CSE 4482, Fall 2011

CSE 4482: Computer Security Management: Assessment and Forensics
Fall 2011

News

Project marks are on ePost. The final grade will be available very shortly, no later than Jan 4 morning.
As discussed in class there are 4 assignment/labs in this course. Please do not expect a fifth assignment.
The submit directories are in place, Please submit lab 1 using the option "a2" and lab 2 as "a3" and assignment 4 as "a4" in the submit command.

General Information

Instructor: Suprakash Datta
Office: CSEB, room 3043
Telephone: (416) 736-2100 ext. 77875
Fax: (416) 736-5872
Lectures: Tuesday, 7-10 pm in CB 122
Office Hours: Wednesday: 3 - 5 pm or by appointment, in CSEB 3043.
Email: [lastname]@cs.yorku.ca (While you are free to send me email from any account, please understand that email from domains other than yorku.ca have a higher chance of entering my spam folder. I do check my spam folder irregularly , but to be safe, consider using your cs account when sending me email.)

Course Description:

This course introduces the student to the fundamental concepts of information security: confidentiality, integrity, availability, authentication, auditing, information privacy, legal aspects. Other more advanced topics covered in the course include: development of security policies, access control, risk management, incident response, inappropriate insider activity, ethics.

Grading

Midterm (25%): Nov 8, syllabus Ch 1-5. Some sample questions are here.
Final (40%): Dec 16, 7-10 pm, CB 115.
Syllabus - Everything covered, except the material covered in the midterm. Specifically Ch 8-12 in MIS. For the materials in GFCI, use the slides as a guide. We covered Ch 1,2,4,6,11 (4th edition). If you have the 3rd edition we covered Ch 1,2,4,6,11 but the Chapter titles are different.
Assignments (20%): 3 written assignments and 2 labs, 4% each. [revised to 4 assignments/labs, 5% each, as discussed in class]
Project (15%): details are here .

You can view your marks at any time using ePost by following this link and entering your CS login and password. Make sure that you enter 4482 for the course, 2011-12 for the year, and "F" for the term.

Lectures

Lecture 1 (Sep 13): Intro to Information Security. My slides are here.
Lecture 2 (Sept 27): Finish Ch 1. My slides are here.
Security planning (Ch 2,3). My slides are here.
Lecture 3 (Oct 4): Finish Ch 3. Security Policy (Ch 4), Developing a Security program (Ch 5). My slides are here.
Some security polcy examples: Kennesaw State University EISP, York University .
Lecture 4 (Oct 18): Risk Management (Ch 8,9). My slides are here.
Lecture 5 (Oct 25): Protection Mechanisms (Ch 10). Firewalls and Intrusion Detection systems. My slides are here.
Lecture 6 (Nov 1): Protection Mechanisms (Ch 10) continued. My slides are here.
Lecture 7 (Nov 8): Midterm. Protection Mechanisms (Ch 10) continued. Same slides as before.
Lecture 8 (Nov 15): Personnel and Security (Ch 11). My slides are here. Law and Ethics (Ch 12). My slides are here.
Lecture 9 (Nov 22): Finish Law and Ethics (Ch 12). Intro to computer forensics. My slides are here.
Lecture 10 (Nov 29): Computer forensics. My slides are here.
Lecture 11 (Dec 6): Intro to computer forensics in Windows. My slides are here.

Assignments

Assignment 1, due Oct 18.
The course project details are here .
Lab 1 (designed by Prof N. Vlajic), due Nov 14. You can do this lab in the Network Security Lab CSE 2002. Please send me email if you have trouble accessing the lab.
Lab 2 (designed by Prof N. Vlajic), due Nov 24.
Assignment 4.

Resources

Textbook

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2011, 3rd Edition
"Guide to Computer Forensics and Investigations", B. Nelson, A. Phillips, F. Enfinger, C. Steuart, Nelson Education / CENGAGE Learning, 2010, 4th Edition.

Other References

"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2010.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2009, 3rd Edition.
"Fundamentals of Network Security", E. Maiwald, McGraw-Hill, 2004.
"Corporate Computer and Network Security", R. Panko, Prantice Hall, 2009, 2nd Edition.
"Computer Forensics: Evidence Collection and Management", R. C. Newman, Auerbach Publications, Taylor & Francis Group, 2007.

Academic Honesty

It is important that you look at the departmental guidelines on academic honesty.

Although you may discuss the general approach to solving a problem with other people, you should not discuss the solution in detail. You must not take any written notes away from such a discussion. Also, you must list on the cover page of your solutions any people with whom you have discussed the problems. The solutions you hand in should be your own work. While writing them, you may look at the course textbook and your own lecture notes but no other outside sources.

CSE 4482: Computer Security Management: Assessment and ForensicsFall 2011