Towson University
AIT 610 Systems Development Process

Fall 2005

Professor Randall K Nichols

Office: 
Carlisle, PA
Availability: 
10:00AM - 4:00AM EST
Office Phone: 
717-258-5693
E-Mail: 
profrknichols@comcast.net
Course Website: 
www.infosec-technologies.com
Classroom: 
 CAIT TBA
Class Times: 
 1930 – 2215, Thursdays (Towson)
Class Dates: 
 9/1/05 to 12/15/2005. Holidays Labor Day: 9/5/2005
Prerequisites: 
 CAIT Core Course, Pre/co-requisite AIT 600

Textbooks
1) Dennis, Alan and Barbara Haley Wixom, Systems Analysis and Design, Second Edition, John Wiley & Sons, Inc., 2003. ISBN: 0-471073229 [SAD]

2) Michael Palmer, Guide To Operating Systems Security, Thompson Course Technology, 2004. ISBN: 0-619-16040-3 [OS]

Course Objectives

There is a lot of reading and in-class participation required for this course. Don’t get behind! We will integrate two main themes/ goals for this course:

  1. We will investigate SAD. SAD is a discussion of the software development life cycle, requirements analysis, verification and validation, design issues, development tools and methods, modeling techniques, quality assurance and implementation strategies, performance measurements and strengths.
  2. Security of IT systems is too important to be separated from Systems Analysis and Design (SAD). We will seek to have a fundamental understanding of operating systems security principles and implementation. We will learn about technologies used and principles involved in creating a secure computer networking environment. A broad range of security topologies, technologies and concepts will be discussed.

Course Skills

This course provides an introduction to analyzing various types of systems with the emphasis on information systems. There are four major aspects to this course:

  • The first aspect is determining what systems to pursue and developing the business justifications for the system. This includes problem identification and scope.
  • The second aspect is learning how to gather the information required developing the new system. This includes questionnaire, interviews, document analysis, etc.
  • The third aspect is documenting the gathered information into standard formats used in system analysis such as Use Cases and Class Diagrams.
  • The fourth aspect is integrating due diligence security into the SAD process.

Web Site

A wealth of supplementary information for our course is available at www.infosec-technologies.com. Material downloaded must be appropriately attributed to contributors in all team / individual papers.

E-Mail

All students are requested to obtain an e-mail account that can receive a lot of Mail (PPTs, notes, etc). If you have any questions about the course or need assistance, please contact me in person or by telephone during office hours; or by e-mail at any time. About mid-semester, I will send out a confidential “1 to 1” email to check on the progress of each student. Response is optional.

COURSE DELIVERABLES

The course deliverables are as follows:

Exams. There are normally two exams designed to help students improve their understanding of the concepts discussed in this course. A special collaborative project is generally used to substitute for the Midterm Exam and Final Exam.

Collaborative Team Research Paper / PowerPoint Presentation. A semester-long team research paper and PowerPoint presentation is required. Depending on the difficulty of the assignment, it may be used to substitute for the final exam, at the instructor’s discretion.

Participation. Students are expected to prepare for each class meeting and participate in the homework discussion conferences. Questions based on the weekly lecturette and assigned text readings require students to contribute regularly. A rubric for participation is available as a benchmark

Bullets. Students will prepare short Bullets on current items pertaining to this course (URLS, 30 - 60 second summaries of current security events, interesting IT/ INFOSEC finds, etc. or webliography items REGULARLY. Virus bullets (and AV product news) do not count. Duplicate bullets do not count. Bullet participation is generally a grade differentiator on participation.

There are quality bullets and there are not so quality ones. There are A-bullets which go right to the gradebook in your favor. There are 2 conditions I look for in addition to the quality of Bullets: 1) currency [bullets should be not more than 7-days old or if older, need to be updated with a current reference on the same subject]and 2) bullets about viruses or malicious software in any form, including spyware, bots, web bugs, Trojans, worms, computer programs to stop them, script kiddies, AV company information, new marketing program signatures or even legal stuff about them are boring information and should be avoided, like poison. There are literally hundreds of security events happening around the world; INFOSEC newsletters, newspapers, formal /informal initiatives, CT resources that provide raw high-grade material for bullets.

The instructor reserves the right to make changes to this syllabus at any time.

