CISc 230 - Computer and Network
Security
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Professor | Academic Center | Office Hours | Office Phone | |
| Dr. Joseph E. Cannon | Room 1334 | See Below |
717.901.5119 |
Dr. Cannon |
Please note that this is a dynamic
document!
Changes will be announced in class and
posted on the course's web page
on Moodle as required.
Dr. Cannon's Home Page
COURSE OVERVIEW
This course will cover the essential issues in computer (digital) and network security. Topics include: viruses, Internet worms, computer crime, web server security, denial of service attacks, authentication protocols, firewalls, Trojan horses, intrusion detection, data encryption methods, public key cryptography (RSA, DES), email viruses, attachments, spyware, digital homeland security, and issues in wireless technologies and mobile computing. The student will be expected to develop a significant programming project in this area. This course is taught using an Object Oriented Programming Language. This course includes an interactive programming component.
This course is designed to
make all students aware of the full spectrum of threats and
vulnerabilities in information systems. Each student will become
skilled at protecting data, information and the means of processing
data. The student will recognize that Information Assurance
is more than technical solutions and that Information Assurance is
a defense in depth that balances Technology, Policy and Practice, and
Awareness, Training and Education. Also, each student will come to
understand that
network security is a complicated subject,
that historically was only tackled by well-trained and experienced
experts.
However, as more and more people become wired, an
increasing number of people need to understand the basics of security
in
a networked world. This course was developed with the basic
computer user and information systems manager in mind and
explains the
concepts needed to understand Computer and Network Security.
The course will go on to consider risk management, network threats,
firewalls, and more special-purpose secure networking devices.
The class will explore these topics through in-class
presentations/exercises, discussions, readings (from both text and on-line
sources), exercises (both individual and group-based), and a variety of
graded assignments and tests. As part of this course we
will
explore the major organizations, government institutions and private
sector industries and educational programs connected with our major
topics.
Back
to Syllabus Contents Back
to Top of Page
COURSE OBJECTIVES
- At the conclusion of this course, students should be able to:
- Define and apply the five dimensions of information security namely; organizational security, general public security, socio-political security, computer ethical security and institutional education security.
- Describe how to determine the value of the information
assets of an organization. Implement security procedures
and management policies that have users and managers estimate the cost of replacing the information assets and the cost incurred while the information assets are unavailable. - Determine how do you backup the total data of an
organization? For example, how do you keep an archive copy
of all of an organization's e-mail while protecting the privacy of the users.
- Understand the principles of Cryptography
and the use public and private keys for encryption/decryption of data.
As well as the keys used for authentication of individuals as they access a computer over a network (or can identify someone who is being accessed) and to create digital signatures used to sign documents.- Discuss the dual nature of Network Security Protocols
and how these network protocols either add security to well known protocols or provide a basic security service which is a general authentication service.- Define
Computer Security Engineering and apply this systematic approach to information security.
Note to students with disabilities: It is Harrisburg University's policy not to discriminate against qualified students with documented disabilities. It is also your instructor's policy to try and help students learn by whatever reasonable means necessary. If you have a disability related need that requires a modification in your testing situation, please notify your instructor a week before the first test or quiz so that your need can be accommodated. You may be asked to present documentation that describes the nature of your disability and the recommended remedy.
Back
to Syllabus Contents Back
to Top of Page
HU CORE COMPETENCIES
- At the conclusion of this course a student will have met the following core competencies that reflect HU's mission:
- Critical Thinking and Problem Solving skills are demonstrated by the
student’s ability to:
― Identify and clarify the problem,
― Gather information,
― Evaluate the evidence,
― Consider alternative solutions,
― Choose and implement the best alternative.
- Communication - The core communication skills are demonstrated by the
student’s ability to:
― Express ideas and facts to others effectively in a variety of formats, particularly written, oral, and visual formats,
― Communicate effectively by making use of information resources and technology.
- Teamwork and Collaboration - The students will be working with others to
increase involvement in learning and by sharing
one's own ideas and responding to others' reactions to sharpen thinking and
deepen understanding.
- Information Technology - The students will be making effective use of the .NET
information resources and technology.
Back
to Syllabus Contents Back
to Top of Page
TEXTBOOK and REFERENCES
- Conklin, W. A.,and White, G., Principles of Computer Security:
CompTIA Security+ and Beyond,
ISBN 978-0-07-178616-4, McGraw-Hill, 2012.
http://www.PrinciplesSecurity3e.com - References:
― Andrews, L., I know who you are and I saw what you did, ISBN 978-1-4516-5051-8, Free Press, 2011.
