Information Security Professional
|
Class DescriptionCovers information security thoroughly, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals. Students are strongly encouraged to practice with the Transcender prep tests before taking the exam, and access to those tests will be included in the class.There will be many hands-on projects, but they will not be typical artificial homework assignments. Instead, the class will work in small teams, led by students selected to be managers. Each team will have different projects, and we will all work together as a company to perform a real security audit of a real network. Students will be required to sign and honor a non-disclosure agreement, because we will be finding real security problems, violations, and confidential data. Our tasks will involve using technical skills to locate and analyze problems, and also using social, business, and communication skills to help the network's administrators understand and fix problems. Students who are not willing to be bound by a non-disclosure agreement should not take this class, and they should not be pursuing a career in information security, either. The reason the CISSP certification is so highly valued is that certified professionals can be trusted--they are technically competent, responsible, and aware of their role and their limitations. This class provides both academic training and real-world experience to help develop those virtues.
Prerequsites: Students should have Network+ and Security+ level understanding
of networking and security. Previous experience of hacking is helpful
but not required.
TextbookCISSP Guide to Security Essentials, 1st Edition, by Peter Gregory ISBN-10: 1435428196 Buy from Amazon |
Schedule | ||||
---|---|---|---|---|
Date | Topic | |||
Mon, July 12 | Ch 1: Information Security and Risk Management Ch 2: Access controls | |||
Tue, July 13 | Ch 3: Application Security OWASP's Top Ten Web Application Risks Ch 4: Business Continuity and Disaster Recovery Planning | |||
Wed, July 14 | Ch 5: Cryptography Ch 6: Legal, Regulations, Compliance and Investigations Wardriving | |||
Thu, July 15 | Ch 7: Operations Security Ch 8: Physical and Environmental Security Ch 9: Security Architecture and Design | |||
Fri, July 16 | Ch 10: Telecommunications and Network Security |
Projects | |
---|---|
Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform real security audits of real information systems. Every student will be required to sign a non-disclosure agreement. The security issues we find will be held in confidence, and we will contact the administrators of the vulnerable systems and try to convince them to amend the problems.
Students are required to prepare professional resumes, and encouraged to
include their participation in this class as work experience.
New for Summer 2010Encrypted email with Gnu & ThuinderbirdFrom Spring 2010Encrypted Email SetupBacking up a Private Key NDA from Spring 2010 |