Professional utility of information security knowledge
Definition of information security
Example case – Wikileaks, Cablegate, and free reign over classified networks
Hands-on activity – Software Inspector, Steganography
Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents
Chapter 2 — System Administration (Part 1)
What is system administration?
System administration and information security
Common system administration tasks
System administration utilities
Hands-on Activity – Linux system installation
Critical thinking exercise – Google executives sentenced to prison over video
Chapter 3 — System Administration (Part 2)
Moving around the filesystem – pwd, cd
Access control and user management
Software installation and updates
Command-line user administration
Example case – Northwest Florida State College
Hands-on activity – basic Linux system administration
Critical thinking exercise – offensive cyber effects operations (OCEO)
Chapter 4 — The Basic Information Security Model
Components of the basic information security model
Common vulnerabilities, threats, and controls
Hands-on activity – web server security
Critical thinking exercise – the internet, “American values,” and security
Chapter 5 — Asset Identification and Characterization
Determining assets that are important to the organization
IT asset life cycle and asset identification
Asset ownership and operational responsibilities
Hands-on activity – course asset identification
Critical thinking exercise – uses of a hacked PC
Chapter 6 — Threats and Vulnerabilities
Hands-on activity – Vulnerability scanning
Critical thinking exercise – Iraq cyberwar plans in 2003
Chapter 7 — Encryption Controls
Example case – Nation technologies
Hands-on activity – encryption
Critical thinking exercise – encryption keys embed business models
Chapter 8 — Identity and Access Management
Hands-on activity – identity match and merge
Critical thinking exercise – feudalism the security solution for the internet?
Chapter 9 — Hardware and Software Controls
Intrusion detection/prevention systems
Patch management for operating systems and applications
Example case – AirTight networks
Hands-on activity – host-based IDS (OSSEC)
Critical thinking exercise – extra-human security controls
Hands-on activity – basic scripting
Critical thinking exercise – script security
Chapter 11 — Incident Handling
Example case – on-campus piracy
Hands-on activity – incident timeline using OSSEC
Critical thinking exercise – destruction at the EDA
Chapter 12 — Incident Analysis
General log configuration and maintenance
Example case – backup server compromise
Hands-on activity – server log analysis
Critical thinking exercise – destruction at the EDA
Chapter 13 — Policies, Standards, and Guidelines
Hands-on activity – create an AUP
Critical thinking exercise – Aaron Swartz
Chapter 14 — IT Risk Analysis and Risk Management
Risk management as a component of organizational management
Other risk-management frameworks
IT general controls for Sarbanes – Oxley compliance
Compliance versus risk management
Example case – online marketplace purchases
Hands-on activity – risk assessment using LSOF
Critical thinking exercise – risk estimation biases
3.145.112.187