UNIVERSITY OF TECHNOLOGY, JAMAICA
SYLLABUS OUTLINE
FACULTY: Faculty of Engineering and Computing (FENC)
SCHOOL: School of Computing and Information Technology (SCIT)
COURSE OF STUDY: Bachelor of Science in Computing
LEVEL: Three (3)
MODULE TITLE: COMPUTER SECURITY
MODULE CODE: CIT4020
DURATION: 45 Hours
CREDIT VALUE: Three (3)
PREREQUISITES: Operating Systems (CIT3002), Database Design (CMP 2018)
1.0 MODULE DESCRIPTION
This module is aimed at providing students with a historical context by describing how computer security has evolved from its inception to the present. The module will also highlight the various threats to computer systems and the security design principles and techniques that have been developed to address these threats.
2.0 MODULE OBJECTIVES/LEARNING OUTCOMES At the end of this module students should:
I. Appraise appropriate security measures for different computer threats II. Analyze computer system flaws
III. Apply techniques and principles acquired to different aspects of applications and computer systems
3.0 MODULE CONTENT AND CONTEXT
UNIT 1 Introduction to Computer Security
(6 Hours: 2 Hrs Lecture, 2 Hrs Tutorial, 2Hrs Lab) Upon completion of this unit the student should be able to:
1.1 Assess aspects of computer security
1.2 Evaluate the types of computer threats, vulnerabilities and risks 1.3 Assess the goals of secure computing
Content
Definition of Computer Security Computer Security Organizations
Computer Security threats, vulnerabilities and Risks o Definition of threat, vulnerability and risk o Types of threats, vulnerabilities and risks o Ways in which threats exploit vulnerabilities Security Goals
o Assets and their potential damage Security Assumptions
o Physical/site security o Operational security o Personal security o Network security
o Data security and cryptographic assumptions
UNIT 2 Authorization & Authentication (12 Hours: 4 Hrs Lecture, 4 Hrs Tutorial, 4Hrs Lab)
Upon completion of this unit the student should be able to:
2.1 Outline the different types of access control methods and access control policies 2.2 Differentiate between cryptographic algorithms
2.3 Calculate simple encryption code
2.4 Distinguish between authorization and authentication 2.5 Justify the importance of authentication tools
Content
Access Control
o Types of Access Control
Discretionary Access Control (DAC) Access control policies and matrices
Implementation of Access Control Lists and capabilities
Mandatory Access Control (MAC)
Centralized & Decentralized Access Control
Attribute Based Access Control and Role Based Access Control (ABAC & RBAC)
o Access Control Policies
Bell-LaPadula
Clark-Wilson
Chinese Wall
Biba
Cryptography
o Cryptography Basics
o Computer Cryptographic Algorithms o Symmetric and Asymmetric Encryption o Encryption standards
o Key Management o Digital Signatures o Hash Algorithms
o Public Key Infrastructure (PKI) and Public Key Algorithms Authorization and Authentication
o Definition of authorization and authentication o Identification Techniques
UNIT 3 Database Security
(3 Hours: 1 Hrs Lecture, 1 Hrs Tutorial, 1 Hrs Lab)
Upon completion of this unit the student should be able to:
3.1 Examine the components of a database 3.2 Outline the advantages of using databases 3.3 Justify the need for securing databases
3.4 Evaluate the different methods and tools to secure databases 3.5 Illustrate with a diagram a trusted front-end
Content
Integrity Constraints
Multiphase commit protocols Database security attacks
Database security attack controls and preventions Multilevel security
UNIT 4 Program and Operating System Security
(6 Hours: 2 Hrs Lecture, 2 Hrs Tutorial, 2Hrs Lab)
Upon completion of this unit the student should be able to:
4.1 Examine the different types of program and operating system vulnerabilities
4.2 Examine the different types of malicious code and their effects on programs and operating systems
4.3 Outline the security properties in operating systems 4.4 Analyze the differences between segmentation and paging
