Beruflich Dokumente
Kultur Dokumente
Course Summary
Quick Review
Week 12 Content is largely a summary of previous material (except digital forensics) So instead, my highlights
2/9/2012
Week 1
Where did modern Information security come from Critical characteristics of IS Balancing Security and access Who does information security? Art or Science?
Week 2
Threats to Information Security (categories and examples) Attacks, threat agents & vulnerabilities: code, worms, viruses, backdoors, password cracking methods, spoofing, man-in-the-middle, SOCIAL ENGINEERING Developing secure software know about buffers, command/sql injection etc.
2/9/2012
Week 3
Liability, dues care, due diligence how do you do it? How do you prove you are doing it? Policy Vs Law Privacy, *awareness* of international law and standards Ethics Key law enforcement agencies
Week 4
Risk management - How do we assess, manage and control risk? Prioritising risks Risk assessment formula (p.139) Controls (avoidance, transference, mitigation, acceptance) Cost benefit analysis (CBA) (p.153) Qualitative Vs Quantitative assessment and evaluation Base-lining, benchmarking & best practice Feasibility issues
6
2/9/2012
Week 5
Enterprise & issue specific policy Policy control/management The security blueprint Security models/architectures Defence-in-depth Education Continuity IRPs, DRPs, BCPs Involving the law
7
Week 6
Firewall technology Packet filtering, NAT Stateful Vs stateless Hardware Vs Software (content filtering?) Firewall architectures Firewall rules VPNs
2/9/2012
Week 7
Intrusion detection systems NID(P)s Vs HID(P)s Detection methods signature, statistical-anomaly, stateful protocol, log-file monitors Responding/Strengths/Limitations Deployment & locations Honeypots Scanning tools and Packet sniffers Access control & authentiation
9
Week 8
Crypto basics Ciphers (block Vs bit cipher methods) Hash functions Symmetric Vs Asymmetric Public key encryption Digital signatures Secure protocols SSL, SSH Wireless encryption WEP Vs WPA
10
2/9/2012
Week 9
Physical security and controls Issues associated with computer rooms and securing facilities Fire detection and response Power management Remote computing issues
11
Week 10
Implementing the security blueprint project methodology issues Project planning and estimation tracking & control Cost, Time, Scope issues Conversion/go-live strategies Change management/people issues
12
2/9/2012
Week 11
How does information security affect hiring an firing? Info sec roles and job descriptions Certifications useful or not? Interviews, background checks and the grand tour Departures Hostile Vs Friendly Consultants, contractors and temps Separation of duties, controls and job rotation
13
Week 12
Maintenance keeping the security program going Helpdesk and change control Monitoring data sources learning about new threats and controls Governance (again), reviews, further risk assessments Internet & Intranet, platform & wireless vulnerability assessments Digital forensics (follows)
14
2/9/2012
Exam
2 hour Open book 65 marks (65%) Part A 12 T/F Part B 12 MC Part C 41 Marks 4 questions with three four parts each Limited coverage of Chapter 3 No mathematical/algorithmic questions for Chapter 8
15