GMU Logo  IST Logo


Fall 2015

PDF Version

AIT 671 -- Information System Infrastructure Lifecycle Management

Instructor:  Jay Holcomb, Adjunct Faculty, Department of Information Sciences and Technology, Volgenau School of Engineering

GMU Website:  http://mason.gmu.edu/~jholcom9/

E-mail:  jholcom9@gmu.edu

Course: AIT 671 -- Information System Infrastructure Lifecycle Management

Examines information system infrastructure lifecycle management including the audit process, IT governance and best practices, system and infrastructure control, IT service delivery and support, protection of information assets, physical security, business and disaster recovery.

Credits: 3

Day/Time: Thursday, 4:30 pm-7:10 pm

Where:  IN 135

Textbooks (Required):

671_Textbook

 

  Richard Bejtlich, The Practice of Network Security Monitoring:
  Understanding Incident Detection and Response, No Starch Press (August 2, 2013).
  ISBN: 978-1593275099
  (Available on Safari Tech Books Online, which is part of the E-Book Databases@Mason)

 


Other Resources:

Paper readings and Internet resources posted on Blackboard -- AIT 671 Course

Course Goals:

Course Expectations:

  1. Graduate education requires dedication and organization. Proper preparation is expected every week. You are expected to log into our Blackboard course each week and complete any assignments and activities on or before due dates.
  2. Students must check their GMU email messages on a daily basis for course announcements, which may include reminders, revisions, and updates.
  3. It is expected that you will familiarize yourself with and adhere to the Honor Code. (http://oai.gmu.edu/the-mason-honor-code-2/) Student members of the George Mason University community pledge not to cheatplagiarizesteal, and/or lie in matters related to academic work.
  4. It is essential to communicate any questions or problems to me promptly.

Learning Community:

This course is supported via Blackboard
(Log into http://mymason.gmu.edu, select the Courses Tab, and the course can be found in the Course List).

Each week begins on Monday and ends on Sunday.

In our learning community, we must be respectful of one another.  Please be aware that innocent remarks can be easily misconstrued. Sarcasm and humor can be easily taken out of context. When communicating, please be positive and diplomatic.

I encourage you to learn more about Netiquette. (http://networketiquette.net/index.html)

Grading policy:

Grades will be determined based on the following:


Grade Component

Weight

Current Cyber Event Paper #1

10%

Current Cyber Event Paper #2

10%

Team Paper -- User Training Pro / Cons
5%

Quiz

5%

Lab assignments (10% each)

30%

Team Project and Presentation

30%

Class Participation

10%

Total:

100%

The grading scale for this course is: 

Numeric Grade

Letter Grade

97 – 100%

A+

93 – 96%

A

90 – 92%

A-

87 – 89%

B+

83 – 86%

B

80 – 82%

B-

77 – 79%

C+

73 – 76%

C

70 – 72%

C-

60 – 69%

D

0 – 59%

F


Current Cyber Event Papers (2 – 10% each):

Select a recent cyber event - research the event using open source references - write an executive-level technical brief on the event.  Include the following at a minimum:  threat vector used, vulnerability attacked, business impact of this event, your recommended security system(s) to help provide increased defenses against similar attacks in the future, and why/justification.   The length of this paper should be one page - maximum of two pages.  (One page is a single side of paper)   On a separate page include your open source references - minimum of two (2) unique sources are required.

Team Paper -- User Awareness/Training Debate (5%): (5 teams of 5 people each)

Review, research, and document your team’s position on the value of cost incurred regarding User Security Awareness Training within a corporation.  

Quiz (5%): 

A 25 question open-book multiple-choice quiz covering the key terms/topics discussed during the first seven (7) weeks of the course. 
If unable to complete the quiz within allotted time – a written make-up assignment may be completed.  (Must be completed within 2 weeks of the quiz for credit.)

Lab Assignments (3 – 10% each):  

Three (3) labs supporting course objectives regarding attacks and defensive options related to security systems.
If unable to attend/participate in a lab – a written make-up assignment may be completed.  (Must be completed within 2 weeks of the missed lab for credit.)

