Course Syllabus for "CS406: Information Security"
This course focuses on the fundamentals of information security that are used in protecting both the information present in computer storage as well as information traveling over computer networks. Interest in information security has been spurred by the pervasive use of computer-based applications such as information systems, databases, and the Internet. Information security has also emerged as a national goal in the United States and in other countries with national defense and homeland security implications. Information security is enabled through securing data, computers, and networks. In this course, we will look into such topics as fundamentals of information security, computer security technology and principles, access control mechanisms, cryptography algorithms, software security, physical security, and security management and risk assessment. By the end of this course, you will be able to describe major information security issues and trends, and advise an individual seeking to protect his or her data.
Upon successful completion of this course, the student will be able to
- explain the challenges and scope of information security;
- explain such basic security concepts as confidentiality, integrity, and availability, which are used frequently in the field of information security;
- explain the importance of cryptographic algorithms used in information security in the context of the overall information technology (IT) industry;
- identify and explain symmetric algorithms for encryption-based security of information;
- identify and explain public-key based asymmetric algorithms for encryption-based security of information;
- describe the access control mechanism used for user authentication and authorization;
- describe Secure Sockets Layer (SSL) as a common solution enabling security of many applications, including all Internet-based commerce;
- describe securing Internet Protocol (IP) communications by using Internet Protocol Security (IPSec);
- explain the importance of physical security and discuss ways to improve physical security of an enterprise;
- explain the use of such security tools as firewalls and intrusion prevention systems;
- explain malicious software issues such as those introduced by software-based viruses and worms;
- explain common software security issues such as buffer overflow; and
- describe the basic process of risk assessment in the context of overall IT security management.
In order to take this course, you must
√ have access to a computer;
√ have continuous broadband Internet access;
√ have the ability/permission to install plug-ins or software (e.g., Adobe Reader or Flash);
√ have the ability to download and save files and documents to a computer;
√ have the ability to open Microsoft files and documents (.doc, .ppt, .xls, etc.);
√ have competency in the English language;
√ have knowledge about the basics of computer programming by using a high-level language, such as C/C++, and have completed the Introduction to Computer Science I (CS101) and Introduction to Computer Science II courses (CS102) in the Core Program of the computer science discipline;
√ feel comfortable in writing, compiling, and executing your own programs; and
Welcome to CS406, Information Security. General information about this course and its requirements can be found below.
Course Designer: Dr. Bhanu Kapoor
Primary Resources: This course is composed of a range of different free, online materials. However, the course makes primary use of the following materials:
- YouTube: IIT Kharagpur Lecture Series on Internet Technologies: Dr. Indranil Sengupta’s Lecture Series
- Naval Postgraduate School: CyberCiege: “Cryptography Basics”
- Gary C. Kessler’s An Overview of Cryptography
- CGISecurity: The Open Web Application Security Project’s A Guide to Building Secure Web Applications
- Ross Anderson: Security Engineering
Requirements for Completion: In order to complete this course, you will need to work through each unit and all of its assigned materials. Pay special attention to Unit 1, as this unit will lay the groundwork for understanding the more advanced, exploratory material presented in the later units. You will also need to complete the Final Exam.
Note that you will only receive an official grade on your Final Exam. However, in order to adequately prepare for this exam, you will need to work through the materials in each unit.
In order to pass this course, you will need to earn a 70% or higher on the Final Exam. Your score on the exam will be tabulated as soon as you complete it. If you do not pass the exam, you may take it again following a 14-day waiting period.
Time Commitment: This course should take you a total of approximately 76 hours to complete. Each unit includes a time advisory that lists the amount of time you are expected to spend on each subunit. These advisories should help you plan your time accordingly. It may be useful to take a look at these time advisories and to determine how much time you have over the next few weeks to complete each unit, and then to set goals for yourself. For example, Unit 1 should take you 6.5 hours. Perhaps you can sit down with your calendar and decide to complete subunits 1.1 and 1.2 (a total of 2.5 hours) on Monday night; subunits 1.3 and 1.4 (a total of 2.5 hours) on Tuesday night; etc.