COURSE # SOO-617
INFORMATION SECURITY AND SOFTWARE RISK MANAGEMENT
A comprehensive review of current risk management and security methods used in today's global communications.
The expanding use of computers, increasing software sophistication, and the explosive growth of the Internet, World Wide Web, and Web-oriented applications necessitates improved product reliability through a systematic approach to software and systems risk management. Software, systems, and information -- the lifeblood of many businesses in the Information Age -- are increasingly at risk, as the historical approaches to security and risk management become increasingly inadequate. Consequently, the evolution of methodologies focusing on software risk management at the Enterprise level has been receiving increasing attention, and the need for a comprehensive risk management programs has become a necessity.
Applications and benefits:
You will benefit by enhancing your understanding of the :
- Types of risk and types of controls available to counter them.
- Cryptology and encryption theory and practice.
- Key elements of a Risk Management program.
- Technical controls for risks in networks and e-mail.
- Use of risk controls within process improvement models and software lifecycle models.
- Legal, moral and ethical concerns in Risk Management.
Who should attend:
This course describes current industry practices and the latest advances in Software Risk Management. The course will benefit Program Managers, Project Managers, Systems Analysts, Software Developers, and Users engaged in the development of modern software and software-based systems.
Course Outline:
- Information Age and Risks
- Threat Awareness; Exposures
- Vulnerabilities
- Threats, and Risks
- Effects of Technological Change
- Distributed Architectures
- Internet, WWW, NII
- Sophisticated Software
- Risk Principles
- What is At Risk
- Types of Risks
- Computer Crime
- Types of Controls
- Risk Management
- Impact of Software Design
- Case examples
- Cryptology
- Terminology & History
- Types of Encryption
- Substitutions
- Transpositions
- Cryptanalysis
- Underlying Mathematics
- Secret Key Cryptography
- Public Key Cryptography
- Hashes
- Authentication
- Class exercise
- Encryption Usage
- Application Tradeoffs
- Secret Key
- Public Key
- Hashing
- Digital Signature
- Prevalence of Use
- Algorithms
- DES
- RSA
- MD4
- DSS
- Brute Force Attacks
- Algorithm Weaknesses
- Key Length
- Work Factors
- Intranets
- Multilevel Security
- Tunneling
- Technical Controls
- Operating System/System Software
- Mainframe
- Distributed
- PC
- Network Based
- Databases and DBMSs
- Security Protocols
- Identification and Authentication
- Network Security
- Email Security
- Intrusion Detection
- Audit Trails and Audit Reduction
- Trust
- Partitions and Isolation
- Redundancy and Mirroring
- Kernels
- Covert Channels
- Case Study
- Risk Management Program
- Need for Balance
- the Risk Management Triad
- Education and Training
- Policy
- Technical
- Metrics
- Risk Assessments
- Risk Planes
- Economic Tradeoffs
- Software Methods and Practices
- Software Development TQM
- Personnel Practices
- Physical Security
- Auditing
- Virus Response
- External Assistance
- SEI CMM
- CERT
- SWE Models
- NCSC
- Team assignments
- Class problem
- Legal, Moral, Ethical Concerns
- Privacy
- Copyrights
- Obscenity
- Freedom of Speech
- Security & Law Enforcement
- Encryption Export Controls
- Key Escrow
- Legal Jurisdictions
- Crime Definition
- Laws Lag Technology
About the Instructor
Dr. Chris Napjus has been employed by the U.S. government since 1979, and has been a member of the Senior Executive Service since 1983. He currently holds the position of Technical Director for the Chief Information Officer (CIO) Organization, and serves as a Chief IT Architect for his agency. His previous appointments include Chief of
Software Engineering; Chief of ADP Plans, Architectures, and Technology; Technical Director for Telecommunications; and Technical Director for Information Technology. Over the past seven years he has been heavily involved in all aspects of networked information security, including definition of a comprehensive agency-wide security. Prior to joining
government service, Dr. Napjus held leading technical and management positions in private industry for 12 years. Dr. Napjus holds a B.A. in mathematics from Cornell University; a Ph.D. in Computer Science from the University of Washington; and an M.B.A. (honors) from Bryant College. He holds the position of Associate Professor on the adjunct
Graduate faculty of the University of Maryland (University College).
Details:
Course: SOO-617 Duration: 3 Days FEE: $1,399 CEUs: 2.16
Please direct any additional inquiries regarding this course to Anita Hellstrom, Program Coordinator, by e-mail, FAX: (636) 273-4955 or TELEPHONE: (636) 273-9608.
Call toll free 1-800-683-7267 from anywhere in the Continental U.S. or CANADA.
Last modified June 23, 2004.