Team Project and Presentation (30%):  (Five teams of 5 people)

Either a Red team (Penetration testing team) or Security audit consultants -- your team will decide).  You will be auditing security systems/security controls currently in place and recommending improvements. 
Select a fictitious critical infrastructure sector company and create a senior executive (CISO/CIO) level report, with accompanying executive briefing, highlighting the "results" of your red team test or security audit.
At a minimum cover what may happen to the company if they do not implement your top four (4) recommendations and are hit with malicious software, or a breach, describing the potential security risk in great detail.  Include how your team approached/engaged with the company, standard processes you used, tools (software/hardware), social, and/or physical security testing that you used, time period of the testing, potential business impacts of any major issues you identified, cost of the assessment, team skills with estimated costs, and the [critical] reporting process.
The length of the report should be less than 30 pages.  (One page is a single side of paper)   On a separate attachment include your open source references.
The report and presentation will be given during our final two sessions.

Class Participation (10%): 

Active participation in weekly lectures, labs, and team assignments.


Lecture Schedule (Tentative):

Week 1: Introduction to Information Systems Infrastructure Life Cycle Management, Security Planning, and Incident Response

Objective:  Develop an understanding of the information systems infrastructure life cycle management process, identify standard security planning requirements for enterprise-wide cybersecurity.  In addition, explain the importance of establishing an incident response process in advance of an incident.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 2: Networking Basics for Cybersecurity Managers

Objective:  Identify and describe the basic functions of network assets such as switches, routers, firewalls, servers, workstations and hosts.  Discuss and describe the Open Systems Interconnections (OSI) reference model.  Compare and contrast the basic functions of network protocols, associated with TCP\IP.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 3: Cybersecurity Fundamentals and “Best Practices” Leaders Should Know

Objective:  Identify four (4) best practices every corporate network/user should employ to reduce risk of exploitation of potential cyber vulnerabilities.  Explain the benefit of adopting the Critical Security Controls for an organization.  Describe three of the 10 OWASP Top 10 Application Security Risks – 2013.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 3 Assignment:

Week 4: Know Your Network (Sniffing, Scans, Configuration Management, Patching, etc.)

Objective:  Discuss packets and describe packet creation, and explain the Open Systems Interconnections (OSI) reference model. Identify and describe the benefits of configuration management with regards to securing your enterprise. Discuss why patching IT systems/equipment is so critical in reducing your organization’s cybersecurity risk.  
Course Goal Connection:

  1. Obtain in-depth knowledge on various security systems examples.
  2. Gain increased understanding of attack models used against security systems.
  3. Learn how security systems provide defenses and counter measures against differing attack vectors.
  4. Understand overall evaluation and management of security systems life cycle.

Required Reading:

Other Reading (Recommended):

Week 4 Assignment:

Week 5: Network Security Systems Overview for Managers (Firewall, IDS/IPS, Monitoring Systems, SIEM, etc.), Threat Vectors, and Indicators of Compromise (IOC)  Overview

Objective:  Analyze perimeter security systems – for example firewall, IDS/IPS, monitoring systems, and SIEM tools to develop an understanding of purpose, function, and limitations.  Identify key threat vectors that may assist an organization in assessing cyber-risk to the organization.  Define and explain the value of indicators of compromise (IOCs).
Course Goal Connection:

  1. Obtain in-depth knowledge on various security systems examples.
  2. Gain increased understanding of attack models used against security systems.
  3. Learn how security systems provide defenses and counter measures against differing attack vectors.

Required Reading:

Other Reading (Recommended):

Week 5 Assignment:

Week 6: Network Defense and Vulnerability Scanning

Objective:  Identify four (4) network defense tools that can be deployed within an enterprise to increase visibility of potential compromised resources.  Analyze IDS operations and explain results of alert activity.  Analyze and explain vulnerability scanning activity and results/report output from a scan.
Course Goal Connection:

  1. Obtain in-depth knowledge on various security systems examples.
  2. Gain increased understanding of attack models used against security systems.
  3. Learn how security systems provide defenses and counter measures against differing attack vectors.
  4. Understand overall evaluation and management of security systems life cycle.

