More Related Content
Similar to Sec 270 02 sect 01v1
Similar to Sec 270 02 sect 01v1 (20)
Sec 270 02 sect 01v1
- 1. SECURITY OF COMPUTERS AND
THEIR DATA, SEC 207-02
M, W 4:15 PM – 5:30 PM (6th Period)
DEPARTMENT OF SECURITY, FIRE
AND EMERGENCY MANAGEMENT
John Jay College of Criminal Justice © 2012
- 2. Course Description:
• Introductory / overview of the landscape for Information
Security and Information Risk Management.
• The “Human Factors” influencing the perpetration of
security incidents
• Overview of the existing legal and regulatory issues relating
to “computer crime”
• Steps followed an incident
• Security Standards and Policies
• Technique to secure computer, network, and data storage
will be reviewed.
• Disasters disaster recovery and business continuity will be
discussed.
John Jay College of Criminal Justice © 2012
- 3. Your Professor
Chief Information Security Officer and Assistant Commissioner, with extensive experience in Risk
Assessment, Technology Security Research, IT Governance and Compliance. Served as executive
capacity in the areas of IT Security as it related to computer applications programming, system
programming, computer systems development, data telecommunications, database administration,
and supervision of staff. Commanded cross-functional teams to complete major security initiatives.
Experience with business continuity planning, auditing, and risk management with strong working
knowledge of pertinent law and the law enforcement community. Skilled at articulating and
communicating technical information to Senior Management and Business Stakeholders. Solid
background in information technology, served in following industries: Media, Financial Services,
and Utility Industries with over 10 years of experience focus on IT Information Security. I am a
highly motivated, dynamic, technology profession and is looking to join a award-winning, innovative
technology team that is looking to revolutionizing your IT services.
Prof. Dave Chen Classroom: NB/1.92
Phone: 917 945 3893 Department Phone
917-945 3893
e-mail: wchend@aol.com
Office hours: M, W 5:30 PM – 6:00 PM or by appointment
John Jay College of Criminal Justice © 2012
- 4. Introduce Yourself
• Name
• Major / Expected Year of Graduation
• Career goal(s)
• Why did you select this class
• What do you expect to learn from this class
• How would you define “Information Security”
John Jay College of Criminal Justice © 2012
- 5. Readings
Required Texts: There is an extensive amount of reading and research required for this
course. Focus on your gaining an understanding of the concepts, a familiarity with
the technological vocabulary is essential. The Syllabus outlines the Text chapters
and number of pages related to the topic of each class.
Official (ISC)2 Guide to the CISSP CBK 2nd ed
ISBN-13 978-1439809594 Published 12/2209
Network Security for Dummy 1th ed
ISBN-13: 978-0764516795 Publication 10/10/02
Recommend readings:
Art of Deception 1th ed
ISBN-13: 978-0764542800 Published 10/17/03
Secrets and Lies Digital Security in a Network World
ISBN-13: 978-0471453802 Published 1/30/2004
John Jay College of Criminal Justice © 2012
- 6. • Course Policies
• Grading System
• Term Paper
– Presentation
– Report
– Executive Summary
– Rules and Grade Requirement
– Plagiarism
• Briefings
John Jay College of Criminal Justice © 2012
- 7. Citywide Policies
• A. Incomplete Grade Policy
•
• B. Extra work during the semester: None is available in this course.
•
• C. Americans with Disabilities Act (ADA) Policies: Qualified
students with disabilities will be provided reasonable academic
accommodations if determined eligible by the Office of Accessibility
Services (OAS). Prior to granting disability accommodations in this
course, the instructor must receive written verification of a
student’s eligibility from the OAS which is located at 1233N (212-
237-8144). It is the student’s responsibility to initiate contact with
the office and to follow the established procedures for having the
accommodation notice sent to the instructor.
John Jay College of Criminal Justice © 2012
- 8. Access Control
• management to specify what users can do,
• which resources they can access, and
• what operations they can perform on a system.
• Access control techniques, and detective and
corrective measures
• understand the potential risks, vulnerabilities, and
exposures.
The students should fully understand access control concepts,
methodologies, and implementations within centralized and
decentralized environments across the enterprise's computer
systems.
John Jay College of Criminal Justice © 2012
- 9. Application Development Security
• The controls that are included within system and application
software and the steps used in their development.
• Applications refer to agents, applets, software, databases, data
warehouses, and knowledge-based systems.
• These applications may be used in distributed or centralized
environments.
The student should fully understand the security and controls of the
systems development process, system life cycle, application
controls, change controls, data warehousing, data
mining, knowledge-based systems, program interfaces, and
concepts used to ensure data and application integrity, security, and
availability.
