Weighted Total Mark. Weighted Exam Mark



Similar documents
Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

CSCI 4541/6541: NETWORK SECURITY

CS 450/650 Fundamentals of Integrated Computer Security

BUY ONLINE FROM:

e-code Academy Information Security Diploma Training Discerption

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

VALLIAMMAI ENGINEERING COLLEGE

Cryptography and network security CNET4523

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

Introduction to Cyber Security / Information Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

CRYPTOG NETWORK SECURITY

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

Diploma in Information Security Control, Audit and Management (CISSP Certification)

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Eleventh Hour Security+

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

CS 5490/6490: Network Security Fall 2015

Chapter 23. Database Security. Security Issues. Database Security

Computer Security Basics

Information Security Course Specifications

CSC 474 Information Systems Security

Cryptography and Network Security

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Chap. 1: Introduction

Introduction to Security

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Chapter 23. Database Security. Security Issues. Database Security

CIS 250 NETWORK SECURITY JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS

Information, Network & Cyber Security

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

NETWORK ADMINISTRATION AND SECURITY

Networked Systems Security

Welcome to Information Systems Security (503009)

CRYPTOGRAPHY AND NETWORK SECURITY

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Fundamentals of Network Security - Theory and Practice-

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Computer Security (EDA263 / DIT 641)

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

GE Measurement & Control. Cyber Security for NEI 08-09

COSC 472 Network Security

How To Pass A Credit Course At Florida State College At Jacksonville

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

UVic Department of Electrical and Computer Engineering

Security + Certification (ITSY 1076) Syllabus

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Supplier Security Assessment Questionnaire

Course Syllabus. Course code: Academic Staff Specifics. Office Number and Location

BSc (Hons) Sofware Engineering. Examinations for / Semester 2

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Network Security Essentials:

Network Security Administrator

CISCO IOS NETWORK SECURITY (IINS)

MW , TU 1-3; and other times by appointment

IY2760/CS3760: Part 6. IY2760: Part 6

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Firewalls, Tunnels, and Network Intrusion Detection

Security+ P a g e 1 of 5. 5-Day Instructor Led Course

Principles of Information Assurance Syllabus

CIS 521/421 Introduction to Information Assurance. Management of Information Security by Whitman and Mattord 2 nd Lecture notes posted on Blackboard

Evaluate the Usability of Security Audits in Electronic Commerce

Content Teaching Academy at James Madison University

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Notes on Network Security - Introduction

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Computer and Network Security PG Unit Outline School of Information Sciences and Engineering

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Why Security Matters. Why Security Matters. 00 Overview 03 Sept CSCD27 Computer and Network Security. CSCD27 Computer and Network Security 1

information security and its Describe what drives the need for information security.

Bellevue University Cybersecurity Programs & Courses

Hardware and Software Security

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

MS Information Security (MSIS)

Weighted Total Mark. Weighted Exam Mark

Transcription:

CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU 30 30 00 45 100 60 40 3 Rationale With the multiplication of tasks that are performed on computers and the advent of globalization of computing in general, the topic of computer security becomes more and more important. We see in this course what is computer security, especially as it relates to the protection of information stored on the computers and exchanged between computers The Computer Engineering student will be equipped with Bachelor of Science in Computer Engineering 100

knowledge and skills in advanced cryptography, access control, distributed authentication, TCP/IP security, firewalls, IPSec, Virtual Private Networks, intrusion detection systems, and advanced topics such as wireless security, identity management. Objectives To familiarize the student with the concept of system security analysis To introduce access control methods and various security models To equip the student with skills of identification and authentication in the security domain To introduce the various security concerns associated with the most popular operating systems - UNIX and Windows To introduce the concept of communication security To equip the student with various cryptography systems To introduce the student to the security concerns applicable to the internet To introduce the student to the various e-commerce security protocols Course Content 1. Overview of Computer Security Threats, risks, vulnerabilities, safeguards, attacks, exploits Information states Security at the various states of information: processing, storage and transmission Definition of security based on current state and reachable states Comprehensive model of security Confidentiality, integrity and availability Risk management, corrective action, risk assessment Physical security, including TEMPEST security 2. Access Control Access control matrix Access control lists Capabilities Role-based access control Application dependence 3. Security Policies Types of policies Role of trust Information states and procedures Types of access control Separation of duties Application dependence Importance for automated information systems (AIS) Security planning 4. Confidentiality Policies Goals and definitions Bell-LaPadula model Multi-level security 5. Integrity Policies Goals and definitions Bachelor of Science in Computer Engineering 101

