國外信息安全教學情況調(diào)研課件

1、 引言 國外信息安全相關課程設置情況 總體情況 有代表性的大學 辦學特點 國外信息安全知識體系相關情況 NSTISSI（National Security Telecommunications and Information System Security I） ISC(2) 的信息安全共同知識體系CBK 2002年 設立信息安全專業(yè)的課程調(diào)研 2004年 清華大學出版社 信息安全知識點總結 2007年 教指委 信息安全教學規(guī)范 調(diào)研方式：INTERNET 調(diào)研范圍： 美英等知名高校20余所 所發(fā)布的相關課程教學大綱、教學內(nèi)容等 調(diào)研范圍 Purdue University Cornell U

2、niversity Stanford University MIT CMU Oxford University New York University Rice University Florida State University Princeton University UC Davis University of London George Mason University Oslo university,Norway Florida Atlantic University Georgia Institute of Technpology Portland State Universit

3、y 等學校 引言 國外信息安全相關課程設置情況 總體情況 有代表性的大學 國外信息安全知識體系相關情況 NSTISSI（National Security Telecommunications and Information System Security I） ISC(2) 的信息安全共同知識體系CBK 辦學特點總體情況：總體情況： 1995年，美國國家安全局National Security Agency委任CMU成立信息安全學術人才中心，提高高校信息安全人才培養(yǎng)能力 至2003年9月，有50多所教育機構被認定為這種中心，包括44所高等院校和4所國防院校，如CMU，Geogia Insti

4、tute of Technology, Flarida State University,Purdue University,George Mason University 4所學校設立信息安全專業(yè)本科專業(yè)，13所學校設立以信息安全為主的本科專業(yè)；在10所學校設立信息安全碩士專業(yè)，30所學校設立信息安全研究方向；半數(shù)以上學校開設課程與NSTISSI的CNSS4011水平相當,20所學校開展了NSTISSI的CNSS4011-4-15認證 有代表性的大學 Purdue university: 信息安全滲透到很多已有學科 University of London：10門課程，PROJECT Flo

5、rida State University：始于2000，高質(zhì)量 Oxford University：計算機安全課程體系 CC-getech: 2個選修課系列 在研究生階段設置信息安全專業(yè)Departments across Purdue offer classes that address information security, privacy, and risk management topics from various perspectives.Information Security Courses Computer Sciences, Computer and Informat

6、ion Technology，Homeland Security, Industrial Technology , Management, Computer & Information Technology (IUPUI), Computer Information Systems & Information Technology (Purdue Calumet); Information Security Courses Computer Sciences CS 355 Intro to Cryptography CS 426 Computer Security CS 471

7、 Intro to Artificial Intelligence CS 478 Introduction to Bioinformatics CS 490S Secure Network Programming CS 526 Information Security CS 555 Cryptography CS 591S Information Security and Cybercrime Seminar CS 626 Advanced Information Assurance CS 655 Advanced Cryptology CS 690S Privacy Online Compu

8、ter and Information Technology C&IT 227 Introduction to Bioinformatics C&IT 420 Basic Cyber Forensics C&IT455 Network Security C&IT 499C Cyber Forensics: Advanced Technical Issues C&IT 499D Small Scale Digital Device Forensics C&IT 499F Introduction to Computer Forensics C&am

9、p;IT 499N Wireless Network Security and Management C&IT 528 Information Security Risk Assessment C&IT 556 Intro to Cyber Forensics C&IT 581A Advanced Topics in Cyberforensics C&IT 581B Biometric Data Analysis C&IT 581C Applied Cryptography C&IT 581F Expert Witness & Scien

10、tific Testimony C&IT 581S Information Security Management C&IT 581V Special Topics in Cyberforensics C&IT 581Z Web Services Security Computer Security：A survey of the fundamentals of information security. Risks and vulnerabilities, policy formation, controls and protection methods, datab

11、ase security, encryption, authentication technologies, host-based and network-based security issues, personnel and physical security issues, issues of law and privacy. Information Security: Basic notions of confidentiality, integrity, availability; authentication models; protection models; security

12、kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed sy

13、stems; classification and trust modeling; and risk assessment Communications Security And Network Controls: This course will provide students with an overview of the field of information security and assurance. Students will explore current encryption, hardware, software, and managerial controls nee

14、ded to operate networks and computer systems in a safe and secure manner Advanced Network Security: This course provides students with the in-depth study and practice of advanced concepts in applied systems and networking security, including security policies, access controls, IP security, authentic

