Course design document - School of Information Systems

Course Design Document
Information Security Management
Version 2.0
January 2015
Table of Content
1
2
3
4
5
6
7
8
Versions History .................................................................................................................................... 3
Overview of Security and Trust Course ............................................................................................. 4
Synopsis ....................................................................................................................................................... 4
2.1 Prerequisites ....................................................................................................................................... 4
2.2 Objectives ........................................................................................................................................... 4
2.3 Basic Modules .................................................................................................................................... 4
2.4 Instructional Staff ............................................................................................................................... 5
Output and Assessment Summary ...................................................................................................... 5
3.1 Midterm test (10%) .......................................................................... Error! Bookmark not defined.
3.2 In-Class Participation (20%) .............................................................................................................. 5
3.3 Graded Assignment (20%) ............................................................... Error! Bookmark not defined.
3.4 Project (40%) ..................................................................................................................................... 5
3.5 Final Exam (10%) .............................................................................................................................. 7
3.6 Grades release schedule ..................................................................................................................... 7
Group Allocation for Groups/Assignments .......................................... Error! Bookmark not defined.
Classroom Planning .............................................................................................................................. 7
5.1 Course Schedule Summary ................................................................................................................ 7
5.2 Weekly Plan ...................................................................................................................................... 8
List of Information Resources and References ................................................................................ 13
Tooling.................................................................................................................................................. 14
Tool 14
Description ............................................................................................................................................... 14
Remarks ................................................................................................................................................... 14
Learning Outcomes, Achievement Methods and Assessment ........................................................ 14
1 Versions History
Version
Description of
Changes
Author
Date
V 1.0
V 1.0
V 1.0
V 2.0
V 2.0
1st Draft
2nd Draft
Final
1st Draft
2nd Draft
SITSA
SITSA
SITSA
SITSA
SITSA
22 June 2012
29 August 2012
7 January 2014
28 October 2014
04 November 2014
2 Overview of Security and Trust Course
Synopsis
The Information Security (IS) Management course aims to provide students with
insights to today’s information security challenges, particularly in the area of
Critical Information Infrastructure and the urgency to better secure these assets.
Through case studies discussions and sharing of real life, on-the-job experiences
in the areas of Consultancy, Critical Information Infrastructure Protection and
Cyber Response, the course is designed to allow students to gain different
perspectives to solving real world security problems from a professional and
operational view point.
2.1
Prerequisites
Students should have taken Basic Information Security and Trust Course.
2.2
Objectives
Upon finishing the course, students are expected to:




2.3
Understand how important security principles must be adhered to when
securing the infrastructures.
Understand the importance of balancing security, operational
effectiveness and cost
Be able to analyze and to aptly secure the cyber perimeter of the
infrastructures against cyber attacks
Be able to aid an organization in its response and recovery from cyberattacks and to further enhance its security implementations.
Basic Modules
Prevention
Risk Assessment
Security Architecture
Security Examination and Pro-Active Detection
Response
Incident Response
Cyber Response - Malware
Cyber Response - Forensics
Critical Information Infrastructure Protection
(CIIP)
2.4
Instructional Staff
SITSA officers
3 Output and Assessment Summary
Week
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Output
Weightage in %
Project Proposal
Recess Week
Project Report
Presentation
40%
Exam
40%
Class Participation
TOTAL
3.1
In-Class Participation (20%)

3.2
20%
100%
Evaluation will be based on
o Attendance
o Participation in in-class activities
Project (40%)
 Students are required to undertake a project that will allow them to apply
the skills and the knowledge that they have been taught in class
1. BYOD: What are the cyber-security issues that you need to handle
when you use your own smart devices for work purposes? What can
be done about them and how effective are they?
2. Smart Nations: Discuss the potential cyber-security considerations.
What are the threats and risks? What are the security implementations
to put in place and how effective are they?
3. The Australian Government Department of Defense released 35
strategies that may be implemented to mitigate targeted cyber
intrusions (http://www.asd.gov.au/infosec/top-mitigations/mitigations2014-table.htm). They have singled out 4 top strategies to do so.
Discuss the effectiveness of these top 4 strategies against APT.
4. Dynamic Encryption: Based on an article (the article will be provided in
Week 1), understand the approach and evaluate its potential and
usefulness in information security.
5. People, processes and technologies: Discuss the importance of
people, processes and technologies in information technology
security.
 Deliverables
1. Project Proposal
 Proposal to be submitted on Week 2, start of lecture
 It should not exceed 500 words, single column, Times New
Romans/Arial, font size 13, 1.5 line spacing. Names of team
members and project title must be included
 It should include key points/issues that the team is looking
at as well as a brief workplan of how the team is going to
approach the topic
 Proposals that are not approved must be resubmitted for
subsequent approval
2. Project Report
 Report to be submitted on Week 12, 27th March, Friday,
10am
 It should not exceed 3,000 words, single column Times New
Romans/Arial, font size 13, 1.5 line spacing. Names of team
members, project title, executive summary and references
must be included
3. Project Presentation
 Oral presentation will be delivered by the team in 20
minutes, followed by a 10 minutes Q&A
 Report Grading:
The grading is hugely based on
o Whether the teams have shown a sound understanding of the issues
revolving the selected topic
o Whether the teams have shown sufficient width and depth to analysing
the impact of their selected topic
o Whether the teams are able to write the report and present in a
coherent manner
o The originality, the recommendations and the comprehensiveness of
considerations on the selected topic
 Dates to Note:
o Week 2: Proposal Due
o Weeks 12: Report Due
o Week 13/14: Presentation
3.3



