If you're at all keeping up with current events in the world, you can't have missed seeing reporting on information security incidents - from small to gargantuan almost every day. This class will give you insight into the issues involved with these security breaches - why they happen, how they are detected and how to defend against these threats. Information Security is a fast-growing, fast-changing field today - job listings show how the world needs further competent professionals dedicated to this field and recent incidents also show how security education is vital for all technology professionals.
The objective of this course is to provide a basic understanding of Information Technology security - and to build an understanding of the elements that should be in place for an IT environment to achieve an adequate security level. We will begin with a general overview of IT security and introduce a framework for addressing security needs across an enterprise. Major security objectives and technical mechanisms for attaining these objectives will be discussed, including cryptography, authentication systems, Public Key Infrastructure, and platform and network security mechanisms. We will discuss the most common application flaws which lead to major breaches and how to avoid them. This course will give an overview of the technical details involved in computer and network security, including hands-on usage of current tools used in the field. We will look at common TCP/IP applications and discuss their security vulnerabilities. The course material will be presented in a framework of understanding overall risks and how to address them.
There will be a great deal of reading in this course. Students should have the ability to keep up with reading and to write in clear prose. Students in this course will be writing an in-depth paper or a developing a project and should have the ability to write a substantial paper.
- Overview of Information Security
- Objectives of Information Security
- Security goals and mechanisms
- Authentication mechanisms and access control
- Platform security (using Unix as an example)
- Developing a security program - essential body of knowledge, industry standards, policies
- Public Key Infrastructure
- Network security
- Application vulnerabilities
- Audit and Compliance Topics
- Reading from text and numerous external sources
- Paper (or project) on topic of student's choice - about 10-12 pages - due approximately 8th week
- Topic selection and approval from instructor due approximately 4th week
- Several in-class short quizzes
- Comprehensive final
- Use of class discussion board
- Assignments are generally weekly and include:
- Authentication - use industry tools and analyze results
- Encryption - use industry tools, answer questions on use
- Platform vulnerability scanning - use industry tools and analyze results
- Network scanning - use industry tools in lab environment target - analyze results
- Develop security policy outline and specifics
- Network vulnerability scans - further tools
- Homework will mainly consist of configuring, running and reporting on security tools, solving security implementation problems in writing plus one final project. There will not be in-depth programming assignments - unless the student chooses a final project involving programming.
- Homework assignments 30%
- Final 25%
- Final Paper/Project 25%
- Quizzes / Discussion Participation 20%
Computer Security: Principles and Practice, 4/E, William Stallings, Lawrence Brown 978-0134794105, Publisher: Pearson Education, Inc., Copyright: 2017