Introduction to Security and Risk Management SRA-111 Fall 2016 Introduction to Security and Risk Management
Objectives Understand basic security concepts, terminology, technology and possible solutions. Develop an understanding of the social and legal issues of security and privacy. Understand the basics of crime intelligence and forensics analysis as it relates to SRA. Understand basic risk analysis, evaluation and mitigation methods. Understand information warfare and information assurance technologies and methods. Have an awareness of current and future trends in information and cyber security. Have an understanding of personal information risk and methods/technologies for limiting risk
Your Instructor Dr Gerry Santoro Founding Assoc. Prof. of IST 40 years IT, network and security experience 301-J IST Building (814) 571-8306 (SMS is best!)
About your instructor Research Interests: Cyber-crime, security management, cyber-warfare Computer-Mediated Communications Popular Culture and Technology
About your instructor Married (Suzi) 4 kids (Gerald, Travis, Brandi, Kelsey) Hobbies: Motorcycles, Guitar, Astronomy, Aikido (2’nd Dan) Advisor to: SRA Club, IST Interest House, Penn State Aikido Club
About your instructor Also … First Grandson “Logan” (now 4 years old) granddaughter “Alice” (now 10 months old) German Sheperd “Thor” Cat “Sox”
Learning Assistant LA: Introduce in class Please only use Canvas email to reach our LA
Syllabus Located on Canvas read it carefully! make note of due dates! contains list of sessions list of readings quiz dates due dates
Readings M. Whitman and H. Mattord, Principles of Information Security, 5th Edition (Course Technology), ISBN-10: 1-285-44836-7 Optional readings and resources will also be provided on a Web site
Topics Introduction to Information Security The need for security Legal, ethical and professional issues in Information Security Planning for Security Risk Management Security Tech: Firewalls and VPNs
Topics (cont.) Security Tech: ID/PS and more Cryptography Physical Security Implementing Information Security Security and Personnel Information Security Maintenance The future of Information
Content of the topics There will also be other (online) optional readings and occasional news items These will be listed in the Syllabus and on Canvas Class meetings will include a weekly summary of current security and security management news and issues It is important that the security professional be aware of recent developments, attacks, vulnerabilities, etc. I will post important optional readings and resources on a Web site connected to the Angel resources page
Class Meetings Tuesday meetings will be primarily lecture – focusing on the scheduled topic be sure that you have read the assigned textbook chapter before class! Thursday meetings will involve guest lectures, quizzes and class activities related to the current topic NOTE: All class meetings are required and attendance will be taken! Please take note of the class attendance policy.
Emphasis Emphasis of SRA-111 is on information security However, we will also discuss physical security, crime and terrorism We will discuss risks, vulnerabilities, mitigation strategies, laws and tools Information security is one of the most important areas of the 21’st Century This is as much an art as it is a science!
Course Policies During class meetings you are not allowed to use classroom computers, cell phones, iPods, iPads or other technology – unless we are actively using them for a class activity If you need these due to a documented learning disability please see me Late assignments/labs will receive a 10% penalty unless prior approval is given after 1 week late you will need special permission
Course Policies If you have a disability and require special assistance please see me I will only require documentation in case of need for use of assistive technology Course-related communication must use Angel However you are free to call me or SMS me in the case of an emergency or simple question You are also welcome to stop by my office during office during office hours or any other time I am there I promise to read Angel daily and respond within 1 business day if not sooner
Integrity You are required to abide by the Penn State Policy on Academic Integrity As posted in the syllabus You are required to abide by the Penn State policy on non-discrimination and respect Please respect each other – everyone has something to contribute although skill levels may vary
Attendance Attendance is required and is factored into your final grade. Attendance policy: Planned absence – notify instructor AND LA using Canvas before the absence Unplanned absence – notify instructor AND LA using Canvas as soon as technically possible! If you follow the attendance policy you will be excused and allowed to make up missed work
Other Nuggets Class meeting slides will be available on Canvas Extra credit will be provided, through the quizzes
Deliverables Quizzes (individual) (30%) Team project (30%) Personal system security Lab (30%) Self and Team Evaluation and Attendance (10%) Total (100%) Extra credit is built into the quizzes.
Quizzes (30%) There will be 8 quizzes this semester The lowest quiz score will be dropped for each student Quizzes will be administered in class on Thursdays Quiz dates are listed in the syllabus Quizzes are open-book and open notes – with a 20-minute time limit Quizzes will cover required readings, material covered in class, and labs The format will be multiple-choice Your goal is to select or provide the BEST answer based on course material! Beware of semantics! Each quiz will include one extra-credit question
Team project (30%) Your team will develop a security awareness video that you will post on YOUTUBE The team project has 5 parts: Team contract Project proposal Progress report (meeting) Project Video Project document
Personal Systems Security Lab (30%) Lab is in 3 parts Goal is to raise awareness and develop information related to your personal information security
Attendance and Team Evaluation Attendance counts for 5% of grade you lose 1% for each unexcused absence Team evaluation counts for 5% of grade
Any questions on Syllabus? Get familiar with Canvas Use Canvas to read/send emails Team space will be provided Find where the components are located Read the syllabus and project descriptions You are responsible for knowing the information provided in the syllabus! (due dates, readings, etc.) Look over the team problem descriptions
Tips for Success Use a personal calendar to plan your semester Stay on top of the readings Attend all classes – have short meetings with your team after class time Be sure to retrieve your graded quizzes and labs Contact Dr. Santoro or one of the assistants if you have any questions of problems
We want you to succeed! Your success is our success! Use the course as a launch pad for exploration Be careful not to do anything that breaks the law or Penn State Policy!
Team cards each student takes one index card on card put your name and Penn State access ID If you wish to be on a team with another student, hand in card WITH their card If there is a student that you do NOT wish to be on a team with – send me that info by 6 pm today on Angel email Teams will have 6-7 students I will TRY to follow your wishes Teams may adjust until end of drop/add
Questions? End of class 1