Network Management Spring 07

CPSC 6167Network Risk Assessment – Spring‘07

Instructor:

Name / Office / Email / Phone / Office hours
Dr. Yan Bai / CCT 430 / / 706.568.5376 / 10:00a.m.-12:00p.m. on Monday and Wednesday
3:00p.m.-5:00p.m. on Thursday

Class Schedules:
This is an on-linecourse. All students enrolled in this course do not have regularly scheduled class meetings, but should check the course Vista website on a regular basis.

Class Homepage:
Course materials (syllabus, handouts, assignments, exams, announcements, and grading) will be available through WebCT Vista (

Textbook:

Title: Information Security Risk Analysis, 2nd edition
Author: Thomas R. Peltier
Publisher: Anerbach
ISBN: 0849333466

Title: Network Security Assessment, 1stedition
Author: Chris McNab
Publisher: O'Reilly
ISBN: 059600611X

Syllabus and Grading Policy

Catalog Description:
As described in the CSU catalog (

This course introduces risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. Introduction to issues associated with physical site security. This includes an introduction to standard risk analysis tools, such as PARA and FRAP.Prerequisite: CPSC 6126 (Information Systems Assurance).

Learning Objectives:

1. Students will learn how to identify, assess and manage risks to computer network systems.

2. Students will understand that the software process is a part of a company’s overall business model and will learn to view vulnerabilities in software in terms of risks to the company.

3. Students will examine the company’s ability to manage software risk.

4. Students will identify feasible methods for managing the company’s software risk and will develop and present plans to reduce that risk.

5. Students will explore the strategies for relating to upper-level management and placing software issues within the overall business strategies of the company.

Methods of Instruction:

• Readings. Students will read the textbook and other supplemental materials such as class handouts.
• Assignments. There will be 8 homework assignments. Assignments build upon the concepts covered in the textbook and may involve hands-on work. Assignment submissions are via WebCT Vista. Only the 7 best are considered toward the assignment total. Assignment deadlines are not flexible for any reason. I understand that sometimes delays are unavoidable; hence, provision has already been made for the worst grade to be dropped. Late assignments are not accepted for credit.
• Survey papers. Students must complete 3 survey papers (roughly 6 pages)for the assigned topics and will peer review each other's papers. This review will be double blind (you don't know whose paper you review and you don't know who reviewed your paper). The reviews of your paper will not contribute to your grade. However, the quality of your reviews of other papers will contribute to your grade.It is critical that the papers are turned in on time since other students need to review your paper. Late paper will not be accepted and a grade of zero will be given.As this course develops, more details will be provided via the WebCT Vista announcement.
• Internet take-home exams. There will be 2Internet take-home examsas shown in the course schedule.Students will download the exam from WebCT Vista, take the exam at home and then upload the answer file within the prescribed time limit. The exams will be open textbook,so that a proctor will not be required.

Student Responsibilities:

Each student is responsible for:

• managing your time and maintaining the discipline required to meet course requirements
• covering all assigned readingsin a timely manner
• completing all assignments, survey papers and exams
• reading any e-mail sent by me and responding promptly
• logging in to WebCT Vista at least thrice a week to study new developments

Assessment Criteria

Assignments 40% (may involve lab work)

Survey Paper 1 10%

Survey Paper 2 10%

Survey Paper 3 10%

Two Exams 30%

------
Total: 100%

100% - 90% A
89% - 80% B
79% - 70% C
69% - 60% D
below 60% F

Tentative Course Schedule:

Week # / Topics / Work Due
1-- 1/8 / syllabus; familiarization with WebCT Vista tools / Read Syllabus;
Assignment 0
2-- 1/15 / Peltier: Ch.1; McNab: Ch.1;
Survey paper 1 / Assignment 1(Asn1)
3 -- 1/22 / Peltier: Ch.2; McNab: Ch.2 / Asn2
4 --1/29 / Peltier: Ch.3; McNab: Ch.3 / Asn3
5 -- 2/5 / Peltier: Ch.4; McNab: Ch.4;
Survey paper 2 / Survey Paper 1(Due date: 2/5/2007)
6 -- 2/12 / Peltier: Ch.4 (cont’d); McNab: Ch.5; / Asn4
7 -- 2/19 / Peltier: Ch.5; McNab: Ch.6 / Peer-review of Survey Paper 1 (Due date: 2/19/2007)
8 -- 2/26 / Mid-term exam (Peltier: Ch. 1-5, McNab: Ch. 1-6) / Midterm
9 -- 3/5 / McNab: Ch.7 and Ch.8;
Survey paper 3 / Survey Paper 2(Due date: 3/5/2007)
10 -- 3/12 / Peltier: Ch.6; McNab: Ch.9 / Asn5
11 -- 3/19 / Peltier: Ch.6 (cont’d); McNab: Ch.10 / Peer-review of Survey Paper 2 (Due date: 3/19/2007)
12 -- 3/26 / Peltier: Ch.7; McNab: Ch.11 / Asn6
13 -- 4/2 / Peltier: Ch.8; McNab: Ch.12 / Survey Paper 3(Due date: 4/5/2007)
14 -- 4/9 / Peltier: Ch.8 (cont’d); McNab: Ch.13 / Asn7
15 -- 4/16 / Peltier: Ch.9 ; McNab: Ch.14 / Peer-review of Survey Paper 3(Due date: 4/19/2007)
16 -- 4/23 / Peltier: Ch.10 ;
Final exam review(Peltier: Ch. 6-9, McNab: Ch. 7-14) / Asn8
17 -- 4/30 / Final exam / Final exam(Due date: 5/1/2007)

