Program

(Sist oppdatert: $Date$)

Menu

Please note that the slides and exercises are continuously updated, including possible corrections after they have been used. I aim to finalise the material one week before it is used, but this is an aim, not a promise.

All files are in PDF. Handouts show four frames per page. Slides are in colour, and some of them may not be readable in grayscale print.

Week 1: What is Information Security?

Primary goal
Establish terminology
Reading
  1. NIST 800-30 Section 1-3
  2. Håndbok, chapters 1-2
  3. Whitman and Mattord, chapter 1-2
Note that neither of the two core textbooks take sufficient care in establishing a terminology. It is essential that you learn to use the terms unambiguously, and you may need to consult many other sources in the process. The NIST documents do use this terminology, while Pfleeger and Pfleeger gives a more pedagogic introduction.
Additional reading
Slides
Exercise

Week 2: Security Management and Planning

Main goal:
Be able to relate information security to business processes and organsisational constraints.
Reading:
Handouts

Week 3: Laws

Main goal:
Have an overview of legislation relevant for computer security.
Reading:
Handouts

Week 4: Standards

Main goal:
Have an overview of different security standards.
Reading:
Handouts

Week 5: Risk Management

Main goal:
Have a decent notion of what risk is, and how to deal with it.
Reading:
Handouts

Week 6: Impacts and Controls

Main goal:
  1. Complete the overview of the FAIR framework and be able to use it.
  2. Have a broad overview of different controls and control types, and how they can be classified.
Reading:
Handouts

Week 7: Physical Security

Main goal:
Understand what controls may be necessary to secure the physical location of an information system.
Reading:
Handouts

Week 8: Planning and Organisation

Main goal:
Understand how security work in an organisation can be planned and managed effectively.
Reading:
Handouts

Week 9: Authorisation and Access Control

Main goal:
Be familiar with common methods of Access Control and Access Management.
Reading:
Handouts

Week 10: Mobile Security

Main goal:
Be familiar with particular threats and useful controls for mobile and wireless equipment.
Reading:
Handouts

Week 11: External Attacks

Main goal:
Be familiar with common controls and security strategies to cope with external threats.
Reading:
Handouts

Week 12: Software Security

Main goal:
Be aware of the most common software vulnerabilities and some good approaches to avoiding them.
Handouts

Week 13: Business Continuity Planning

Main goal:
Reading:
Handouts

Hans Georg Schaathun / hasc@hials.no
$Id$