Lecture Slides
Click here to download lecture slides.

Suggested Readings

Sans Top 20 Vulnerability List
An evolving list citing the top 10 vulnerabilities in both Windows and Linux systems.  Scan this article and pay particular attention to the description of the vulnerability and the details of what must be done to mitigate the vulnerability. 

Required Readings

How to Spend a Security Dollar
This article provides one view of how a company should spend its budget for IT security.  While reading, make a note of areas you think need either more or less money than the author suggests.

Suggested Readings

Companies Adapt to a Zero Day World
Article describing the challenge faced by corporations by the potential for a "zero-day exploit", one which is release before a patch is available. 

Lecture Slides
Click here to download lecture slides.

Required Readings

Critical Information Infrastructure Protection and the Law (pages 8-24) : Covers a brief introduction to critical information infrastructure protection and explores the key issue of information sharing within a public-private cybersecurity partnership. 

The National Strategy to Secure Cyberspace : The guiding document for the US government’s cybersecurity efforts.  Outlines the threat and the government’s initiatives focusing on a public-private partnership and information sharing.  The 10 page Executive Summary is required, but the remainder of the document will be extremely helpful in being able to critically analyze the ideas presented in the plan. 

Suggested Readings

US Cybersecurity Chief Resigns : Article covering the resignation of Amit Yoran as the head of DHS cybersecurity efforts, citing frustrations concerning the importance of cybersecurity within DHS. 

DHS moves ahead with cybersecurity R&D efforts : Article outlining major DHS R&D initiatives within cybersecurity. 

Progress and Challenges in Securing the Nation’s Cyberspace : A July of 2004 report by the Office of the Inspector General analyzing the progress DHS has made toward improving national cybersecurity. 

Required Readings

18 U.S.C. 1030 - The Computer Fraud and Abuse Act : US federal law outlining illegal behavior on computer systems, serving as an introduction to the concept of unauthorized access.

eBay, Inc v. Bidder's Edge : A 2000 court case in which eBay claims that the use of automated querying of their auction database by auction-aggregation site Bidder's Edge constituted unauthorized access.  Pay particular attention to the case background (Section I) and the portion of the case dealing directly with trespass (Section II.B.1).

Intel v. Hamidi Considers Trespass in Cyberspace : Article covering a case dispute between Intel and a former employee using Intel's email system to contact former employees.   The text is very readable and provides an interesting and comparison to the notion of unauthorized access presented in eBay, Inc v. Bidder's Edge. 

Suggested Readings

Intel v. Hamidi : Full text of  the California Supreme Court 2003 decision an the Intel v. Hamidi appeal. 

Lecture Slides
Click here to download lecture slides.

Required Readings

The Role of Economic Incentives in Securing Cyberspace: Draft paper authored in part by our guest speaker that examines the economic incentives of critical infrastructure protection and makes an argument for a change in direction for national cybersecurity policy. 

A Guide to Security Metrics: Introduction to the important field of security metrics, from the SANS Institute. 

Suggested Readings

Why Information Security is Hard - An Economic Perspective: An often cited paper by Ross Anderson on the impact of economic incentives in information security. 

Sarbanes-Oxley Explained: A whitepaper explaining the responsibility of a company's IT personnel resulting from SOX legislation.  

Required Readings

Is There a Cybersecurity Threat to National Security : A compilation and analysis of some of the risks faced by the United States as a result of its dependence on the Internet.   The paper is authored by Sean Gorman, a graduate student who's thesis of mapping physical telecommunication lines was classified in a highly publicized incident.  The text contains many interesting references, but the overall analysis is best read critically.   

Nations use Net to spy, plot attacks: ex-Bush aide : Brief article citing former cybersecurity chief Richard Clarke talking to concerns about current malicious use of the Internet by nation-states. 

Suggested Readings

How Real is the Cybersecurity Threat? : Video of a 2002 panel including members from the Office of Cyberspace Security, Microsoft, backbone provider Genuity, Verisign, and a financial services company.  Based on their personal background and experience, each offers a different perspective of the current threat and who is responsible for improving the security of the Internet. 

Frontline Cyberware!  : A well-known and quite dramatic video created by PBS looking at the threat faced by the United States in cyberspace.  This fun presentation of the cyberthreat is best viewed critically but does offer worthwhile insights.  The site also contains many worthwhile interviews with experts from fields related to national security, critical infrastructure protection and Internet security.

Computer-Related Risks and the National Infrastructure : Congressional testimony by our guest speaker Peter Neumann.  While the testimony is from 1997, much of the high level content remains very pertinent today.    
 

Lecture Slides
Click here to download lecture slides.

Required Readings

Critical Information Infrastructure Protection and the Law (Chapter 4)  : The text's brief final chapter entitled "Looking Forward" considers a host of concerns and questions as we consider how the Internet will evolve in the future, both for users and operators.  Pay particular attention to the discussions of economics/insurance, the importance of trust, and the relationship between security and privacy.

GovNet, What is it good for? : Wired article looking at another approach:  GovNet is a proposal for the creation of a separate and highly secure network infrastructure for government use.  Consider hat problems this such a strategy both raises and solves. 

Suggested Readings

Robustness and the Internet: Design and Evolution:  A paper looking at complexity and robustness issues within the Internet infrastructure and how we can change the architecture to meet future design requirements.

Cyber Security Research & Development Agenda: The Institute for Information Infrastructure identifies what it considers to be the major challenges facing researchers in disciplines relating to cybersecurity .  This is a large document, both is worth scanning for sections of interest. 

Lecture Slides
Click here to download lecture slides.

Required Readings

Stepping on the Digital Scale: Duty and Liability for Negligent Internet Security : Internet security and legal expert Erin Kenneally provides a strong background in liability law and then analyzes how major cybersecurity stakeholders may be impacted by liability in the future. 

Suggested Readings

Critical Information Infrastructure Protection and the Law (Chapter 3)  : The text's third chapter entitled "Liability for Unsecured Systems and Networks" looks at the three high-level means for securing network assets:  criminal law, civil law, and regulation.  A particularly valuable portion looks at how best practices would impact the use of tort law to drive others to secure their networks.

Final Assignment: Legislative Policy Analysis (due in class Dec. 2nd)

Case Study 1: Corporate Information Security Accountability Act of 2003 (CISAA)
Text of Legislation Congressman Adam Putnam. U.S. House of Representatives. 2003.

"Cybersecurity legislation may go to Congress," Grant Gross. Computer World. September 2003.

Case Study 2: Internet Service Provider Security and Accountability Act of 2004 (ISPSAA)
Overview of Legislation The Honorable Senator Daniel Keith Martin. U.S. Senate in Exile. 2004.