CYB 5272 Computer and Information Security

Lecture: Introduction & Overview

Lecture: Cryptography

Outcomes

• Understand the goals of computer security
• Explain the difference between security threats, vulnerabilities and attacks
• Understand the three aspects of secure computing: confidentiality, integrity and availability
• Summarize controls available to address security threats
• Recognize common terms used in cryptography
• Understand the risks of relying on “security through obscurity”
• Understand what makes “good” encryption and what makes encryption “breakable”
• Describe the basic cryptographic techniques and explain how they impact cryptanalysis
• Compare symmetric encryption algorithms and asymmetric encryption approaches
• Describe other uses of cryptography

Lecture: Program Security

Outcomes

• Understand the “Secure System Design Principles” and recognize how good software design processes can lead to more secure systems
• Describe common software errors that can be exploited with malicious intent
• Describe the most common forms of malicious code and explain how they spread, how they infect hosts and how they can be detected
• Describe other types of malicious behaviors
• Describe controls that can be used to protect against program threats

Lecture: Operating System Security

Outcomes

• Describe common approaches for protecting memory and other resources
• Describe the common access control approaches
• Compare identification and authentication and describe common authentication methods
• Understand the benefits and risks of using password authentication
• Understand the benefits and risks of using biometric authentication

Lecture: Trusted Operating Systems

Outcomes

• Understand the difference between “secure” and “trusted” systems
• Explain how security policies and models can aid in designing trusted systems
• Compare mandatory access control and discretionary access control
• Recognize technologies that can be used to develop secure systems
• Recognize techniques used to provide assurance in trusted systems

Lecture: Privacy Issues

Lecture: Database Security

Outcomes

• Recognize the definitions, aspects and dimensions of privacy
• Understand the balance between privacy, identity and authentication
• Recall recent laws and regulations related to private information
• Compare the advantages and disadvantages of data mining with respect to privacy
• Recognize risks to privacy associated with on-line activity and recognize the impact that new technologies may have on privacy
• Recognize the most important aspects of database security
• Describe the two-phase update approach and explain how it supports database integrity and database recovery
• Understand the database consistency issues related to concurrent, multi-user access
• Recognize types of sensitive data and describe threats to the confidentiality and integrity of sensitive data

Lecture: Network Security

Outcomes

• Describe common threats to a network environment and explain why computers connected to a network are at greater risk
• Recognize specific threats to network protocols and applications that were not designed with security in mind and describe the risks of using insecure network protocols
• Describe common security controls available for networks
• Recognize the security benefits of firewalls, virtual private networks and intrusion detection systems
• Understand common security risks for users of wireless networks and mobile devices

Lecture: Administratio of Security

Lecture: Economics of Security

Outcomes

• Recognize the benefits of security planning, risk analysis, and security policies
• Describe the risk analysis process and recall the risk exposure calculation
• Compare the purpose of a security plan with the goals of security policies
• Recognize physical security threats and describe the risks that they present
• Recognize the difficulty of determining the economic value of security and describe factors that can be used to quantify security in a business setting
• Describe issues that impact the development of economic models for security and explain how corporate culture can affect economic decision-making

Lecture: Legal and Ethical Issues

Outcomes

• Compare protections for code and data, including copyrights, patents and trade secrets and recognize legal issues related to information and other computer artifacts
• Compare public domain and fair use of copyrighted materials
• Recognize why computer crimes are more difficult to prosecute than other types of crime
• Compare ethical and legal viewpoints with regard to on-line and other computer-related behaviors and actions