Course Design Document. Information Security Management. Version 2.0

Course Design Document

Information Security Management

Version 2.0

Table of Content

1 Versions History ... 3

2 Overview of Security and Trust Course ... 4

Synopsis ... 4

2.1 Prerequisites ... 4

2.2 Objectives ... 4

2.3 Basic Modules ... 4

2.4 Instructional Staff ... 5

3 Output and Assessment Summary ... 5

3.1 Midterm test (10%) ... Error! Bookmark not defined. 3.2 In-Class Participation (20%) ... 5

3.3 Graded Assignment (20%) ... Error! Bookmark not defined. 3.4 Project (40%) ... 5

3.5 Final Exam (10%) ... 7

3.6 Grades release schedule ... 7

4 Group Allocation for Groups/Assignments ... Error! Bookmark not defined. 5 Classroom Planning ... 7

5.1 Course Schedule Summary ... 7

5.2 Weekly Plan ... 8

6 List of Information Resources and References ... 13

7 Tooling ... 14

Tool 14 Description ... 14

Remarks ... 14

1 Versions History

Version

Description of

Changes

Author

Date

V 1.0 1st Draft SITSA 22 June 2012

V 1.0 2nd Draft SITSA 29 August 2012

V 1.0 Final SITSA 7 January 2014

V 2.0 1st Draft SITSA 28 October 2014

2 Overview of Security and Trust Course

Synopsis

The Information Security (IS) Management course aims to provide students with

insights to today’s information security challenges, particularly in the area of

Critical Information Infrastructure and the urgency to better secure these assets.

Through case studies discussions and sharing of real life, on-the-job experiences

in the areas of Consultancy, Critical Information Infrastructure Protection and

Cyber Response, the course is designed to allow students to gain different

perspectives to solving real world security problems from a professional and

operational view point.

2.1 Prerequisites

Students should have taken Basic Information Security and Trust Course.

2.2 Objectives

Upon finishing the course, students are expected to:



Understand how important security principles must be adhered to when

securing the infrastructures.



Understand the importance of balancing security, operational

effectiveness and cost



Be able to analyze and to aptly secure the cyber perimeter of the

infrastructures against cyber attacks



Be able to aid an organization in its response and recovery from

cyber-attacks and to further enhance its security implementations.

2.3 Basic Modules

Prevention

Response

Risk Assessment

Incident Response

Security Architecture

Cyber Response - Malware

Critical Information Infrastructure Protection

(CIIP)

2.4 Instructional Staff

SITSA officers

3 Output and Assessment Summary

Week

Output

Weightage in %

1

2

Project Proposal

3

4

5

6

7

8

Recess Week

9

10

11

12

Project Report

40%

13

Presentation

14

15

Exam

40%

Class Participation

20%

TOTAL

100%

3.1 In-Class Participation (20%)



Evaluation will be based on

o Attendance

o Participation in in-class activities

3.2 Project (40%)



Students are required to undertake a project that will allow them to apply

1. BYOD: What are the cyber-security issues that you need to handle

when you use your own smart devices for work purposes? What can

be done about them and how effective are they?

2. Smart Nations: Discuss the potential cyber-security considerations.

What are the threats and risks? What are the security implementations

to put in place and how effective are they?

3. The Australian Government Department of Defense released 35

strategies that may be implemented to mitigate targeted cyber

intrusions

(http://www.asd.gov.au/infosec/top-mitigations/mitigations-2014-table.htm). They have singled out 4 top strategies to do so.

Discuss the effectiveness of these top 4 strategies against APT.

4. Dynamic Encryption: Based on an article (the article will be provided in

Week 1), understand the approach and evaluate its potential and

usefulness in information security.

5. People, processes and technologies: Discuss the importance of

people, processes and technologies in information technology

security.



