Skip to main content
CPE
459
Information Security
The goal of this course is to provide students with the necessary background needed in order to understand the different aspects of information security today. The course will give a broad overview of the essential ideas as well as the methods needed for providing and evaluating security in information processing systems (operating systems and applications, networks, protocols, etc.). The syllabus will cover foundational technical concepts (basic cryptology, access control principles, operating systems and database security, network security, etc.) as well as managerial (incident and risk management, business continuity, etc.) and policy ones.
Prerequisites:
0612453
0612459
(3-0-3)

Credits and Contact Hours

3 credits, 43 hours

Course Instructor Name

Prof. Anastasios Dimitriou

Textbook

Security in Computing by Charles P. Pfleeger, Shari L. Pfleeger, and Lizzie Coles-Kemp, 6th Edition. Addison-Wesley, 2023.

Reference Text

Fundamentals of Information Systems Security by David Kim and Michael G. Solomon, 4th Edition, Jones & Bartlett Learning, 2021.

Catalog Description

The goal of this course is to provide students with the necessary background needed in order to understand the different aspects of information security today. The course will give a broad overview of the essential ideas as well as the methods needed for providing and evaluating security in information processing systems (operating systems and applications, networks, protocols, etc.). The syllabus will cover foundational technical concepts (basic cryptology, access control principles, operating systems and database security, network security, etc.) as well as managerial (incident and risk management, business continuity, etc.) and policy ones.

Prerequisite

CpE-453

Specific Goals for the Course

Upon successful completion of this course, students will be able to:

Identify security's importance in an increasingly computer and information driven world.

Understand basic cryptographic primitives and their use in building secure applications. (Student outcome: 2)

Understand access control principles and authentication. (Student outcome: 2)

Describe common security policies and models for confidentiality and integrity. (Student outcome: 2)

Obtain an understanding of network security and web security. Attacks and countermeasures. (Student outcome: 2)

Become acquainted with software security: vulnerabilities and protections, malware. (Student outcome: 2)

Understand the use of risk management to plan, implement, and administer security programs and processes. (Student outcome: 2)

Describe the legal, ethical, and regulatory issues that shape information security. (Student outcome: 2)

Topics to Be Covered

An overview of information security: confidentiality, integrity, and availability

Security policies: Confidentiality (BLP model) and Integrity policies (Biba model)

Authentication, access control and cryptography

Software security: vulnerabilities and protections, malware, program analysis

Network Security: TCP/IP security issues, TLS/SSL, Network Intrusion detection and prevention systems, Firewalls

Web Security: User authentication, Cross Site Scripting, Cross Site Request Forgery

Managing information security: the business perspective

Legal and Ethical Issues: Cybercrime, Intellectual property, Hacking and intrusion, Privacy, identity theft.

Advanced topics (Internet of Things, Privacy and Anonymity, Cyber warfare, etc.) as time permits.