― Bishop, M., Introduction to Computer Security, ISBN 0-321-24744-2, Addison Wesley, 2004.
― Whittaker, J. A. and Thompson, H. H., How to Break Software Security, ISBN 0-321-19433-0, Addison Wesley,
2004.
― Whitman, M. E. and Mattord H. J., Principles of Information Security, 3rd Edition, ISBN-13 1-4239-0177-0,
Thomson, Course Technology, 2009.
― Whitman, M. E. and Mattord H. J., Readings and Cases in Management of Information Security, ISBN
0-619-21627-1, Thomson, Course Technology, 2006.
― (P) Papers and online references will be made available to supplement the text.
Back
to Syllabus Contents Back
to Top of Page
STATEMENT ON ACADEMIC INTEGRITY
According to the University's Student Handbook: Academic integrity is the pursuit of scholarly activity free from fraud and deception, and is the educational objective of this institution. Academic dishonesty includes, but is not limited to cheating, plagiarism, fabrication of information or citations, facilitating acts of academic dishonesty by others, unauthorized possession of examinations, submitting work of another person, or work previously used without informing the instructor, or tampering with the academic work of other students. Any violation of academic integrity will be thoroughly investigated, and where warranted, punitive action will be taken.
Students should be aware that standards for documentation and intellectual contribution may depend on the course content and method of teaching, and should consult the instructor for guidance in this area.
Honor Code - We as members of Harrisburg University community pledge not to cheat, plagiarize, steal, or lie in maters related to academic work. As a Community of Learners, we honor and uphold the HU Honor Code.
Back
to Syllabus Contents Back
to Top of Page
GRADING
Your grade is based on 500 possible points. You earn points with each assignment, exam, lab, and quiz as shown below.
A:
465 to 500; A-: 450 to 464; B+: 435 to
449; B: 415 to 434; B-: 400 to 414; C+:
385 to 399;
C: 365 to 384; C-: 350 to 364; D:
300 to 349; F: 0 to 299.
Research has
demonstrated that class attendance is a significant factor in student
success. Considerable
material will be covered during each class session and there will also be discussion of
assignments with handouts distributed. Therefore, class
attendance will be calculated into your participation grades.
PROJECTS AND EXAMS |
||
|---|---|---|
|
Activity |
Weight |
Due Date |
| Assignments/Presentations (Aggregated) | 250 Points | All Semester |
| Class Participation (Aggregated) | 50 Points | All Semester |
| Mid-Term Examination | 100 Points | 28-Feb-13 |
| Final Examination | 100 Points | 23-April-13 |
You earn your grade but it will be assigned by me. The criteria for each assignment will be discussed in detail, as well as the grading scheme. Each written assignment will be evaluated on how well it addresses the questions posed, the clarity of thinking, the organization and presentation of the material, the quality of writing, and its timeliness.
I urge all students to develop a web-based e-portfolio of their work and to keep copies of excellent assignments there as evidence of the quality of work that they are capable of producing.
Back
to Syllabus Contents Back
to Top of Page
PROBLEMS ARISE
Problems happen to people when they are least expected. If any problems arise that you expect could impact your work in CISc 230 -- PLEASE CONTACT ME AS SOON AS POSSIBLE! I want to see every student succeed -- but I can only help if I know as soon as possible!
Back
to Syllabus Contents Back
to Top of Page
TUTORING - PROBLEM SESSIONS (Office Hours):
| Dr. Joseph E. Cannon | ||
|
Day |
Hours |
Room |
| Monday |
11:00 am to 12:30 pm and 2:00 pm to 4:00 pm |
1334 |
| Wednesday |
11:00 am to 12:30 pm and 2:00 pm to 4:00 pm |
1334 |
| Friday | By Appointment Only | 1334 |
Back
to Syllabus Contents
Back
to Top of Page
PROJECT AND EXAM DESCRIPTIONS
There are written assignments, quizzes, a mid-term exam and a final exam. Please consult the schedule to see when the assignments are due and when the quizzes and exams are scheduled. You will receive written instructions for each assignment well in advance of the due date.
Here is a brief description of each:
Assignments/Presentations -
Each student is responsible for completing the
assignments in accordance with the specifications given by the
instructor.
There will be six (6) assignments/presentations, each worth a maximum of
fifty (50) points. Each student will present the results
of there assignments to the class. The lowest assignment grade will Class Participation - Each student
will be graded on his/her contribution to the class discussions
relating to assignments presented in class (50 points
maximum). Mid-term Examination - This examination will cover the class
material up to the midpoint of the semester (100 points). Final Examination - This will be a comprehensive examination
that covers all the course material (100 points).
be
dropped.
