IA Course CPSC 3600:

Principles of Information Security and Assurance

Course Description:

(3) Credit Hours 

This course focuses on information security, integrity and privacy techniques. Topics include the nature and challenges of computer security, the relationship between policy and security, the role and application of cryptography, the mechanisms used to implement policies, the methodologies and technologies for assurance and vulnerability analysis and intrusion detection. Prerequisite: CPSC 1100 with a minimum grade of C or department head approval. Supplementary course fee assessed.


Principles of Information Security 3nd Edition, Whitman and Mattord, Thompson – Course Technology, ISBN: 970-1-4-2390177-0

Lecture Notes:

  1. Introduction to Information Security

  2. The Need for Security

  3. Legal, Ethical, and Professional Issues in Information Security

  4. Risk Management

  5. Planning for Security

  6. Security Technology: Firewalls and VPNs

  7. Security Technology: Intrusion Detection, Access Control, and Other Security Tools

  8. Cryptography

  9. Physical security

  10. Implementing Information Security

  11. Security and Personnel

  12. Information Security Maintenance

Hands-on Assignments:




  • Information security and assurance; proceedings.(Brief Article)(Book Review). (January 01, 2008). Scitech Book News.
  • Feds Get Straight D's For Information Security; The Cyber Security Industry Alliance issues its recommendations for improving information security for consumers, industry, and the government. (February 02, 2007). Information Week.
  • White, G. L., Hewitt, B., & Kruck, S. E. (June 06, 2013). Incorporating Global Information Security and Assurance in I.S. Education. Journal of Information Systems Education, 24, 1, 11-16.
  • Handbook of research on information security and assurance.(Brief article)(Book review). (January 01, 2008). Scitech Book News.
  • Holzinger, A. (January 01, 2000). Information Security Management and Assurance. Information Systems Security, 9, 32-39.
  • Stahl, B. C. (July 01, 2004). Responsibility for Information Assurance and Privacy: A Problem of Individual Ethics?. Journal of Organizational and End User Computing, 16, 3, 59-77.
  • Optimizing information security and advancing privacy assurance; new technologies.(Brief article)(Book review). (January 01, 2012). Reference & Research Book News.


  • ICT-EurAsia (Conference), & Mustofa, K. (2013). Information and communication technology: International Conference, ICT-EurAsia 2013, Yogyakarta, Indonesia, March 25-29, 2013. Proceedings. Berlin: Springer.
  • Kizza, J. M. (2013). Guide to computer network security. London: Springer.
  • International Conference on Network and System Security, Lopez, J., Huang, X., & Sandhu, R. (2013). Network and system security: 7th International Conference, NSS 2013, Madrid, Spain, June 3-4, 2013. Proceedings. Berlin: Springer.
  • CCSEIT 2013, Nagamalai, D., Kumar, A., & Annamalai, A. (2013). Advances in computational science, engineering and information technology: Proceedings of the Third International Conference on Computational Science, Engineering and Information Technology (CCSEIT-2013), KTO Karatay University, June 7-9, 2013, Konya,Turkey. Cham: Springer.
  • Gupta, J. N. D., & Sharma, S. K. (2009). Handbook of research on information security and assurance. Hershey, PA: Information Science Reference.
  • Knapp, K. J. (2009). Cyber-security and global information assurance: Threat analysis and response solutions. Hershey, Pa: Information Science Reference.
  • Bishop, M. (2003). Computer security: Art and science. Boston: Addison-Wesley.


Secure Use

General Security Policy: Cyber Ethics

Cyber Ethics 

General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)

ITSEC Definition 

General Procedures: Inference

Inference Definition 

General Procedures: Rainbow Series

Rainbow Series 

General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems

NSTISS Glossary 

General Countermeasures and Safeguards: Computer Law

Computer Law 

General Countermeasures and Safeguards: Computer Media

Computer Media 

General Countermeasures and Safeguards: Evaluate Security Testing Tools

Security Testing Tools 

Administrative Countermeasures/Safeguards: Control Management

Change Control 
Control Management 

Administrative Countermeasures/Safeguards: Privacy Act

Privacy Act of 1974 

Operations Policies/Procedures: Keystroke Monitoring

Keystroke Monitoring 

Operations Policies/Procedures: Disaster Recovery Planning

Disaster Recovery 


Policy and Procedures: Incident Response

Incident Response 

Policy and Procedures: Witness Interrogation

Witness Interrogation 

Operations Countermeasures/Safeguard: Computer Attacks

Computer Attacks 
Computer Virus Timeline 

Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams



Administrative Policies/Procedures: Approval to Operate

Approval to Operate 

Administrative Policies/Procedures: Configuration/Change Control

Change Control 

Administrative Policies/Procedures: Copyright Protection

Copyright Protection 

Administrative Policies/Procedures: Patch Management

Patch Management 

Administrative Policies/Procedures: Records Management

Records Management

Administrative Policies/Procedures: Wireless Use Policies

Wireless Use Policy 

Anomalies and Integrity

General Risk Management: Computer System Risk Management

Risk Management 

Access Control Safeguards: Computer System Access Control

Access Control 

Access Control Safeguards: Protected Distribution Systems

Protected Distribution System 

Access Control Safeguards: Information Systems Access Restrictions

Access Restrictions 


Access Control Mechanisms: KMI Applications

Key Management 

Access Control Mechanisms: Single Sign-on

Single Sign On 

IA Sites