1 / 19

Arizona State University CSE 465 Information Assurance CSE591 Information Assurance and Security

Arizona State University CSE 465 Information Assurance CSE591 Information Assurance and Security Overview Professor Stephen S. Yau Fall, 2006. Information Assurance.

tierra
Télécharger la présentation

Arizona State University CSE 465 Information Assurance CSE591 Information Assurance and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Arizona State University CSE 465 Information Assurance CSE591 Information Assurance and Security Overview Professor Stephen S. Yau Fall, 2006 CSE 465/591, Fall 2006

  2. Information Assurance • Information Assurance (IA) encompasses the scientific, technical, and management disciplines required to ensure information security and quality. • Security techniques as well as organization, operation management and policy, legality, all play important roles. • Information quality also contributes to the overall information assurance of the information systems and networks. CSE 465/591, Fall 2006

  3. National IA Program • The National Centers of Academic Excellence in Information Assurance Education (CAEIAE) Program is an outreach program designed and operated initially by the National Security Agency (NSA) in the spirit of Presidential Decision Directive 63, National Policy on Critical Infrastructure Protection, May 1998. • The program is now jointly sponsored by the NSA and the Department of Homeland Security (DHS) in support of the President's National Strategy to Secure Cyberspace, February 2003. • The goal of the program is to reduce vulnerability in our national information infrastructure by promoting higher education in information assurance (IA), and producing a growing number of professionals with IA expertise in various disciplines. CSE 465/591, Fall 2006

  4. CAEIAE Program (Cont.) • In order to be designated as a National Center of Academic Excellence in IA Education (CAEIAE), each applicant must pass a rigorous review demonstrating its commitment to and capability for academic excellence in IA education. • Prerequisite: IA courseware must be certified under the IA Courseware Evaluation Program as meeting the Committee on National Security Systems (CNSS) Training Standards. • NSTISSI 4011: Information Systems Security (INFOSEC) Professionals • CNSSI 4012: Senior Systems Managers • CNSSI 4013: System Administrators (SA) • CNSSI 4014: Information Systems Security Officers • NSTISSI 4015: System Certifiers • CNSSI 4016: Risk Analyst • Additional standards are currently being developed • Specifically, certification for Standard 4011 is required, and certification of at least one of the CNSS Training Standards (4012, 4013, 4014, 4015 or subsequent standards) is required. CSE 465/591, Fall 2006

  5. CAEIAE Evaluation Criteria • Criteria 1: Partnerships in IA Education • Criteria 2: IA Treated as a Multidisciplinary Science • Criteria 3: University Encourages the Practice of IA • Criteria 4: Academic Program Encourages Research in IA • Criteria 5: IA Curriculum Reaches Beyond Geographic Borders • Criteria 6: Faculty Active in IA Practice & Research & Contribute to IA Literature • Criteria 7: State-of-the-Art IA Resources • Criteria 8: Declared Concentrations • Criteria 9: Declared Center for IA Education or Research • Criteria 10: Full-time IA Faculty CSE 465/591, Fall 2006

  6. Benefits fromCAEIAE Program • CAEIAEs receive formal recognition from the U.S. government, as well as opportunities for prestige and publicity, for their role in securing our nation's information systems. • Students attending CAEIAE schools are eligible to apply for scholarships and grants through • The Department of Defense (DoD) Information Assurance Scholarship Program • The Federal Cyber Service Scholarship for Service Program (SFS) operated by National Science Foundation (NSF) CSE 465/591, Fall 2006

  7. CAEIAE Application Progress at ASU • Our courseware has been certified as meeting both NSTISSI-4011 and CNSSI-4012 standards • CSE 465 or CSE 491 covers 151 out of 256 information items required in NSTISSI-4011 standard and 171 out of 204 information items required in CNSSI-4012 standard. • Three information assurance concentration programs have been established in the Computer Science major for the B.S., M.S., and Ph.D. degree programs CSE 465/591, Fall 2006

  8. Concentration in B.S. in CS • A minimum of 15 credits in Information Assurance and related areas as technical electives in the curriculum of B.S. degree in Computer Science • The students must take the following four courses: • CSE465 Introduction to Information Assurance • CSE466* Computer System Security • CSE 467* Data and Information Security • CSE 468* Network Security • The students must take at least one of the following six courses: • CSE412 Database Management • CSE434 Computer Networks • CSE 460 Software Analysis and Design • CSE 463 Introduction to Human Computer Interactions • CSE 471 Introduction to Artificial Intelligence • B.S. Degree capstone courses • The capstone project must have a major portion of the content in the Information Assurance area CSE 465/591, Fall 2006

  9. Concentration in M.S. in CS • The M.S. degree requires 30 credit hours; 24 credits for coursework and 6 hours of thesis/research credit. The IA concentration requires • At least 9 course credits are taken from the IA core courses • CSE539 Applied Cryptography • CSE543 Information Assurance and Security (offered as 591 for Fall06) • CSE545 Software Security (offered as 591 in Spring06) • CSE548 Advanced Computer Network Security (offered as 591 in Spring06) • At least another 9 course credits are taken from the IA elective courses • CSE466/598* Computer Systems Security • CSE467/598* Data and Information Security • CSE531 Distributed and Multi-Processor Operating Systems • CSE534 Advanced Computer Networks • CSE565 Software Verification, Validation and Testing • M.S. thesis must have a major portion of the content in IA area • At least 3 credit hours of CSE592 Research • At least 3 credit hours of CSE599 Thesis CSE 465/591, Fall 2006