Deliverables

1. Project Proposal

 Proposal to be submitted on Week 2, start of lecture

 It should not exceed 500 words, single column, Times New

Romans/Arial, font size 13, 1.5 line spacing. Names of team

members and project title must be included

 It should include key points/issues that the team is looking

at as well as a brief workplan of how the team is going to

approach the topic

 Proposals that are not approved must be resubmitted for

subsequent approval

2. Project Report

 Report to be submitted on Week 12, 27

March, Friday,

10am

 It should not exceed 3,000 words, single column Times New

Romans/Arial, font size 13, 1.5 line spacing. Names of team

members, project title, executive summary and references

must be included

3. Project Presentation

 Oral presentation will be delivered by the team in 20

minutes, followed by a 10 minutes Q&A



Report Grading:

The grading is hugely based on

o Whether the teams have shown a sound understanding of the issues

revolving the selected topic

o Whether the teams have shown sufficient width and depth to analysing

the impact of their selected topic

o Whether the teams are able to write the report and present in a

coherent manner

o The originality, the recommendations and the comprehensiveness of

considerations on the selected topic



Dates to Note:

o Week 2: Proposal Due

o Weeks 12: Report Due

o Week 13/14: Presentation

3.3 Final Exam (40%)



Week 15



Covers all materials in all lectures



Include multiple choice questions and short answer questions

3.4 Grades release schedule

Participation

at the end of term

Final exam

at the end of term

Project

at the end of term

4 Classroom Planning

There is one session of 3 hours classroom each week.

4.1 Course Schedule Summary

Wk

Topic

Readings

Classroom activity

Assignment/Discussion/

Output/ Remarks

1

Presentation + Lecture

2

Lecture + Case studies +

Discussion + Game Play

Project proposal due

3

Lecture + Case Studies +

Discussion + Game Play

4

proposal sit-through with

Project work proposal

discussion

teams

5

_{Lecture + Case Studies +}

Discussion + videos

6

Lecture + Case Studies +

Discussion

7

_{Project work discussion}

8

Recess

Recess

Recess

9

Lecture + Case Studies +

Discussion

10

Lecture + Demonstration +

Hands-on

11

Lecture + Case Studies +

Hands-on

12

_{Project work discussion}

_{Project report due}

13

Presentation

Project Presentation

Project Presentation

14

Study Week

15

Final Exam

4.2 Weekly Plan

 Risk Assessment Lecture Project:

 Project assignment and requirements

 Team Things to note:

 Course material is available for download from the course website

 Students may either do the project on their own or in groups (2 - 3people) Week: 1/2/3

Case Study + Discussion  Showing that cyber threats really happen and they may result in severe consequences for businesses

o Differentiating amongst the different threat agents Lecture  Defining and assessing the problems that cyber threats have

on businesses from the perspectives of confidentiality, integrity and availability (CIA)

 Identifying the various assets of a typical IT system that needs to be protected

 Understanding the 5 security objectives – Confidentiality, Integrity, Availability, Non-authentication and Non-repudiation

 Understanding and formulating threat scenarios

assessed threats

Case Study + Discussion  Examining new technologies with promises of benefits that comes with its share of security woes

Game Play  Engaging the students through game play to illustrate and put to play the concepts covered in the lecture

 Main Case Study: From SOHO to Enterprise Reference:

 Reading materials from various sources will be provided to the students one week before lecture

 Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture

Things to note:

 Students need to show clearly that cyber threats exist and the consequences of falling victim to them

 Students need to understand cyber threats from the perspectives of Confidentiality, Integrity, Availability, Non-authentication and Non-repudiation

Week: 1/2/3

Lecture  Revisiting what needs to be protected

 Formulating specific security requirements to mitigate threats surfaced, covering technical topics such as,

o Cryptography o Sever Security o DB Security o Network Security

 Drawing up IT security architectures and developing strategies while taking business goals and the 5 security objectives into consideration

Case Study + Discussion  Illustrating the complexity of balancing security needs with operational and cost considerations

 Showing the importance of having security measures implemented at the very start

Game Play  Engaging the students through game play to illustrate and put to play the concepts covered in the lecture

Main Case Study: Virtualisation and Cloud Computing Reference:

 Reading materials from various sources will be provided to the students one week before lecture

 Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture

Things to note:

 Students need to understand the importance of implementing security measures into the system architecture from the very start.

