《信息安全管理》教学大纲
课程代码 | 045102791 | ||
课程名称 | 信息安全管理 | ||
英文名称 | Information Security Management | ||
课程类别 | 专业领域课 | ||
课程性质 | 选修(专业必修) | ||
学时 | 总学时:40 实验学时:0 实习学时:0 其他学时:0 | ||
学分 | 2.5 | ||
开课学期 | 第5学期 | ||
开课单位 | 计算机科学与工程学院 | ||
适用专业 | 信息安全及计算机相关专业 | ||
授课语言 | 中文 | ||
先修课程 | |||
课程对毕业要求的支撑 | (本学院开设的专业课填写;根据专业所列的毕业要求来填写) №3.设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。 №5.使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。 №6.工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。 №8.职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。 | ||
课程目标 | 完成课程后,学生将具备以下能力: (1)掌握设计/开发与信息安全管理相关的解决方案; (2)能够使用与信息安全管理相关的技术工具; (3)能够基于所学知识合理分析信息安全管理的工程问题,评价安全管理解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任; (4)具有人文社会科学素养以及社会责任感,能够在工程实践中理解并遵守职业道德和规范,履行责任。 | ||
课程简介 | 本课程阐明信息安全管理的基本概念,讲解信息安全管理的各项内容和任务,并结合国内外信息安全技术和管理方面的成果提供对典型案例的分析,对诸如安全解决方案、风险管理和信息安全之类的论题都做了深入的探讨,反映信息安全管理与方法的研究和应用现状,为未来的管理者们提供一个自上而下的观察方法和全面系统的信息安全知识。 | ||
教学内容与学时分配 | 内容 | 学时 | 要求 |
思想政治教育 | 1 |
| |
绪论 | 4 |
| |
信息安全管理标准与法律法规 | 5 | (1) 信息安全风险评估标准; (2) 我国信息系统等级保护标准; (3) 信息安全管理体系标准; (4) ISO/IEC 270000系列标准; (5) 信息安全法律法规。 | |
信息安全管理体系 | 4 | (1) ISMS实施方法与模型; (2) ISMS实施过程; (3) ISMS、等级保护、风险评估三者的关系; (4) 国外ISMS实践。 | |
信息安全风险评估 | 5 | (1) 信息安全风险评估策略; (2) 信息安全风险评估过程; (3) 典型的风险分析方法; (4) 数据采集方法与评价工具; (5) 风险评估实例报告。 | |
信息系统安全测评 | 6 | (1) 信息系统安全测评原则; (2) 信息系统安全等级测评要求; (3) 信息系统安全测评流程; (4) 信息系统安全管理测评; (5) 信息安全等级保护与等级测评; (6) 等级测评实例。 | |
业务连续性与灾难恢复 | 3 | (1) 业务连续性; (2) 灾难恢复; (3) 数据备份与恢复。 | |
信息系统安全审计 | 7 | (1) 信息系统安全审计概述; (2) 安全审计系统的体系结构; (3) 安全审计的一般流程; (4) 安全审计的数据源; (5) 安全审计的分析方法; (6) 信息安全审计与标准; (7) 计算机取证。 | |
网络及系统安全保障机制 | 5 | (1) 身份认证技术; (2) 网络边界及通信安全技术; (3) 网络入侵检测技术; (4) 计算环境安全技术; (5) 虚拟化安全防护技术。 | |
合计 | 40 | ||
实验教学(包括上机学时、实验学时、实践学时) | 本课程不安排实验课。 | ||
教学方法 | 课堂讲授 | ||
考核方式 | 本课程采用 笔试 (形式)按上述要求考试,占该课程总评成绩的70 %。 本课程还结合的考核形式有:作业、出勤占该课程总评成绩的30 %。 | ||
教材及参考书 | 教 材:
参考书:
| ||
制定人及制定时间 | 吴昊天 2019/04/14 | ||
“Information Security Management” Syllabus
Course Code | 045102791 | ||
Course Title | Information Security Management | ||
Course Category | Specialty-related Course | ||
Course Nature | Elective Course | ||
Class Hours | Total Hours: 40 Experimental Hours: 0 Internship hours: 0 Other hours: 0 | ||
Credits | 2.5 | ||
Semester | the 5th semester | ||
Institute | Computer Science and Engineering | ||
ProgramOriented | Information security and the related computer major | ||
Teaching Language | Chinese | ||
Prerequisites | |||
Student Outcomes (Special Training Ability) | 3. Designing and Developing Solutions: with the ability to design the solutions to complex and specific engineering problems in information security, to have an innovative sense in the design phase by considering the factors of society, health, safety, law and culture. 5. Applying the Modern Tools: with the ability to develop, select and use the appropriate techniques, resources, and modern tools and IT tools, including prediction and simulation, to solve the complex engineering activities in information security and understand the limitations. 6. Engineering and Society: with the ability to reasonably analyze and evaluate the impacts of professional engineering practice and solutions to the complex engineering problems to society, health, safety, law and culture issues by using the background knowledge of information security engineering, to understand the consequent responsibility. 8. Professional Regulations: to understand the humanity science and have the sense of social responsibility, be able to responsibly understand and abide the professional ethics and regulations in engineering practice. | ||