3.4
Final Exam (40%)
Week 15
Covers all materials in all lectures
Include multiple choice questions and short answer questions
Grades release schedule
Participation
Final exam
Project
at the end of term
at the end of term
at the end of term
4 Classroom Planning
There is one session of 3 hours classroom each week.
4.1
Course Schedule Summary
Wk
Topic
1
Administrative/
Risk
Assessment
Risk
Assessment/Se
curity
Architecture/
Security
Evaluation / ProActive Detection
Project work
proposal sitthrough with
2
3
4
Readings
Classroom activity
Assignment/Discussion/
Output/ Remarks
Presentation + Lecture
Lecture + Case studies +
Discussion + Game Play
Lecture + Case Studies +
Discussion + Game Play
Project work proposal
discussion
Project proposal due
teams
CIIP
5
6
7
8
9
Project work
Recess
Incident
Response
Framework
10
Digital
Forensics
11
12
13
Malware
Project work
Project
Presentation
14
15
4.2
Lecture + Case Studies +
Discussion + videos
Lecture + Case Studies +
Discussion
Project work discussion
Recess
Lecture + Case Studies +
Discussion
Lecture + Demonstration +
Hands-on
Lecture + Case Studies +
Hands-on
Project work discussion
Project Presentation
Recess
Project report due
Project Presentation
Study Week
Final Exam
Weekly Plan
Week: 1
Session:
 Administrative briefing
 Risk Assessment Lecture
Project:
 Project assignment and requirements
 Team
Things to note:
 Course material is available for download from the course website
 Students may either do the project on their own or in groups (2 - 3people)
Week: 1/2/3
Case Study + Discussion
 Showing that cyber threats really happen and they may result in
severe consequences for businesses
o Differentiating amongst the different threat agents
Lecture
 Defining and assessing the problems that cyber threats have
on businesses from the perspectives of confidentiality, integrity
and availability (CIA)
 Identifying the various assets of a typical IT system that needs
to be protected
 Understanding the 5 security objectives – Confidentiality,
Integrity, Availability, Non-authentication and Non-repudiation
 Understanding and formulating threat scenarios
 Recommending high level security controls to mitigate
assessed threats
 Examining new technologies with promises of benefits that
comes with its share of security woes
Game Play
 Engaging the students through game play to illustrate and put
to play the concepts covered in the lecture
 Main Case Study: From SOHO to Enterprise
Reference:
 Reading materials from various sources will be provided to the students one week before
lecture
 Additional materials covered during class activities, at lectures, will be provided to the students
within the week of the lecture
Case Study + Discussion
Things to note:
 Students need to show clearly that cyber threats exist and the consequences of falling victim to
them
 Students need to understand cyber threats from the perspectives of Confidentiality, Integrity,
Availability, Non-authentication and Non-repudiation
Week: 1/2/3
Lecture


Revisiting what needs to be protected
Formulating specific security requirements to mitigate
threats surfaced, covering technical topics such as,
o Cryptography
o Sever Security
o DB Security
o Network Security
 Drawing up IT security architectures and developing
strategies while taking business goals and the 5 security
objectives into consideration
Case Study + Discussion
 Illustrating the complexity of balancing security needs with
operational and cost considerations
 Showing the importance of having security measures
implemented at the very start
Game Play
 Engaging the students through game play to illustrate and
put to play the concepts covered in the lecture
Main Case Study: Virtualisation and Cloud Computing
Reference:
 Reading materials from various sources will be provided to the students one week before
lecture
 Additional materials covered during class activities, at lectures, will be provided to the students
within the week of the lecture
Things to note:
 Students need to understand the importance of implementing security measures into the
system architecture from the very start.
 Students need to know how to balance security requirements, operation considerations and
cost
Week: 1/2/3
Lecture + Case Study +
Discussion

