Information Security Management, Carnegie Mellon University

Information Security Management
(95-752)

Home
Syllabus and Schedule
Announcements
Homeworks
Grading
Humor
Links

Fall 2009

Comments?
(c) Copyright 2000-2009
The Heinz School, CMU

Exam and Project Information

Midterm Examination

OPEN book, OPEN notes, CLOSED neighbor
Mixture of short answer and problem-solving essay
Take home exam, see instructions on cover sheet.
Focuses on material covered in lecture, may include some points covered only in book
Deals with assigned material for first 6 weeks of course.

Sample Midterm Examination: available here

Real Midterm Examination: available here

Term paper/project

The final assignment for the semester is a term paper or term project. The purpose of this assignment is to allow students to explore a topic of interest while demonstrating mastery of the material presented in the course.

For a term paper a submission of approximately 10-15 pages is expected. The topic should reflect both the introductory nature of the course and its orientation to management-level understanding. Potential topics include, but are not limited to:
+ A survey of biometric methods for authentication
+ A survey of authentication token products
+ Strengths, weaknesses and methods of asymmetric encryption
+ A survey of file protection methods
+ Management methods to protect against insider threat
+ A survey of laws relevant to fighting network attackers
+ Strengths and weaknesses of protection methods in modern operating systems
+ A survey of intrusion prevention systems
+ A short guide to free software for improving security on a home computer or laptop
+ An analysis of recently-announced software vulnerabilities and their impact on small businesses

For a term project, a smaller submission, approximately 8-10 pages, is expected, reflecting the effort taken up in preparing the project. No project shall involve violation of security on any site or system unless that system or site is wholly owned by the student (i.e., no social engineering, no hacking, no dumpster-diving, etc.). Possible topics could include, but are not restricted to:
+ Implementation of a honeypot on a home computer network
+ Integration of asymmetric encryption with popular email and word processing software
+ Implementation of a personal firewall and analysis of the traffic intercepted by it on a home computer or laptop
+ Implementation of protections on a wireless access point and analysis of their impact on ease of use

Please feel free to consult with the instructor (tjs@cert.org) regarding the topic for your paper or project. As mentioned in lecture, groups of students (no more than four) may submit jointly, by permission of instructor.

Grading for the paper/project will be as follows:
+ presentation - 20% - readability, grammar, spelling, organization, etc.
+ coverage - 40% - depth of discussion, detail, technical correctness, etc.
+ content - 40% - applicability to course, thoroughness, etc.