Security

Course Syllabus CAD 140 Computer-Aided Drafting I 3 Semester Hours

PSYCHOLOGY 101 ONLINE. Course Information and Syllabus Summer 2014

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

MIS 7381 Syllabus_Spring 2016_Cooper.doc 1 02/08/16 2:44 PM

Leveraging SANS and NIST to Evaluate New Security Tools

TCOM 562 Network Security Fundamentals

Earth Science 102 Introduction to Physical Geology Fall 2015 Online

Introduction to Personality Psychology 2320, Spring 2013 TTh 5:30-6:45 Arts and Science 110 (Allen Auditorium)

Psychology 2510: Survey of Abnormal Psychology (Section 2) Fall 2015

SOCI 1301 Online Introduction to Sociology COURSE SYLLABUS

Security and Computer Forensics ITP 477 (4 Units)

BIOL FUNDAMENTALS OF HUMAN ANATOMY & PHYSIOLOGY II, Fall 2015

PSYCHOLOGY 101 ONLINE. Course Information and Syllabus Fall 2012

Syllabus Systems Analysis and Design Page 1 of 6

CIS 56 (CRN: 33372) Hybrid Course Winter, 2016

CSC 474 Information Systems Security

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Information Security and Risk Management

CEDAR CREST COLLEGE Psychological Assessment, PSY Spring Dr. Diane M. Moyer dmmoyer@cedarcrest.edu Office: Curtis 123

MG430: Sports Management

CMJ CRIME SCENE INVESTIGATION Spring Syllabus 2015

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

San José State University Department of Hospitality Management HSPM 108 Hospitality Information Systems. Fall 2013

CS Ethical Hacking Spring 2016

CS 1361-D10: Computer Science I

Tuskegee University Department of Computer Science Course No: CSCI 390 (Computer Forensics) Fall MWF 1:00-2:300, BRIM 301

PSYCHOLOGY 101 ONLINE. Course Information and Syllabus Summer 2016

CIT 217 Security + Network Security Fall 2015

George Mason University Graduate School of Education Special Education Program

ITNW 2305 Network Administration COURSE SYLLABUS

Jumpstarting Your Security Awareness Program

CSC-310 Introduction to Geographic Information Systems

HRPO 2301 HUMAN RESOURCES MANAGEMENT COURSE SYLLABUS

How To Pass A Customer Service Course At Tstc

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

SYST 371 SYSTEMS ENGINEERING MANAGEMENT

Government 2305 Federal Government Fall 2015 ONLINE

ACNT 1311 Intro to Computerized Accounting COURSE SYLLABUS

COURSE SYLLABUS PSYCHOLOGY 201 GENERAL PSYCHOLOGY (CRN #34981) WINTER 2010 TR 9:30 10:50 a.m. NSH-109

ISM527 - Cyber Security Management

Transcription:

Syllabus: AIT 671 - Information Systems Infrastructure Lifecycle Management Term: Fall 2014 Instructor: Jay Holcomb, Adjunct Faculty, Department of Applied Information Technology, Volgenau School of Engineering GMU Website: http://mason.gmu.edu/~jholcom9/ E- mail: jholcom9@gmu.edu Course: AIT 671 -- Information System Infrastructure Credits: 3 Examines information system infrastructure lifecycle management including the audit process, IT governance and best practices, system and infrastructure control, IT service delivery and support, protection of information assets, physical security, business and disaster recovery. Day/Time: Thursday, 4:30 pm-7:10 pm Where: Music/Theater Building, Room: 1002 Textbooks (Required): Richard Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response, No Starch Press (August 2, 2013). ISBN: 978-1593275099 (Available on Safari Tech Books Online, which is part of the E- Book Databases@Mason) Other Resources: Paper readings and Internet resources posted on Blackboard -- AIT 671 Course Course Goals: 1. Obtain in-depth knowledge on various security systems examples. 2. Gain increased understanding of attack models used against security systems. 3. Learn how security systems provide defenses and counter measures against differing attack vectors. 4. Understand overall evaluation and management of security systems life cycle. Version 1.0 Page 1 of 6 Fall 2014

Grading policy: Grades will be determined based on the following: Grade Component Weight Current Cyber Event Paper #1 10% Current Cyber Event Paper #2 10% Quiz 10% Lab assignments (10% each) 30% Team Project and Presentation 30% Class Participation 10% Total: 100% The grading scale for this course is: Numeric Grade Letter Grade 97 100% A+ 93 96% A 90 92% A- 87 89% B+ 83 86% B 80 82% B- 77 79% C+ 73 76% C 70 72% C- 60 69% D 0 59% F Version 1.0 Page 2 of 6 Fall 2014

