Quick Links

Back to Infosec Management

INFOSEC at GWU; CSIA
a variety of programs ranging from science to criminal justice

SEAS websites

• EMSE
• Computer Science
• Electrical and Computer Engineering (ECE)
• Staff Directory
• Computer Support

GWU links

• GWU Policies
• Application information
• Registration info
• Tuition & Fees
• Financial Aid
• Schedule of Classes
• Academic Calendar
• The Bulletin (aka Catalog)
  
• ISS Helpdesk
• My GWU Website
• GWired Student Network
• Gelman Library
• Aladin
• Blackboard
• Banner information system
• Colonial Mail

Information Security Course Descriptions

The information security management courses are:

• EMSE 218 Management of Information and Systems Security
• EMSE 312 Managing the Protection of Information Systems and Assets
• EMSE 314 Auditing, Monitoring and Intrusion Detection for Infosec Managers
• EMSE 319 Business and Competitive Intelligence

EMSE 218 Management of Information and Systems Security

A survey course intended to introduce the student to the basics of information security and lay a foundation for taking advanced courses in the subject matter. The concepts of information security are presented in a systems engineering approach to give managers the tools and understanding needed to allocate scarce security resources effectively. Introductory concepts of security attributes and policies are explored. Threats, vulnerabilities, and risk management concepts are discussed in depth.

Textbooks:

• Assessing and Managing Security Risk in IT Systems: A Structured Methodology by John McCumber
• Official (ISC)2 Guide to the CISSP Exam
  by Susan Hansche, John Berti, Chris Hare
• Management of Information Security by Whitman and Mattord
• For those who need a reference, this manual is the one we use:
  Turabian, Kate L.  A Manual for Writers of Term Papers, Theses, and Dissertations (Sixth Edition).  Chicago: The University of Chicago Press, 1996.  ISBN 0-226-81627-3

EMSE 218 is a core concentration course.

EMSE 312   Managing the Protection of Information Systems and Assets

This course presents an overview of the various methodologies that may be used in implementing and managing effective protection measures in knowledge rich and highly networked environments.  Recent history of computer and network security is presented.  Mathematical models of computer security are discussed. Physical protective measures are presented and the effective integration of protective mechanisms is explored.

Textbooks:

• Fenelly, Lawrence J. ed. Effective Physical Security (2nd or 3rd edition).  Stoneham, Mass: Butterworth-Heinemann, 1997.  ISBN 0-75-069873-X
• Practical Cryptography by Niels Ferguson and Bruce Schneier, published by John Wiley & Sons, 2003.
• Common Criteria 2.1 (download from http://csrc.nist.gov/cc/index.html)
• Orange, Yellow and Red Books  (US DoD Standards)
  (Download from http://www.radium.ncsc.mil/tpep/library/rainbow/)
• Ware, Willis.  "Security Controls for Computer Systems (U): Report of the Defense Science Board Task Force on Computer Security"  Rand Report R609-1, The RAND Corporation, Santa  Monica, CA (Feb 1970)
  Download from http://csrc.nist.gov/publications/history/index.html
• Bell, David E. and Leonard La Padula, "Secure Computer System: Unified Exposition and Multics Interpretation." ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, Mass. 01731 (1975) [DTIC AD-A023588]
  Download from http://csrc.nist.gov/publications/history/index.html
• System Security Study Committee, National Research Council.  "Computers at Risk: Safe Computing in the Information Age." 1990  
  (Download from http://www.nap.edu/catalog/1581.html -- please look for the "read it for free online" button above the picture of the book cover)
• Fred B. Schneider, Ed. Committee on Information Systems Trustworthiness, National Research Council. "Trust in Cyberspace."  1999. 
  (download from http://www.nap.edu/catalog/6161.html -- please look for the "read it for free online" button above the picture of the book cover)
• Other readings may be required as well from http://csrc.nist.gov/publications/index.html

EMSE 312 requires as a prerequisite EMSE 218.

EMSE 314  Auditing, Monitoring and Intrusion Detection for Infosec Managers

In this course, methods for detection problems with and attacks upon information systems and assets will be covered.These methods include auditing information systems and the environments they exist within, taking into account work processes and management controls. Also covered are various monitoring techniques and supporting technologies, including environmental monitoring as well as network and computer system monitoring.Intrusion detection processes and supporting technologies are covered.Threats such as malicious code and hackers are discussed in detail. Operational and administrative security measures contributing to detection activities are also covered.

Textbooks:

• Cangemi, Michael P. and Tommie Singleton. Managing the Audit Function: A Corporate Audit Department Procedures Guide (3rd Edition). Wiley, 2003. ISBN 0-471-28119-0
• Proctor, Paul.  The Practical Intrusion Detection Handbook.  Prentice-Hall, 2001.  ISBN 0-13-025960-8
• Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet by Eoghan Casey, Academic Press; 2 edition (March 8, 2004) ISBN 0121631044
• NIST Special Publication 800-61 "Computer Security Incident Handling Guide" available online at http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
• CMU/SEI-2003-HB-002, Handbook for Computer Security Incident Response Teams (CSIRTs), available online at http://www.sei.cmu.edu/publications/documents/03.reports/03hb002.html
• McClure, Stuart, Joel Scambray, and George Kurtz.  Hacking Exposed: Network Security Secrets and Solutions.  McGraw-Hill/Osborne.
  ***** Any release of this book is acceptable. Recommend you get the latest one.

EMSE 314 requires as prerequisite EMSE 218.

EMSE 319 

Discovery and analysis of competitive information from open source intelligence.  Topics covered include sources and methods for data collection, legal issues and constraints, analysis processes, longitudinal aspects, and inference.

Textbook:

• Carr, Margaret Metcalf. Super Searchers on Competitive Intelligence: The Online and Offline Secrets of Top CI Researchers. Cyberage Books/Information Today, Inc.  (June 1, 2003).  ISBN: 0910965641