Short Course: Security Policies and Practices for the IT Professional
COURSE DESCRIPTION:
This course provides IT professionals with the background necessary to understand organizational security and privacy policies. The goal of the course is to educate employees about the nature and scope of organizational security policies, and acquaint them with security practices deployed to address concerns with respect to protecting their data and the assets of their organization. An employee with a better understanding of these issues is more likely to realize the importance of complying with an organization's security practices. The course will focus on acceptable use policies for organizational equipment, disclosure policies for sensitive information, encryption policies, anti-virus and email protection policies, auditing and email retention, DMZ security policies, web browsing, password protection, remote access, router, server and VPN policies, privacy concerns, intellectual property, legal issues, and ethics.
PREREQUISITE: Familiarity with computers and applications
HIGH-LEVEL COURSE OUTLINE AND TIMETABLE:
6 web or live sessions of 50 minutes including quizzes, discussions, and examples.
- Security Policies and Practices: Introduction
- Need for Organizational Security and Privacy Policies
- Organizational Assets
- Defining Acceptable Use, Liability
- Common Vulnerabilities, Threats, and Attacks
- Policy Compliance and Implementation
- Protecting Equipment
- Application Service Provider Policies and Standards
- DMZ Equipment Policy
- Physical Security
- Protecting Access to Information
- Password Protection
- Database Access Credentials
- Email Policy
- Extranet Policy, Remote Access
- Information Use Policies
- Server Security Policies
- Information Sensitivity, Encryption Use Policies
- Anti-Virus Protection
- Router Security Policies
- Audit Vulnerability and Scanning
- Email Retention
- Information Dissemination Policies
- VPN Security Policies
- Web Browsing Policies
- Wireless Security Policies
- Privacy, Legal Issues, Ethics
- Privacy Policies, Disclosure Agreements
- Intellectual Property
- Copyright Issues
- Ethics
Instructor Biography
Roy H. Campbell is Abbasi Professor in Computer Science in the Department of Computer Science at the University of Illinois. He is an IEEE Fellow, a member of the ACM, and a member of IFIP Working Group 10.3. He received his Honors B.S. Degree in Mathematics, with a Minor in Physics, from the University of Sussex in 1969 and his M.S. and Ph.D. Degrees in Computer Science from the University of Newcastle upon Tyne in 1972 and 1976, respectively. In 1976 he joined the faculty of the University of Illinois. He has supervised the completion of 31 Ph.D. dissertations and over 123 M.S. theses. He is the author of over 228 research papers on security, programming languages, software engineering, operating systems, distributed systems, and networking. His past research accomplishments include path expressions, various deadline and error recovery mechanisms for asynchronous processes, the Choices object-oriented operating system, the VDP protocols for streaming audio and video used by Vosaic LLC, dynamic TAO, 2K (a distributed object operating system), UIUC Sesame (a Java implementation of Sesame security protocols), and the Seraphim active security policies. His current research projects include the Gaia project on active spaces, authentication for mobile sensors, security interoperability, security policies, and active security in active networks. He is an active participant in the department's distance learning program.
Professor Campbell is director of the NSA-designated University of Illinois Center of Academic Excellence in Information Assurance Education.