CPSC 6167 Network Risk Assessment – Spring‘07

Instructor:

Name Office Email Phone Office hours

10:00a.m.-12:00p.m. on
Monday and Wednesday
Dr. Yan Bai CCT 430 bai_yan@colstate.edu 706.568.5376
3:00p.m.-5:00p.m. on
Thursday

Class Schedules: 
This is an on-line course. All students enrolled in this course do not have regularly scheduled class meetings,
but should check the course Vista website on a regular basis.

Class Homepage: 
Course materials (syllabus, handouts, assignments, exams, announcements, and grading) will be available
through WebCT Vista (http://webct.colstate.edu/webct/public/home.pl)

Textbook:    
Title: Information Security Risk Analysis, 2nd edition
Author: Thomas R. Peltier
Publisher: Anerbach
ISBN: 0849333466

Title: Network Security Assessment, 1st edition

Author: Chris McNab
Publisher: O'Reilly
ISBN: 059600611X

Syllabus and Grading Policy

Catalog Description: 
As described in the CSU catalog (http://academics.colstate.edu/catalogs/2006%2D2007/courses/cpsc.htm),
This course introduces risk analysis techniques that can be used to identify and quantify both accidental and
malicious threats to computer systems within an organization. Introduction to issues associated with physical
site security. This includes an introduction to standard risk analysis tools, such as PARA and FRAP.
Prerequisite: CPSC 6126 (Information Systems Assurance).

Learning Objectives: 
1. Students will learn how to identify, assess and manage risks to computer network systems.
2. Students will understand that the software process is a part of a company’s overall business model and will
learn to view vulnerabilities in software in terms of risks to the company.
3. Students will examine the company’s ability to manage software risk.
4. Students will identify feasible methods for managing the company’s software risk and will develop and
present plans to reduce that risk.
5. Students will explore the strategies for relating to upper-level management and placing software issues
within the overall business strategies of the company.

Methods of Instruction:  
 Readings. Students will read the textbook and other supplemental materials such as class
handouts.
 Assignments. There will be 8 homework assignments. Assignments build upon the concepts
covered in the textbook and may involve hands-on work. Assignment submissions are via
WebCT Vista. Only the 7 best are considered toward the assignment total. Assignment
deadlines are not flexible for any reason. I understand that sometimes delays are
unavoidable; hence, provision has already been made for the worst grade to be dropped. Late
assignments are not accepted for credit.
 Survey papers. Students must complete 3 survey papers (roughly 6 pages) for the assigned
topics and will peer review each other's papers. This review will be double blind (you don't
know whose paper you review and you don't know who reviewed your paper). The reviews of
your paper will not contribute to your grade. However, the quality of your reviews of other
papers will contribute to your grade. It is critical that the papers are turned in on time since
other students need to review your paper. Late paper will not be accepted and a grade of zero
will be given. As this course develops, more details will be provided via the WebCT Vista
announcement.
 Internet take-home exams. There will be 2 Internet take-home exams as shown in the course
schedule. Students will download the exam from WebCT Vista, take the exam at home and
then upload the answer file within the prescribed time limit. The exams will be open textbook,
so that a proctor will not be required.

Student Responsibilities:
Each student is responsible for:
 managing your time and maintaining the discipline required to meet course requirements
 covering all assigned readings in a timely manner
 completing all assignments, survey papers and exams
 reading any e-mail sent by me and responding promptly
 logging in to WebCT Vista at least thrice a week to study new developments

Assessment Criteria    
Assignments    40% (may involve lab work)
Survey Paper 1 10%
Survey Paper 2 10%
Survey Paper 3 10%
Two Exams     30%
----------------------------------
Total:      100%

100% - 90%   A
  89% - 80%    B
  79% - 70%    C
  69% - 60%    D
  below 60%    F
Tentative Course Schedule:
Week # Topics Work Due
1 -- 1/8 syllabus; familiarization with WebCT Vista tools Read Syllabus;
Assignment 0
2 -- 1/15 Peltier: Ch.1; McNab: Ch.1; Assignment 1 (Asn1)
Survey paper 1
3 -- 1/22 Peltier: Ch.2; McNab: Ch.2 Asn2
4 -- 1/29 Peltier: Ch.3; McNab: Ch.3 Asn3

5 -- 2/5 Peltier: Ch.4; McNab: Ch.4; Survey Paper 1 (Due date:

Survey paper 2 2/5/2007)

6 -- 2/12 Peltier: Ch. 4 (cont’d); McNab: Ch.5; Asn4

7 -- 2/19 Peltier: Ch. 5; McNab: Ch.6 Peer-review of Survey
Paper 1 (Due date:
2/19/2007)
8 -- 2/26 Mid-term exam (Peltier: Ch. 1-5, McNab: Ch. 1-6) Midterm
9 -- 3/5 McNab: Ch.7 and Ch.8; Survey Paper 2 (Due date:
Survey paper 3 3/5/2007)