Required Reading:

Other Reading (Recommended):

Week 6 Assignment:

Week 7: User Security Awareness/Training

Objective:  Compare and contrast differing opinions on the value of corporate user security awareness/training.  Identify and explain three (3) benefits of user security awareness/training.  Identify and explain three (3) drawbacks of user security awareness/training.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 7 Assignment:

Week 8:  Evaluation Methods of Security Systems and Metrics on Measuring Security Enhancements

Objective:  Develop an understanding of the different evaluation and assessment standards for security systems. Describe the benefits of measuring metrics of deployed security systems and processes.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 8 Assignment:

Week 9: Physical Security and Business/Disaster Recovery

Objective:  Analyze physical security incidents to develop an understanding of the critical requirement for physical security on cyber assets and systems.  Identify the three different disaster recovery sites and pros/cons for selecting each type of site.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 10: Cybersecurity Manager Introduction to “Offense” (Pen Testing, Red Teaming, Auditing)

Objective:  Develop an understanding of common threat vectors used in offensive cyber attacks.  Identify three (3) common threat vectors.  Explain the difference between threat, vulnerability, exploitation, and exfiltration with regards to cyber attacks.  Explain the value of pen testing and/or auditing with respect to leadership within a corporation.
Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 10 Assignment:

Week 11: Common Attack Models against Security Systems

Objective:  Describe at least three (3) attack models (vectors) that are have been used against corporations within the past twelve (12) months.  Explain the terms threat, vulnerability, risk, and security control with regards to cyber risk to an organization.

Course Goal Connection:

Required Reading:

Other Reading (Recommended):

Week 12: Client-side Security

Objective:  Identify four (4) common client-side cyber vulnerabilities. Describe four (4) client-side defensive security controls that can be implemented to reduce the cyber risk of client-side vulnerabilities to an organization.  Describe a zero day (0-day) with regards to software and the risk these pose to corporations.  Explain whitelisting with regards to cyber defensive control.
Course Goal Connection:

  1. Obtain in-depth knowledge on various security systems examples.
  2. Gain increased understanding of attack models used against security systems.
  3. Learn how security systems provide defenses and counter measures against differing attack vectors.
  4. Understand overall evaluation and management of security systems life cycle.

Required Reading:

Other Reading (Recommended):

Week 12 Assignment:

Team Project Delivery/Presentation

Week 13:  Team Reports and Presentations

Week 14:  Team Reports and Presentations


Honor Code:

All work performed in this course will be subject to the GMU’s Honor Code. Any violation will be reported to the honor committee.

Academic Integrity:

GMU is an Honor Code university; please see the Office for Academic Integrity for a full description of the code and the honor committee process. The principle of academic integrity is taken very seriously and violations are treated gravely. What does academic integrity mean in this course?  Essentially this: when you are responsible for a task, you will perform that task. When you rely on someone else’s work in an aspect of the performance of that task, you will give full credit in the proper, accepted form. Another aspect of academic integrity is the free play of ideas. Vigorous discussion and debate are encouraged in this course, with the firm expectation that all aspects of the class will be conducted with civility and respect for differing ideas, perspectives, and traditions.  When in doubt (of any kind) please ask for guidance and clarification.

Office of Disability Services:

If you are a student with a disability and you need academic accommodations, please see me and contact the Office for Disability Services (ODS) at 993-2474, http://ods.gmu.edu. All academic accommodations must be arranged through the ODS.

Mason e-mail Accounts:

Students must use their MasonLIVE email account to receive important University information, including messages related to this class. See http://masonlive.gmu.edu for more information.

Other Useful Campus Resources:

Writing Center:  A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu
University Libraries “Ask a Librarian”: http://library.gmu.edu/mudge/IM/IMRef.html
Counseling And Psychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu
University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource for university policies affecting student, faculty, and staff conduct in university academic affairs.  Other policies are available at http://universitypolicy.gmu.edu/.  All members of the university community are responsible for knowing and following established policies.


Last Updated:  August 24, 2015