Search
Purdue School of Engineering and Technology

Purdue School of Engineering and Technology

Information Security Fundamentals

CIT 20300 / 3 Cr.

This course provides students with an overview of the field of Information Security and Assurance.  Students will explore current encryption, hardware, software and managerial controls needed to operate networks and computer systems in a safe and secure manner.  In addition, students will participate in a semester project to re-enforce key concepts such as policy development and business contingency planning. 

Outcomes

Course Outcomes (What are these?)

  • Define Information Security (CIT a)
  • Recognize the business need for Information Security (CIT b)
  • Define key terms and concepts in Information Security (CIT a)
  • Identify & prioritize information assets (CIT b)
  • Identify & prioritize threats to information assets (CIT b)
  • Define risk management & risk control (CIT e)
  • Understand how risk is identified and assessed (CIT g)
  • Understand management's role in Information Security (CIT b)
  • Define an information security strategy and architecture (CIT a)
  • Plan for and respond to intruders in an information system (CIT b)
  • Describe legal and public relations implications of security and privacy issues (CIT e)
  • Explain the basic principles of cryptography (CIT b)
  • Create and present a disaster recovery plan for recovery of information assets after an incident (CIT g)

CIT Student Outcomes (What are these?)

(a) An ability to apply knowledge of computing and mathematics appropriate to the program’s student outcomes and to the discipline.

(b) An ability to analyze a problem, and identify and define the computing requirements appropriate to its solution. 

(e) An understanding of professional, ethical, legal, security and social issues and responsibilities.

(g) An ability to analyze the local and global impact of computing on individuals, organizations, and society.

Topics
  • General Security Concepts
  • Cryptology
  • Authentication in General Purpose Operating Systems
  • Security Kernel, Process, and Accounting Security
  • Rogue Programs
  • Steganography
  • Network Attacks
  • Email and World Wide Web Issues
  • Physical Security
  • Policy Development, Audit, and Incident Response
Principles of Undergraduate Learning (PULs)

1a.  Communicate effectively in a variety of formats, particularly written, oral, and visual formats.

1b.  Identify and propose solutions for problems using quantitative tools and reasoning.

1c.  Make effective use of information resources and technology.

2.  Critical Thinking

5.  Understanding Society and Culture

6.  Values and Ethics

What You Will Learn

General Security Concepts

  • Understand general types of threats
  • Understand how the goals of security apply to protecting assets
  • Identify the sources of security threats and the types of impact they can have
  • Understand the types of security countermeasures available and how they should be applied
  • Appreciate why policies based on security through obscurity eventually fail

Cryptography

  • Encrypt, decrypt, and break classical cryptography substitution and transposition messages
  • Understand how random numbers can be generated and used in cryptography
  • Understand the benefits and problems involved with block and stream cryptography systems
  • Understand what the characteristics common in good ciphers
  • Understand the mathematical components used by modern symmetric cryptography systems
  • Evaluate the strengths and weaknesses of modern symmetric cryptography systems
  • Appreciate the key distribution issues in modern symmetric and asymmetric cryptography systems
  • Understand the mathematical components used by modern asymmetric cryptography systems
  • Utilize asymmetric cryptography to exchange messages
  • Understand the benefits of digital signatures
  • Understand trust models and benefits of using Certificate Authorities

Authentication in General Purpose Operating Systems

  • Understand the purpose of identity and passwords
  • Identify the types of Social Engineering attacks used and how to minimize their effects
  • Understand how passwords are stored and broken in UNIX and Microsoft NT systems
  • Understand the strengths and weaknesses of biometric authentication
  • Understand the strengths and weaknesses of two factor authentication models

Access Control in General Purpose Operating Systems

  • Understand the purpose of the Reference Monitor
  • Apply file/directory attributes to protect data
  • Understand the relationship between object ownership and access control
  • Share resources via group membership
  • Compare the benefits and problems associated with Access Control Matrices and Individual Object Access Control Lists

Security Kernel, Process, and Accounting Security

  • Identify and define the purpose of each component in the Trusted Computer Base model
  • Understand the relationship between multimode operation and resource protection
  • Describe techniques used to protect system hardware components
  • Understand the relationship between ownership and process access to resources
  • Minimize the effects of buffer overflows during program development
  • Discuss the benefits and dangers of full disclosure bug lists
  • Audit resource access and usage

Rogue Programs

  • Identify type of malicious code that can be inserted by program developers
  • Describe how software engineering techniques can be used to find program code flaws and malicious code
  • Identify computer virus types and how they differ from each other
  • Describe methods used to detect and prevent virus and worm infections
  • Describe methods used to deploy and detect covert channels

Steganography

  • Understand historical methods used to hide messages
  • Identify modern techniques used to hide messages in electronic image formats
  • Describe how Water Marks provide copyright protection

Network Attacks

  • Capture information via passive attacks
  • Detect and prevent Denial of Service Attacks
  • Protect network services from vulnerabilities and trust-based exploits
  • Protect systems against TCP/IP protocol-based attacks
  • Understand purpose of firewall components
  • Develop firewall policies
  • Identify and discuss benefits and weaknesses of various firewall models
  • Identify methods to deploy intrusion detection systems
  • Discuss the purposes honeypots serve

Email and World Wide Web Issues

  • Detect forged email messages
  • Discuss issues concerning unsolicited commercial email
  • Describe the differences between email privacy and anonymity
  • Identify web browser security and privacy issues
  • Describe the benefits and problems with mobile code languages
  • Describe issues related to dynamic content web page deployment systems
  • Describe how the Secure Socket Layer protocol minimizes web communication vulnerabilities

Physical Security

  • Identify the environmental hazards that threaten computer systems and how they can be minimized
  • Describe how accidents can be minimized
  • Describe physical access control measures that can minimize the threats of vandalism and theft
  • Develop backup strategies to help recover from data loss
  • Protect unattended workstations from unauthorized use.

Policy Development, Audit, and Incident Response

  • Conduct a risk assessment and cost benefit analysis
  • Develop security policies and implementation plans
  • Conduct system and network audits
  • Respond to computer/network related security incidents