10 -- 3/12 Peltier: Ch.6; McNab: Ch.9 Asn5

11 -- 3/19 Peltier: Ch. 6 (cont’d); McNab: Ch.10 Peer-review of Survey
Paper 2 (Due date:
3/19/2007)
12 -- 3/26 Peltier: Ch. 7; McNab: Ch.11 Asn6
13 -- 4/2 Peltier: Ch. 8; McNab: Ch.12 Survey Paper 3 (Due date:
4/5/2007)
14 -- 4/9 Peltier: Ch. 8 (cont’d); McNab: Ch.13 Asn7
15 -- 4/16 Peltier: Ch. 9 ; McNab: Ch.14 Peer-review of Survey
Paper 3 (Due date:
4/19/2007)
16 -- 4/23 Peltier: Ch. 10 ; Asn8
Final exam review (Peltier: Ch. 6-9, McNab: Ch. 7-14)
17 -- 4/30 Final exam Final exam(Due date:
5/1/2007)
** The assignment and discussion will be released on Thursday (due the following Thursday, before 11:59
p.m. EST), but occasionally the date can be changed according to the class schedule.

Other Policies

Make-up Exams:  
Make-up exam will be given upon presentation of a note from a medical doctor stating that the student is
unable to attend exam. Make-up exams will be arranged before the exam date.

Website Policy:
You are responsible for visiting the course website frequently. "I don't know" or "I didn't see" is not an
excuse. I will not accept such excuses for not keeping up with policy changes, checking the exam dates and
assignment due dates, and noticing announcements that will be posted on the website. 

CSU's ADA Compliance Statement:

If you have a documented disability as described by the Rehabilitation Act of 1973 (P.L. 933-112 Section
504) and the Americans with Disability Act (ADA) that may require you to need assistance attaining
accessibility to instructional content to meet course requirements, we recommend that you contact the Center
for Academic Support in Tucker Hall, room 100 or at (706)568-2330, as soon as possible. The Center for
Academic Support can assist you and the instructor in formulating a reasonable accommodation plan and
provide support in developing appropriate accommodations for your disability. Course requirements will not
be waived but reasonable accommodations may be provided as appropriate.

Online Etiquette
CSU is committed to open, frank, and insightful dialogue in all of its courses. Note that the online interface
hides cues such as inflection, facial gestures, intonation and body language. Diversity has many
manifestations, including diversity of thought, opinion, and values. Students are encouraged to be respectful
of that diversity and to refrain from inappropriate commentary. Should such inappropriate comments occur, I
will intervene as needed. University disciplinary action may be recommended if deemed appropriate.
Students as well as faculty should be guided by common sense and basic etiquette. The following are good
guidelines to follow:
 Never post, transmit, promote, or distribute content that is known to be illegal.
 Never post harassing, threatening, or embarrassing comments.

 If you disagree with someone, respond to the subject, not to the person.

 Never post content that is harmful or abusive; racially, ethnically or religiously offensive; vulgar,
sexually explicit or otherwise potentially offensive to readers. 

Academic Dishonesty:
Academic dishonesty includes, but is not limited to, activities such as cheating and plagiarism
(http://aa.colstate.edu/advising/a.htm#Academic Dishonesty/Academic Misconduct). It is a basis for
disciplinary action. Any work turned in for individual credit must be entirely the work of the student
submitting the work. You may share ideas but submitting identical assignments (for example) will be
considered cheating. You may discuss the material in the course and help one another with concepts;
however, any work you hand in for a grade must be your own. A simple way to avoid inadvertent plagiarism
is to talk about the assignments, but don't read each other's work or write solutions together. For your own
protection, keep old versions of assignments to establish ownership until after the assignment has been
graded and returned to you. If you have any questions about this, please contact me immediately. For
assignments, access to notes, the course textbooks, books and other publications is allowed. All work that is
not your own MUST be properly cited. This includes any material found on the Internet. Stealing, giving or
receiving any code, diagrams, drawings, text or designs from another person (CSU or non-CSU, including on
the Internet) is not allowed. Having access to another person’s work on the computer system or giving access
to your work to another person is not allowed. It is your responsibility to keep your work confidential.
No cheating in any form will be tolerated. The penalty for the first occurrence of academic dishonesty is a
grade of F in this course. Other penalties include suspension from the Computer Science program at CSU
and/or dismissal from the program. All instances of cheating will be documented in writing in the university
records. Students will be expected to discuss the academic misconduct with the faculty member and the
chairperson of the department. For more details see
http://aa.colstate.edu/faculty/FacHandbook0203/sec100.htm#109.14 and the Student Handbook:
http://sa.colstate.edu/handbook/handbook2003.pdf

Read about the rules also from TSYS Computer Science Department
(http://cs.colstate.edu/html_hi/programs/academic_dishonesty.aspx). I will enforce a zero tolerance policy.
Period!