15、ation mechanisms and intrusion detection and protection. Systems Assurance: This course covers the implementation of systems assurance with computing systems. Topics include confidentiality, integrity, authentication, non-repudiation, intrusion detection, physical security, and encryption. Extensive

16、 laboratory exercises are assigned Disaster Recovery And Planning : This course covers risk management and business continuity. Topics include disaster recovery strategies, mitigation strategies, risk analysis and development of contingency plans for unexpected outages and component failures. Extens

17、ive laboratory exercises are assigned . Information Assurance Risk Assessment : This course covers industry and government requirements and guidelines for information assurance and auditing of computing systems. Topics include risk assessment and implementation of standardized requirements and guide

18、lines Software Assurance : This course covers defensive programming techniques, bounds analysis, error handling, advanced testing techniques, detailed code auditing, and software specification in a trusted assured environment. Extensive laboratory exercises are assigned . Computer Forensics : This c

19、ourse covers the techniques used in the forensic analysis of computerized systems for gathering evidence to detail how a system has been exploited or used. Extensive laboratory exercises are assigned Secure Programming : Shell and environment,Buffer overflows, Integer overflows ,Format strings ,Meta

20、-character vulnerabilities (code injection) and Input Validation ,Web Application issues (including cross-site scripting vulnerabilities) ,Race conditions , issues ,Randomness Department of Computer Science Security and Assurance in Information Technology Lab Since May 2000 FSU is a NSA Center of Ex

21、cellence in Information Security Education and FSU attended a reception at the White House in honor of these centers The courses in information security in Computer Science at Florida State University satisfy the National Security Telecommunications and Information Systems Security (NSTISSC) trainin

22、g standard for Information Security Specialists Network Security Class 1. Fundamentals of network security. Class 2 and 3. Secure channels via encryption. Class 4 and 5. Block ciphers and encryption modes. Class 6. Message Authentication Codes. Class 7. Stream ciphers. Class 8. Authentication mechan

23、isms. Class 9. The birthday paradox and applications.Class 10. Kerberos. Classes 11, 12, 13 and 14. Public key cryptography. Class 15. Public key infrastructure.Class 16. Exam review. Class 17. Midterm Class 18. RSA scheme. Class 19. SSL scheme. Class 20. IPSEC scheme. Class 21. IPSEC-IKE scheme. Cl

24、asses 22, 23, and 24. Student presentations. Class 25. Internet protocols review, and introduction to packet filtering. Class 26. Building Internet firewalls. Class 27. Intrusion detection systems. Class 28. Final review. 開設了10門課程，包括： Security management An introduction to cryptography and security

25、mechanisms Network security Computer security Secure electronic commerce and other applications Standards and evaluation criteria Advanced cryptography Database security Information crime Projec Security management 690IC01 ： This module will emphasise the need for good security management. Its aims

26、are to identify the problems associated with security management and to show how various (major) organisations solve those problems. An introduction to cryptography and security mechanisms 690IC02 : The approach of this module is non-technical. The main objective is to introduce the students to the

27、main types of cryptographic mechanism, to the security services which they can provide, and to their management, including key management. The mathematical content of this module is minimal. Support materials for the elementary mathematics needed for this module will be provided. Network security 69

28、0IC03 ： This module is concerned with the protection of data transferred over commercial information networks, including computer and telecommunications networks. After an initial brief study of current networking concepts, a variety of generic security technologies relevant to networks are studied,

29、 including user identification techniques, authentication protocols and key distribution mechanisms. This leads naturally to consideration of security solutions for a variety of types of practical networks, including LANs, WANs, proprietary computer networks, mobile networks and electronic mail. Com

30、puter security 690IC04 ： This course deals with the more technical means of making a computing system secure. This process starts with defining the proper security requirements, which are usually stated as a security policy. Security models formalise those policies and may serve as a reference to ch

31、eck the correctness of an implementation. The main security features and mechanisms in operating systems will be examined as well as security-related issues of computer architecture. Specific well-known operating systems are then studied as case studies. Other areas investigated include the security

32、 of middleware, software protection and web security.Secure electronic commerce and other applications 690OPT5 ： This module aims to put the role of security into perspective and demonstrate how it forms part of a security system within an application. The aim is to illustrate, usually by the use of

33、 case studies, how a particular situation may make certain aspects of security important and how an entire system might fit together. Standards and evaluation criteria 690OPT7 ： Over the last few years, a variety of security-related standards have been produced by international standards bodies. Thi

