Outline for January 4, 2002

1.	Greetings and Felicitations!

a.	Go through handouts, class rules

2.	Puzzle of the day

3.	Overview of goals of computer security

a.	Security services

b.	Security and the software life cycle

c.	Roles of trust and assurance

4.	How do you design a security policy?

a.	Risk analysis

b.	Analysis of other factors:

c.	Procedures

5.	Risk analysis

a.	What are the threats? 

b.	How likely are they to arise?

c.	How can they best be dealt with?

6.	Analysis of other factors

a.	What else affects the policy (federal or state law, needs, etc.)?

b.	Law: as above; discuss jurisdiction (federal or local), problems (authorities' lack of knowledge about com-
puters, etc.); chain of evidence

c.	Discuss cryptographic software controls (here, formerly in France, etc.)

7.	Procedures

a.	What procedures need to be put in place, and how will they affect security?

8.	Human Factors

a.	Principle of Psychological Acceptability (note: illegal violates this)

b.	Principle of common sense (it's not common; more when we discuss robust programming)

9.	Role of trust

a.	What is trust?

b.	Who cares?