ITM 604: Communications Networking & Security
Professor Duchessi's AssignmentsIn the first third of the course, Professor Duchessi will give one homework assignment. Details are listed in WebCT.
Professor Goel's AssignmentsAssignments can be in-class or take-home and will be designated as individual or group assignments depending on the specific assignment. Please see the Assignments section of the course site for further details and guidelines. An example of a project is to perform a risk analysis based on a case or on in organization using the risk analysis methodology presented in the class.
Information Security Risk Assessment Project
Instructions: The end of semester project involves the use of qualitative risk analysis methodology described within the lecture and should be due May 2, 2007. This should be done based on organizations that you work for (or another real organization). Make sure to scope the work appropriately. First, collect the data on assets, threats, vulnerabilities, and controls. Use the spreadsheet provided to fill in the three matrices based on the qualitative data collected:
- Asset & Vulnerabilities
- Vulnerabilities & Threats
- Threats & Controls
Compute the values of the assets for the asset-vulnerability matrix and then find relative associations between assets-vulnerabilities, vulnerabilities-threats, and threat-controls. You will need to figure out the impacts and probabilities based on the information you can gather from co-workers or other sources to come up with the best estimates possible. Remember that this information should not be the average of opinions, but should be a result of consensus. Make sure to write the reasoning behind the values you came up with similar to the case presented. Use the methodology in the lecture notes (and recommended readings) to cascade the values from one matrix to the other to compute the relative impact of different vulnerabilities, threats, and controls. You may choose any scale that you like (e.g. 0, 1, 3, 9) to reflect the associations between different parameters. Finally, compute the costs of the controls and perform a cost-benefit analysis. Please also include a 2-3 page single-spaced write-up which includes:
- Background of Organization (including details on mission, size, etc.) and/or Topic of Risk Analysis
- Scope of Risk Analysis
- Resources used (positions of people, online resources, standards)
- Challenges in obtaining information on assets, vulnerabilities, threats, and controls.
- Rationalizations for all asset values, as well as vulnerability, threat, and control probabilities.
- Final analysis of the results and proposed security implementations
Assessment of the Project: The project will be assessed based on the thoroughness of the analysis as well as the rationalization provided for the different values that are input into the matrix. Students should make exhaustive lists of the assets, threats, vulnerabilities and controls and then use the ones that they deem most critical to the organization to limit the scope of the exercise.Download: risk matrices
PAPER ON SECURITY-RELATED TOPICPaper Description
Students are expected to write a paper on a security-related topic based on "Secrets & Lies: Digital Security in a Networked World" by Bruce Schneier. Each student should submit a list of three assigned chapters (in order of preference) and will be assigned one of these to write a one-paged summary.
In addition to this one-page summary, each student is expected to write a two-page write-up which expands on a topic discussed in the assigned chapter using at least 5 recent (within the last 5 years) scholarly references (e.g. journal articles, conference papers). In this second paper, discuss:
- Why the topic is interesting / important?
- What have other people written about this topic?
- How does this relate to what you have personally learned and experienced?
- How does this have the potential to impact business / what should businesses do related to this topic?
I expect you all to write things in your own words without copying from the book and the literature. I do not want any direct quote or long summary of the book or the literature (even with proper citation style). The goal of this assignment is to make sure that you are able to express your thoughts and improve your writing skills. Plagiarism defeats the purpose of this assignment and will be dealt with severely. Grammar and spelling will also be taken into consideration.