information systems security 365/765 introduction - day one

Information Security 365/765, Fall Semester, 2014

Course Instructor, Nicholas Davis, CISSP, CISALecture 1, Course Introduction

Welcome ToWelcome ToInformation Systems 365Information Systems 365

Lecture One, AgendaLecture One, Agenda• Instructor: Nicholas Davis• Review syllabus• Discuss course style• Review expectations• Let’s get to know each other• Watch a video, get assignment 1

04/10/23 UNIVERSITY OF WISCONSIN 2

The Chocolate BarThe Chocolate BarPromisePromise

• We all need energy to learn and participate

• The most successful people are those who have knowledge outside their core area of expertise

• In addition to Information Security, we are going to learn about various chocolate bars, this semester

• A new chocolate bar to sample in many classes04/10/23 UNIVERSITY OF WISCONSIN 3

Today’s Chocolate BarToday’s Chocolate BarSnickersSnickers

In 1930 Mars introduced Snickers, named after the favorite horse of the Mars family.

The Snickers candy bar consists of nougat, peanuts, and caramel with a chocolate coating. The bar was marketed under the name "Marathon" in the UK and Ireland until 19 July 1990, when Mars decided to align the UK product with the global Snickers name.


Meet YourMeet YourCourse InstructorCourse Instructor

Nicholas DavisMBA, Information Systems Analysis & Design, UW-Madison, 1998Work experience in both private and government sectorsTeaching experience at several colleges and universitiesCurrently work in the UW-Madison IT Security group at DoIT


Review SyllabusReview SyllabusThis course is designed to provide students with an introduction to the processes, technologies, tools and methods used by Information Security professionals in the enterprise environment. This is an Information Systems / Business course, not a Computer Science course. Let’s discuss why this matters.


Course ContentCourse ContentThe course materials and lectures presented will focus on the three core pillars of Information Security: Confidentiality, Integrity and Availability of enterprise data and associated services. While this course was developed with the Information Systems student in mind, many of the technologies, tools and concepts covered are tangentially applicable to other functional areas of business, such as Accounting Control Systems and Financial Auditing.


Course ContentCourse ContentThe course exposes students to situations in which sound technical knowledge, business analysis acumen and informed opinion will be used to successfully complete readings, short written assignments, the exam, and team project. An emphasis will be placed on leveraging our diverse class environment to encourage students to openly and actively participate, develop and share their individual opinions and experiences.


Course BreakdownCourse Breakdown• Introduction: Security Trends• Information Security and Risk Management• Access Control• Security Architecture and Design• Physical and Environmental Security• Telecommunications and Network Security• Cryptography• Business Continuity and Disaster Recovery• Legal, Regulations, Compliance and Investigations• Application Security• Operations Security


Upon CompletingUpon CompletingThis CourseThis Course

• Have a solid command of the processes and technologies employed in enterprise Information Security

• Have an in depth understanding of the breadth of the Information Security field and how Information Security principles are applied in the enterprise environment.

• Have an awareness of the current legislative and industry compliance challenges facing corporate IT infrastructure management

• Possess the knowledge necessary to create and present a comprehensive Security Audit, according to industry standards

• Possess the knowledge necessary to pass the CISSP exam, the most widely recognized IT Security certification


Course GradingCourse GradingExamsExams

Exams, 50 points each (total 25% of final grade, each is 12.5% of final grade.) There are two exams in this course. The exam will be multiple choice and true/false format.


Three Written AssignmentsThree Written AssignmentsThree written assignments, valued at 10% each, of final grade, total of written assignments is 30% of final grade. Written assignments serve several purposes. •Demonstrate that you absorbed material•Help build your ability to convey technical subjects in clear terms•Provide balance to exams


Course GradingCourse GradingTeam PresentationTeam Presentation

In class team Powerpoint presentation on security breach. 100 points (25% of final grade.) The team will receive one grade for their overall work on the project and that grade will be replicated out to each individual team member.


Course GradingCourse GradingIn Class ParticipationIn Class Participation

In class participation 80 points (20% of final grade.) The sharing and exchange of ideas in person, is a valuable learning tool. Don’t be afraid to speak up and share your thoughts and opinions. Doing so will enhance the in-class learning experience for everyone!04/10/23 UNIVERSITY OF WISCONSIN 14

A Note About AttendanceA Note About AttendanceAttendance is half of your participation grade, so coming to class is a good idea.

We have a sign-in sheet, which will be passed around, every class.


““80% of life is showing up”80% of life is showing up”

I made the statement years ago which is often quoted that “80 percent of life is showing up”. People used to always say to me that they wanted to write a play, they wanted to write a movie, they wanted to write a novel, and the couple of people that did it were 80 percent of the way to having something happen. All the other people struck out without ever getting that pack. They couldn’t do it, that’s why they don’t accomplish a thing, they don’t do the thing, so once you do it, if you actually write your film script, or write your novel, you are more than half way towards something good happening. So that I was say my biggest life lesson that has worked. All others have failed me.


Course GradingCourse GradingSummarySummary

Summary of grading Total possible points Percent of final grade

Exam 1 50 12.5%

Exam 2 50 12.5%

Assignment 1 40 10%

Assignment 2 40 10%

Assignment 3 40 10%

Team presentation 100 25%

Class participation 80 20%

--------------------------------------------------------------------------------------------Total 400 100%


Course GradingCourse GradingWhy Use This Method?Why Use This Method?

