Sec 270 02 sect 01v1


Published on

Published in: Education, Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sec 270 02 sect 01v1

  1. 1. SECURITY OF COMPUTERS AND THEIR DATA, SEC 207-02M, W 4:15 PM – 5:30 PM (6th Period) DEPARTMENT OF SECURITY, FIRE AND EMERGENCY MANAGEMENT John Jay College of Criminal Justice © 2012
  2. 2. Course Description:• Introductory / overview of the landscape for Information Security and Information Risk Management.• The “Human Factors” influencing the perpetration of security incidents• Overview of the existing legal and regulatory issues relating to “computer crime”• Steps followed an incident• Security Standards and Policies• Technique to secure computer, network, and data storage will be reviewed.• Disasters disaster recovery and business continuity will be discussed. John Jay College of Criminal Justice © 2012
  3. 3. Your ProfessorChief Information Security Officer and Assistant Commissioner, with extensive experience in Risk Assessment, Technology Security Research, IT Governance and Compliance. Served as executive capacity in the areas of IT Security as it related to computer applications programming, system programming, computer systems development, data telecommunications, database administration, and supervision of staff. Commanded cross-functional teams to complete major security initiatives. Experience with business continuity planning, auditing, and risk management with strong working knowledge of pertinent law and the law enforcement community. Skilled at articulating and communicating technical information to Senior Management and Business Stakeholders. Solid background in information technology, served in following industries: Media, Financial Services, and Utility Industries with over 10 years of experience focus on IT Information Security. I am a highly motivated, dynamic, technology profession and is looking to join a award-winning, innovative technology team that is looking to revolutionizing your IT services.Prof. Dave Chen Classroom: NB/1.92Phone: 917 945 3893 Department Phone 917-945 3893e-mail: wchend@aol.comOffice hours: M, W 5:30 PM – 6:00 PM or by appointment John Jay College of Criminal Justice © 2012
  4. 4. Introduce Yourself• Name• Major / Expected Year of Graduation• Career goal(s)• Why did you select this class• What do you expect to learn from this class• How would you define “Information Security” John Jay College of Criminal Justice © 2012
  5. 5. ReadingsRequired Texts: There is an extensive amount of reading and research required for this course. Focus on your gaining an understanding of the concepts, a familiarity with the technological vocabulary is essential. The Syllabus outlines the Text chapters and number of pages related to the topic of each class.Official (ISC)2 Guide to the CISSP CBK 2nd edISBN-13 978-1439809594 Published 12/2209Network Security for Dummy 1th edISBN-13: 978-0764516795 Publication 10/10/02Recommend readings:Art of Deception 1th edISBN-13: 978-0764542800 Published 10/17/03Secrets and Lies Digital Security in a Network World ISBN-13: 978-0471453802 Published 1/30/2004 John Jay College of Criminal Justice © 2012
  6. 6. • Course Policies• Grading System• Term Paper – Presentation – Report – Executive Summary – Rules and Grade Requirement – Plagiarism• Briefings John Jay College of Criminal Justice © 2012
  7. 7. Citywide Policies• A. Incomplete Grade Policy•• B. Extra work during the semester: None is available in this course.•• C. Americans with Disabilities Act (ADA) Policies: Qualified students with disabilities will be provided reasonable academic accommodations if determined eligible by the Office of Accessibility Services (OAS). Prior to granting disability accommodations in this course, the instructor must receive written verification of a student’s eligibility from the OAS which is located at 1233N (212- 237-8144). It is the student’s responsibility to initiate contact with the office and to follow the established procedures for having the accommodation notice sent to the instructor. John Jay College of Criminal Justice © 2012
  8. 8. Access Control• management to specify what users can do,• which resources they can access, and• what operations they can perform on a system.• Access control techniques, and detective and corrective measures• understand the potential risks, vulnerabilities, and exposures.The students should fully understand access control concepts, methodologies, and implementations within centralized and decentralized environments across the enterprises computer systems. John Jay College of Criminal Justice © 2012
  9. 9. Application Development Security• The controls that are included within system and application software and the steps used in their development.• Applications refer to agents, applets, software, databases, data warehouses, and knowledge-based systems.• These applications may be used in distributed or centralized environments.The student should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability. John Jay College of Criminal Justice © 2012
  10. 10. Business Continuity and Disaster Recovery Planning• Preservation of the business in the face of major disruptions to normal business operations.• Business continuity plans (BCPs) verse disaster recovery plans (DRPs)• the natural and man-made events and the consequences if not dealt with promptly and effectively.• procedures for emergency response, extended backup operation, and post-disaster recovery• provide the capability to process mission-essential applications, in a degraded mode, and return to normal mode of operation within a reasonable amount of time.The student will be expected to know the difference between business continuity planning and disaster recovery; business continuity planning in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. The candidate should understand disaster recovery in terms of recovery plan development, implementation, and restoration. John Jay College of Criminal Justice © 2012
  11. 11. Cryptography• principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.The student will be expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; and the applications, construction, and use of digital signatures to provide authenticity of electronic transactions, and non-repudiation of the parties involved. John Jay College of Criminal Justice © 2012
  12. 12. Information Security Governance and Risk Management• identification of an organizations information assets and develop , and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability.• Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities• Risk management - identification, measurement, control, and minimization loss associated with uncertain events or risks.• Overall security review, risk analysis, selection and evaluation of safeguards, cost— benefit analysis, management decision, safeguard implementation, and effectiveness review.The Student will be expected to understand the planning, organization, and roles of individuals in securing an organizations information assets; the development and use of policies stating managements views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security-awareness training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary, and private information; employment agreements; employee hiring and termination practices; and risk management practices and tools to identify, rate, and reduce the risk to specific resources. John Jay College of Criminal Justice © 2012
  13. 13. Legal, Regulations, Compliance, and Investigations• Legal, regulations, compliance, and investigations domain addresses computer crime laws and regulations• Measures and techniques that can be used to determine if a crime has been committed, and• methods to gather evidence.• Incident handlingThe Student will be expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crimes; methods to gather and preserve evidence of a computer crime, and investigative methods and techniques; and ways to address compliance. John Jay College of Criminal Justice © 2012
  14. 14. Operations Security• Identify the controls over hardware, media, and the operators with access privileges to any of these resources.• Audit and monitoring the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions.The student will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice. John Jay College of Criminal Justice © 2012
  15. 15. Physical (Environmental) Security• Threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprises resources and sensitive information• people, the facility, and the data, equipment, support systems, media, and supplies they utilize.The Student will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources. John Jay College of Criminal Justice © 2012
  16. 16. Security Architecture and Design• Concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications• Controls used to enforce various levels of confidentiality, integrity, and availability.The Studentshould understand security models in terms of confidentiality, integrity, information flow; system models in terms of the common criteria; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventive, detective, and corrective controls. John Jay College of Criminal Justice © 2012
  17. 17. Telecommunications and Network Security• The structures, transmission methods, transport formats, and security measures used• transmissions over private and public communication networks and mediaThe Student is expected to demonstrate an understanding of communications and network security as it relates to voice communications; data communications in terms of local area, wide area, and remote access; Internet/intranet/extranet in terms of firewalls, routers, and TCP/IP; and communications security management and techniques in terms of preventive, detective, and corrective measures. John Jay College of Criminal Justice © 2012
  18. 18. QuestionsJohn Jay College of Criminal Justice © 2012