  10. Concentration in Ph.D. in CS • The Ph.D. degree currently requires 54 credit hours beyond the M.S. degree; 30 credits for coursework and 24 credit hours of thesis/research credit. The IA concentration requires • At least 12 course credits are taken from the IA core courses • CSE539 Applied Cryptography • CSE543 Information Assurance and Security (offered as 591 for Fall06) • CSE545 Software Security • CSE548 Advanced Computer Network Security • At least another 6 course credits are taken from the IA elective courses • CSE412/598 Database Systems • CSE460/598 Software Analysis and Design • CSE466/598* Computer Systems Security • CSE467/598* Data and Information Security • CSE468/598* Computer Network Security • CSE512 Distributed Database Systems • CSE531 Distributed and Multi-Processor Operating Systems • CSE534 Advanced Computer Networks • CSE561 Modeling and Simulation: Theory and Applications • CSE565 Software Verification, Validation and Testing • CSE571 Artificial Intelligence • CSE572 Data Mining • Ph.D. dissertation must have a major portion of the content in IA area • At least 6 credit hours of CSE792 Research • At least 18 credit hours of CSE799 Dissertation CSE 465/591, Fall 2006

  11. Arizona State University CSE 465 Information Assurance CSE591 Information Assurance and Security Course Overview Professor Stephen S. Yau CSE 465/591, Fall 2006

  12. Course Overview • CSE 465 and CSE 591 are the entry course of our IA concentration programs at the undergraduate and graduate levels, respectively. • The objective of these two courses is to provide students with a basic and comprehensive understanding of the problems of information assurance (IA) and the solutions to these problems. • CSE 591 will cover more than CSE 465 on security concerns, IA research topics, as well as using selected techniques to deal with security problems of various information systems. CSE 465/591, Fall 2006

  13. Course Description • Basic Concepts and Techniques: • Overview of information assurance [textbook1- ch1.1, ch17.1, textbook2-ch1.1,18.1] • Security attacks, threats and vulnerabilities [textbook1- ch1.2, ch19.3-4, ch20.1-3, textbook2-ch1.2, 22.2-4, 23.1-3] • Security strategies • Authentication protocols and access control [textbook1- ch4.4, 7.3-4, 11, 14, textbook2-ch12, 15] • Evaluation and architecture of classified data [textbook1-ch18, textbook2-ch21] • Intrusion detection [textbook1- ch22, textbook2-ch25] • Firewall [textbook1-ch23.3] • Password, personnel security and accreditation [textbook1-ch1.7, ch11.2, ch13 textbook2- ch8, 12.2] • Virus detection and removal [texbook1-ch19, textbook2-ch22] • Cryptography and Steganography [textbook1- ch8, 9, 10.3. textbook2- ch9,10, 11.3] • Countermeasures CSE 465/591, Fall 2006

  14. Course Description (cont.) • IA Policy, Management, Legal and Ethical Issues: • Information assurance policy [textbook1-ch4, textbook2-part3] • Security audits and accident responses [textbook1-ch21, textbook-ch24] • Managing security projects [textbook1-ch17.2, ch26, textbook2-ch29] • Security requirements engineering [textbook1-ch17.1] • Security assessments and evaluation [textbook1-ch18, textbook-ch21] • Risk analysis and management related to information assurance operations • Legal and ethical issues associated with privacy andforensics • Case Studies: • National and corporation information assurance policy case study CSE 465/591, Fall 2006

  15. Course Prerequisites Knowledge of information systems, computer networks and their operations, and have taken one of the two following courses or their equivalent: • CSE360 Introduction to Software Engineering • IEE305 Information Systems Engineering CSE 465/591, Fall 2006

  16. Other Course Information • Line numbers: 22780(CSE465)/04687(CSE591) • Class Schedule: • MW 4:40 – 5:55 p.m. • Instructor: Professor Stephen S. Yau • E-mail: yau@asu.edu • Office: Room BY 488 • Office hours: MW 3:00 – 3:45 p.m. and 6:05 – 6:35 p.m. • TA: Haishan Gong • E-mail: Haishan.Gong@asu.edu • Office Room: BY 468 DA • Office hours: MW 2:30 – 3:45 p.m. CSE 465/591, Fall 2006

  17. Other Course Information (cont.) • Textbooks: • For undergraduate: Matt Bishop, Introduction to Computer Security, Addison- Wesley, 2004, ISBN: 0321247442 • For graduate: Matt Bishop, Computer Security: Art and Science,Addison- Wesley, 2002, ISBN: 0201440997 • Other reading material: Papers and reference books • Evaluation • Home work 20% • Examinations 35% • Course project: 45% CSE 465/591, Fall 2006

  18. Course Project • Initial project proposal in electronic format due for approval no later than Wednesday, September 6, 2006 • Finalizing project title and description by September 25, 2006 • Project interim progress report: Monday, October 16, 2006 • Written project reports: -- The electronic format must be received by 3:00 p.m. at leasttwo working days prior to presentation. The report will be posted on the course website. • Length: 35 to 60 pages for each project with 12 point font size and 1.5 lines spacing • Presentations: • 30 minutes per presentation per project • Presentation material (slides) submitted in electronic format by 3:00 p.m. at least one working day prior to the presentation date. CSE 465/591, Fall 2006

  19. Course Web Address CSE465: http://enpub.fulton.asu.edu/iacdev/ courses/CSE465/Fall2006/home.html CSE591: http://enpub.fulton.asu.edu/iacdev/courses/CSE591i/fall2006/home.html CSE 465/591, Fall 2006

More Related