|
September 28 |
Introduction: the cybersecurity challenge |
|
|
Lecture slides ( pdf | ppt )
Course info handout ( pdf | doc ) |
|
October 5 |
Technology and policy 101 |
|
|
Technology 101 - Lecture slides ( pdf )
Policy 101 - Lecture slides ( pdf | ppt )
Required readings
How Does the Internet Work? : An introductory yet in-depth description of how major components of the Internet infrastructure operate.
CNET: Bush unveils final cybersecurity plan : Overview of the National Strategy to Secure Cyberspace, and includes optional links to critiques of the plan.
2005 GAO Congressional Report: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities : A review of the Homeland Security department's progress to date on cybsercurity, including an interesting back-and-forth with DHS. Only the "Results in Brief" section (pp. 6 - 8 in the PDF) is required. |
|
October 12 |
An industry perspective on cybersecurity |
|
|
Guest speaker: Stephen Hansen, former security officer at Google and Stanford |
|
|
Lecture slides ( pdf )
Required readings
How to spend a security dollar
:
One view of how a company should spend its budget for IT security. While reading, make a note of areas you think need either more or less money than the author suggests.
The Enemy Within : Discusses internal threats that companies face.
Companies adapt to a zero day world :
Article describing the challenge faced by corporations by the potential for a "zero-day exploit", one which is release before a patch is available. |
|
October 19 |
Information security reality in the enterprise |
|
|
Guest speaker: Tim Mather,
VP of Technology Strategy,
Symantec |
|
|
Lecture slides ( pdf ) |
|
October 26 |
Cybersecurity and law |
|
|
Guest speaker: Jennifer Granick, Stanford Law School |
|
|
Lecture slides ( pdf )
Required Readings
18 U.S.C. 1030 - The Computer Fraud and Abuse Act : US federal law outlining illegal behavior on computer systems, serving as an introduction to the concept of unauthorized access.
eBay, Inc v. Bidder's Edge : A 2000 court case in which eBay claims that the use of automated querying of their auction database by auction-aggregation site Bidder's Edge constituted unauthorized access. Pay particular attention to the case background (Section I) and the portion of the case dealing directly with trespass (Section II.B.1).
Breach case could curtail web flaw finders : An article about a security consultant who was prosecuted after uncovering flaws in USC's online application software. A complement to Jennifer Granick's Wired News column on the topic. |
|
November 2 |
Market incentives and security metrics |
|
|
Guest speaker: Kevin SooHoo, PacketMotion |
|
|
Lecture slides ( pdf )
Required Readings
The Role of Economic Incentives in Securing Cyberspace: Draft paper authored in part by our guest speaker that examines the economic incentives of critical infrastructure protection and makes an argument for a change in direction for national cybersecurity policy.
A Guide to Security Metrics: Introduction to the important field of security metrics, from the SANS Institute.
Optional Reading
Why Information Security is Hard - An Economic Perspective: An often cited paper by Ross Anderson on the impact of economic incentives in information security.
Rootkits: The growing threat : A McAfee white paper on rootkits.
SAGE Report: Report on open source and threats.. |
|
November 9 |
Cybersecurity threats |
|
|
Guest speaker: Lieutenant Commander Chris Eagle, U.S. Naval Postgraduate School |
|
|
Lecture slides ( not yet available )
Required Readings
Organization for Internet Safety: Guidelines for security vulnerability reporting and response
Full Disclosure Policy (RFPolicy) v2.0
Is finding security holes a good idea? : Well-known RTFM paper by Eric Riscola.
The 3 Dirty Little Secrets of Disclosure No One Wants to Talk About : A Securosis op-ed on full disclosure.
Mac Wi-FI: Gruber Needs to Let It Go (and Maynor and Ellch Should Ignore the Challenge) : A Securosis op-ed on the Mac Wi-Fi hack debate.
Thread on D.J. Bernstein's hacking course project : Please your way through thread using "next in thread").
eEye Upcoming Advisories : eEye site that tracks vendor responses to security vulnerabilities.
The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) : A Time Magazine article about the TITAN RAIN attack on U.S. military computer systems.
|
|
November 16 |
A future critical information infrastructure |
|
|
Guest speaker: David Alderson, California Institute of Technology |
|
|
Lecture slides ( pdf )
Required Readings
FIND (Future Internet Network Design) is a major new long-term initiative of the NSF NETS research program to provide funding for “clean slate” redesign of a next-generation Internet. The kickoff meeting was held December 5, 2005. Have a look at the following:
Robustness and the Internet: Design and Evolution: A paper looking at complexity and robustness issues within the Internet infrastructure and how we can change the architecture to meet future design requirements.
GovNet, What is it good for? : Wired article looking at another approach. GovNet is a proposal for the creation of a separate and highly secure network infrastructure for government use.
|
|
November 30 |
Liability, negligence and cyberinsurance |
|
|
Guest speaker: Erin Kenneally, San Diego Supercomputing Center |
|
|
Lecture slides ( not yet available )
Required Readings
Stepping on the Digital Scale: Duty and Liability for Negligent Internet Security : Overview of liability law, and analysis of the potential effects on liability on cybersecurity stakeholders. |
|
December 7 |
Cybersecurity debate |
|
|
Final Assignment: Legislative Policy Analysis (due in class December 7)
Corporate Information Security Accountability Act of 2003 (CISAA): Text of Legislation, Congressman Adam Putnam. U.S. House of Representatives. 2003.
"Cybersecurity legislation may go to Congress," Grant Gross. Computer World. September 2003. |