Network and Information Security Education

Transcript

1. H. Kemal İlter, BEng, MBA, PhD Department of Management Information

   Systems Yildirim Beyazit University [email protected] hkilter.com Network and Information Security Education How can we handle it? ACM AIS IEEE INFORMS ISI SDS TBD YAD November 26, 2011 Atilim University TEN BLOCKS

2. SCIENCE. COMPUTER or Computing Science (CS), George Forsythe, 1961

3. Theory of computation Information and coding theory Algorithms and data

   structures Programming language theory Formal methods Concurrent, parallel and distributed systems Databases and information retrieval Artificial intelligence Computer architecture and engineering Computer graphics and visualization Computer security and cryptography Computational science Information science Software engineering Theoretical Applied

4. Computer Engineering Information Technologies Information Systems 1 2 3

5. Organizational Issues and Information Systems Application Technologies Software Methods and

   Technologies Systems Infrastructure Computer Hardware and Architecture Theory Principles Innovation Application Deployment Configuration Development More Theoretical More Applied The shaded area of the diagram represents the focus of typical curricula of related field of computer science 1 2 3

6. TRENDS. RECENT

7. The emergence of security as a major area of concern

   The growing relevance of concurrency Security Concurrency The pervasive nature of net-centric computing Net-Centric Computing

8. BLOCKS. TEN

9. Information Security and Risk Management • Security Management Concepts and

   Principles • Change Control Management • Data Classification • Risk Management • Policies, Standards, Procedures and Guidelines • Security Awareness Training • Security Management Planning • Ethics 1

10. Access Control • Access Control Techniques • Access Control Administration

    • Identification and Authentication Techniques • Access Control Methodologies and Implementation • Methods of Attack • Monitoring and Penetration Testing 2

11. Cryptography • Use of Cryptography • Cryptographic Concepts, Methodologies, and

    Practices • Private Key Algorithms • Public Key Infrastructure (PKI) • System Architecture for Implementing Cryptographic Functions • Methods of Attack 3

12. Physical (Environmental) Security • Elements of Physical Security • Technical

    Controls • Environment and Life Safety 4

13. Security Architecture and Design • Principles of Computer and Network

    Organizations, Architectures, and Designs • Principles of Security Models, Architectures and Evaluation Criteria • Common Flaws and Security Issues—System Architecture and Design 5

14. Business Continuity Planning and Disaster Recovery Planning • Business Continuity

    Planning • Disaster Recovery Planning • Elements of Business Continuity Planning 6

15. Telecommunications and Network Security • Communications and Network Security •

    Internet, Intranet, Extranet Security • E-mail Security • Secure Voice Communications • Network Attacks and Countermeasures 7

16. Application Security • Application Issues • Databases and Data Warehousing

    • Systems Development Controls • Methods of Attack 8

17. Operations Security • Concepts • Resource Protection Requirements • Auditing

    9

18. Law, Compliance and Investigations • Information Law • Investigations •

    Major Categories of Computer Crime • Incident Handling 10

19. H. Kemal İlter, BEng, MBA, PhD Department of Management Information

    Systems Yildirim Beyazit University [email protected] hkilter.com Network and Information Security Education How can we handle it? ACM AIS IEEE INFORMS ISI SDS TBD YAD November 26, 2011 Atilim University TEN BLOCKS