INF 766: Security Risk Analysis
Download Spring 2004 syllabus: inf766syllabus.pdf
Name: Sanjay Goel (Lecture Material)/ George Berg (Instructor)
Class InformationTime: 8:30am-11:30pm
Dates: 02/24 - 3/23
Call #: 8932
Available Lab(s): BA222
Course OverviewThis course introduces concepts and methodology that information officers in public and private enterprises can use to analyze and mitigate the impact of security threats to the assets of their organizations. Work in information systems security risk analysis is very fluid, and standards are still evolving so this course draws from literature in different disciplines and security practices provided by National Institute of Standards and Testing (NIST). The course is designed to provide practical techniques and living cases that can be modified to work on the specific problems of different organizations. Theoretical concepts of risk analysis and system security will be covered at a high level with references for finer details. Two living cases are selected for risk analysis in addition to the case of the student's own organization. The class has three parts, the first part is security vulnerabilities, the second part is risk analysis and the third part is security policies.
Course PrerequisitesIt is assumed that the students come in with varied background in information systems so the class starts with a general background of computer security. It would be helpful if the students have a general awareness of the following topics:
Learning Objectives (Programming Concepts)Students will learn:
Class StructureThe first half of each class is going to be conducted in the class room and the second half of the class will be conducted in the computer lab. The students will learn the basic concepts in the first half of the class and go through an exercise in the second half. Please come prepared with the readings as the class will move at a brisk pace.
AssignmentsThere will be assignments after each class which you need to do to understand the subject material. Please work individually on all assignments. It is okay to discuss the concepts and questions with other colleagues but it is improper to copy each others work. All assignments will not be graded, however, please make sure that you complete all your assignments. The assignments must be submitted in the class one week after the assignment with your name and the assignment number clearly marked on the assignment sheet.
ProjectIn the project students are expected to work on security risk analysis of their organizations and submit the entire analysis as well as the security plan as projected for the next five years.
Text & Reference BooksTwo books are listed in the syllabus, however, I expect students to purchase only the text book. The other book is only listed for students who would like additional material to increase their understanding. There is also a lot of material available on the web. Please check the NIST and CERT web sites for additional information. Text: Security In Computing (Third Edition) by Charles P. Pfleeger & Shari Lawrence Pfleeger Reference: Hackers Beware by Eric Cole
GradingProject & Homework: 50%
Copyright © 2013, Sanjay Goel. All Rights Reserved.