34、s module examines some of the most important of these standards in detail. In doing so it illustrates how international standards now cover many aspects of the analysis and design of secure systems. The material covered also puts certain other aspects of the degree course in a more structured settin

35、g. The module also covers existing security evaluation criteria, the current process for evaluating secure systems, and guidelines for managing IT security Advanced cryptography 690OPT8 ： This module follows on from the introductory cryptography module. In that module cryptographic algorithms were i

36、ntroduced according to the properties they possessed and how they might fit into a larger security architecture. In this unit we look inside some of the most popular and widely deployed algorithms and we highlight design and cryptanalytic trends over the past twenty years. This course is, by necessi

37、ty, somewhat mathematical and some basic mathematical techniques will be used. However, despite this reliance on mathematical techniques, the emphasis of the module is on understanding the more practical aspects of the performance and security of some of the most widely used cryptographic algorithms

38、. Database security 690OPT9： This module covers several aspects of database security and the related subject of concurrency control in distributed databases. We will discuss methods for concurrency control and failure recovery in distributed databases and the interaction between those methods and se

39、curity requirements. We will also examine how access control policies can be adapted to relational and object-oriented databases. Information crime 690OPT10 ： This module complements other modules by examining the subject from the criminal angle and presenting a study of computer crime and the compu

40、ter criminal. We will discuss its history, causes, development and repression through studies of surveys, types of crime, legal measures, and system and human vulnerabilities. We will also examine the effects of computer crime through the experiences of victims and law enforcement and look at the mo

41、tives and attitudes of hackers and other computer criminals. Project 6900011 ： The project is a major individual piece of work. It can be of academic nature and aim at acquiring and demonstrating understanding and the ability to reason about some specific area of Information Security. Alternatively,

42、 the project work may document the ability to deal with a practical aspect of Information Security Security Lab in the Computer Science Department Courses: CS155: Computer and Network Security.CS255: Introduction to Cryptography and Computer Security. CS259: Security Analysis of Network Protocols CS

43、355: Topics in Cryptography.CS99J: Sophomore seminar: Computer security and privacy. CS55N: Freshman seminar: Ten Ideas in Computer Security and Cryptography. （講座） Computer Security：融入計算機系統(tǒng)的：融入計算機系統(tǒng)的設計開發(fā)，形成實踐能力設計開發(fā)，形成實踐能力 Security Principles (SPR) This course combines a treatment of the fundamental

44、principles of cryptography and security protocols with a practical treatment of current best practice. It explains the need for computer security, and the scope of the available technical solutions; presents techniques for evaluating security solutions; and provides an overview of the current leadin

45、g technologies and standards in the security arena. Security Risk Analysis and Management (RIS) Security is a property of an entire system in context, rather than of a software product, so a thorough understanding of system security risk analysis is necessary for a successful project. This course in

46、troduces the basic concepts and techniques of security risk analysis, and explains how to manage security risks through the project lifecycle. Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course. People and Security (PAS) A very h

47、igh proportion of failures in security can be attributed to misunderstanding, mis-information, or failure to grasp the importance of the processes individuals are expected to follow. This course draws on work from human-computer interaction, and more widely from psychology, relating the issues raise

48、d back to hard technical implementation decisions. Familiarity with basic security principles and standard mechanisms, as covered in Security Principles (SPR), is assumed. Design for Security (DES) Capability in the design of systems which will meet security goals is an increasingly important skill.

49、 This course will explore how suitable levels of assurance can be achieved through combining architectural detail, operating system and middleware platforms, and application security measures. Central to these considerations is concern for which requirements are met with well-established tools, whic

50、h risks can be addressed though novel technologies, and which must be mitigated by other means. Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course. Platforms for Security (PLA) In order to build secure systems, appropriate method

51、ologies must be used throughout the lifecycle, not least in the detailed implementation stage. This course takes a case study approach to topics such as buffer overflows, cryptographic libraries, sandboxing, code signing, network security, and code correctness, to build towards a toolkit of sound pr

52、inciples. Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course. Information Security Fixed Core Courses (23 semester hours):Introduction to Information SecurityApplied CryptographySecure Computer SystemsNetwork SecurityInformation

53、Security LaboratoryInformation Security Strategies and PoliciesPracticum/Project/Research (5 credit hours) Concentration I (Technology Centric- 9 Credit Hours) ，Choose three courses from the following Introduction to Number TheoryTheory IIAdvanced Operating SystemsComputer NetworksFormal Models and

