CS406: Information Security

This course focuses on the fundamentals of information security that are used in protecting both the information present in computer storage as well as information traveling over computer networks. Interest in information security has been spurred by the pervasive use of computer-based applications such as information systems, databases, and the Internet. Information security has also emerged as a national goal in the United States and in other countries with national defense and homeland security implications. Information security is enabled through securing data, computers, and networks. In this course, we will look into such topics as fundamentals of information security, computer security technology and principles, access control mechanisms, cryptography algorithms, software security, physical security, and security management and risk assessment. By the end of this course, you will be able to describe major information security issues and trends, and advise an individual seeking to protect his or her data.

This unit provides an overview of information security. First, we look at the basic concepts of confidentiality, integrity, and availability as discussed in the National Institute of Standards and Technology (NIST) standard Federal Information Processing Standards (FIPS) 199. We will discuss threats, attacks, and assets in the overall context of a security management model. We will also learn about the challenges of information security and its overall scope.

Completing this unit should take you approximately 6 hours.

Encryption and decryption of data form the basis of information security. Cryptography is the science of encrypting data. In this unit, we will explore basic cryptography concepts and the purpose of cryptography. Also, we will look into the details of symmetric key encryption techniques. In particular, we will discuss the symmetric key algorithms called Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES). DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. Triple-DES is a variant of DES that employs up to three 56-bit keys and makes three encryption/decryption passes over the block. In 1997, NIST initiated a very public, four-and-a-half-year process to develop a new secure cryptosystem for U.S. government applications. The result, the Advanced Encryption Standard, became the official successor to DES in December 2001.

Completing this unit should take you approximately 7 hours.

In this unit, we explore basic cryptography concepts and look into the details of asymmetric key encryption techniques based on the concepts of a public-key. You will be able to compare and contrast public-key algorithms and symmetric algorithms discussed in Unit 2. In particular, we will discuss the public-key algorithms by Rivest, Shamir, and Adelman (RSA) and another algorithm by Diffie and Hellman.

Completing this unit should take you approximately 12 hours.

Access control is a system that enables an authority to control access to areas and resources in a given physical facility or computer-based information system. In this unit, we will explore the access control mechanisms for user authorization. By the means of access control, appropriate authorization to information is provided to different entities in an organization. The common mechanisms include discretionary access control (DAC) and role-based access control (RBAC). We look into each of these in the context of their current usage in a typical enterprise.

Completing this unit should take you approximately 7 hours.

In this unit, we explore some of the common solutions for security issues that are currently in use. For securing web-based applications such as e-Commerce, Secure Sockets Layer (SSL) is a commonly used solution to enable security of transactions. It makes use of public-key based encryption and symmetric encryption during the transaction to ensure security. We also look into a protocol called Internet Protocol Security (IPSec) to secure communications.

Completing this unit should take you approximately 5 hours.

In this unit, we will explore the use of security tools such as firewalls and intrusion prevention systems. Following a quick introduction to the concepts of intranet and extranet systems that are frequently used for information exchange by enterprises today, we will look into cryptographic concepts related to securing communication using firewalls. We will explore how firewalls work and will also study different types of intrusion detection systems including host-based and network-based systems.

Completing this unit should take you approximately 9 hours.

Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage. This unit explains the importance of physical security as a significant item in providing overall security. Without physical security, all other sophisticated techniques can become useless. Specifically, we will study the NASA physical security program, which is a result of extensive research on physical security. We will also look into different types of attacks that are possible in the context of physical security.

Completing this unit should take you approximately 7 hours.

In this unit, we will explore malicious software, also known as malware. We will also study common software security issues such as buffer overflow, used by several malware to exploit systems' vulnerability. At the end of the unit, we will learn how to use these malware and other security attacks to carry out information warfare.

Completing this unit should take you approximately 8 hours.

In this unit, we will explore risk management, which is the process of identifying vulnerabilities in an organization's information systems and taking appropriate steps to ensure confidentiality, integrity, and availability of various components of the information systems. Risk assessment is an essential element of risk management, and we will identify the steps of the risk assessment process using case studies for four different types of enterprises.

Completing this unit should take you approximately 13 hours.