John Jay College of Criminal Justice © 2012
- 10. Business Continuity and Disaster
Recovery Planning
• Preservation of the business in the face of major disruptions to normal
business operations.
• Business continuity plans (BCPs) verse disaster recovery plans (DRPs)
• the natural and man-made events and the consequences if not dealt with
promptly and effectively.
• procedures for emergency response, extended backup operation, and
post-disaster recovery
• provide the capability to process mission-essential applications, in a
degraded mode, and return to normal mode of operation within a
reasonable amount of time.
The student will be expected to know the difference between business
continuity planning and disaster recovery; business continuity planning in
terms of project scope and planning, business impact analysis, recovery
strategies, recovery plan development, and implementation. The
candidate should understand disaster recovery in terms of recovery plan
development, implementation, and restoration.
John Jay College of Criminal Justice © 2012
- 11. Cryptography
• principles, means, and methods of disguising
information to ensure its integrity,
confidentiality, and authenticity.
The student will be expected to know basic concepts within cryptography;
public and private key algorithms in terms of their applications and uses;
algorithm construction, key distribution and management, and methods
of attack; and the applications, construction, and use of digital signatures
to provide authenticity of electronic transactions, and non-repudiation of
the parties involved.
John Jay College of Criminal Justice © 2012
- 12. Information Security Governance and
Risk Management
• identification of an organization's information assets and develop , and
implementation of policies, standards, procedures, and guidelines that ensure
confidentiality, integrity, and availability.
• Management tools such as data classification, risk assessment, and risk analysis
are used to identify the threats, classify assets, and to rate their vulnerabilities
• Risk management - identification, measurement, control, and minimization loss
associated with uncertain events or risks.
• Overall security review, risk analysis, selection and evaluation of safeguards, cost—
benefit analysis, management decision, safeguard implementation, and
effectiveness review.
The Student will be expected to understand the planning, organization, and roles of individuals in
securing an organization's information assets; the development and use of policies stating
management's views and position on particular topics and the use of guidelines, standards, and
procedures to support the policies; security-awareness training to make employees aware of the
importance of information security, its significance, and the specific security-related requirements
relative to their position; the importance of confidentiality, proprietary, and private information;
employment agreements; employee hiring and termination practices; and risk management
practices and tools to identify, rate, and reduce the risk to specific resources.
John Jay College of Criminal Justice © 2012
- 13. Legal, Regulations, Compliance, and
Investigations
• Legal, regulations, compliance, and investigations domain
addresses computer crime laws and regulations
• Measures and techniques that can be used to determine if
a crime has been committed, and
• methods to gather evidence.
• Incident handling
The Student will be expected to know the methods for determining whether a
computer crime has been committed; the laws that would be applicable
for the crime; laws prohibiting specific types of computer crimes; methods
to gather and preserve evidence of a computer crime, and investigative
methods and techniques; and ways to address compliance.
John Jay College of Criminal Justice © 2012
- 14. Operations Security
• Identify the controls over hardware, media, and
the operators with access privileges to any of
these resources.
• Audit and monitoring the mechanisms, tools, and
facilities that permit the identification of security
events and subsequent actions.
The student will be expected to know the resources that must be
protected, the privileges that must be restricted, the control
mechanisms available, the potential for abuse of access, the
appropriate controls, and the principles of good practice.
John Jay College of Criminal Justice © 2012
- 15. Physical (Environmental) Security
• Threats, vulnerabilities, and countermeasures
that can be utilized to physically protect an
enterprise's resources and sensitive information
• people, the facility, and the data, equipment,
support systems, media, and supplies they utilize.
The Student will be expected to know the elements involved in
choosing a secure site, its design and configuration, and the
methods for securing the facility against unauthorized access,
theft of equipment and information, and the environmental
and safety measures needed to protect people, the facility,
and its resources.
John Jay College of Criminal Justice © 2012
- 16. Security Architecture and Design
• Concepts, principles, structures, and standards
used to design, implement, monitor, and secure
operating systems, equipment, networks,
applications
• Controls used to enforce various levels of
confidentiality, integrity, and availability.
The Studentshould understand security models in terms of
confidentiality, integrity, information flow; system models in terms
of the common criteria; technical platforms in terms of hardware,
firmware, and software; and system security techniques in terms of
preventive, detective, and corrective controls.
John Jay College of Criminal Justice © 2012
- 17. Telecommunications and Network
Security
• The structures, transmission methods, transport
formats, and security measures used
• transmissions over private and public
communication networks and media
The Student is expected to demonstrate an understanding of communications
and network security as it relates to voice communications; data
communications in terms of local area, wide area, and remote access;
Internet/intranet/extranet in terms of firewalls, routers, and TCP/IP; and
communications security management and techniques in terms of
preventive, detective, and corrective measures.
John Jay College of Criminal Justice © 2012