INFOSEC

CPSC 431:  Information Security Management

Course Description

The study of management in information security, including planning, policy and protections is covered.  Topics include planning for security, information security policy, developing security program, access control, cryptography, risk management, information security administration and incident handling and response.  Both commercial practices and federal government policies for classified information will be explored.  Prerequisites CPSC 160, CPSC 375 and CPSC 385 with grades of C or better.

Textbook

    Michael E. Whitman and Herbert J. Mattord, Management of Information Security, Edition: 1, Thomson, Course Technology, ISBN: 0-619-21515-1

    Ronald L. Krutz, Russell Dean Vines, The CISSP Prep Guide, Edition: 2, Wiley, ISBN: 0-7645-5915-x

Lecture Notes

Chapter 1: Introduction to the Management of Information Security
Chapter 2. Planning for Security
Chapter 3. Planning for Contingencies
Chapter 4. Security Policy
Chapter 5. Developing the Security Program;     Cryptography
Chapter 6. Security Management Models and Practices;     E-mail Security
Chapter 7. Risk Management: Identifying and Assessing Risk
Chapter 8. Risk Management: Assessing and Controlling Risk
Chapter 9. Protection Mechanisms;     IPSec;     Web Security
Chapter 10. Personnel and Security
Chapter 11. Law and Ethics
Chapter 12. Information Security Project Management

Supplemental Materials

Labs

Exercises

    Homework on Access Control: DAC, MAC, and RBAC

Discussions

 IA Academic Links

IA Journals