ITM 604: Communications Networking & Security


Professor Duchessi's Assignments

In the first third of the course, Professor Duchessi will give one homework assignment. Details are listed in WebCT.

Professor Goel's Assignments

Assignments can be in-class or take-home and will be designated as individual or group assignments depending on the specific assignment. Please see the Assignments section of the course site for further details and guidelines. An example of a project is to perform a risk analysis based on a case or on in organization using the risk analysis methodology presented in the class.

Information Security Risk Assessment Project

Instructions: The end of semester project involves the use of qualitative risk analysis methodology described within the lecture and should be due May 2, 2007. This should be done based on organizations that you work for (or another real organization). Make sure to scope the work appropriately. First, collect the data on assets, threats, vulnerabilities, and controls. Use the spreadsheet provided to fill in the three matrices based on the qualitative data collected:

Compute the values of the assets for the asset-vulnerability matrix and then find relative associations between assets-vulnerabilities, vulnerabilities-threats, and threat-controls. You will need to figure out the impacts and probabilities based on the information you can gather from co-workers or other sources to come up with the best estimates possible. Remember that this information should not be the average of opinions, but should be a result of consensus. Make sure to write the reasoning behind the values you came up with similar to the case presented. Use the methodology in the lecture notes (and recommended readings) to cascade the values from one matrix to the other to compute the relative impact of different vulnerabilities, threats, and controls. You may choose any scale that you like (e.g. 0, 1, 3, 9) to reflect the associations between different parameters. Finally, compute the costs of the controls and perform a cost-benefit analysis. Please also include a 2-3 page single-spaced write-up which includes:

  1. Background of Organization (including details on mission, size, etc.) and/or Topic of Risk Analysis
  2. Scope of Risk Analysis
  3. Resources used (positions of people, online resources, standards)
  4. Challenges in obtaining information on assets, vulnerabilities, threats, and controls.
  5. Rationalizations for all asset values, as well as vulnerability, threat, and control probabilities.
  6. Final analysis of the results and proposed security implementations

Assessment of the Project: The project will be assessed based on the thoroughness of the analysis as well as the rationalization provided for the different values that are input into the matrix. Students should make exhaustive lists of the assets, threats, vulnerabilities and controls and then use the ones that they deem most critical to the organization to limit the scope of the exercise.

Download: risk matrices


Paper Description

Students are expected to write a paper on a security-related topic based on "Secrets & Lies: Digital Security in a Networked World" by Bruce Schneier. Each student should submit a list of three assigned chapters (in order of preference) and will be assigned one of these to write a one-paged summary.

In addition to this one-page summary, each student is expected to write a two-page write-up which expands on a topic discussed in the assigned chapter using at least 5 recent (within the last 5 years) scholarly references (e.g. journal articles, conference papers). In this second paper, discuss:

  1. Why the topic is interesting / important?
  2. What have other people written about this topic?
  3. How does this relate to what you have personally learned and experienced?
  4. How does this have the potential to impact business / what should businesses do related to this topic?
Both of these should encompass 3 pages (SINGLE-spaced, 12pt Times New Roman, 1-inch margins on all sides) and references should be in addition to this. Cited sources should be in APA style. Your bibliography should not contain any references not directly cited within the write-up. The second part of the paper should have an appropriate introduction and conclusion section as well as subheadings throughout the paper.

I expect you all to write things in your own words without copying from the book and the literature. I do not want any direct quote or long summary of the book or the literature (even with proper citation style). The goal of this assignment is to make sure that you are able to express your thoughts and improve your writing skills. Plagiarism defeats the purpose of this assignment and will be dealt with severely. Grammar and spelling will also be taken into consideration.

APA Style Resources

Writing Help Available

The Writing Center is located in the Humanities Building Room 140 and you can make appointments to meet with staff to go over the development and organization of your papers for 30-60 minute sessions. You can make appointments by phone at 518-442-4061. Walk-ins are possible, but it's best if you schedule ahead so that you can meet with the same staff member. They advise that you bring a draft of what you are writing in advance of the due date so that they can offer suggestions for revisions and then go over your paper after your revisions have been made.

Submission Instructions

Please submit a single Word document with the following name format: LastName604.doc via Blackboard by 8:30am on 4/17/08. Make sure you get confirmation of your submission by email. Just uploading the file does not necessarily mean that you have submitted it. Any late papers submitted will be penalized.