GRADING:

The final grade will be determined as follows:

Midterm Exam / Special Asymmetric Project-- 25%
Final Exam / Group Research Paper and PowerPoint Presentation-- 35%
Weekly Discussion Participation / In-Class Team / Individual Assignments-- 25%
Bullets -- regular submissions of "Bullets" or webliography are required -- 15%

GRADUATE SCHOOL GRADING GUIDELINES:

According to Graduate School grading policy, the following symbols are used: A = excellent; B = good; C = passing; and F = failure.

The grade of B represents the benchmark for the Graduate School. It indicates that the student has demonstrated competency in the subject matter of the course, e.g., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, well-reasoned, well-organized, and grammatically correct responses, whether written or oral.

Only students who fully meet this standard and, in addition, demonstrate exceptional comprehension and application of the course subject matter earn a grade of A.

Students who do not meet the benchmark standard of competency fall within the C range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they can earn an F.

WRITING STANDARDS:

Effective managers, leaders, and teachers are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all papers, individual and group, must demonstrate graduate level writing and comply with the format requirements of the Publication Manual of the American Psychological Association, (5th Edition). Careful attention should be given to spelling, punctuation, source citations, references, and the presentation of tables and figures. It is expected that all course work will be presented on time and error free. Work submitted online should follow standard procedures for formatting and citations.

POLICY ON ACADEMIC INTEGRITY AND PLAGIARISM:

Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes, but is not limited to, obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types.

Plagiarism is the intentional or unintentional presentation of another person’s idea or product as ones own. Plagiarism includes, but is not limited to, the following: copying verbatim all or part of another’s written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources to material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion.

COURSE EVALUATIONS:

Feedback on each graduate course and instructor is important to the university, your professor, and to all students. Towson has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course. This should be viewed as an additional course and program requirement.

Course Schedule
Week
Topics
Chapter Readings
(week after class)
Hands-On
Projects / Class
Exercises
Due Date
Week 1

Syllabus
Administrative
Expectations

TEAMS FORMATION
& Topic Selections for Final
Midterm &
Case Study Requirements
-------------------
SAD Process Overview

Security Overview

SAD Ch 1 Intro to Systems Development Life Cycle

OS Ch 1 Security Overview- Keeping computers secure

In class exercise
NASA exercise

Bullets


Week 2

Project Initiation

Malicious Code

SAD Ch 2 Project Initiation

OS Ch. 2 Malicious Code

 In class exercise- Asymmetric Thinking

Bullets

Case Study 1
Week 3

Project Management

Encryption and Authentication

SAD Ch 3 Project Management

OS Ch 3 Encryption and Authentication

 Ryan 30 Elements
For SE

Bullets

Week 4

Requirements Definition

SAD Ch 4 Requirements Def

 1/3 TEAM Day

Bullets

Case Study 2
Week 5

Processing Modeling

File, Director, and Shared Resources Security

SAD Ch 6 Process Modeling ( Chapter 5 optional)

OS Ch. 5 Web Security

 Bullets  
Week 6

MIDTERM

   FUJI Midterm Exam
FUJI Midterm Presentations
Week 7

Data Modeling

Firewalls and Border Security

 SAD Ch 7 Data Modeling

OS Ch 6 Firewalls and Border Security

Bullets

  
Week 8

Systems Design

Network Topology Defenses

SAD Ch 8 Systems Design

OS Ch 8 & 9 Network Topology Defenses

 Bullets Case Study 3
Week 9

Architecture Design

SAD Ch 9 Architecture Design

Bullets

Partial Team Day

  
Week 10

User Interface Design

SAD Ch 10 User Interface Design

 Asymmetric exercise (in-class)

Bullets

Case Study 4
Week 11

Database Design

Wireless Security

SAD Ch 11 Database Design

OS Ch 10 Wireless considerations *

 Bullets

Trust Me Presentation*


Week 12

Program Design

Web, Remote security

 SAD Ch 12 Program design

OS Ch 11 Web, Remote security

Bullets

Take-home Individual exercise due

 Case Study 5
Week 13 Construction & Installation

Email security

 SAD Ch 13 &14

OS Ch12 Email

 Bullets Take home exercise due
Week 14 Wrap-Up
 TEAM DAY Bullets  
Week 15 FINAL TEAM Paper
FINAL TEAM Presentations
Good Luck!
Breathe Again.
NB: Some material will be taken from Randall K Nichols and Panos C Lekkas, Wireless security, Models Threats, Solutions, McGraw Hill, 2003, ISBN: 0-07-138038-8. (On reserved readings.)