 Students need to know how to balance security requirements, operation considerations and cost

Week: 1/2/3 Lecture + Case Study +

Discussion

 Knowing and understanding the different cyber security tests and their purposes

 Understanding the need for security examination and

certification of cyber security products/technologies/solutions Lecture  Appreciating the different types of security testing and their

purpose (e.g. SSAT, PT)

 Knowing and understanding the various stages of testing that needs to be conducted on IT systems to assure that security objectives have been met. For e.g.

o Test objective definition o Test plan formulation o Test execution o Reporting

 Importance of security examination and certification Game Play

Student presentation and debrief of game play

 Engaging the students through game play to illustrate and put to play the concepts covered in the lecture

Reference:

 Reading materials from various sources will be provided to the students one week before lecture

 Additional materials covered during class activities, at lectures, will be provided to the students within the week of the lecture

Things to note:

 Students need to understand the importance of doing security examination on cyber security products/technologies/solutions

 Students need to understand the various stages of testing to ensure that security objectives have been met

 Students need to realise and appreciate the implications that secure systems have on businesses

Week: 4

Project Proposal Discussion Week: 5/6

Lecture + Discussion  Introducing what Critical Information Infrastructure (CII) is o Introducing CII Security

o Definition of CII (Singapore context)

o Differences between the Enterprise and SCADA systems

o The concerns on SCADA

 Cyber security concepts – Availability – Integrity – Confidentiality (AIC) and Confidentiality – Integrity – Availability (CIA)

 Security breaches and their impacts

o To Singapore’s national security, economy and public safety

o Looking at CIIs becoming targets at the national level

Case Studies + Discussion  Illustrating the impact of damages resulting from CIIs’ security breaches.

 Case studies presented are in order of increasing scale of damages, ranging from prankster attacks to targeted ones , from local to national level scale attacks

Reference:

 Reading materials from various sources will be provided to the students one week before the actual lecture

Things to note:

 Students need to understand what CIIs are

 Students need to understand the impact of damages resulting from security breaches and to appreciate the need to protect the CIIs

Week: 5/6 Critical Information Infrastructure Protection Lecture + Discussion  Illustrating the vulnerabilities of the control systems

(SCADA) used in CIIs

o Myth of ICS invulnerability

 Understanding how to manage the risks, threats and attacks

 Understanding the security mechanisms and the attack routes

o Improving cyber security of ICS networks o Being security aware

o Knowing the security management implementation issues and guidelines and being aware of the impression that management has of ICS security

 Being aware and understanding the heightened

vulnerabilities of the ICS due to increased interconnectivity amongst systems

Main Case Study: StuxNet Reference:

 Reading materials from various sources will be provided to the students one week before the actual lecture

Things to note:

 Students need to understand the mechanisms used to protect SCADA systems

 Students need to be aware of the industry standards

 Students need to be aware of the various current security products available in the industry Week: 7

Project Report Discussion

Week: 8 (Recess week: no class)

Week: 9 Incident Response Lecture  Incident Response Framework

o Focusing on the Incident Response Framework, its key components and the critical role that incident response play in current times.

o Understanding what is required for an Incident Response Framework to be put in place

o Knowing how to communicate with other Incident Response teams effectively and efficiently. Case Study + Discussion  APEC 2009 and the role that Incident Response played

o email headers in incident response Main Case Study: APEC 2009

Reference:

 Handbook for Computer Security Incident Response Teams (CSIRTs) by Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003

(Draft) by NIST (National Institute of Standards and Technology)

 A Step-by-Step Approach on How to Set Up a CSIRT Deliverable WP2006/5.1 (CERT-D1/D2) by ENISA

 Good Practices for Security Incident Management ENISA (European Network and Information Security Agency)

 CSIRT Services

 RFC 2350 – Expectations for Computer Security Incident Response

 SANS 504 – Hacker Techniques, Exploits and Incident Handling Things to note:

 Student need to understand the importance, the purpose of cyber incident response and the role it plays in today’s landscape

 Students need to know the key components of cyber incident response

 Students need to be aware of what is needed for efficient and effective communication with other incident response teams

Week: 10 Digital Forensics

Lecture  Cyber forensics

o Covering principles, cyber footprints , transiting from traditional static forensics to cloud-based forensics, forensics for SCADA systems, forensic challenges, virtualisation and chain-of-custody procedures o Covering the mind-set of an investigator and

examiner

Discussion  APEC 2009 incident and the applications of forensics to this case.

