CS5493 Home Page

CS5493(CS7493) Secure Systems Administration
Spring 2012

Course Information:

Course Syllabus
The course text book is,
- title: CERT Guide to System and Network Security Practices
- author: Julia H. Allen
- publisher: Addison Wesley
- ISBN: 0-201-73723-X
Additional text book resource:
- title: Fundamentals of Information Systems Security
- author: Kim & Solomon
- publisher: Jones & Bartlett
- ISBN: 978-0-7637-9025-7
WebCT-Blackboard Quiz assessment instructions.
Presentation Guidelines
Course Reference material,

Event
Date
Study Material

First Mid-Term Exam Thursday February 16 Exam 1 Guide

Final Exam Scheduled by University Exam 2 Guide

Group Projects. March 13, 15, 27, 29 Instructions

Individual Projects. April Instructions

Weekly Agenda

Week 1
- System Administration as a practical discipline notes
- SA Ethics
- Security Concepts
- IT Domains
- Student Survey
Week 2
- Committee Assignments and Instructions
- CSI Homepage
- Assignment: Read Verizon Data Breach Report for 2011
- Legislation-Regulation
Week 3
- First committee meeting: Verizon Report discussion and Project Organization
  - Assignment: Read Verizon Data Breach Report for 2011
  - SANS Reading: Creating an IS Security Policy
  - Peltier: Awareness Training Guidelines Article
  - Awareness Training Mistakes
  - Example Security Awareness Slides
- Strong Passwords
Week 4
- Assignment: Access Control Models
- Employee Security Controls (Employee Contracts):
  - Employment Contract: Blue, Orange
  - non-Disclosure Agreement: Blue, Orange
  - AUP: All groups
  - SLA: All groups
- Employee Security Controls
- Email Etequette
- Thursday @ 3:30pm meet in the Steven Bellovich Student Commons, 2nd floor, southwest corner of Rayzor Hall.
  - Itinerary
  - Access Control Models
Week 5
- Committee member assignments and milestones:
- Standards History
- TCSEC: The Orange Book and Rainbow Series
  - The Orange Book
- The Common Criteria
  - Common Criteria Certified Product Investigation (Submit to WebCT)
  - CC: notes
  - CC: NIAP
  - Common Criteria Certified Products
  - CC: OS Protection Profile
  - CC: OS Security Target
  - CC: OS Certification Report
  - CC: OS Admin Guide
  - CC: OS Admin Worksheet
  - CC: GCN CC Article
- Trusted Facility Manual
- Julia Allen: Chapter2 Slides
- Julia Allen: Chapter2 Summary
Week 6
- High Availability:
  - Power
  - HVAC
  - Computing Hardware
  - Data
- Exam Review
- Exam scheduled for Rayzor Hall Room 2055 Thursday February 16.
Week 7
- Media Disposal
- Backup & Restore
  - Backup Stats
  - Backup and Restore
- Help Desk
- Committee Assignment: Restore Policy
- Thursday class meets in the Rayzor Hall Steven Bellovich Commons.
- Committee-Group Assignment
- Colleague Evaluation
- Committee Restore-Policy Results:
Week 8
- NIST 800-37
- NIST Flow Chart
- Cyber Insurance
  - Net World Article: Cyber Insurance
  - NY Times Article: Cyber Insurance
  - Cyber Liability Insurance
  - Cyber Insurance Slides
- Individual project topic is due March 1
Week 9
- Group Project Rehearsal
- Intrusion Detection
- Read Text by Julia Allen, Chapter 6: Detecting Signs of Intrusion
Week 10
- Security Awareness Training Presentation Slides:
  - Gold Workstation Domain
  - Orange Server Domain
- Security Awareness Training On-Line Manual:
  - Gold Manual
  - Orange Manual
Week 11
- Security Awareness Training Presentation Slides:
  - Green Remote Domain
- Security Awareness Training On-Line Manual:
  - Green Manual
  - Blue Manual
Week 12
- Homework: All students must complete the on-line security awareness training quizzes.
- Individual Project Presentations.
Week 13
- Course summary
- Colleague Evaluation: Complete the form and submit it to the course instructor by e-mail.

Miscellaneous Agenda

Course intruduction, Student survey, Vocabulary
Physical Security
SA Contracts:
- Employee Contracts for A Position of Trust
- The SLA, Service Level Agreement.
NIST Certification and Accreditation Flow Chart
Guide Security Certification and Accreditation of Federal Information Systems
Computing Systems Security Practices
- Sustainability Cycle and the SDLC
- ITSEC-TCSEC: The Orange Book and Rainbow Series
  - TCSEC(ITSEC) Rainbow Series
- Recent History of Computer Security Standards
- Common Criteria Certified Products
- Assignment: Common Criteria Certified Product Investigation (Submit to WebCT)
- Access Control Models
- CC: OS Protection Profile
- CC: OS Security Target
- CC: OS Certification Report
- CC: NIAP
- CC: OS Admin Guide
- CC: OS Admin Worksheet
- CC: GCN CC Article
- Ten Security Rules
- NIST Certification and Accreditation
  - NIST Guide for Certification and Accreditation of Federal Information Systems
  - NIST framework for Certification and Accreditation
  - Certification and Accreditation notes
  - Certification and Accreditation Flow Chart
- Managing a Help Desk
  - Help Desk Forms
- Social Engineering
- Awareness Training Guidelines Article
- Security Awareness Slides
- Availability
  - Service Level Agreement: High Availability Systems
  - Disk Partitioning
  - Disk Failure Trends
  - RAID
  - Disk Drive Disposal
    - Media Sanitation-Disposal Guidelines
    - Media Disposal Devices
  - According to J. Allen: System Deployment, Chapter 2 & 3
  - According to J. Allen: Firewalls, Chapter 4
  - Hot-Cool Aisle Configuration
  - Backup & Restore
  - Backup Stats
  - List of Backup Applications
  - Backup and Restore
  - According to J. Allen: Detection and Response Practices, Chapter 5
  - According to J. Allen: Detection Practices, Chapter 6
  - According to J. Allen: Response Practices, Chapter 7
  - Read Dependable Software
  - Security Response Team
  - Awareness Training Mistakes
- Contact information: james-childress@utulsa.edu
- Office: Rayzor Hall Room 2090
- Office hours: TBA

Event	Date	Study Material
First Mid-Term Exam	Thursday February 16	Exam 1 Guide
Final Exam	Scheduled by University	Exam 2 Guide
Group Projects.	March 13, 15, 27, 29	Instructions
Individual Projects.	April	Instructions