国内外信息安全学科发展

国外信息安全教学情况调研哈尔滨工业大学张宏莉2007.11.17报告提纲•引言•国外信息安全相关课程设置情况•总体情况•有代表性的大学•办学特点•国外信息安全知识体系相关情况•NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）•ISC(2)的信息安全共同知识体系CBK引言•2002年设立信息安全专业的课程调研•2004年清华大学出版社信息安全知识点总结•2007年教指委信息安全教学规范•调研方式：INTERNET•调研范围：–美英等知名高校20余所–所发布的相关课程教学大纲、教学内容等•调研范围•PurdueUniversity•CornellUniversity•StanfordUniversity•MIT•CMU•OxfordUniversity•NewYorkUniversity•RiceUniversity•FloridaStateUniversity•PrincetonUniversity•UCDavis•UniversityofLondon•GeorgeMasonUniversity•Oslouniversity,Norway•FloridaAtlanticUniversity•GeorgiaInstituteofTechnpology•PortlandStateUniversity•等学校报告提纲•引言•国外信息安全相关课程设置情况•总体情况•有代表性的大学•国外信息安全知识体系相关情况•NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）•ISC(2)的信息安全共同知识体系CBK•办学特点总体情况：•1995年，美国国家安全局NationalSecurityAgency委任CMU成立信息安全学术人才中心，提高高校信息安全人才培养能力•至2003年9月，有50多所教育机构被认定为这种中心，包括44所高等院校和4所国防院校，如CMU，GeogiaInstituteofTechnology,FlaridaStateUniversity,PurdueUniversity,GeorgeMasonUniversity•4所学校设立信息安全专业本科专业，13所学校设立以信息安全为主的本科专业；在10所学校设立信息安全硕士专业，30所学校设立信息安全研究方向；半数以上学校开设课程与NSTISSI的CNSS4011水平相当,20所学校开展了NSTISSI的CNSS4011-4-15认证•有代表性的大学–Purdueuniversity:信息安全渗透到很多已有学科–UniversityofLondon：10门课程，PROJECT–FloridaStateUniversity：始于2000，高质量–OxfordUniversity：计算机安全课程体系–CC-getech:2个选修课系列PurdueUniversity••在研究生阶段设置信息安全专业•DepartmentsacrossPurdueofferclassesthataddressinformationsecurity,privacy,andriskmanagementtopicsfromvariousperspectives.•InformationSecurityCoursesComputerSciences,ComputerandInformationTechnology，HomelandSecurity,IndustrialTechnology,Management,Computer&InformationTechnology(IUPUI),ComputerInformationSystems&InformationTechnology(PurdueCalumet);PurdueUniversity•InformationSecurityCoursesComputerSciences–CS355IntrotoCryptography–CS426ComputerSecurity–CS471IntrotoArtificialIntelligence–CS478IntroductiontoBioinformatics–CS490SSecureNetworkProgramming–CS526InformationSecurity–CS555Cryptography–CS591SInformationSecurityandCybercrimeSeminar–CS626AdvancedInformationAssurance–CS655AdvancedCryptology–CS690SPrivacyOnlinePurdueUniversity•ComputerandInformationTechnology–C&IT227IntroductiontoBioinformatics–C&IT420BasicCyberForensics–C&IT455NetworkSecurity–C&IT499CCyberForensics:AdvancedTechnicalIssues–C&IT499DSmallScaleDigitalDeviceForensics–C&IT499FIntroductiontoComputerForensics–C&IT499NWirelessNetworkSecurityandManagement–C&IT528InformationSecurityRiskAssessment–C&IT556IntrotoCyberForensics–C&IT581AAdvancedTopicsinCyberforensics–C&IT581BBiometricDataAnalysis–C&IT581CAppliedCryptography–C&IT581FExpertWitness&ScientificTestimony–C&IT581SInformationSecurityManagement–C&IT581VSpecialTopicsinCyberforensics–C&IT581ZWebServicesSecurityPurdueUniversity•ComputerSecurity：Asurveyofthefundamentalsofinformationsecurity.Risksandvulnerabilities,policyformation,controlsandprotectionmethods,databasesecurity,encryption,authenticationtechnologies,host-basedandnetwork-basedsecurityissues,personnelandphysicalsecurityissues,issuesoflawandprivacy.•InformationSecurity:Basicnotionsofconfidentiality,integrity,availability;authenticationmodels;protectionmodels;securitykernels;secureprogramming;audit;intrusiondetectionandresponse;operationalsecurityissues;physicalsecurityissues;personnelsecurity;policyformationandenforcement;accesscontrols;informationflow;legalandsocialissues;identificationandauthenticationinlocalanddistributedsystems;classificationandtrustmodeling;andriskassessmentPurdueUniversity•CommunicationsSecurityAndNetworkControls:Thiscoursewillprovidestudentswithanoverviewofthefieldofinformationsecurityandassurance.Studentswillexplorecurrentencryption,hardware,software,andmanagerialcontrolsneededtooperatenetworksandcomputersystemsinasafeandsecuremanner•AdvancedNetworkSecurity:Thiscourseprovidesstudentswiththein-depthstudyandpracticeofadvancedconceptsinappliedsystemsandnetworkingsecurity,includingsecuritypolicies,accesscontrols,IPsecurity,authenticationmechanismsandintrusiondetectionandprotection.PurdueUniversity•SystemsAssurance:Thiscoursecoverstheimplementationofsystemsassurancewithcomputingsystems.Topicsincludeconfidentiality,integrity,authentication,non-repudiation,intrusiondetection,physicalsecurity,andencryption.Extensivelaboratoryexercisesareassigned•DisasterRecoveryAndPlanning:Thiscoursecoversriskmanagementandbusinesscontinuity.Topicsincludedisasterrecoverystrategies,mitigationstrategies,riskanalysisanddevelopmentofcontingencyplansforunexpectedoutagesandcomponentfailures.Extensivelaboratoryexercisesareassigned.PurdueUniversity•InformationAssuranceRiskAssessment:Thiscoursecoversindustryandgovernmentrequirementsandguidelinesforinformationassuranceandauditingofcomputingsystems.Topicsincluderiskassessmentandimplementationofstandardizedrequirementsandguidelines•SoftwareAssurance:Thiscoursecoversdefensiveprogrammingtechniques,boundsanalysis,errorhandling,advancedtestingtechniques,detailedcodeauditing,andsoftwarespecificationinatrustedassuredenvironment.Extensivelaboratoryexercisesareassigned.PurdueUniversity•Comput