Course Objectives | Students will achieve the following abilities after completing the course study: 1. Capable of designing and developing the solutions related to information security management; 2. Capable of using the technical tools related to information security management; 3. With the ability to reasonably analyze the digital content security engineering problems, to evaluate the impacts of professional practices and solutions to society, health, safety, law and culture, and to understand the consequent responsibility. 4. To have scientific quality and sense of social responsibility and be able to responsibly understand and abide the professional ethics and regulations in engineering practice. | ||
Course Description | This course introduces the basic concept of information security management, explains the various content and tasks of information security management, and gives the analysis of classis cases by combining the newest advances in information security technology and management achieved home and abroad. In addition, thorough discussions have been made on the topics of secure solutions, risk management and information security. The state-of-the-art in research and applications of information security management has been revealed. Thus a top-down observation method and information security knowledge based on a comprehensive systemcan be provided to the future managers of information systems. | ||
Teaching Content and Class Hours Distribution | Content | Hours | Requirements |
Thoughts and politics | 1 |
| |
Introduction | 4 |
(4) State-of-the-art. | |
Information security management standards, laws and rules | 5 |
standards;
(5) Information security laws and rules. | |
Information security management system | 4 |
(2) ISMS implementation procedure; (3) Relations between ISMS, grade protection, risk assessment; (4) The ISMS practice abroad. | |
Information security management risk assessment | 5 |
(3) Classic risk assessment methods; (4) Data acquisition methods and evaluation tools; (5) Case report of risk assessment. | |
Information system security evaluation | 6 | (1)Principles of information system security evaluation;
(3)Procedure of information system security evaluation;
(5)Grade protection and grade evaluation of information system; (6) Case of grade evaluation. | |
Business continuity and disaster recovery | 3 | (1) Business continuity; (2) Disaster recovery; (3) Data backup and recovery. | |
Information system security auditing | 7 |
(2) Architecture of secure auditing system; (3) General procedure of secure auditing; (4) Data sources of secure auditing; (5) Analyzing methods of secure auditing; (6) Information security auditing and standards; (7) Computer forensics. | |
Network and system safeguard mechanism | 5 | (1) Identification technology; (2) Network boundary and secure communication techniques; (3) Network intrusion detection techniques; (4) Computing environment security techniques; (5) Visual safeguarding techniques. | |
Total | 40 | ||
Experimental Teaching | There is no experiment in this course. | ||
Teaching Method | Class instruction | ||
Examination Method | 70 % of total score is based on final written examination, while 30 % of total score is based on assigned homework and attendance. | ||
Teaching Materials and Reference Books | Textbook: 1.汤永利,陈爱国,叶青等,信息安全管理. 电子工业出版社. 2017 Reference Book: 1.惠特曼(美),信息安全管理. 重庆大学出版社. 2005 | ||
Prepared by Whom and When | By WU Haotian 2019/04/14 | ||
