Introduction to information systems security 365 765

Information Systems 365/765 Security and Strategy

September 2, 2008

IntroductionLecture 1

First Things First…Today’s Chocolate Bar

• EVERY lecture should start with chocolate!• I will bring a different type for each lecture• Today’s Chocolate bar is the Kit Kat• Created in 1935• Best selling chocolate bar in the UK• in Japan, it is called “kitto katsu”, which

roughly translates to "You will surely win!"

Student Information Cards

• Your first name• Your last name• Where are you from?• What would you like to learn from this

class? • List any specific topics you would like to

see covered in this class• Any special needs or accommodations

that you feel I should know about

Today’s Agenda

• Introduction

• Course overview

• Assignments and grading

• Skills you will gain from this course

• My commitment to you

• Expectations

Introduction

• My name is Nicholas Davis. Please just call me Nick.

• MBA, Information Systems, 1998

• I have been employed by:

Introduction

My area of specialization is• Cryptographic Systems• Strong Authentication Technologies• Digital Identity ManagementAreas of interest include:• National Digital ID• Proximity Based AuthenticationI’ve seen lots of things, but I have not seeneverything!

Course Overview

• Focused on the business analysis and application of IS Security Principles in the enterprise

• Provide a background in specific security related technologies

• Give you hands on experience with some security related tools

• Teach you how to perform a Security Audit and craft a Disaster Recovery Plan

• Spend time each lecture talking about a IS Security current event

Course Overview

• Students taking this class should have an interest in technology as well as audit, compliance, regulation and current events in these areas

• Students will not be writing software code in this class

• Students will not be learning how to perform “hacking” in this class

The Five Pillars of Information Security

The foundation on which a secure

enterprise computing environment is

Built.

Keep these in mind as we work our

way through the technology portion of

our course.

ProtectionUnderstand what we are protecting

and what the value of protecting it

really is.

How much would you invest in insurance

on these two cars?

Detection

Knowing where the

vulnerabilities are

and how to identify

when a

compromise of

information might be

taking place.

Reaction

How do you address breaches that

have occurred? What procedures and

plans are in place?

Documentation

Solid record keeping is critical to

understanding vulnerability trends!

Prevention

Is 100% prevention of aproblem really possible?.Effective prevention isboth the implementationof lessons learned andThe application ofKnowledge gained toavoid the same fate inthe future..

Keep the Five Pillars Of Information Security in Mind Throughout the

Course

• Protection• Detection• Reaction• Documentation• Prevention

Course Benefits

• Gain an understanding of the current and upcoming challenges of safely doing business in a technology driven business environment

• Acquire a strong command of major security technologies and practices

• Possess tangible IT Security audit and planning skills, which you can actually talk about in a job interview

Course Roadmap

• Information Security Background and terminology

• Information Security Technologies

• Laws, Ethics and Investigations

• Security Audits and Disaster Recovery (team presentations)

Course Topics OutlineIntroductionBackground, Information Security ManagementAuthentication technologiesAccess Control SystemsPublic Key Encryption technologyPhysical securityEnterprise Security ArchitectureTelecommunications, Network and InternetSecuritySocial EngineeringLaws, Investigations and EthicsOperations SecuritySecurity Audits and Disaster Recovery Planning

Course Assignments

• Exam (25%) – October 30th

• 6 quick in class easy quizzes (25%) 5% each, but I will drop your lowest quiz

• In class team presentation on Security Audit and Disaster Recovery (25%)

• 2 Homework Assignments (10%)

• In class participation (15%)

Next Class…

• Current event discussion

• Distribution of reading for Assignment #1

• Short lecture

• Watch Spying on the Home Front video

• Discussion of Assignment #1

How Can I Help You?

You are my customerI need to know if:• You are malcontent with anything related to the

course, so we can make changes• You don’t understand the material or assignment

requirements

Please make use of office hours, even if it just is tostop in and say hello.

Nicholas (Nick) Davis [email protected]. 347-2486