Introduction to information systems security 365 765
Information Systems 365/765 Security and Strategy September 2, 2008 Introduction Lecture 1
First Things First…Today’s Chocolate Bar • EVERY lecture should start with chocolate! • I will bring a different type for each lecture • Today’s Chocolate bar is the Kit Kat • Created in 1935 • Best selling chocolate bar in the UK • in Japan, it is called “kitto katsu”, which roughly translates to "You will surely win!"
Student Information Cards • Your first name • Your last name • Where are you from? • What would you like to learn from this class? • List any specific topics you would like to see covered in this class • Any special needs or accommodations that you feel I should know about
Today’s Agenda• Introduction• Course overview• Assignments and grading• Skills you will gain from this course• My commitment to you• Expectations
Introduction• My name is Nicholas Davis. Please just call me Nick.• MBA, Information Systems, 1998• I have been employed by:
IntroductionMy area of specialization is• Cryptographic Systems• Strong Authentication Technologies• Digital Identity ManagementAreas of interest include:• National Digital ID• Proximity Based AuthenticationI’ve seen lots of things, but I have not seeneverything!
Course Overview• Focused on the business analysis and application of IS Security Principles in the enterprise• Provide a background in specific security related technologies• Give you hands on experience with some security related tools• Teach you how to perform a Security Audit and craft a Disaster Recovery Plan• Spend time each lecture talking about a IS Security current event
Course Overview• Students taking this class should have an interest in technology as well as audit, compliance, regulation and current events in these areas• Students will not be writing software code in this class• Students will not be learning how to perform “hacking” in this class
The Five Pillars of Information Security The foundation on which a secure enterprise computing environment is Built. Keep these in mind as we work our way through the technology portion of our course.
ProtectionUnderstand what we are protectingand what the value of protecting itreally is.How much would you invest in insuranceon these two cars?
DetectionKnowing where thevulnerabilities areand how to identifywhen acompromise ofinformation might betaking place.
ReactionHow do you address breaches thathave occurred? What procedures andplans are in place?
DocumentationSolid record keeping is critical tounderstanding vulnerability trends!
PreventionIs 100% prevention of aproblem really possible?.Effective prevention isboth the implementationof lessons learned andThe application ofKnowledge gained toavoid the same fate inthe future..
Keep the Five Pillars Of Information Security in Mind Throughout the Course • Protection • Detection • Reaction • Documentation • Prevention
Course Benefits• Gain an understanding of the current and upcoming challenges of safely doing business in a technology driven business environment• Acquire a strong command of major security technologies and practices• Possess tangible IT Security audit and planning skills, which you can actually talk about in a job interview
Course Roadmap• Information Security Background and terminology• Information Security Technologies• Laws, Ethics and Investigations• Security Audits and Disaster Recovery (team presentations)
Course Topics Outline Introduction Background, Information Security Management Authentication technologies Access Control Systems Public Key Encryption technology Physical security Enterprise Security Architecture Telecommunications, Network and Internet Security Social Engineering Laws, Investigations and Ethics Operations Security Security Audits and Disaster Recovery Planning
Course Assignments• Exam (25%) – October 30th• 6 quick in class easy quizzes (25%) 5% each, but I will drop your lowest quiz• In class team presentation on Security Audit and Disaster Recovery (25%)• 2 Homework Assignments (10%)• In class participation (15%)
Next Class…• Current event discussion• Distribution of reading for Assignment #1• Short lecture• Watch Spying on the Home Front video• Discussion of Assignment #1
How Can I Help You?You are my customerI need to know if:• You are malcontent with anything related to the course, so we can make changes• You don’t understand the material or assignment requirementsPlease make use of office hours, even if it just is tostop in and say hello.Nicholas (Nick) Davisndavis1@wisc.eduTel. 347-2486