BCIS 4630
Fundamentals of Information Technology Security
Fall 2006
Instructor: Dr. Bradley K. Jensen
Office: Business Administration Building, Room 338K
Phone: 940.369.7626
Fax: 972.420.2575
Email: jensenb@unt.edu
Class Times: Thursday, 6:30 p.m. – 9:20 p.m.
Required Textbooks:
M. Whitman and H. Mattord. Principles of Information Security – Second Edition (Course Technology, 2005).
B. Schneier. Secrets & Lies (J. Wiley), 2000.
Sun Tsu. The Art of War.
Optional Textbooks:
M. Howard and D. LeBlanc. Writing Secure Code (Microsoft Press, 2003).
Course Description:
The objective of this class is to provide you with an introduction to the various technical and management aspects of information security (IS) and information assurance (IA). This course provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features.
To promote a more comprehensive understanding of security requirements, you will be required to analyze and generate worms, viruses, Trojans, and logic bombs from an academic perspective. You will be exposed to the spectrum of security activities, methods, methodologies, and procedures. An element of exposure to this spectrum will include the appropriate implementation and application of intrusion detection, firewalls, anti virus applications, and analyzers. Coverage of this spectrum will include inspection and protection of information assets, detection of and reaction to threats to information assets, and examination of pre- and post-incident procedures, technical and managerial responses and an overview of the information security planning and staffing functions.
Due to the nature of the content and requirements of the course, all students will be required to sign an agreement stipulating that the generation and use of these tools are for academic purposes only. No student will employ any of the viruses, worms, Trojans, and logic bombs generated as part of the lab exercises for malicious purposes.
Course of Study:
It is your responsibility to read all assigned materials prior to class and to be prepared to participate actively in class discussions. You are responsible for all assigned materials whether they are addressed directly in class or not. You are also responsible for knowing the deliverables for each week of class.
After completing the course, you will be able to:
q Identify and prioritize information assets.
q Identify and prioritize threats to information assets.
q Define an information security strategy and architecture.
q Plan for and respond to intruders in an information system
q Describe legal and public relations implications of security and privacy issues.
Assignment Requirements & Submissions Policy:
All lab assignments will include written reports that will include cover sheets, headings, proper formatting and citations. Each lab assignment will be provided in handouts which will describe the requirements, expectations, and deliverables. Most lab assignments will be multi-part with delivery of the assignment parts in stages. All assignments are due at the beginning of class and must be presented in the required format.
Spelling, grammar, and composition errors cost up to 10% of your grade for that item (each error found, every time it is found, costs 1 point). Neatness counts! All work is due in class at the beginning of the period. Late assignments are not accepted. It is recommended that you start looking for your articles immediately. It may take you a while to find information on some of these topics. If the article that you turn in for the weekly assignment does not address the topic assigned, you will not get full credit for the assignment.
Specific Grade Requirements:
Your grade for this course will be based on the following:
|
Point Distribution |
|
Grading Scale |
||
Component |
Points |
|
Percent |
Grade |
|
Midterm |
600 |
|
90.0 – 100 % |
A |
|
Final |
1000 |
|
80.0 – 89.9 % |
B |
|
Labs (300 points per lab) |
2700 |
|
70.0 -- 79.9 % |
C |
|
Lab Final |
700 |
|
60.0 – 69.9% |
D |
|
Total |
5000 |
|
< 59.9% |
F |
Course Schedule:
The following schedule is subject to change based on speaker availability and at the discretion of the professor.
|
|
Date |
Topic |
Assignment Due |
|
1 |
31 Aug |
Whitman – Chapters 1 & 2 Discussion of labs |
|
|
2 |
07 Sep |
Schneier -- Chapters 1, 2, 3 Viruses & Worms |
|
|
3 |
14 Sep |
Schneier -- Chapters 4, 5 Security Analysis Trojans & Logic Bombs |
|
|
4 |
21 Sep |
Whitman – Chapter 3 Schneier -- Chapters 6, 7 Port/Security Scanners |
|
|
5 |
28 Sep |
Whitman – Chapters 6 & 7 Schneier -- Chapters 8, 9, 10, 11, 12 |
|
|
6 |
05 Oct |
Schneier – Chapters 13, 14, 15 |
|
|
7 |
12 Oct |
Whitman – Chapters 4 & 5 Schneier – Chapters 16, 17 Midterm Review |
|
|
8 |
19 Oct |
Midterm |
|
|
9 |
26 Oct |
Schneier - Chapters |
|
|
10 |
02 Nov |
Whitman – Chapter 8 & Appendix A Schneier – Chapters 18, 19 Threat Modeling |
|
|
11 |
09 Nov |
Schneier – Chapters 20, 21, 22 |
|
|
12 |
16 Nov |
Whitman – Chapters 9 & 10 Schneier – Chapter 23 |
|
|
13 |
23 Nov |
Thanksgiving – NO CLASS |
|
|
14 |
30 Nov |
Whitman – Chapter 3 Schneier – Chapters 24, 25 |
|
|
15 |
07 Dec |
Final Review |
|
|
16 |
14 Dec |
Final Exam (at regular time and classroom) |
|
Labs:
Labs are in the process of being redone and the assignments will be reviewed upon completion of the configuration of the lab. Labs and groups will be assigned by the third week of class.
