RIS420 Course Outline

Course Code: RIS420
Course Name: Risk Management: Public and Private Systems
Offered Date: Winter - 2021 | Other versions
Print Outline
Course Description:
Security within a business context (authorization, authentication, and protection) must be concerned with achieving a reasoned balance between ease of access and use. This course will provide the student with opportunities to consider and assess the risks involved in making computing and networking systems available on LAN.
Credit Status: 1 credit in the IFS program.
Prerequisite: OPS300, SPR300, DCN330
Mode of Instruction: 4 hours lab/lecture per week.
Learning Outcomes:
  •     Describe vulnerabilities and potential system threats
  •     Demonstrate tools, methods, and notations for securing computing and networking systems
  •     Evaluate relevant computing platforms and environments on their ability to be secured
  •     Describe the preservation of business continuity before, during, and after attacks
  •     Assess the strengths and weaknesses of available security techniques
  •     Create strategies that enable and enhance predictive skills, assessment, planning, and response
  •     Predict the implications and consequences of security measures to counter attacks within a business
  •     Justify the provisioning of systems within the professional, legal, and ethical environment in which they are to be deployed
Employability Skills:

    •  Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.|    •  Respond to written, spoken, or visual messages in a manner that ensures effective communication.|    •  Execute mathematical operations accurately.|    •  Apply a systematic approach to solve problems.|    •  Use a variety of thinking skills to anticipate and solve problems.|    •  Locate, select, organize, and document information using appropriate technology and information systems.|    •  Analyze, evaluate, and apply relevant information from a variety of sources.|    •  Show respect for diverse opinions, values, belief systems, and contributions of others.|    •  Interact with others in groups or teams in ways that contribute to effective working relationships and the achievement of goals.|    •  Manage the use of time and other resources to complete projects.|    •  Take responsibility for one's own actions, decisions, and consequences.|
Topic Outline:
  • Assets, threats, countermeasures
  • Vulnerabilities
  • High profile assets (powerful cpu, large disk space, high bandwidth)
  • Assets of value
    •         ROI (return on investment)
    •         legal issues
    •         espionage
  • Systems attacks
    •         server (direct attack)
    •         network (disruption or manipulation)
    •         operating systems (e.g. attacks on file sharing
    •         services (indirect attack on server through services
    •         applications (subversion of legitimate functionality)
    •         clients (backdoors, credential theft, data theft, impersonation to gain access to systems)
    •         non technical threats to systems through social engineering
  • Defending systems
    •         design (deflated privilege, fail safes, audits)
    •         independent layered defenses
    •         detection
    •         quick response to new threats
    •         preparation (prepared policies and procedures
    •         practices disaster recovery
  • Digital Identities and Identity Management: benefits, misuses, threats, and countermeasures
  • Securing centralized credentials and authentication, and shared resources
  • Access Control Lists: traditional and XML
  • Preparation and responses to:
    •         DOS and DDOS attacks
    •         network injection and spoofing attacks
    •         buffer overflow exploits
    •         input validation attacks
    •         privilege escalation
    •         canonicalization error exploits
    •         trojan, worm, and virus attacks
  • TCP wrappers, certificates, and encryption
  • Securing electronic mail
  • DNS vulnerabilities and responses
  • Penetration testing and Disaster Recovery Planning and practice
  • 'Availability, Authenticity, Confidentiality, Integrity, Utility and Possession' (D.B.Parker, 1998): a look at security beyond CIA
Prescribed Text(s):
  • Attacking Network Protocols
    by James Forshaw
    ISBN: 978-1-59327-750-5
    Published by No Starch Press, 2017
  • Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework
    by Jessey Bullock, Jeff T. Parker
    ISBN: 978-1-118-91821-0
    Published by Wiley, 2017
     
  • Hacking:The Art of Exploitation
    by Jon Erickson
    ISBN-13: 978-1-59327-144-2
    Published by No Starch Press, 2008
Reference Material:
  • Day, Kevin. Inside the Security Mind. Prentice Hall, 2003. (required in next Managed Risk course) ISBN: 0-13-111829-3
  • Security Metrics by Andrew Jaquith; ISBN 0-321-34998-9 published by Addison-Wesley
  • The Web Application Hacker's Handbook: Discovering and Exploiting by Stuttard and Pinto published by John Wiley & Sons; ISBN 0-470-17077-8.
Supply:
  • Computer harddrive and removable cage of suitable size, or laptop computer with suitable free harddrive space
  • Operating System Kit: includes some computer operating systems and open source software (e.g. firewalls, VPN, etc) to be evaluated during the course
Promotion Policy:
To obtain a credit in this subject, a student must:
  •     Satisfactorily complete all assignments
  •     Pass the weighted average of all assessments
  •     Pass the final exam
  •     Pass the weighted average of the exam and tests

http://www.senecacollege.ca/about/policies/student-progression-and-promotion-policy.html

Grading Policyhttp://www.senecacollege.ca/about/policies/grading-policy.html

A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
OR
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices.(https://www.senecacollege.ca/registrar.html).


Evaluation:

Class activity                                       15%

Labs                                                    20%

Project                                                 20%

Midterm                                               20%

Practical Exam                                    25%
Approved By:
Suzanne Abraham
Cheating and Plagiarism:
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecacollege.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.
Discrimination and Harassment:
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.
Accomodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.