Syllabus

Course Objectives:

• Create an awareness of:
  • risks associated with using the Internet
  • lack of adequate security in many places
  • elementary steps to improve security
• Management level understanding of:
  • routine technical steps to increase security
  • security and technologies at
    • Enterprise/Establishment level
    • Small Business level

• Create a firm understanding that a perfectly secure system that can be used does not exist

Cheating Policy:

• CMU Student Handbook describes Campus Cheating Policy, including penalties

• Instructors must specify cheating policy for each course

• In this course, you cheat if you represent someone else's work as your own

• Each document, presentation, code fragment, etc. should show the name(s) of the author(s) and acknowledge contributions from others

BBoard/Newsgroup:

• academic.ism.95-753 (andrew)

• cyrus.academic.ism.95-753 (cs)

• Intended uses:

  • Publish homework problems

  • Ask and answer questions

  • Discuss issues

• TA and instructor will monitor actively

Textbooks:

• John Littman.  The Watchman.  Little Brown, April 1997.  ISBN 0316528579

• Clifford Stoll.  The Cuckoo's Egg.  New York, Pocket Books, 1990.  ISBN 0671726889

• Scott Mann and Ellen Mitchell.  Linux System Security.  Prentice-Hall, 2000.  ISBN 0130158070

• Bruce Schneier.  Secrets and Lies.  John Wiley & Sons, 2000.  ISBN 0471253111

Grading:

• Two papers

  • CIO to Corporate Management (33%)

    • Vulnerability analysis

    • Security policies

    • Required technical and human solutions

  • CIO's Security Plan (33%)

    • Enterprise is UNIX systems

    • Technical measures to apply

    • Human component of solution (policies and enforcement)

• Two team projects (34%)

  • Secure a Linux system

  • Attempt penetration of another team's secured system

• No formal final exam

• Usual +/- letter grades