ISA 562: Information Security Theory & Practice

Summer 2008; STI120 Mondays and Wednesdays 4.30 to 7.10 PM

The classroom is still in STI120!

 

Dr. Edgar H. Sibley                                          GTA: Min Xu

Room 359, Science & Tech II                          Room 468 Science & Tech II

Office Phone: (703) 993-1669                         Office hours: Monday, Wednesday 2:00-4:00pm

esibley@gmu.edu                                             mxu@gmu.edu

 

Class Webpage: (Check frequently for announcement and homework)

http://mason.gmu.edu/~esibley/ISA562SU08/index.htm

 

Course Description

This course is a broad introduction to the theory and practice of Information Security. It serves as the first security course for the MS-ISA degree and is required as a pre-requisite for all subsequent ISA courses (at the 600 and 700 levels). It also serves as an entry level course available to non-ISA students, including MS-CS, MS-ISE and MS-SWE students.

 

Course Prerequisites: INFS 501, 515, INFS 590, SWE 510 or equivalent courses

 

Textbooks and Readings

Required:          Official (ISC)2 Guide to the CISSP CBK

Computer Security: Art and Science, Matt Bishop. Addison-Wesley ISBN: 0201440997

 

Grading

Four Assignments         40% total

Midterm                       30%

Final                             30%

The Midterms and Final will be closed book.

 All assignments must be done individually, unless explicitly stated otherwise.

 

Academic Integrity

All students are required to follow all University, school, and department policies regarding academic integrity. Violation of the Honor Code will result in a grade of  F and a report to the University Honor Committee, possibly resulting in dismissal.

 

Schedule of Classes (Subject to Change)

 NOTE: Slide sets already given in first week have name changed but there is no content change

 

Date    

Topic/Slide Set

Reading

6/9/08 

1. Introduction part 1  and 2. Access Control

B. Chapter 1

6/11/08

1. Introduction part 2 and  3. Access Control part 2

B. Chapter 2

6/16/08

3. Access Control part 3 and 4. Security Policy

B. Chapter 3, 4

6/18/08

4. Security Policy pt 2 and 5. Confidentiality Policies

B. Chapter 4, 5

6/23/08

6. Integrity Policies and 7. Hybrid Policies

B. Chapter  6

6/25/08

7. Hybrid Policies and 12. Physical Security and 8. Cryptography1

B. Chapter 7

6/30/08

13. Business Continuity & Disaster Recovery Planning and Cryptography part 2 

C, Domain 1, 2,3, 4, and 6

7/2/08

15. Legal, Regulations, Compliance, and Investigations and Cryptography part3

C, Domain 10

7/7/08

Midterm Exam(closed book) Review Slides

 

7/9/08

9. Network Security 10. Certificate, Usage

B. Chapter 11

7/14/08

Guest Lecture and Demo

C. Domain 7

7/16/08

11. Security Architecture   Guest Lecture on SSL

C. Domain 5

7/21/08

13. Business Continuity & Disaster Recovery Planning

C. Domain 4, 6

7/23/08

14. Application and Operational Security and

15. Legal, Regulations, Compliance, and Investigations, Part2, Part3,

C. Domain 8, 9, 10

7/28/08

Final Exam

 

           

Homework:

 Due one week after posted

Approximately 6/18, 6/23, 7/7, 7/16

Homework1 is posted here which is due on 6/18.

Homework2 is posted here which is due on 6/23.

Homework3 is posted here which is due on 7/21.

 

Other Reading:

For 6/16:

•        Role-Based Access Control Models

•       Proposed NIST Standard For Role-Based Access Control

For 6/30:

•           Why Cryptography Is Harder Than It Looks

•          Classical Cryptography

•          DES Animation

•         Rijndael Cipher Animation