4.5 Justify the importance of user authentication in operating systems
Content
Types of malicious code
Methods of malicious code protection Methods of operating system protection
o Protecting Memory and Addressing o File Protection
o User Authentication Trusted Systems
o Designing Trusted Systems o Assurance in Trusted Systems
UNIT 5
Network Security
(6 Hours: 2 Hrs Lecture, 2 Hrs Tutorial, 2Hrs Lab)
Upon completion of this unit the student should be able to:
5.1 Examine the differences between the types of networks 5.2 Outline the advantages of having networks
5.3 Illustrate with a diagram the ISO OSI network model 5.4 Analyze the different threats found in a network 5.5 Determine solutions to different network threats
5.6 Justify the importance of the management of security in networks
Content
Threats in Network
o Encryption (Link and End-to-End Encryption) o Access Control
Internet Protocol Security (IPSec) o Transport and Tunnel Models Privacy enhanced mail
Distributed System Authentication Virtual Private Network (VPN)
UNIT 6
Web Security
(6 Hours: 2 Hrs Lecture, 2 Hrs Tutorial, 2Hrs Lab)
Upon completion of this unit the student should be able to:
6.1 Examine the different types of web security vulnerabilities 6.2 Analyze the different types of web attacks
6.3 Determine ways to protect web enabled devices from malicious attacks 6.4 Justify the importance of securing the web
Content
Web Security Threats Secure Socket Layer (SSL)
Simple Network Management Protocol (SNMP) Wireless Security
Client side certifications
Applet security model
UNIT 7 Firewalls & Risk Analysis
(6 Hours: 2 Hrs Lecture, 2 Hrs Tutorial, 2Hrs Lab)
Upon completion of this unit the student should be able to:
7.1 Examine the different types of firewall
7.2 Compare different implementations of firewalls
7.3 Illustrate with a diagram single hop and double hop firewalls 7.4 Justify the importance of having a firewall
7.5 Design a security plan
7.6 Justify the importance of risk analysis and disaster recovery
Contents
Firewall Types Firewall Architecture
o Design of Firewall o Firewall Configurations Firewall Usage
Intrusion Detection Systems Intrusion Prevention Systems Honey pots
Attack Signatures Vulnerability Scanners
Risk Analysis, Risk Management and Disaster Recovery
4.0 LEARNING AND TEACHING APPROACHES Each unit will be covered using a combination of:
Lectures which will provide coverage of the concepts and influence understanding Case studies to provide students with a chance to conduct reviews and analysis of
current issues in information Security
Unsupervised lab exercises to help promote independent work and collaboration
5.0 ASSESSMENT PROCEDURES
Assessment Unit Coverage / Purpose Weighting (%)
Research Assignment Security Policy Planning- To increase and assess understanding of security policy planning
20
Test To test understanding of
areas covered mid-way through the syllabus
20
Lab Exercises To help promote hands-on coverage of areas in the syllabus
5
Group Lab Project To asses knowledge and hands-on coverage of areas throughout the syllabus
15
Final Examination To test understanding of areas covered throughout the entire syllabus
40
6.0 BREAKDOWN OF HOURS Lectures 15 hours Tutorials 15 hours Supervised Labs 15 hours Unsupervised Labs 30 hours
7.0 TEXTBOOKS AND REFERENCES
Required: Security in Computing by Charles P. Pfleeger and Shari Lawrence Pfleeger, Latest Edition, Prentice Hall
Recommended: Computer Security Fundamentals by Chuck Easttom, Latest Edition, Prentice Hall
Corporate Computer Security by Randall J. Boyle and Raymond R. Panko, Latest Edition, Prentice Hall
8.0 NAME OF SYLLABUS WRITER/ DEVELOPER Written by: Dr. Janett Williams
Revised by: Mr. Sean Thorpe Revised by: Mr. Ryan Meeks
9.0 DATE OF PRESENTATION OR REVISION Revision: July 2002
Revision: October 25, 2012 Presentation: November 7, 2012
10.0 DATE OF ACCEPTANCE
PROGRAMME DIRECTOR: __________________________________