Current Cyber Event Papers (2 10% each): Select a recent cyber event - research the event using open source references - write an executive-level technical brief on the event. Include the following at a minimum: threat vector used, vulnerability attacked, business impact of this event, your recommended security system(s) to help provide increased defenses against similar attacks in the future, and why/justification. The length of this paper should be one page - maximum of two pages. (One page is a single side of paper) On a separate page include your open source references - minimum of two (2) unique sources are required. Quiz (10%): A 25 question open-book multiple-choice quiz covering the key terms/topics discussed during the first seven (7) weeks of the course. If unable to complete the quiz within allotted time a written make-up assignment may be completed. (Must be completed within 2 weeks of the quiz for credit.) Lab Assignments (3 10% each): Three (3) labs supporting course objectives regarding attacks and defensive options related to security systems. If unable to attend/participate in a lab a written make-up assignment may be completed. (Must be completed within 2 weeks of the missed lab for credit.) Team Project and Presentation (30%): (Five teams of 5 people) Either a Red team (Penetration testing team) or Security audit consultants -- your team will decide). You will be auditing security systems/security controls currently in place and recommending improvements. Select a fictitious critical infrastructure sector company and create a senior executive (CISO/CIO) level report, with accompanying executive briefing, highlighting the "results" of your red team test or security audit. At a minimum cover what may happen to the company if they do not implement your top four (4) recommendations and are hit with malicious software, or a breach, describing the potential security risk in great detail. Include how your team approached/engaged with the company, standard processes you used, tools (software/hardware), social, and/or physical security testing that you used, time period of the testing, potential business impacts of any major issues you identified, cost of the assessment, team skills with estimated costs, and the [critical] reporting process. The length of the report should be less than 20 pages. (One page is a single side of paper) On a separate attachment include your open source references. The report and presentation will be given during our final two sessions. Class Participation (10%): Active participation in weekly lectures, labs, and team assignments. Version 1.0 Page 3 of 6 Fall 2014

Lecture Schedule (Tentative): Week 1: Introduction to Information Systems Infrastructure Life Cycle Management, Physical Security, Business/Disaster Recovery, and Best Practices Review NIST Special Publication 800-53 Revision 4 (April 2013) Chapters 1 and 2 with additional concentration on CM, CP, and PE families NIST Special Publication 800-100 (October 2006) Chapters 3 and 9 Defensive Section Week 2: Security Systems Overview (Firewall, IDS/IPS, Monitoring Systems, SIEM, etc.) and Threat Vectors Overview Review NIST Special Publication 800-94 (February 2007) Chapter 2 and 3 Detection and Response, No Starch Press (August 2, 2013) Chapter 1 and 2 Week 3: Defense Methods Against Various Software Vulnerability Attacks and Other Defense Examples Lab Preparation Review SANS 20 Critical Security Controls and MITRE 2011 CWE/SANS Top 25 Most Dangerous Software Errors http://cwe.mitre.org/top25/ Read OWASP Top 10 and The Practice of Network Security Monitoring: Understanding Incident Detection and Response, No Starch Press (August 2, 2013) Chapter 3 Week 4: Lab #1 Know Your Network/User Awareness Section (Defense and Offense) Week 5: Know Your Network (Sniffing, Scans, Configurations, Patching, etc.) Review NIST Special Publication 800-115 (September 2008) Chapter 3 and 4 Detection and Response, No Starch Press (August 2, 2013) Chapter 7 (Current Cyber Event Paper # 1 due) Version 1.0 Page 4 of 6 Fall 2014

Know Your Network/User Awareness Section (Defense and Offense) Week 6: Introduction to Offense (Pen Testing, Red Teaming, Auditing) Review NIST Special Publication 800-115 (September 2008) Chapters 5, 6, 7, and 8 Read Paper readings and Internet resources posted on Blackboard Week 7: (VIRTUAL WEEK testing online class process) User Awareness/Training and Vulnerability and Configuration Management Review NIST Special Publication 800-100 (October 2006) Chapters 4 and 14 Read Paper readings and Internet resources posted on Blackboard Assignment (due Sunday, October 12 th at midnight) Teams complete handout on User Awareness/Training. (Maximum 5 pages) Week 8: Lab #2 (Quiz opens) Offensive Section Week 9: Evaluation Methods of Security Systems and Metrics on Measuring Security Enhancements Review Paper readings and Internet resources posted on Blackboard Read NIST Special Publication 800-100 (October 2006) Chapter 7 (Quiz closes) Week 10: Attack Models against Security Systems Review Paper readings and Internet resources posted on Blackboard Detection and Response, No Starch Press (August 2, 2013) Chapter 10 (Current Cyber Event Paper # 2 due) Week 11: Malware against Security Systems (Software Vulnerability Attacks and Analysis) Review Paper readings and Internet resources posted on Blackboard Detection and Response, No Starch Press (August 2, 2013) Chapter 2 Chapter 11 Version 1.0 Page 5 of 6 Fall 2014

Week 12: Lab #3 Team Project Delivery/Presentation Week 13: Team and Presentations Week 14: Team Reports and Presentations Honor Code: All work performed in this course will be subject to the GMU s Honor Code. Any violation will be reported to the honor committee. Academic Integrity: GMU is an Honor Code university; please see the Office for Academic Integrity for a full description of the code and the honor committee process. The principle of academic integrity is taken very seriously and violations are treated gravely. What does academic integrity mean in this course? Essentially this: when you are responsible for a task, you will perform that task. When you rely on someone else s work in an aspect of the performance of that task, you will give full credit in the proper, accepted form. Another aspect of academic integrity is the free play of ideas. Vigorous discussion and debate are encouraged in this course, with the firm expectation that all aspects of the class will be conducted with civility and respect for differing ideas, perspectives, and traditions. When in doubt (of any kind) please ask for guidance and clarification. Office of Disability Services: If you are a student with a disability and you need academic accommodations, please see me and contact the Office for Disability Services (ODS) at 993-2474, http://ods.gmu.edu. All academic accommodations must be arranged through the ODS. Mason e- mail Accounts: Students must use their MasonLIVE email account to receive important University information, including messages related to this class. See http://masonlive.gmu.edu for more information. Other Useful Campus Resources: Writing Center: A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu University Libraries Ask a Librarian : http://library.gmu.edu/mudge/im/imref.html Counseling And Psychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource for university policies affecting student, faculty, and staff conduct in university academic affairs. Other policies are available at http://universitypolicy.gmu.edu/. All members of the university community are responsible for knowing and following established policies. Version 1.0 Page 6 of 6 Fall 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information