Back
to Syllabus Contents Back
to Top of Page
COURSE CONDUCT
- Classes will start on time and end as scheduled. Please take
your seat prior to the start of class.
- You will attend each class and actively participate in the
discussions during class. If you are uncomfortable with public
speaking, or if English is not your native language, please talk to
the instructor in the first two weeks of the course to establish ways
to make you more comfortable in speaking and interacting with other
students (your peers).
- For every hour of class time, I anticipate that you will need to
budget about 3 hours of out-of-class time. This implies that you
need to budget about 120 hours of out-of-class time over the course of
the semester. This time estimate is a guide and you may need
to budget more. For example, if the material is new to you
or difficult to comprehend, it will require more of your time.
- You are responsible for all the readings, even if the
material is not explicitly covered in class. You should read the
class materials prior to class and be prepared to discuss and ask
questions about the readings and assignments. You should also
re-read the material after class as not every topic will be covered
during class time. Many passages in the text may need to be read
several times to gain clarity. Also, taking notes on the
material you are reading and reflecting on the reading and these notes
will help you better understand the issues, concepts and techniques
that are being presented.
- All work must be completed and turned in on or before the assigned
date. No late work will be accepted. Late means
after the class has begun. Note that a computer's failure is not
an excuse (it represents poor planning on your part).
- All work must be done using a word processor. Carefully
proofread your work since mistakes which include spelling errors,
grammatical errors, and typos will affect your grade.
- Your work should be properly referenced and adhere to standards of
both academic integrity and proper form. Generally, I prefer the
APA style (see http://www.apa.org/).
- All class credit-related electronic mail must be done using
Harrisburg's electronic mail service and the student's assigned
Harrisburg University ID. Students are welcome to use Yahoo
mail, Hotmail or any other service for their private non-class-related
use. By 'credit-related' I mean all work to be evaluated for
credit. Any work submitted through a different mail system will
not be accepted.
NOTE: If you use a friend's computer - be sure to change the identity information so that the work comes through YOUR account! Work will not be accepted if it does not come from the student's Harrisburg University account.
- When individual work is assigned it should be done by you,
alone.
- Students who participate in University-sanctioned events (such as athletics) must make prior arrangements and give the instructor ample notice. Missing class for practice is not advised.
A few rules will help us to get the most of our investment in CISc
230:
Back
to Syllabus Contents Back
to Top of Page
CLASS SCHEDULE
This list represents the initial plan for CISc 230. Please note that it is merely a *plan*. Actual dates may change due to weather, illness or other unforeseen problems. Please use this as a guide.
Plan last updated: 8-January-2013
(Note that all changes/updates to this plan will be maintained on Moodle)
Note in the 'readings' section, this is when the related material should have been read. I will not use class lectures to cover everything contained in the text or other readings. Please let me know if you do not understand something that is covered in the text or in any other required reading!
| Week |
Date |
In Class | Readings |
Due |
|
1 |
8-Jan-13 |
Introduction to Security |
Chapter 1 | |
|
2 |
15-Jan-13 |
Need for Security |
Chapter 2 | |
|
3 |
Security Issues |
Chapter 3 | Assignment 1 | |
|
4 |
29-Jan-13 |
Risk Management |
Chapter 4 | |
|
5 |
5-Feb-13 |
Chapter 5 | Assignment 2 | |
|
6 |
12-Feb-13 |
Firewalls and VPNs |
Chapter 6 | |
|
7 |
19-Feb-13 |
Access Control | Chapter 7 | Assignment 3 |
| 8 |
26-Feb-13 |
Review - Chapters 1 to 7 | Midterm Exam - Feb. 28, 2013 | |
| 9 | 5-March-13 | Cryptography | Chapter 8 | |
| 10 | 12-March-13 | No Classes - Spring Recess | ||
| 11 | 19-March-13 |
Physical Security |
Chapter 9 | Assignment 4 |
| 12 | 26-March-13 | Implementation | Chapter 10 | |
| 13 | 2-April-13 | Security and Personnel | Chapter 11 | Assignment 5 |
| 14 | 9-April-13 | Information Security Maintenance | Chapter 12 | |
| 15 |
16-April-13 |
Class Presentations Review - Chapters 7 to 12 |
Chapter 16 | Assignment 6 |
| The Final Examination will be on Tuesday, April 23, 2013. | ||||
|---|---|---|---|---|
Back
to Syllabus Contents Back
to Top of Page