54、Methods for Information AssuranceSoftware Development ProcessDatabase Systems Concepts adn DesignInternetworking Architecture and Protocols Concentration II (Policy Centric - 9 Credit Hours) Choose three courses from the following.Technology Forecasting and AssessmentScience, Technology and Public P

55、olicyCost and Benefit AnalysisManagement Information SystemsBusiness Process Analysis & Design (SAP)Security and Privacy of Information & Information Systems (GSU) 辦學思路方面：辦學思路方面：信息安全信息安全科研活躍科研活躍的高效設立相關課程、但體系性不強的高效設立相關課程、但體系性不強信息安全知識信息安全知識滲透滲透到已有各個專業(yè)到已有各個專業(yè)講解講解細致細致、事例豐富、事例豐富低年級涉及專業(yè)的目的意義，并通過動手

56、實踐能力的培養(yǎng)激低年級涉及專業(yè)的目的意義，并通過動手實踐能力的培養(yǎng)激發(fā)學生興趣發(fā)學生興趣賓州大學的一年級的課程，（Undergraduate Research /Independent Study ，Information Technology and Its Impact on Society）芝加哥大學的 Web Design: Aesthetics/lang1.高年級注重學生知識面的拓展，開辦講座（約高年級注重學生知識面的拓展，開辦講座（約2小時），研小時），研究方向研討會等究方向研討會等課程方面：課程方面：基本課程基本課程計算機安全、密碼、網(wǎng)絡安全、安全管理、數(shù)據(jù)庫安全、計計算機安全、

57、密碼、網(wǎng)絡安全、安全管理、數(shù)據(jù)庫安全、計算機算機/網(wǎng)絡取證網(wǎng)絡取證特色課程特色課程人員安全、安全編程（人員安全、安全編程（PU）、無線網(wǎng)絡安全（）、無線網(wǎng)絡安全（PU）、）、PROJECT、信息犯罪、網(wǎng)絡協(xié)議安全性分析、講座、信息犯罪、網(wǎng)絡協(xié)議安全性分析、講座/專題、專題、網(wǎng)絡攻防（網(wǎng)絡攻防（NYU）成績評分方式成績評分方式平時作業(yè)（平時作業(yè)（30-50%）、工程實踐（）、工程實踐（30-50%）、期中期末考）、期中期末考試試(30-40%)、出勤、出勤(5%左右左右)等等教學方式方面：教學方式方面：網(wǎng)絡成為師生溝通的橋梁，在教學中起重要作用，相關網(wǎng)絡成為師生溝通的橋梁，在教學中起重要作用，相

58、關信息在網(wǎng)上都查得到，包括：每學期各專業(yè)的開課情況、信息在網(wǎng)上都查得到，包括：每學期各專業(yè)的開課情況、課程介紹、任課教師、參考書目、教師要求、評分方式、課程介紹、任課教師、參考書目、教師要求、評分方式、教師的講義（教師的講義（ppt）等等。）等等。聘請外校專家講授課程或課程的部分章節(jié)。聘請外校專家講授課程或課程的部分章節(jié)。多名教師或研究生共同教授同一門課，各有分工。多名教師或研究生共同教授同一門課，各有分工。布置學生閱讀大量參考文獻并討論（布置學生閱讀大量參考文獻并討論（stanford），一定），一定的交流討論課時（的交流討論課時（1/3） 引言 國外信息安全相關課程設置情況 總體情況 有代

59、表性的大學 國外信息安全知識體系相關情況 NSTISSI（National Security Telecommunications and Information System Security I） ISC(2) 的信息安全共同知識體系CBK 辦學特點 NSTISSI（National Security Telecommunications and Information System Security I）的CNSS4011-4015CNSS 4011：國家信息系統(tǒng)安全專業(yè)人才培訓標準National Training Standard for Information Systems Se

60、curity(INFOSEC) ProfessioinalsCNSS 4012: 國家高級系統(tǒng)管理員信息安全培訓標準National Information Assurance Training Standard for Senior Systems ManagersCNSS 4013: 國家系統(tǒng)管理員信息安全培訓標準National Information Assurance Traning Standard for System AdministratorsCNSS 4014: 國家信息系統(tǒng)安全官員安全培訓標準Information Assurance Training Standard for Information Systems Security OfficersCNSS 4015: 國家系統(tǒng)證書培訓標準National Train