Security and Information Assurance
Risk assessment
- Risk identification
- Risk analysis
- Cost/benefit analysis
Incident Response
- Legal requirements
- Incident response team
- Incident response policies
- incident response procedures
Security Models
- The McCumber?/Maconachy, et.al. Information Assurance Model
- Confidentiality models
* Bell LaPadula? (BLP) Model
- Integrity models
- Transaction-based integrity
* Biba Model
- Other models
Security Policies
- Creation of Policies
- Maintenance of Policies
- Prevention
- Avoidance
- Recovery
- Defense in depth
Security Technologies
- Cryptosystems
- Unkeyed cryptosystems
- Secret key cryptosystems
- Public key cryptosystems
- Key infrastructure
- Digital Signatures
- Performance (software/hardware, operational approaches)
- Authenticaiton protocols and mechanisms
- Identity keys
- Biometrics
- Passwords
- Hardware key
- Timestamps
- Kerberos
- Physically secure hardware
- Violation detection
- intrusion detection
- liveness & availability checking
- protection tools
- Penetration testing
- Integrity checking
- Error-correcting codes
- cryptographic hashing
- checksums
*Countermeasures
- Redundancy
- Fault Tolerance
Threats and Attacks
- Social Engineering
- Passive Attacks
- Sniffing
- Man-in-the middle
- Active attacks
- Forced entry
- Password guessing
- Dictionary attacks
- Protocol attacks
- Malware
- Viruses
- Trojans
- Worms
- Spyware
- Buffer Overflow Attacks
- Denial of Service
Network Security
*Network nodes
*Routers
*Switches
*Access Points
*Perimeter defenses
*Firewalls
*Packet filter
*Proxy
*Personal
* Virtual Private Networks (VAN)
*Protocol tunneling
*Bearer services
*Secure design
*Secure topology
* intranet
- Pointer to attacks/threats (for DOS)
Operational Issues
- Auditing
- Cost / benefit analysis
- Asset Management
- Standards
- Enforcement
- Legal issues
- Physical plant security
- Disaster recovery (natural and man-made)
Forensics
- Digital Forensics and its relationship to other Forensic disciplines
- Incident response responsibilities
- Forensic procedures
- Standards
- Documentation
- Audit logs
- Investigators report
- Digital Evidence
- Rules/Standards of Evidence
- Evidence Analysis
*Forensic mechanisims
*Acquisition mechanisms
*Authentication mechanisms
*Analysis mechanisms
*Auditing mechanisims
*Profiling
*Motivation analysis
*Victimology
Human Considerations
- Applied Psychology and security policies
- Usability design and security
- Security mindset
- Identity theaft
Security Standards
- Risks and liabilities of computer-based systems (THESE CONCEPTS ARE UNDER OTHER TABS--DO NOT BELONG HERE)
- Authentication
- Encryption; Certificates, Public Key
- Capability User Authorization
- Audit Logs
- Access Logs
- Backup
- Viruses, Worms
- Transaction Management, Rollback
- Intrusion Detection
- Privacy Protection
- Security Standards Organizations
- Security Assurance Service Organizations
- Uses, misuses, and limits of computer technology
- Historical examples of software risks (such as the Therac-25 case)
- Implications of software complexity
- Risk assessment and management
- Feasibility assessment
- Risk management principles
- Contingency planning
-- Main.nova - 11 Feb 2006 (by Rich LeBlanc and Bob Sloan)
Social structure
- Legal Systems
*Legal frameworks
*Legislation
*Ethics
*Ethical frameworks
to top