Knowing and understanding the different cyber security tests
and their purposes

Lecture


Understanding the need for security examination and
certification of cyber security products/technologies/solutions
Appreciating the different types of security testing and their
purpose (e.g. SSAT, PT)
Knowing and understanding the various stages of testing
that needs to be conducted on IT systems to assure that
security objectives have been met. For e.g.
o Test objective definition
o Test plan formulation
o Test execution
o Reporting
Importance of security examination and certification
Engaging the students through game play to illustrate and
put to play the concepts covered in the lecture

Game Play

Student presentation and
debrief of game play
Reference:
 Reading materials from various sources will be provided to the students one week before
lecture
 Additional materials covered during class activities, at lectures, will be provided to the students
within the week of the lecture
Things to note:
 Students need to understand the importance of doing security examination on cyber security
products/technologies/solutions
 Students need to understand the various stages of testing to ensure that security objectives
have been met
 Students need to realise and appreciate the implications that secure systems have on
businesses
Week: 4
Project Proposal Discussion
Week: 5/6
Lecture + Discussion



Case Studies + Discussion


Main Case Study: StuxNet
Introducing what Critical Information Infrastructure (CII) is
o Introducing CII Security
o Definition of CII (Singapore context)
o Differences between the Enterprise and SCADA
systems
o The concerns on SCADA
Cyber security concepts – Availability – Integrity –
Confidentiality (AIC) and Confidentiality – Integrity –
Availability (CIA)
Security breaches and their impacts
o To Singapore’s national security, economy and
public safety
o Looking at CIIs becoming targets at the national
level
Illustrating the impact of damages resulting from CIIs’
security breaches.
Case studies presented are in order of increasing scale of
damages, ranging from prankster attacks to targeted ones ,
from local to national level scale attacks
Reference:
 Reading materials from various sources will be provided to the students one week before the
actual lecture
Things to note:
 Students need to understand what CIIs are
 Students need to understand the impact of damages resulting from security breaches and to
appreciate the need to protect the CIIs
Week: 5/6
Lecture + Discussion




Critical Information Infrastructure Protection
Illustrating the vulnerabilities of the control systems
(SCADA) used in CIIs
o Myth of ICS invulnerability
Understanding how to manage the risks, threats and attacks
Understanding the security mechanisms and the attack
routes
o Improving cyber security of ICS networks
o Being security aware
o Knowing the security management implementation
issues and guidelines and being aware of the
impression that management has of ICS security
Being aware and understanding the heightened
vulnerabilities of the ICS due to increased interconnectivity
amongst systems
Main Case Study: StuxNet
Reference:
 Reading materials from various sources will be provided to the students one week before the
actual lecture
Things to note:
 Students need to understand the mechanisms used to protect SCADA systems
 Students need to be aware of the industry standards
 Students need to be aware of the various current security products available in the industry
Week: 7
Project Report Discussion
Week: 8 (Recess week: no class)
Week: 9
Lecture
Incident Response

Case Study + Discussion

Incident Response Framework
o Focusing on the Incident Response Framework, its
key components and the critical role that incident
response play in current times.
o Understanding what is required for an Incident
Response Framework to be put in place
o Knowing how to communicate with other Incident
Response teams effectively and efficiently.
APEC 2009 and the role that Incident Response played
o email headers in incident response
Main Case Study: APEC 2009
Reference:
 Handbook for Computer Security Incident Response Teams (CSIRTs) by Pittsburgh, PA:
Software Engineering Institute, Carnegie Mellon University, 2003
 Computer Security Incident Handling Guide (Draft), Special Publication 800-61, Revision 2
(Draft) by NIST (National Institute of Standards and Technology)
 A Step-by-Step Approach on How to Set Up a CSIRT Deliverable WP2006/5.1 (CERT-D1/D2)
by ENISA
 Good Practices for Security Incident Management ENISA (European Network and Information
Security Agency)
 CSIRT Services
 RFC 2350 – Expectations for Computer Security Incident Response
 SANS 504 – Hacker Techniques, Exploits and Incident Handling
Things to note:
 Student need to understand the importance, the purpose of cyber incident response and the
role it plays in today’s landscape
 Students need to know the key components of cyber incident response
 Students need to be aware of what is needed for efficient and effective communication with
other incident response teams
Week: 10
Lecture
Digital Forensics

