68 - Information Security

This course provides a thorough study of the principles of operation for a computer system. It covers the principal subsystems of a computer, including the central processing unit (CPU), memory, input/output, and the communications bus. Number systems and various schemes for the digital representation of numbers are also discussed. Additional critical subjects covered include the principles of hierarchical computer organization, machine instruction sets, addressing modes, CISC vs RISC, input/output processing, and interrupt handling, as well as the application of many of these concepts to modern personal computers. The student will also gain insight into the boot process by installing multiple operating systems on a single PC.

This course provides an introduction to problem solving and algorithm design using C++ or Java. The following topics will be presented: program structure, data types, input/output, flow of control, sub-algorithms, and an introduction to classes.

This course provides a broad overview of the threats to the security of information systems, the responsibilities and basic tools for information security, and the levels of training and expertise needed in organizations to reach and maintain a state of acceptable security. Topics include an introduction to confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; and risk assessment.

This course will cover fundamental concepts, principles, and practical issues relevant to the design, analysis, and implementation of enterprise-level trusted networked information systems. Topics include networking and security architectures and techniques and the protocols defined at the various layers of the Internet model.

This course will present the concepts and principles of multiple user operating systems: memory, CPU, I/O device allocation, scheduling and security, memory hierarchies, performance evaluation, analytic models, simulation, concurrent programming and parallel processors. It will also discuss distributed computing principles, theory, implementations, and security; models of distributed systems, interprocess communications, distributed objects and remote invocation, coordination and agreement, distributed transactions, interoperability, and replication; component frameworks and middleware such as CORBA and DCE. Security problems in distributed application environments will be analyzed and solutions will be discussed.

Information security ultimately depends on identifying and applying available security features appropriately. This course discusses the development of a secure information infrastructure consisting of servers, networks, firewalls, workstations, and intrusion detection systems. It also covers principles and practice related to secure operation of existing distributed systems. Principles of penetration testing for assessment of system security are also addressed. This course will also cover network security management systems that gather and analyze information to identify possible security breaches. It includes intrusions (attacks from outside the organization) and misuse (attacks from within the organization). Students learn the use of vulnerability assessment and scanning technologies to determine the security of a network.

A hands-on survey of computer investigation tools used by cyber forensics specialists to trace the activity of intruders.

This course will present key cryptologic terms, concepts, and principles. Traditional cryptographic and cryptanalytic techniques are covered plus perspective on successes and failures in cryptologic history, including both single-key algorithms and double-key algorithms. Issues in network communications, network security, and security throughout the different layers of the OSI model for data communications will also be discussed in depth, as well as the use of cryptologic protocols to provide a variety of security services in a networked environment. Authentication, access control, non-repudiation, data integrity, and confidentiality issues will also be covered, plus key generation, control, distribution, and certification issues.

Legal and ethical issues are important concepts in this field. This course covers the following topics: policy implications of the use of computers and in particular of the security of computers in modern society; fundamentals of American law with particular regard to the legal aspects of the use of computers and of computer security; the organization and use of the American legal system; ethical challenges in a technological environment; identification of organizations and materials that can be of assistance in resolving or responding to policy, legal, and ethical issues; and social and public policy issues pertaining to the commercial development, availability, and marketing of both software and hardware for encryption.

This course covers the strategies, procedures and policies to manage and mitigate risk in information systems. It also covers risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. In addition to technical solutions, the course considers strategies and policies that will provide cost effective and highly secure systems.

This course is a hands-on case study course that will teach graduates how to implement an IT governance process in a company using the COBIT (Control Objectives for IT and related technology). This course will teach students how to align IT strategy with the business planning process; monitor and measure the IT internal controls to meet internal and external compliance legislation like Sarbanes-Oxley, and FTC (Federal Trade Commission requirements. Students will be introduced to planning and conducting an IT audit.

This course investigates fundamental assurance technologies that can be applied to interface specifications, architectures, and implementations of information security mechanisms. Formal security models are discussed and applied. Formal and semi-formal specification techniques are investigated and applied. Principles of testing are discussed and applied to demonstrative and vulnerability testing.

This course will describe the use of projects to support business objectives in modern organizations. Topics to be covered include the selection of projects, their initiation, implementation, control and termination. The roles of the project manager and project team members will be covered as well. We will cover the project management life cycle phases including scope, time, cost, human resources, quality, risk, and integration management.

This is a hands-on course that focuses on current strategies crackers use to attack Windows systems and how system administrators may counteract such attacks.

This is a hands-on course that focuses on current strategies crackers use to attack Linux systems and how system administrators may counteract such attacks.

This course discusses the design, deployment, management, and security of relational database systems. It presents best practices for protecting the integrity and privacy of data stored in online database systems.

This course explores the security of wireless data networks. It describes the standards that govern wireless communications and security, the physics of the various approaches to wireless data security, the attacks against wireless systems, and techniques for thwarting such attacks. The course discusses the various 80.11 technologies as well as cell phone, satellite, and Bluetooth approach.

This course presents best practices for writing code that is relatively impenetrable to attack. While it is impossible to write completely secure applications, it is possible to minimize the risk of exploitation by considering security issues at every stage of development. Some familiarity with a modern programming language is required.

This course provides the student with theory and experience associated with ethical hacking - the practice of using the same skills employed by hackers with malicious intent to improve organizational information security. The successful protection of digital assets of an organization requires solid understanding of such techniques used by hackers to be better prepared against those kinds of attacks. Ethical hacking also requires performing a risk analysis for the particular organization as well as identifying the data, network and policy vulnerabilities. Firewalls and intrusion detection systems are examined from an ethical hacking perspective with focus on protecting digital assets.

This course is an in-depth study of a given information system facility that analyzes and makes recommendations about the security of the facility to include an analysis of vulnerability and risk, a plan for security auditing, recommendations about possible use of trusted system technology and cryptography, and identification of the relevant regulatory, legal and ethical issues.

Information Security Certification.

Information Security Certification.

This is an advanced course that enables students to carry out independent study under the supervision of a faculty member.