Introduction to Information Security
 

[rationale]

Due to the increased reliance on computers, there is also a growing awareness of the importance of securing the information that is processed, stored, and transmitted using information technology. Securing information requires knowledge of the threats and mechanisms at different levels. This introductory seminar seeks to provide the necessary background to gain an understanding of, and appreciate the complex interactions involved in securing computing resources.

[objectives]

The introductory program in Computer Security will expose managers and I.T. personnel to the security issues involved in the design, procurement, deployment, and maintenance of computing resources. The overall objectives of the seminar are:
• To gain a working knowledge of the basics of computer security
• To understand the process of risk assessment and mitigation for I.T. resources
• To gain an overview of current mechanisms that could be deployed to mitigate risks
• To understand the different international standards related to securing I.T. resources.

At the end of the course, the participants should be able to design an I.T. security policy for a hypothetical company given the assumed requirements and constraints. They should be able to apply the concepts of risk assessment to pinpoint the most likely threats in the company. After the training, the participants should be able to continue to a more thorough training program that will expound on the security mechanisms that could be deployed to mitigate the assessed risks

[course outline]

1. Introduction to Information Security
2. Information Security Policies
3. Principles of I.T. Risk Assessment
4. I.T. Risk Management

[target participants]

I.T. managers and personnel responsible for at least one of the following: design, procurement, deployment, and maintenance of computing resources for organizations

[training methodology]

Lectures, demonstrations, laboratory exercises and case studies will be used in the training course.

[proposed schedule]

 

	Day 1	Day 2
9:00 – 10:00	Introduction to Information Security [2hr lecture]	Principles of I.T. Risk Assessment [2hr lecture]
10:00 – 11:00
11:00 – 12:00	Introduction to Information Security [1hr workshop]	I.T. Risk Assessment [1hr workshop]
12:00 – 13:00	Lunch break	Lunch break
13:00 – 14:00	Information Security Policies [2hr lecture]	I.T. Risk Management [2hr lecture]
14:00 - 15:00
15:00 – 16:00	Information Security Policies [1hr workshop]	I.T. Risk Management [1hr workshop]

[lecturer]

Dr. Susan Pancho-Festin is currently an Associate Professor at the Department of Computer Science in U.P. Diliman and is head of the Computer Security Research Group in that department since 2003. She graduated with the degree B. in Computer Science, cum laude at the University of the Philippines – Diliman in 1994. Since then, she has been a faculty member at the College of Engineering. She later obtained her degree in M.Sc. in Information Security from Royal Holloway, University of London, U.K., and her Ph.D. in Computer Science from the University of Cambridge, U.K. She was once a part of the Security Group in Royal Holloway's Computer Science Department and the Computer Security Group at Cambridge. She was also a visiting professor at the Technical University of Graz' (Austria) Krypto group in 2005. She has been in several program committees of international workshops and conferences in security and continues to participate in security-related training worldwide. She is a member of the Association of Computing Machinery (ACM).

[registration policy | list of courses]