Soran University
Faculty of Science and Engineering Computer Science Department
Information Security Module Specification 1. Module Title – Information Security
2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader – Safwan M. 5. Teaching Semester – 7 and 8
6. Credit Rating for the module - 4 Credits 7. Prerequisites and co-requisites
Information Security 8. Module Summary
This course will cover many aspects of computer security including cryptography, network security, application security, and web security. Traditional topics such as buffer overflows, intrusion detection, packet analysis, and malware will be discussed. We will also delve into unorthodox topics including privacy, incident handling, forensics and anti-forensics, legal issues, and security in emerging technologies. This is largely a hands-on course where students will play both offense and defense.
9. Module Aims
This course unit is aimed at introducing the technologies and practices that can be used to secure information, computer systems and networks. The course will cover security threats and vulnerabilities, principles of
cryptography, and practical topics in network and Internet security.
10. Learning Outcomes
By the end of this course, students will be able to:
a. State the basic concepts in information security, including security policies, security models, and security mechanisms.
b. Explain concepts related to applied cryptography, including plain-text, cipher-text, the four techniques for crypto-analysis, symmetric
operations.
c. Explain the concepts of malicious code, including virus, Trojan horse, and worms.
d. Explain common vulnerabilities in computer programs, including buffer overflow vulnerabilities, time-of-check to time-of-use flaws, incomplete mediation. Outline the requirements and mechanisms for identification and authentication.
e. Explain issues about password authentication, including dictionary attacks (password guessing attacks), password management policies, and one-time password mechanisms.
f. Discuss network fundamentals and security, including: network topologies, protocols, address conservation, naming, network services, and network threats and countermeasures.
Explain the requirements for trusted operating systems, and describe the independent evaluation, including evaluation criteria and
evaluation process.
g. Describe security requirements for database security, and describe techniques for ensuring database reliability and integrity, secrecy, inference control, and multi-level databases.
h. Describe threats to networks, and explain techniques for ensuring network security, including encryption, authentication, firewalls, and intrusion detection.
i. Explain the requirements and techniques for security management, including security policies, risk analysis, and physical threats and controls.
11. Syllabus
Week 1- Introduction (1 lecture)
Basic concepts: threats, vulnerabilities, controls; risk; confidentiality, integrity, availability; security policies, security mechanisms;
assurance; prevention, detection, deterrence Week 2- Basic cryptography (1 lecture)
Introduction to cryptography, Secret key cryptosystems, Basic cryptographic terms, historical background, symmetric crypto primitives, modes of operation,
Week 3-4 Cryptography Techniques/Systems (2 lectures)
Encryption systems, transposition systems, substitution systems Week 5 First Exam
Week 6 -8 Cryptography Algorithms (3 lectures)
Week 9 Network Security (1 lecture)
Network Security Definition, Network threats, Eavesdropping, Modification
Week 10-11 Network Security II (2 lectures) Firewalls, Intrusion Detection, Secure e-mail Week12 Second Exam
Week 13-14 Network Tool analyzer (2 lectures) Week 15 – Authentication (1 lecture)
Identification and authentication, Passwords, Biometrics
Week 16 - One-time passwords and challenge response schemes, Kerberos
Week 17 Third Exam
Week 18 - Kerberos, SSL, SSH (1 lecture)
Week 19-20 Security in conventional operating systems (2 lectures) Memory, time, file, object protection requirements and techniques Protection in contemporary operating systems
Week 21-22 Database management systems security (2 lectures) Database integrity, Database secrecy, Inference control, Multilevel databases
Week 23 Forth Exam
Week 24-25 Management of security (2 lectures)
Security policies, Risk analysis, Physical threats and controls Week 26 Miscellaneous (1 lecture)
Legal aspects of security, Privacy and ethics Week 27-28 Ethical Hacking (1 lecture)
Ethical hacking process, Hacking Methodology , Scanning Systems Week 29 Fifth Exam
Week 30 Web Applications security (1 lecture)
Web applications Vulnerabilities , Choosing tools , Insecure Login Mechanisms , Input Filtering , URL filter Bypassing
12. Assessment Strategy
For this course, the instructor will utilize a variety of evaluation tools to measure how well the students are achieving the learning objectives. The table below contains a summary of the components of the final grade. Each element is described in more detail.
Item Percentage
Quizzes 5
Labs 5
Report/Projects 10
Exam Theory 20
Final Exam Practical 20 Theoretical 40 Quizzes/Labs
Quizzes will be given throughout the semester, at a rate of approximately One per chapter. Quizzes will always cover the material covered since the last Quiz or Exam. The quizzes will be combinations of objective and short-answer questions.
Report/Project
An 8-10 page (2500-3000 words) paper covering a topic chosen by the student will be due on April 23rd. One paragraph describing the topic will be due to the instructors the week of March 5. The paper should examine a topic in a unique and analytic way, rather than provide a summary of the particular field of study. The paper will be graded on both the quality of writing and analysis.
Exams:
There will be five (5) non-cumulative examinations and a final exam. The content will come from the text and other material presented in lecture sessions as well as labs. Note that material presented in class and in lab will supplement the assigned reading. Therefore, class attendance and good note taking are essential tactics for success
13. Learning Session Structure
Every week we have a 1 hour lecture followed by 30 minute tutorial, and 1 ½ hour practical workshop in a computer lab.
15. Learning and Teaching Methods 16. Text Books
Required:
