IA Course CPSC 4660:

System Vulnerability Analysis and Auditing

Course Description

The course covers the assessment of systems to discover resources that are susceptible to damage if intrusions and unauthorized access occur. The analysis of system vulnerability, identification of security deficiencies, security measurement, effectiveness and adequacy, and estimation of vulnerability of system resources to potential disaster hazards of unknown origin are also covered. Prerequisites: CPSC 160, 375, and 426 or 444 with grades of C or better.


    Matt Bishop, Introduction to Computer Security, Edition 1, Addison- Wiley, ISBN: 0-321-24744-2

Syllabus: Here

Lecture Notes 

Lecture 1: An Overview of Computer Security;     The Need for Security
Lecture 2. Access Control Matrix
Lecture 3. Security Policies
Lecture 4. Confidentiality Policies
Lecture 5. Integrity Policies
Lecture 6. Hybrid Policies
Lecture 7. Basic Cryptography
Lecture 8. Authentication
Lecture 9. Vulnerability Analysis
Lecture 10. Auditing
Lecture 11. Intrusion Detection
Lecture 12. Network Security, Introduction to Network; Network Protocol

Lab Manual and Exercises

Randy Weaver, Guide to Network Defense and Countermeasures, Thomson course technology, ISBN: 1-4188-3679-6

More IA Study Materials: 


Secure Use

General Security Policy: Cyber Ethics

Cyber Ethics 

General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)

ITSEC Definition 

General Procedures: Inference

Inference Definition 

General Procedures: Rainbow Series

Rainbow Series 

General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems

NSTISS Glossary 

General Countermeasures and Safeguards: Computer Law

Computer Law 

General Countermeasures and Safeguards: Computer Media

Computer Media 

General Countermeasures and Safeguards: Evaluate Security Testing Tools

Security Testing Tools 

Administrative Countermeasures/Safeguards: Control Management

Change Control 
Control Management 

Administrative Countermeasures/Safeguards: Privacy Act

Privacy Act of 1974 

Operations Policies/Procedures: Keystroke Monitoring

Keystroke Monitoring 

Operations Policies/Procedures: Disaster Recovery Planning

Disaster Recovery 


Policy and Procedures: Incident Response

Incident Response 

Policy and Procedures: Witness Interrogation

Witness Interrogation 

Operations Countermeasures/Safeguard: Computer Attacks

Computer Attacks 
Computer Virus Timeline 

Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams



Administrative Policies/Procedures: Approval to Operate

Approval to Operate 

Administrative Policies/Procedures: Configuration/Change Control

Change Control 

Administrative Policies/Procedures: Copyright Protection

Copyright Protection 

Administrative Policies/Procedures: Patch Management

Patch Management 

Administrative Policies/Procedures: Records Management

Records Management

Administrative Policies/Procedures: Wireless Use Policies

Wireless Use Policy 

Anomalies and Integrity

General Risk Management: Computer System Risk Management

Risk Management 

Access Control Safeguards: Computer System Access Control

Access Control 

Access Control Safeguards: Protected Distribution Systems

Protected Distribution System 

Access Control Safeguards: Information Systems Access Restrictions

Access Restrictions 


Access Control Mechanisms: KMI Applications

Key Management 

Access Control Mechanisms: Single Sign-on

Single Sign On 

IA Sites