CPSC 3600: Principles of Information Security and Assurance

Course Description     

This course focuses on information security, integrity and privacy techniques.  The topics include the nature and challenges of computer security, the relationship between policy and security, the role and application of cryptography, the mechanisms used to implement policies, the methodologies and technologies for assurance and vulnerability analysis and intrusion detection. Prerequisites: CPSC 160 with a grade of C or better.



Michael E. Whitman and Herbet J. Mattord, Principles of Information Security, Edition 2, Thomson, Course Technology, ISBN 0-619-21625-5.


Course Objectives

This course shows the importance of theory to practice and practice to theory. Certain key concepts underlie all of computer security, and that the study of all parts of computer security enriches the understanding of all parts. And understanding the theory underlying those applications is critical to understanding the applications of security-related technologies and methodologies. 


Lecture Notes

Lecture 1: Introduction to Information Security

Lecture 2: The Need for Security

Lecture 3: Legal, Ethical and Professional Issues in Information Security

Lecture 4: Risk Management,

Supplemental Materials of Lecture 4: Information Classification Whitepaper, Guidance on Information Classification, Group Discussion Instruction

Lecture 5: Planning for Security

Lecture 6: Security Technology: Firewalls and VPNs

Lecture 7: Security Technology: Intrusion Detection, Access Control and Other Technologies

Lecture 8: Cryptography

Lecture 9: Physical Security

Lecture 10: Implementing Information Security

Lecture 11: Security and Personnel

Lecture 12: Information Security Maintenance



Project 1: Malicious Code Management and Hoaxes

Project 2: Risk Management

Project 3: Firewalls

Project 4: Symmetric & Asymmetric Encryption, RSA, DES