CSH6 Lecture Notes

These slide files are coded to the corresponding chapters in Volumes I & II of the Computer Security Handbook, 6th Edition edited by Sy Bosworth, M. E. Kabay & Eric Whyne, editors (2014, Wiley). AMAZON link.

The MS-PowerPoint files (PPTX) are available for students in IA340 & IA342 and for any other non-commercial educational use; the PDF notes are available for more economical printing if you like dribbling pigment on compressed plant fibers. Most students are simply using laptops or pads to view the slides and make notes. Useful for study and review; however, I have abolished Death by PowerPoint in most class sessions and now conduct discussions with occasional videos to enliven the two weekly 1.5-hour course sessions. However, there are a few topics where I fly through the slides to point out key points.



UPDATED 2016-12-12

All of the following lecture files are PowerPoint presentations. Most but not all are based at least in part on chapters of the Computer Security Handbook, 6th Edition. However, some files include material that is not directly referenced in those chapters.

Introduction     PPTX     PDF

CSH6_Ch_1 Brief History and Mission of Information System Security     PPTX     PDF

CSH6_Ch_2 History of Computer Crime     PPTX     PDF

CSH6_Ch_3 Toward a New Framework for Information Security    PPTX     PDF

CSH6_Ch_4 Hardware Elements of Security     PPTX     PDF

CSH6_Ch_5 Data Communications and Information Security     PPTX     PDF

CSH6_Ch_7 Encryption     PPTX     PDF

Brute-force cracking estimation spreadsheet     XLSX

CSH6_Ch_8 Using a Common Language for Computer Security Incident information     PPTX     PDF

CSH6_Ch_9 Mathematical Models of Computer Security     PPTX     PDF

CSH6_Ch_12/13 Psychology of Computer Criminals & Insider Crime     PPTX     PDF

CSH6_Ch_14 Information Warfare     PPTX     PDF

Supplements to CSH6 Ch 14 IW     PPT-1     PPT-2     PPT-3

CSH6_Ch_15 Penetrating Computer Systems and Networks     PPTX     PDF

CSH6_Ch_16 Malicious Code     PPTX     PDF

CSH6_Ch_17 Mobile Code     PPTX     PDF

CSH6_Ch_18 Denial-of-service Attacks     PPTX     PDF

CSH6_Ch_19 Social Engineering and Low-Tech Attacks     PPTX     PDF

CSH6_Ch_20 Spam, Phishing and Trojans     PPTX     PDF

CSH6_Ch_21 Web-Based Vulnerabilities     PPTX     PDF

CSH6_Ch_22/23 Physical Security     PPTX     PDF

CSH6_Ch_24 Operating System Security     PPTX     PDF

CSH6_Ch_25 Local Area Networks     PPTX     PDF

CSH6_Ch_26 Gateway Security Devices     PPTX     PDF

CSH65 Ch 27 Intrusion Detection and Intrusion Prevention Devices     PPTX     PDF

CSH6_Ch_28 Identification and Authentication     PPTX     PDF

CSH6_Ch_29 Biometric Authentication     PPTX     PDF

CSH6_Ch_30 E-Commerce and Web Server Safeguards     PPTX     PDF

CSH6_Ch_31 Web Monitoring and Content Filtering     PPTX     PDF

Supplement to CSH6 Ch 31 Web Monitoring & Content Filtering     PPTX     PDF

CSH6_Ch_32 Virtual Private Networks and Secure Remote Access     PPTX     PDF

CSH6_Ch_33 802.11 Wireless LAN Security     PPTX     PDF

CSH6_Ch_34 Securing VoIP     PPTX     PDF

CSH6_Ch_36 Securing Stored Data     PPTX     PDF

CSH6_Ch_37 PKI and Certificate Authorities     PPTX     PDF

CSH6_Ch_38 Writing Secure Code     PPTX     PDF

CSH6 Ch 39 Software Development and Quality Assurance     PPTX     PDF    

Supplement to CSH6 Ch 39 SW Devt & QA:     PPTX     PDF

CSH6_Ch_40 Managing Patches & Vulnerabilities     PPTX     PDF

CSH6_Ch_41 Antivirus Technology     PPTX     PDF

CSH6_Ch_42 Protecting Digital Rights     PPTX     PDF

CSH6_Ch_43 Ethical Decisions and High Technology     PPTX     PDF     Supplement -- narrated PPT in ZIP:     ZIP

CSH6_Ch_44 Security Policy Guidelines     PPTX     PDF

CSH6_Ch_45 Employment Practices & Policies      PPTX      PDF

CSH6_Ch_46 Vulnerability Assessment     PPTX      PDF

CSH6_Ch_47 Operations Security and Production Controls     PPTX     PDF

CSH6_Ch_48 Email and Internet Policies     PPTX     PDF

CSH6_Ch_49 Security Awareness     PPTX     PDF

CSH6_Ch_50 Social Psychology & INFOSEC     PPTX     PDF

CSH6_Ch_51 Standards for Security Products     PPTX     PDF

CSH6_Ch_52 Application Controls     PPTX     PDF

CSH6_Ch_53 Monitoring and Control     PPTX     PDF

Top_5_log-analysis_mistakes (video lecture by Dr Anton Chuvakin)

CSH6_Ch_54 Security Audits, Standards, and Inspections    PPTX    PDF

5_insider_tips__using_it_audits_to_maximize_security.mp4 (video lecture)

+CSH6_Ch_54 Audits supplement (older lecture)    PPTX    PDF

CSH6_Ch_55 Cyber Investigations    PPTX    PDF

CSH6_Ch_56 Computer Security Incident Response Team Management    PPTX    PDF

CSH6_Ch_57 Backup    PPTX    PDF

CSH6_Ch_58 Business Continuity Planning    PPTX    PDF

CSH6_Ch_59 Disaster Recovery Planning    PPTX    PDF

CSH6_Ch_58-59 Supplement: Lessons from Hurricane Andrew    
Narrated PPTX    PDF

CSH6_Ch_61 Working with Law Enforcement    PPTX    PDF

CSH6_Ch_61 Working with Law Enforcement Supplement   PPTX    PDF

CSH6_Ch_62 Risk Management    PPTX    PDF

CSH6_Ch_63 Management Responsibilities & Liabilities    PPTX    PDF

CSH6_Ch_65 Role of the CISO    PPTX    PDF

CSH6_Ch_66 Developing Security Policies    PPTX    PDF

CSH6_Ch_67 Classification Policies    PPTX    PDF

CSH6_Ch_68 Outsourcing & Security    PPTX    PDF

CSH6_Ch_69 Privacy    PPTX    PDF

Supplement to CSH6 Ch 31   PPTX    PDF

CSH6_Ch_72 Censorship & Content Filtering    PPTX    PDF

CSH6_Ch_72 Censorship & Content Filtering Supplement   PPTX   PDF

Copyright © 2017 M. E. Kabay.  All rights reserved.

The opinions expressed in any of the writings on this Web site represent the authorís opinions and do not necessarily represent the opinions or positions of his employers, associates, colleagues, students, relatives, friends, enemies, cats, dog or plants. Materials copyrighted by M. E. Kabay from this Website may be freely used for non-commercial teaching (i.e., specifically in any courses for academic credit or in free industry training at workshops or within organizations) but may not be re-posted on any Website or used in commercial training (where participants must pay fees for participation in the conference or workshop or where the instructor is paid) without express written permission. Any unauthorized sale of these copyrighted materials will be prosecuted to the full extent of the law.