Overview of Information Security
Course Composition and Objectives
- Understand the fundamental concepts and issues of information security
- Discuss the importance of information security, including current examples from at least two domains (e.g., government, public sector, etc.)
- Define and provide examples for key concepts including threats, vulnerabilities, and risks
- Explain fundamental security properties and requirements such as confidentiality, integrity, availability, accountability, authenticity, nonrepudiation and reliability
- Understand how data and networks are commonly protected
- Explain encryption, including relevant concepts, terminology, and different types of encryption
- Define cryptanalysis and provide examples for techniques to break cryptosystems and uncover the contents of encrypted messages
- Describe the difference between symmetric cryptosystems and asymmetric cryptosystems
- Describe the difference between classic and modern cryptographic protocols
- Explain how cryptography and related approaches (including non-cryptographic hash functions) can have different primary functions: confidentiality, integrity, or both at the same time
- Defend against unauthenticated and unauthorized access
- Define authentication
- Explain the strengths and weaknesses of passwords as the primary approach for knowledge based authentication; describe attacks on password systems and approaches to improve password security
- Explain an example each for ownership-based authentication (e.g., smart cards) and biometrics (e.g., fingerprints), and provide examples for at least two alternative authentication approaches to password for authentication purposes (e.g., biometrics, one-time passwords, multi2-factor authentication, and/or captcha, one-time passwords etc.)
- Define authorization and explain fundamental building blocks to manage access to a resource (e.g., access control matrix, multilevel and multilateral security); discuss approaches to attack or circumvent authorization schemes such as covert channels
- Define access control, including examples of at least two currently practically relevant access control schemes.
- Understand foundational software security concepts to make software less vulnerable to attacks
- Explain why software security is important
- Define well-known software security threats and attack vectors (such as any of the following: buffer overflow, SQL injection, cross site scripting (XSS), etc.)
- Describe well-known software security countermeasures
- Instructors Choice: Instructors may choose topics and learning objectives that meet the spirit of the course as defined here. Instructors may choose to devote more time to the learning objectives listed above or to add additional, complementary objectives. Supplementary material and objectives should not overlap with the defined content of other courses in the curriculum.
SRA 221 focuses on an overview of information security. Students will learn the principles of information security, security architectures and models, aspects and methods of information security such as physical security control, operations security, access control, hacks/attacks/defense, systems and programs security, cryptography, network and web security, worms and viruses, and other Internet secure applications. Students will also learn how to plan and manage security, security policies, business continuity plans, disaster recovery plans, and social and legal issues of information security.
A major component of the course will be several hands-on exercises and a final team-based project. This course will incorporate collaborative and action learning experiences wherever appropriate. Emphases will be placed on developing and practicing writing and speaking skills through application of the concepts, theories and technologies that define the course.