** The assignment and discussion will be released on Thursday (due the following Thursday,before 11:59 p.m. EST),but occasionallythe date can be changed according to the class schedule.

Other Policies

Make-up Exams:
Make-up exam will be given upon presentation of a note from a medical doctor statingthat thestudent is unable to attend exam. Make-up exams will be arranged before the exam date.

Website Policy:

You are responsible for visiting the course website frequently. "I don't know" or "I didn't see" is not an excuse. I will not accept such excuses for not keeping up with policy changes, checking the exam dates and assignment due dates, and noticing announcements that will be posted on the website.

CSU's ADACompliance Statement:

If you have a documented disability as described by the Rehabilitation Act of 1973 (P.L. 933-112 Section 504) and the Americans with Disability Act (ADA) that may require you to need assistance attaining accessibility to instructional content to meet course requirements, we recommend that you contact the Center for Academic Support in Tucker Hall, room 100 or at (706)568-2330, as soon as possible. The Center for Academic Support can assist you and the instructor in formulating a reasonable accommodation plan and provide support in developing appropriate accommodations for your disability. Course requirements will not be waived but reasonable accommodations may be provided as appropriate.

Online Etiquette

CSU is committed to open, frank, and insightful dialogue in all of its courses. Note that the online interface hides cues such as inflection, facial gestures, intonation and body language. Diversity has many manifestations, including diversity of thought, opinion, and values. Students are encouraged to be respectful of that diversity and to refrain from inappropriate commentary. Should such inappropriate comments occur, I will intervene as needed. University disciplinary action may be recommended if deemed appropriate. Students as well as faculty should be guided by common sense and basic etiquette. The following are good guidelines to follow:

• Never post, transmit, promote, or distribute content that is known to be illegal.
• Never post harassing, threatening, or embarrassing comments.
• If you disagree with someone, respond to the subject, not to the person.
• Never post content that is harmful or abusive; racially, ethnically or religiously offensive; vulgar, sexually explicit or otherwise potentially offensive to readers.

Academic Dishonesty:
Academic dishonesty includes, but is not limited to, activities such as cheating and plagiarism ( Dishonesty/Academic Misconduct). It is a basis for disciplinary action. Any work turned in for individual credit must be entirely the work of the student submitting the work. You may share ideas but submitting identical assignments (for example) will be considered cheating. You may discuss the material in the course and help one another with concepts; however, any work you hand in for a grade must be your own. A simple way to avoid inadvertent plagiarism is to talk about the assignments, but don't read each other's work or write solutions together. For your own protection, keep old versions of assignments to establish ownership until after the assignment has been graded and returned to you. If you have any questions about this, please contact me immediately. For assignments, access to notes, the course textbooks, books and other publications is allowed. All work that is not your own MUST be properly cited. This includes any material found on the Internet. Stealing, giving or receiving any code, diagrams, drawings, text or designs from another person (CSU or non-CSU, including on the Internet) is not allowed. Having access to another person’s work on the computer system or giving access to your work to another person is not allowed. It is your responsibility to keep your work confidential.

No cheating in any form will be tolerated. The penalty for the first occurrence of academic dishonesty is a grade of F in this course. Other penalties include suspension from the Computer Science program at CSU and/or dismissal from the program. All instances of cheating will be documented in writing in the university records. Students will be expected to discuss the academic misconduct with the faculty member and the chairperson of the department. For more details see and the Student Handbook:

Read about the rules also from TSYS Computer Science Department ( I will enforce a zero tolerance policy. Period!