Information states and procedures Operating system integrity Biba model Clark-Wilson model 6. Hybrid Policies Chinese Wall model Role-Based Access Control 7. Basic Cryptography: user's viewpoint Encryption : Classical cryptosystems, Public key cryptosystems Message digests and authentication codes Application to access control 8. Key Management Key exchange Session and interchange keys Cryptographic key infrastructures Storing, revoking and destructing keys Digital signatures Application to access control 9. Cipher Techniques Stream and block ciphers Block chaining 10. Authentication Passwords Challenge-response Biometrics Location Combinations Application to access control/authorization 11. Design Principles Least privilege Fail-safe defaults Economy of mechanism Complete mediation Open design Separation of privilege Least common mechanism Psychological acceptability 12. Information Flow Information flow models and mechanisms Compiler-based and execution-based mechanisms Security policies on information flow Relevance of security policies to information security and operations security Interdependence between information security and operations security 13. Confinement Problem Isolation Covert channels 14. Assurance and Software Engineering Bachelor of Science in Computer Engineering 102

Security aspects of the life cycle Software security mechanisms to protect information Assurance and trust Building trusted operating systems 15. Evaluating Systems Historical perspective TCSEC Common criteria Rainbow series NSTISSAM COMPUSEC/1-99 Security certification and accreditation of federal information systems 16. Malicious Logic Trojan horses Computer viruses Computer worms Logic bombs Defenses and countermeasures 17. Vulnerability Analysis Detailed description of threats, vulnerabilities and exploiting vulnerabilities 18. Auditing Auditing mechanisms Auditing system design Privacy issues Trails and logs Access control issues Application dependence 19. Intrusion Detection Principles Models Architecture Organization Intrusion response 20. Network Security Policy development Network organization Firewalls Availability Access control issues Attacks anticipation Traffic analysis Public vs private 21. Program Security Requirements and policy Common security-related programming problems Object reuse and access control 22. Virtual Machines Virtual machine structure Bachelor of Science in Computer Engineering 103

Virtual machine monitor 23. Security Administration and Training Basic notions related to security administration: accountability, accreditation, security architecture, assessments, assurance, availability, integrity, confidentiality, authentication, non-repudiation, certification, configuration control, resource custidian, defense, domains, system security principles, information operations, records management, sensitivity, zoning, aggregation, end systems, operating systems and organizational security procedures, security tools, open systems interconnect, due care, facility support systems, media, alarms, signals, reports, non-repudiation, violations, modes of operation. Security countermeasures - education, training and awareness Surveillance Assessment Roles of various organizational personnel Personnel security practices and procedures Purposes of awareness, training and education Training of administrators and managers Protection of assets Security accreditation Administrative policies Password management and policies Assessment preparation Legal aspects Agency specific security policies, points of contact and control Security planning Contingency planning, disaster recovery Configuration management 24. Privacy in Databases Publications of aggregate data from sensitive statistical databases Inference Privacy aspects of data mining Learning Outcomes On completing this course the student should be able to: Describe the functioning of various types of malicious code, such as viruses, worms, trapdoors. Enumerate set programming techniques that enhance security. Explain the various controls available for protection against internet attacks, including authentication, integrity check, firewalls, and intruder detection systems. Describe the different ways of providing authentication of a user or program. Describe the mechanisms used to provide security in programs, operating systems, databases and networks. Describe the background, history and properties of widely-used encryption algorithms such as DES, AES, and RSA. Describe legal, privacy and ethical issues in computer security. List and explain the typical set of tasks required of a system security administrator. Bachelor of Science in Computer Engineering 104

Compare different access control, file protection or authentication mechanisms. Set up file protections in a UNIX or Windows file system to achieve a given purpose. Incorporate encryption, integrity check and/or authentication into a given program or algorithm. Distinguish between steganography and watermarking as document modification methods. Appraise a given code fragment for vulnerabilities. Appraise a given protocol for security flaws. Design a security protocol for a given application. Formulate a security plan for a given scenario, including risk analysis, organizational security policies, and planning for physical security and natural disasters. Recommended and Reference Books [1] Matt Bishop, 2005, Introduction to Computer Security, Addison Wesley [2] William Stallings, 2003, Network Security Essentials, 2nd edition. Prentice Hall. ISBN: 0130351288 [3] William Stallings, 2004, Data & Computer Communications, 7th Edition, Prentice Hall [4] Saadat Malik, 2002, Network Security Principles and Practices (CCIE Professional Development). Pearson Education. ISBN: 1587050250 [5] Kaufman, Perlman, and Speciner, Network Security, 2 nd edition, ISBN: 0130460192. [6] Ross Anderson's, 2001, Security Engineering, 2nd edition. Wiley, ISBN 0470068523 [7] Charles P. Pfleeger, Shari Lawrence Pfleeger, 2003, Security in Computing, McGraw-Hill 3rd edition, Prentice Hall. Bachelor of Science in Computer Engineering 105

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information