CSCI 490: Information Security Principles Syllabus – Summer 2015

Instructor

Aspen Olmsted
Course website : http://blogs.cofc.edu/olmsteda
Tel: 843.953.6600
Email: Please use aspen.olmsted@cs.cofc.edu with Subject = CSCI490
Office: Harbor Walk East 315

Class place and time

Classroom: Online Only
Catalog description

CSCI 490 Information Security Principles

This course will describe the basic principles of information systems security, including cryptography,
identifications and authentications, access control models and mechanisms, multilevel database security,
steganography, Internet security, and planning and administering security. The students will gain an
understanding of the threats to information resources and learn about counter measurements and their
limitations.

Course Outcomes

Module 1 – Introduction

This module introduces the students to the challenges of protecting electronic information and using the LabSim simulator.

Module 2 – Access Control and Identity Management

In this module students will learn concepts about controlling access to system resources. They will learn the access control models, terminology, best practices, tools, and remote and network considerations to controlling access.

Module 3 – Cryptography

This module teaches the students about cryptographic attacks and the tools to ensure data integrity. They will learn about hashing, symmetric and asymmetric encryption, and certificates. Methods of implementing cryptography are also presented.

Module 4 – Policies, Procedures, and Awareness

This module discusses security policies, procedures and security awareness. Students will learn security classification levels, documents, business continuity plans, risk management considerations, incident response, trusted computing, software development concerns, and management of employees.

Module 5 – Physical Security

This module examines the fundamentals of physically securing access to facilities and computer systems, protecting a computer system with proper environmental conditions and fire-suppression systems, and securing mobile devices and telephony transmissions.

Module 6 – Perimeter Defenses

In this module students will learn concepts about perimeter defenses to increase network security. Topics covered will include types of perimeter attacks, security zones and devices, configuring a DMZ, firewalls, NAT router, VPNs, protections against web threats, Network Access Protection (NAP) and security for wireless networks.

Module 7 – Network Defenses

This module discusses network device vulnerabilities and defenses, providing security for a router and switch, and implementing intrusion monitoring and prevention.

Module 8 – Host Defenses

In this module students will learn about the types of malware and how to protect against them, protecting against password attacks, recommendations for hardening a Windows system, configuring GPOs to enforce security, managing file system security, and procedures to increase network security of a Linux system.

Module 9 – Application Defenses

This module discusses basic concepts of securing web applications from attacks, fortifying the internet browser, securing e-mail from e-mail attacks, concerns about networking software, and security considerations when using a virtual machine.

Module 10 – Data Defenses

This module discusses the elements of securing data, such as, implementing redundancy through RAID, proper management of backups and restores, file encryption, implementing secure protocols, and cloud computing.

Module 11 – Assessments and Audits

This module examines tools that can be used to test and monitor the vulnerability of systems and logs that provide a system manager to track and audit a variety of events on a system.

Required text

We will use an electronic book by www.testout.com.  http://www.testout.com/home/it-certification-training/labsim-certification-training/security-pro.  I will give you a voucher in Oaks that allows you to buy this software for $89.

Grading scale

100-92 (A); 91-89 (A-); 88-86 (B+); 85-82 (B); 81-79 (B-); 78-76 (C+); 75-72 (C); 71-69 (C-); 68-62 (D); else (F)

Evaluation schedule

40% Quizzes and Simulation Labs
40% Final Exam
20% Programming Problems

 Simulation Labs

There will be many short (5-10 minute) video lectures followed up by a short reading and a simulation lab.  You are able to take the simulation multiple times and your last score will be the score for the grade book.

Quizzes

Each unit will have a exam or a set of exam.  You are able to take the quizzes multiple times and your last score will be the score for the grade book.

Final Exam

The final exam will be around 70 questions and the due date will be posted to Oaks.  There will be no late submissions accepted. Since the content is streamed to your personal computer you should plan to complete all the work by the deadline.

Programming Projects

Over the semester the student will build several attacks/defenses using iMacros or PHP.  The dropbox in Oaks has a specific due date for each weeks work.  Late submissions will not be accepted.

Course Community

Each unit and topic of the course will have an Oaks discussion groups.  Please do not post quiz and test answers to the discussion groups.

Disabilities

If you have a documented disability and are approved to receive accommodations through
SNAP Services, please contact me.

Student Honor Code

I expect you to abide by the Honor Code and the Student Handbook: A Guide to Civil and
Honorable Conduct. If you have a question about how to interpret the Honor Code, ask before
acting! I encourage collaboration, but you must document it. Thus, each student will submit
their own homework and, when collaborating, provide a reference to those people and
documents consulted.