CPSC 3600: Principles of Information Security and Assurance

IA Course

Course Description:

(3) Credit Hours

This course focuses on information security, integrity and privacy techniques. Topics include the nature and challenges of computer security, the relationship between policy and security, the role and application of cryptography, the mechanisms used to implement policies, the methodologies and technologies for assurance and vulnerability analysis and intrusion detection. Prerequisite: CPSC 1100 with a minimum grade of C or department head approval. Supplementary course fee assessed.

Text:

Principles of Information Security 3^nd Edition, Whitman and Mattord, Thompson – Course Technology, ISBN: 970-1-4-2390177-0

Lecture Notes:

1. Introduction to Information Security

2. The Need for Security

3. Legal, Ethical, and Professional Issues in Information Security

4. Risk Management

5. Planning for Security

6. Security Technology: Firewalls and VPNs

7. Security Technology: Intrusion Detection, Access Control, and Other Security Tools

8. Cryptography

9. Physical security

10. Implementing Information Security

11. Security and Personnel

12. Information Security Maintenance

Hands-on Assignments:

• Assignment 1

• Assignment 2

• Assignment 3

• Assignment 4

• Assignment 5

• Assignment 6

• Assignment 7

• Assignment 8

• Assignment 9

• Assignment 10

• KLiWin

Syllabus

References

Article

• Information security and assurance; proceedings.(Brief Article)(Book Review). (January 01, 2008). Scitech Book News.
• Feds Get Straight D's For Information Security; The Cyber Security Industry Alliance issues its recommendations for improving information security for consumers, industry, and the government. (February 02, 2007). Information Week.
• White, G. L., Hewitt, B., & Kruck, S. E. (June 06, 2013). Incorporating Global Information Security and Assurance in I.S. Education. Journal of Information Systems Education, 24, 1, 11-16.

• Handbook of research on information security and assurance.(Brief article)(Book review). (January 01, 2008). Scitech Book News.
• Holzinger, A. (January 01, 2000). Information Security Management and Assurance. Information Systems Security, 9, 32-39.
• Stahl, B. C. (July 01, 2004). Responsibility for Information Assurance and Privacy: A Problem of Individual Ethics?. Journal of Organizational and End User Computing, 16, 3, 59-77.
• Optimizing information security and advancing privacy assurance; new technologies.(Brief article)(Book review). (January 01, 2012). Reference & Research Book News.

Book

• ICT-EurAsia (Conference), & Mustofa, K. (2013). Information and communication technology: International Conference, ICT-EurAsia 2013, Yogyakarta, Indonesia, March 25-29, 2013. Proceedings. Berlin: Springer.
• Kizza, J. M. (2013). Guide to computer network security. London: Springer.
• International Conference on Network and System Security, Lopez, J., Huang, X., & Sandhu, R. (2013). Network and system security: 7th International Conference, NSS 2013, Madrid, Spain, June 3-4, 2013. Proceedings. Berlin: Springer.
• CCSEIT 2013, Nagamalai, D., Kumar, A., & Annamalai, A. (2013). Advances in computational science, engineering and information technology: Proceedings of the Third International Conference on Computational Science, Engineering and Information Technology (CCSEIT-2013), KTO Karatay University, June 7-9, 2013, Konya,Turkey. Cham: Springer.
• Gupta, J. N. D., & Sharma, S. K. (2009). Handbook of research on information security and assurance. Hershey, PA: Information Science Reference.
• Knapp, K. J. (2009). Cyber-security and global information assurance: Threat analysis and response solutions. Hershey, Pa: Information Science Reference.
• Bishop, M. (2003). Computer security: Art and science. Boston: Addison-Wesley.

Resources

IA Sites

• National Security Agency, Central Security Service—Information Assurance
• Information Assurance Support Environment
• Information Design Assurance Red Team (IDART)
• National Institute of Standards and Technology (NIST) Computer Security Division
• NIST Computer Security Resource Clearinghouse
• National Telecommunications and Information Administration (NTIA)
• ICAT Metabase
• ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.
• National Vulnerability Database (NVD)
• STRATCOM
• ASD NII
• Defense Advanced Research Projects Agency (DARPA)
• Defense Information Systems Agency (DISA)
• Internet Traffic Report
  The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100 and is updated ever 15 minutes. Higher values indicate faster and more reliable connections.
• Electronic Privacy Information Center Home Page
  Public interest research center in Washington, D.C.
• Internet Privacy Coalition
• International Computer Security Association (ICSA)
  ICSA is known worldwide as an objective source for security assurance services.
• Glossary of Information Warfare Terms
• Cyberwar - Information warfare and psychological operations
  Provides information on the topics of propaganda analysis, online journals, index and metapages, general resources, intelligence agencies, and articles and documents.
• Reliable Software Technologies (RST): Information Warfare
• Forum of Incident Response and Security Teams (FIRST)
• FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
• International Association for Cryptologic Research (IACR)
  The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose primary purpose is to further research in cryptology and related fields.
• International Biometrics Industry Association (IBIA)
• Common Vulnerabilities and Exposures
• A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
• Institute for Applied Network Security (IANETSEC)
  The Institute for Applied Network Security is the premier membership organization for practicing information security professionals. The Institute's mission is to provide key technical and business insights to help members solve their most pressing professional challenges.
• Reliability Information Analysis Center (RIAC)
  Reliability Information Analysis Center (RIAC) : A Government and Industry focal point for Reliability, Maintainability, Quality, Supportability, and Interoperability related Engineering, Data, Software, Information, Training and Technical Assistance.