CE 40-876: Information Security Eng. and Mng.

Description:

• Personal Security Framework
  • Trust/do you own your device?
    • TPM and Trusted computing
    • open devices, open boot firmware, open architecture
  • Personal Device Protection
    • secure update, secure data storage|deletion,
    • file-system level encryption vs whole disk encryption)
  • Data & identity Protection
    • ID in smartphone (DMV ID on android)
    • Two-factor authentication (2FA),time-based one-time password (TOTP)
    • Secret sharing as a service (e.g. Torus)
  • Human factors and Usable security
• Personal Security Framework
  • Enterprise Security Frameworks
    • Enterprise Security Architectures (e.g. SABSA,DoDAF,TOGAF)
    • Sector specific Security Frameworks case studies 

    • Financial Services, Health Sector, etc. 

    • Risk analysis (NIST cybersecurity framework)
  • Enterprise security management
    • Devices vs. Identities
    • BYOD and device management 

    • Identity and access management(IAM) (Open ID, Auth2)
    • Employee monitoring
  • SW supply chain security (SolarWind)
    • “RFID” in different apps(e.g. e-Pedigree medical supply chain)
• National/International Security Frameworks
  • Data protection
    • GDPR
      • Right to be forgotten vs. no data loss (i.e. facebook forgets)
  • Regulations evolution
    • Information security laws: HIPAA, GLBA, FISMA,..
      • Circumvention mechanism (i.e. messengers migrating to the web)
    • Compliance verification

Policies:

• Grading policy is as follows. This is tentative.
  • 30% Active participation in disucssions
    
  • 40% Homework
    
  • 30% Final
    
  
  There will be no exceptions to the following rules:
  
  • If you turn in your assignments one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day. Penlaty may be calculted continusly and per hour of delay.
  • Thee will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course. Providing your assignment to someone else is considered cheating on your behalf.
    
  • Each of you has a 3 day extension you could use over the individual assignments. The minimum you could use at each instance is a 1 day extension. So you can not extend HW1 by 12 hours and then HW2 by 60 hours. You could use the 3 days with one HW, or 1 day for each HW, or 2 days for hW1 and 1 day for HW2, or 1 day for HW1 and 2 days for HW2, or ... (I hope you get the idea!)
  • The 3 day extension will be applied to HW0 and what ever remains would be carried over to HW1 and so on.
  • There is a good probability that things go south (i.e. you get sick, network fails, your computer crashes, there is a bug in the HW, server fails, etc.) as the deadline approaches. Such issues will not result in an extension to the deadline. So keep that in mind and plan for Murphy's law in advance, don't leave things for the last minute.
  • There will be a zero tolerance policy for any misuse of the course infrastructure (i.e. Judge, Tarasht, etc.), regardless of the intent
  • If any of the class policies are unclear, they should be brought up and discussed in the first week of the semester at hand.