Discussion




Cyber forensics
o Covering principles, cyber footprints , transiting from
traditional static forensics to cloud-based forensics,
forensics for SCADA systems, forensic challenges,
virtualisation and chain-of-custody procedures
o Covering the mind-set of an investigator and
examiner
APEC 2009 incident and the applications of forensics to this
case.
Role of forensics in Incident Response Life Cycle
Concerns of forensics investigators
Importance of following proper chain-of-custody procedure
Main Case Study: APEC 2009
Reference:
 Real Digital Forensics (Computer Security and Incident Response), Keith J.Jones – Chapter 9
 Digital Forensics for Network, Internet and Cloud Computing, Terence V. Lillard – Chapter 12
 Virtualization and Forensics, Diane Barrett – Chapter 5 – 7, 10 – 11
 Windows Forensics Analysis Toolkit, Advanced Analysis Techniques for Windows 7 3E, Harlan
Carvey – Chapter 1
 Techno Security’s Guide to E-discovery and Digital Forensics, Jack Wiles – Chapter 2
 Alternate Data Storage Forensics, Tyler Cohen & Amber Schroader – Chapter 1
Hands-on/Lab:
 Academic-licensed forensic tools
Things to note:
 Students need to be aware of how digital tools may be used to uncover information and critical
data
 Students need to be aware of the challenges pose to forensics and uncovering of digital tracks
in view of emerging new technologies such as cloud and virtualization
 Students need to understand the importance of following forensic procedures
Week: 11
Lecture
Malware Analysis

Malware 101
o Introducing various categories and types of malware,
common attack vectors and mechanisms, APT, basic
malware analysis processes, tools
o Showing the issues and challenges of malware
o
o
analysis and demonstrating malware in action
Understanding the need for containment
Knowing the importance of preserving evidence to
aid in malware eradication and system recovery
Case Study + Discussion +
 Providing a wrap-up to Cyber Response segment
Demonstration
 Combining both Incident Response and Malware Analysis
Main Case Study: APEC 2009
Reference:
 Forensic Discovery, Dan Farmer, Wiestse Venema (Addison-Wesley Professional)
 M Trends 2010 the advanced persistent threat, Mandiant
Things to note:
 Students need to have a basic understanding of malware
 Students need to understand the essential concepts of malware investigation
Week: 12
Project Report Discussion
 Report due
Week: 13
Project Presentation
Things to note:
 Students should learn from each other
Week: 14 (review week: no class)
Week: 15
Final Quiz


MCQs
Short Application Questions
Things to note:
 Students may leave other the Quiz
 Students may choose to stay if they have questions
5 List of Information Resources and References
Reading materials and reference websites will be made available in the course
slides.
6 Tooling
Tool
Hex Editor
8
Learning
Assessment
Description
Freeware
Outcomes,
2
Methods
and
Faculty Methods
to Assess
Outcomes
Integration of business &
technology in a sector context
1.1 Business IT value linkage
skills
1.2 Cost and benefits analysis
skills
1.3 Business software solution
impact analysis skills
IT architecture, design and
development skills
2.1 System requirements
specification skills
3
Achievement
Course-specific core
competencies which
address the Outcomes
Information Security
Management
1
Remarks
Hands-on exercises and
demo
Lab exercises
YY
2.2 Software and IT architecture
analysis and design skills
YY
2.3 Implementation skills
YY
2.4 Technology application skills
YY
Project management skills
3.1 Scope management skills
3.2 Risks management skills
3.3 Project integration and time
Y
Analyzing the security
requirement and the
vulnerabilities of the
infrastructures. Deploying
security tools to harden it
Analyzing the vulnerabilities of
an infrastructure, the functional
and non-functional
requirements of it, to harden it
through the application of
security concepts
Having the various security
tools and concepts to harden
infrastructures
Using existing technologies to
harden infrastructures
Develop and execute project
Projects, In-class
discussions and class
activities
Projects, In-class
discussions, class
activities and case
studies analysis
Class activities and case
studies analysis
In-class discussions,
Class activities and case
studies analysis
Project proposal, in-
4
4.1 Search skills
5
6
7
8
Y
YY
plans and maintain it
class activities
Y
Study and search for
information that may be applied
to their case studies,
assignments and projects
Projects and in-class
activities
Y
Effectively communicate and
resolve conflicts while working
in a randomly chosen team
In-class discussion and
activities
management skills
3.4 Configuration management
skills
3.5 Quality management skills
Learning to learn skills
4.2 Skills for developing a
methodology for learning
Collaboration (or team) skills:
5.1 Skills to improve the
effectiveness of group processes
and work products
Change management skills for
enterprise systems
6.1 Skills to diagnose business
changes
6.2 Skills to implement and
sustain business changes
Skills for working across
countries, cultures and borders
7.1 Cross-national awareness
skills
7.2 Business across countries
facilitation skills
Communication skills
8.1 Presentation skills
YY
Students will need to apply this
when doing project presentation
Project and in-class
activities
YY
Students will need to submit a
project proposal and a project
report
Project
8.2 Writing skills
This sub-skill is covered partially by the
course
This sub-skill is a main focus for this
course