 Role of forensics in Incident Response Life Cycle

 Concerns of forensics investigators

 Importance of following proper chain-of-custody procedure Main Case Study: APEC 2009

Reference:

 Real Digital Forensics (Computer Security and Incident Response), Keith J.Jones – Chapter 9

 Digital Forensics for Network, Internet and Cloud Computing, Terence V. Lillard – Chapter 12

 Virtualization and Forensics, Diane Barrett – Chapter 5 – 7, 10 – 11

 Windows Forensics Analysis Toolkit, Advanced Analysis Techniques for Windows 7 3E, Harlan Carvey – Chapter 1

 Techno Security’s Guide to E-discovery and Digital Forensics, Jack Wiles – Chapter 2

 Alternate Data Storage Forensics, Tyler Cohen & Amber Schroader – Chapter 1 Hands-on/Lab:

 Academic-licensed forensic tools Things to note:

 Students need to be aware of how digital tools may be used to uncover information and critical data

 Students need to be aware of the challenges pose to forensics and uncovering of digital tracks in view of emerging new technologies such as cloud and virtualization

 Students need to understand the importance of following forensic procedures

Week: 11 Malware Analysis

Lecture  Malware 101

o Introducing various categories and types of malware, common attack vectors and mechanisms, APT, basic malware analysis processes, tools

analysis and demonstrating malware in action o Understanding the need for containment

o Knowing the importance of preserving evidence to aid in malware eradication and system recovery Case Study + Discussion +

Demonstration

 Providing a wrap-up to Cyber Response segment

 Combining both Incident Response and Malware Analysis Main Case Study: APEC 2009

Reference:

 Forensic Discovery, Dan Farmer, Wiestse Venema (Addison-Wesley Professional)

 M Trends 2010 the advanced persistent threat, Mandiant Things to note:

 Students need to have a basic understanding of malware

 Students need to understand the essential concepts of malware investigation

Week: 12

Project Report Discussion

 Report due

Week: 13 Project Presentation

Things to note:

 Students should learn from each other Week: 14 (review week: no class)

Week: 15

Final Quiz  MCQs

 Short Application Questions Things to note:

 Students may leave other the Quiz

 Students may choose to stay if they have questions

5 List of Information Resources and References

Reading materials and reference websites will be made available in the course

slides.

6 Tooling

8

Learning

Outcomes,

Achievement

Methods

and

Assessment

Information Security

Management

Course-specific core

competencies which

address the Outcomes

Faculty Methods

to Assess

Outcomes

1

Integration of business &

technology in a sector context

1.1 Business IT value linkage

skills

1.2 Cost and benefits analysis

skills

1.3 Business software solution

impact analysis skills

2

IT architecture, design and

development skills

2.1 System requirements

specification skills

Analyzing the security requirement and the vulnerabilities of the infrastructures. Deploying security tools to harden it

Projects, In-class discussions and class activities

2.2 Software and IT architecture

analysis and design skills

Analyzing the vulnerabilities of an infrastructure, the functional and non-functional

requirements of it, to harden it through the application of security concepts

Projects, In-class discussions, class activities and case studies analysis

2.3 Implementation skills

Having the various security tools and concepts to harden infrastructures

Class activities and case studies analysis

2.4 Technology application skills

Using existing technologies to harden infrastructures

In-class discussions, Class activities and case studies analysis

3

Project management skills

3.1 Scope management skills

3.2 Risks management skills

3.3 Project integration and time

in-Tool

Description

Remarks

Hex Editor

Freeware

Hands-on exercises and

demo

management skills

3.4 Configuration management

skills

3.5 Quality management skills

4

Learning to learn skills

4.1 Search skills

Study and search for

information that may be applied to their case studies,

assignments and projects

Projects and in-class activities

4.2 Skills for developing a

methodology for learning

5

Collaboration (or team) skills:

5.1 Skills to improve the

effectiveness of group processes

and work products

Y

Effectively communicate and resolve conflicts while working in a randomly chosen team

In-class discussion and activities

6

Change management skills for

enterprise systems

6.1 Skills to diagnose business

changes

6.2 Skills to implement and

sustain business changes

7

Skills for working across

countries, cultures and borders

7.1 Cross-national awareness

skills

7.2 Business across countries

facilitation skills

8

Communication skills

8.1 Presentation skills

Students will need to apply this when doing project presentation

Project and in-class activities

8.2 Writing skills

Students will need to submit a project proposal and a project report

Project

Y

YY

This sub-skill is a main focus for this course