MSIT 458: Information Security and Assurance

Yan Chen

[NOTE: This website is best viewed with Internet Explorer version 7 or later.]

I.                 Course description:

The past decade has seen an explosion in the concern for the security of information. This course introduces students to the basic principles and practices of computer and information security.  Focus will be on the software, operating system and network security techniques with detailed analysis of real-world examples. Topics include cryptography, authentication, software and operating system security (e.g., buffer overflow), Internet vulnerability (DoS attacks, viruses/worms, botnets, etc.), intrusion detection systems, firewalls, VPN, Web and wireless network security. 

II.                 Required text and/or other materials:

III.               Reference text and/or other materials:

IV.              Required prerequisites or knowledge base

V.                 Rationale for inclusion in MSIT Program:

This course provides students with an extensive understanding of information security management with emphasis on network security.  Whereas other courses provide an overview of the basics of the discipline, information security is simultaneously a technical and managerial discipline with enterprise-wide implications for employees, operations and systems at every level.  For organizations to successfully implement and manage an effective and efficient security program while managing shifting risks associated with interrelated information technology and decision-making employees, contractors, vendors, and suppliers must understand the concepts, technologies and practices of information security and be able to apply them effectively in their own distinctive areas of responsibility.

VI.              Course goal:

VII.            Course Objectives:

Upon successful completion of this course, the student should be able to:

VIII.         Course topics/content (by week):

Week 1 (March 28) [crypto.ppt]
Cryptography symmetric/asymmetric encryption (Stallings Chapters 2, 3 and 9, KPS Chapters 2, 3 and 5)

Week 2 (April 4) [authentication.ppt]
User authentication and authorization and malcode overview (KPS Chapters 9 and 10)

Week 3 (April 11) [malcode.ppt]
Internet vulnerability: malcode, worms and botnets (Stallings Chapter 19)

Week 4 (April 18) [invited.ppt]
Security Policy and Penetration Testing.

Week 5 (April 25) [DoS.ppt] [web.ppt]
Internet vulnerability: denial of service (DoS) attacks and WWW Security and Defense (Stallings Ch.18 and 19)

Week 6 (May 2)
Information security in real business presentation by each group (problem and related work)