| Extended Course Description: | Catalog Course Description:
Study of the principles, practices, and techniques to secure distributed applications, information and the infrastructure of distributed information systems. Topics include security planning, policies and models, threats and attacks, and the use and integration of distributed system security mechanisms for confidentiality, authentication, access control, and intrusion detection.
Pre-requisites and Co-requisites:
INFO 330 Computer Networking Tech I
Curriculum Role:
This is an elective course taken by students interested in information assurance and distributed systems security.
Course Rationale:
Security is an integral element of modern, networked, information systems. This course provides the foundations for articulating and applying current information systems practices and technologies.
Course Outcomes:
Upon successful completion of this course, a student will be able to:
• Formulate effective information security policies for an organization
• Create security models
• Describe current security threats and attacks
• Understand the mechanisms needed to make the communication of information confidential.
• Apply message authentication mechanisms appropriately to confirm message integrity.
• Know how to authenticate end user and system identity.
• Show how security mechanisms are integrated into the architecture of modern information systems to implement security policies, reduce threats and thwart attacks
• Understand key aspects of security management and planning.
• Contribution to Program Educational Outcomes
Course Content:
Principal topics and the approximate number of weeks devoted to each are:
• Introduction to security, threats, attacks, security policies and mechanisms (0.3)
• Review of distributed applications and networking technology (0.7)
• Security Policies: Banking, defense, and other industry practices (0.5)
• Security Models: Bell-LaPadula, Biba, lattice, Chinese-wall, BMA, Clark-Wilson (0.5)
• Taxonomy of threats and attacks: impersonation, man-in-the-middle, play-back, intruders, malicious software, intrusion (1)
• Mechanisms for information confidentiality: symmetric and public-key cryptography (2)
• Authentication and access control mechanisms: message digests, passwords, digital signatures, biometrics, smartcards (1)
• Distributed application security architecture: email, web, e-commerce, network services, applications (2)
• Distributed application security architecture: transport, network, link protocols (1)
• Security Management, Planning and Assurance (1)
Presentation:
Note: Presentation method may vary somewhat from section to section.
Lecture and class discussion
Assessment:
Note: Assessment method may vary somewhat from section to section.
Assignments, group projects and examinations
|