• Balance between exams, presentations, participation and written assignments

• Helps ensure consistent learning, as opposed to cramming at the last minute

• Motivates class attendance and participation

• Results in better long term retention of material


Final GradesFinal Grades

Grading Scale Letter Grade GPA Percentile

380-400 Points A 4.0 95% to 100%360-379 Points A/B 3.5 90% to 94%340-359 Points B 3.0 85% to 89%320-339 Points B/C 2.5 80% to 84%300-319 Points C 2.0 75% to 79%280-299 Points D 1.0 70% to 74%0-279 Points F 0.0 0% to 69%


Academic MisconductAcademic MisconductSummary: Be honestSummary: Be honest

Academic misconduct is a serious issue. If you are not already familiar with the UW-Madison standards and polices surrounding academic misconduct, please thoroughly read the following information: http://www.wisc.edu/students/saja/misconduct/UWS14.html

Summary point 1: Be honestSummary point 2: Bad things happen when you are dishonest


Instructor’s PromisesInstructor’s PromisesTo StudentsTo Students

Provide the students with a quality learning experience, enhancing your knowledge and skill-set in the area of Information Security. If for any reason you are displeased with the course for any reason, you are strongly encouraged to let the instructor know of your concerns, so that we can make beneficial changes in real-timeReturn your assignments and exams in a timely mannerBe available for office hours at times which fit best into your scheduleWork hard to ensure that you have a valuable learning experience, in an open, fun and relaxing classroom environment


Instructor’s RequestsInstructor’s Requestsof IS 365/765 Studentsof IS 365/765 Students

Attend class, except in the case of emergenciesBe engaged in the subject matter being taught, read class materials. ask questions, share opinions, etc.Be polite to your peers in the classroomDon’t engage in academic misconductBe open and honest with the instructor


Let’s Get To KnowLet’s Get To KnowEach OtherEach Other

When I was a student at UW-Madison, I met my best friends in classNotice, you do have FERPA rights, so you are not required to participate in this exerciseLearning opportunity: What is FERPA?NameWhere you are fromYour hobbiesYour favorite foodWhy you chose to take this class


QQuestion & Answer uestion & Answer SessionSession

You are my customer, and therefore deserve the very best teaching experience possible. After all, you are paying for itDo you have questions for me?Do you have comments or concerns about the material covered today?How can I best help you ensure success in this course?Are you ready for a really fun semester?


Thoughts AboutThoughts AboutThis OpportunityThis Opportunity

You are only a college student one time if your lifeYou are fortunate to be here, and UW-Madison is fortunate to have you hereYou are smart people, capable of amazing thingsYou can all be highly successful in this classLet’s make the most of this opportunity04/10/23 UNIVERSITY OF WISCONSIN 25

Note Taking is Not Note Taking is Not RequiredRequired

Note taking is old fashioned!Why force you to make 30 individual copies of the material covered in class?Save that energy for class discussions!Instructor will send you copies of the Powerpoint slides and reading material by email, after class, each session.


You Are ImportantYou Are ImportantYou Are the FutureYou Are the Future

You are ALL smart people, otherwise you would not be at the University of Wisconsin-MadisonYour thoughts and ideas are good and they matterYour age is not an indicator of your abilityI am lucky to have you in this class!


The Key To Success IsThe Key To Success IsRelating To Subject MatterRelating To Subject Matter

Textbooks are boring and abstractTo do well in class, the students must care about the materialIn order to care about the material, it must seem relevant and applicableI will send follow up reading material after each lecture, in case you found anything confusing, or want further detail.Exams are based only on material presented in class


Advice for College Students Advice for College Students Abroad Abroad

Be Aware of Foreign Be Aware of Foreign Intelligence ThreatIntelligence ThreatStudents are targets

Being able to relate to subject matter will help you learnShriver Case: A Textbook Case of Recruitment


No Discrimination In theNo Discrimination In theClassroomClassroom

This is an Information Security classMany American examples of computer espionage, focus on a threat from ChinaEVERY country has spies. The US spies, just like China does, just like France does, just like Russia does, just like Germany doesThe following example happens to involve China04/10/23 UNIVERSITY OF WISCONSIN 30

Our Classroom Does NOTOur Classroom Does NOTTolerate PrejudiceTolerate Prejudice

All students deserve respect!Prejudicial comments about another country’s culture are not fitting for intelligent students to make, and will not be tolerated in the classroomWe are all friends in this class


Let’s Watch the StoryLet’s Watch the StoryWritten Assignment #1Written Assignment #1Don’t worry about taking notes, you can watch the video again, laterhttps://www.youtube.com/watch?v=TEYRLDvJaxohttps://www.youtube.com/watch?v=Fw8ZorTB7_o


Keep the Following Keep the Following QuestionsQuestionsIn MindIn MindHow do foreign intelligence

officers routinely interact with students?

What can students do to protect themselves while studying abroad?


Written Assignment #1Written Assignment #1Due September 11thDue September 11th

You may choose to answer each question explicitlyOr, you may choose to write a more general essay, using the provided questions as a general guideI prefer the second option


A Few Last ThingsA Few Last Things

Information Security is an exciting area, and a great class to talk about during job interviews, since people interested in IT Security are in high demand.You are the customer!If you have any difficulties, please do not be afraid to ask for help. I can meet with you at any time.You matter a lot to me. Please provide timely, open and continual feedback.


Contact InformationContact Information

Nicholas [email protected]. 608-347-2486


information systems security 365/765 introduction - day one

Education

course introduction

course instructor

computerscience course

information systemsstudent

comprehensive security

technical knowledge

knowledge necessary

work experience