Absenteeism:
I expect prompt and regular class attendance from all students. If you have more than two unexcused absences from class, I reserve the right to drop you from the course with a grade of WF. Time conflicts caused by work schedules or other outside activities do not constitute an official excuse from attending class – or from meeting course obligations. Remember also that I do not accept late assignments for any reason. I encourage you to submit assignments early or have a friend deliver your work for you if it becomes necessary.
Cell Phones and Pagers:
When these devices “sound-off” during class, they greatly disrupt the learning process. Consequently, you are not to have cell phones or pagers turned on during class time such that they disrupt other students.
Intellectual Dishonesty:
The University takes a very dim view of plagiarism, cheating, or any other form of intellectual dishonesty (see, ex., the UNT Code of Student Conduct and Discipline). The penalty for intellectual dishonesty in this class is: a failing grade on the test or assignment involved; a failing grade for the course; and reporting the case to the COBA Dean of Students for disciplinary action. The goal is to protect honest students from unfair competition with anyone trying to gain an unfair advantage through intellectual dishonesty.
Unethical Conduct:
Unethical or inappropriate use of University computing resources will result in a failing grade for the course and reporting the case to the COBA Dean of Students for disciplinary action.
Americans With Disabilities Act (1992):
The College of Business Administration complies with this Act in making reasonable accommodation for qualified students with disability. If you have an established disability as defined by this Act and would like to request an accommodation, please see the instructor as soon as possible (see page 1 of this syllabus for contact information). Note: University policy requires that students notify their instructor within the first week of class if they need an accommodation. If you experience a temporary physical disability during the term, please contact the COBA Dean of Students for appropriate assistance. Any student with a temporary or permanent disability must still complete all course requirements.
STUDENT INFORMATION FORM – BCIS 4630
(Please print all information)
Name: ___________________________________________
Prefer to be called: _________________________________
Daytime Phone: ___________________________________
Home Phone: _____________________________________
E-mail Address: ___________________________________
Statement of Understanding Regarding the Syllabus
I have read and understand the syllabus and the information it contains regarding course administration, policies, assignments, schedules, and requirements.
_______________________________________________ _________________________
(Your Signature) (Today’s Date)
Acknowledgement Statement
The Fundamentals of Information Technology Security course offered by the University of North Texas Business Computer Information Sciences department includes information concerning known computer viruses, worms, Trojans, and logic bombs. The course also includes information about the generation of software for purposes of determining propagation and threat characteristics to assist in successful intrusion detection and prevention. The intellectual property associated with the output from the labs and the material presented during lectures is to remain an academic research endeavor and may not be applied or otherwise used for inappropriate or unlawful purposes.
In consideration for being permitted to participate in the Program, I hereby understand and acknowledge that:
1. Some of the content of this course may be considered controversial and information learned in this course must be used only for the express purposes of academic research or other academically accepted purposes. The intentional or negligent application of information offered in this course may constitute a violation of federal or state law and subject me to criminal, civil and university sanctions.
2. I am solely responsible for my intentional or negligent use of information offered in this course. I further expressly acknowledge that the University of North Texas, its academic departments, faculty, staff and agents are not responsible for student intentional or negligent use of information offered in this course.
3. Computer resources and data are considered valuable assets of the University of North Texas. Further, computer software purchased or leased by the University is the property of the University or the company from whom it is leased. Any unauthorized access, use, alteration, duplication, destruction, or disclosure of any of these assets may constitute a computer-related crime, punishable under Texas and federal laws.
4. Misuse of the University's computer resources and the content of information offered in this course is strictly prohibited. Misuse of computing resources includes, but is not limited to: criminal and illegal acts, including support of illegal activities such as unauthorized access of university, proprietary or other information technology resources, intentional corruption or misuse of computer resources, theft, obscenity, and child pornography.
5. I am responsible for
obtaining and following applicable University of North Texas computer use
policies.
5. Violation of this Acknowledgement Agreement constitutes a violation of the
University of North Texas student code of conduct and may result in disciplinary
action, to include suspension or expulsion.
By signing this Acknowledgement Agreement, I expressly represent that I understand and agree to abide by its terms and conditions and that I will use the materials associated with this class purely for academic purposes.
Signed this _____ day of January 2005.
Printed Name of Student: ___________________________________________
Student Signature: _____________________________________________