Program
(Sist oppdatert: $Date$)
Please note that the slides and exercises are continuously updated,
including possible corrections after they have been used.
I aim to finalise the material one week before it is used,
but this is an aim, not a promise.
All files are in PDF. Handouts show four frames per page.
Slides are in colour, and some of them may not be readable
in grayscale print.
Week 1: What is Information Security?
- Primary goal
- Establish terminology
- Reading
-
- NIST 800-30 Section 1-3
- Håndbok, chapters 1-2
- Whitman and Mattord, chapter 1-2
Note that neither of the two core textbooks take sufficient
care in establishing a terminology.
It is essential that you learn to use the terms unambiguously, and
you may need to consult many other sources in the process.
The NIST documents do use this terminology, while
Pfleeger and Pfleeger gives a more pedagogic introduction.
- Additional reading
-
- Pfleeger & Pfleeger, chapter 1.
- NIST 800-53 Appendix B
- Slides
-
- Exercise
-
Week 2: Security Management and Planning
- Main goal:
- Be able to relate information security to business processes and
organsisational constraints.
- Reading:
-
- Whitman and Mattord Ch. 2
- Håndbok Chapter 6
- Data-Centric Security (IBM White Paper)
- CObIT 4.1 (excerpt)
- Handouts
-
Week 3: Laws
- Main goal:
- Have an overview of legislation relevant for computer security.
- Reading:
-
- Whitman and Mattord Ch. 3
- Håndbok Chapter 3
- Relevant laws from
http://www.lovdata.no/,
in particular Personopplysingsloven.
- Handouts
-
Week 4: Standards
- Main goal:
- Have an overview of different security standards.
- Reading:
-
- Whitman and Mattord Ch. 5
- Håndbok Chapter 4
- Handouts
-
Week 5: Risk Management
- Main goal:
- Have a decent notion of what risk is, and how to deal with it.
- Reading:
-
- Handouts
-
Week 6: Impacts and Controls
- Main goal:
-
- Complete the overview of the FAIR framework and be able to
use it.
- Have a broad overview of different controls and control types,
and how they can be classified.
- Reading:
-
- Handouts
-
Week 7: Physical Security
- Main goal:
-
Understand what controls may be necessary to secure the
physical location of an information system.
- Reading:
-
- Håndbok, chapters 7
- Whitman and Mattord, chapter 9
- Handouts
-
Week 8: Planning and Organisation
- Main goal:
- Understand how security work in an organisation can be
planned and managed effectively.
- Reading:
-
- Håndbok, chapters 6
- Whitman and Mattord, chapter 5 (+6)
- Handouts
-
Week 9: Authorisation and Access Control
- Main goal:
-
Be familiar with common methods of Access Control and
Access Management.
- Reading:
-
- Håndbok, chapters 11
- Whitman and Mattord, chapter 7
- Handouts
-
Week 10: Mobile Security
- Main goal:
-
Be familiar with particular threats and useful controls for
mobile and wireless equipment.
- Reading:
-
- Håndbok, chapters 12
- Whitman and Mattord, chapter 7
- Handouts
-
Week 11: External Attacks
- Main goal:
-
Be familiar with common controls and security strategies
to cope with external threats.
- Reading:
-
- Håndbok, chapters 14
- Whitman and Mattord, chapter 7 (+6)
- Handouts
-
Week 12: Software Security
- Main goal:
- Be aware of the most common software vulnerabilities and some
good approaches to avoiding them.
- Handouts
-
Week 13: Business Continuity Planning
- Main goal:
-
- Reading:
-
- Handouts
-
Hans Georg Schaathun /
hasc@hials.no
$Id$