Course Summary

Quick Review 
Week 12 Content is largely a summary of previous material (except digital forensics)  So ± instead, my highlights«



backdoors. man-in-the-middle.2/9/2012 Week 1  Where did modern Information security come from  Critical characteristics of IS  Balancing Security and access  Who ³does´ information security?  Art or Science? 3 Week 2  Threats to Information Security (categories and examples)  Attacks. password cracking methods. viruses. 4 2 . command/sql injection etc. SOCIAL ENGINEERING  Developing ³secure´ software ± know about buffers. threat agents & vulnerabilities: code. worms. spoofing.

mitigation. *awareness* of international law and standards  Ethics  Key law enforcement agencies 5 Week 4  Risk management .2/9/2012 Week 3  Liability. acceptance)  Cost benefit analysis (CBA) ± (p. manage and control risk?  Prioritising risks  Risk assessment formula (p.139)  Controls (avoidance.How do we assess. benchmarking & best practice  Feasibility issues 6 3 .153)  Qualitative Vs Quantitative assessment and evaluation  Base-lining. due diligence ± how do you ³do´ it? How do you prove you are doing it?  Policy Vs Law  Privacy. transference. dues care.

2/9/2012 Week 5          Enterprise & issue ±specific policy Policy control/management The security blueprint Security models/architectures Defence-in-depth Education Continuity IRPs. NAT Stateful Vs stateless Hardware Vs Software (content filtering?) Firewall architectures Firewall rules VPNs 8 4 . BCPs Involving the law 7 Week 6        Firewall technology Packet filtering. DRPs.

stateful protocol.2/9/2012 Week 7  Intrusion detection systems  NID(P)s Vs HID(P)s  Detection methods ± signature. SSH Wireless encryption ± WEP Vs WPA 10 5 . statistical-anomaly. log-file monitors  Responding/Strengths/Limitations  Deployment & locations  Honeypots  Scanning tools and Packet sniffers  Access control & authentiation 9 Week 8         Crypto basics Ciphers (block Vs bit cipher methods) Hash functions Symmetric Vs Asymmetric Public key encryption Digital signatures Secure protocols SSL.

2/9/2012 Week 9  Physical security and controls  Issues associated with computer rooms and securing facilities  Fire detection and response  Power management  Remote computing issues 11 Week 10  Implementing the security blueprint ± project methodology issues  Project planning and estimation ± tracking & control  Cost. Scope issues  Conversion/go-live strategies  Change management/people issues 12 6 . Time.

controls and job rotation 13 Week 12  Maintenance ± keeping the security program going  Helpdesk and change control  Monitoring data sources ± learning about new threats and controls  Governance (again). further risk assessments  Internet & Intranet. platform & wireless vulnerability assessments  Digital forensics (follows) 14 7 . background checks and ³the grand tour´ Departures ± Hostile Vs Friendly Consultants. contractors and temps Separation of duties.2/9/2012 Week 11        How does information security affect hiring an firing? Info sec roles and job descriptions Certifications ± useful or not? Interviews. reviews.

2/9/2012 Exam         2 hour Open book 65 marks (65%) Part A 12 T/F Part B 12 MC Part C 41 Marks ± 4 questions with three ± four parts each Limited coverage of Chapter 3 No mathematical/algorithmic questions for Chapter 8 15 8 .