CS 6293: Information Security
IT 6823 Information Security Concepts
IT 4823 Information Security Concepts and Administration

Additional Description:
This course covers a variety of topics that will prepare those students who wish to develop a skill set in information security or who wish to enhance their current computer science expertise by gaining additional knowledge in the field of computing security. The topics will range from operating systems security, database security, program security, network security, wireless security, legal and ethical issues, access controls, cryptography and risk management. Students will also be instructed in how to design and create disaster recovery plans, computer policies and standards, system security architectures and physical security controls. Legal aspects of computer security will also be covered as will auditing in a secured environment and managing as a day-to-day security administrator. In-class project and assignments will focus upon critical thinking for security managers in mainframe, midrange and network environments as well as research assignments and basic policy creation. Reading and assignments will also provide additional insight to selected topics during the semester.

1. Create a sensitivity to the threats and vulnerabilities of personal, organizational, and national security information systems;
2. Establish a recognition of the need to protect data, information and the means of processing them;
3. Build a working knowledge of principles and practices in information security.
4. Design, execute, or evaluate personal or organizational security procedures and practices.
5. Understand the importance of information security and how it affects our changing world.
6. Identify the key areas of information security and how they work.
7. Learn how to critically analyze situations of computer use, identifying the issues, consequences and viewpoints.
8. Apply information security concepts and techniques while performing their tasks.

   As a part of your general education, this course will also help you to

9. Communicate (written and verbally) about a complex, technical topic simply and coherently.
10. Work and interact collaboratively in groups to examine, understand and explain key aspects of information security.

1. Introduction to Information Security
   • The risks involved in computing
   • The goals of secure computing: confidentiality, integrity, availability
   • The threats to security in computing: interception, interruption, modification, fabrication
   • Controls available to address these threats: encryption, programming controls, operating systems, network controls, administrative controls, law, and ethics
   • The common body of knowledge for information security
     • Access control systems and methodology
     • Telecommunications and network security
     • Security management practices
     • Application and systems development security
     • Cryptography
     • Security architecture and models
     • Operations security
     • Business continuity planning and disaster recovery planning
     • Laws, investigations, and ethics
     • Physical security
2. Elementary Cryptography
   • Concepts of encryption
   • Cryptanalysis: how encryption systems are “broken”
   • Symmetric (secret key) encryption and the DES and AES algorithms
   • Asymmetric (public key) encryption and the RAS algorithm
   • Key exchange protocols and certificates
   • Digital signatures
   • Cryptographic hash functions
3. Program Security
   • Programming errors with security implications -- buffer overflows, incomplete access control
   • Malicious code -- viruses, worms, Trojan horses
   • Program development controls against malicious code and vulnerabilities -- software engineering principles and practice
   • Controls to protect against program flaws in execution -- operating system support and administrative controls
4. Operating Systems Security
   • Protection features provided by general-purpose operating systems -- protecting memory, files, and the execution environment
   • Controlled access to objects
   • User authentication
   • What makes an operating system secure or trustworthy?
   • How are trusted systems designed, and which of those design principles carry over naturally to other program development tasks?
   • How do we develop assurance of the correctness of a trusted operating system?
5. Database Security
   • Data types, format, and length
   • Implementation and failure states
   • Integrity for databases: record integrity, data correctness, update integrity
   • Security for databases: access control, inference, and aggregation
   • Multilevel secure databases: partitioned, cryptographically sealed, filtered
   • Other database security issues
   • Data warehousing and data mining
6. Network Security
   • How networks differ from and are similar to single, stand-alone applications and environments
   • Threats against networked applications, including denial of service, web site defacements, malicious mobile code, and protocol attacks
   • Controls against network attacks: physical security, policies and procedures, and a range of technical controls
   • Firewalls: design, capabilities, limitations
   • Intrusion detection systems
   • Private e-mail: PGP and S/MIME
7. Operations Security
   • Security planning
   • Risk analysis
   • Security policies
   • Organizational security model
   • Accountability and risk management
   • Security operations and product evaluation
   • Security models and architecture
   • Security evaluation criteria and methods
8. Legal and Ethical Issues in Information Security
   • Program and data protection by patents, copyrights, and trademarks
   • Computer crime
   • Privacy
   • Ethical analysis of information security situations
   • Codes of professional ethics

• "Information security is very important not just for organizational benefits, but also for our personal privacy. Anyone using computers to store or to share data must know the benefits of protecting data. This course has taught me alot in so many areas, how to use public and private keys, encryption and decryption, cryptography, digital signature, etc. Learning this course gives us the knowledge and understanding to help ensure a solid foundation on the implementation of a secure information system. At this point, I would be proud to advise and tell my friends the benefits of information security.
  "Dislike: too much materials to cover in a short semester."
• "This course is one of the good courses I have taken, because it has taught me important concepts about information security. The course material is very organized. We have learnt various attacks, threats to information systems and defenses techniques. Not only theoretical knowledge but also practically we did many assignments related to information security. The lectures are very interactive with questions and answers.
  "I don't have anything that I disliked about this course. One thing I can say is that if I would have taken this course in fall or spring semester I would have implemented a complete software product for information security."
• "This course is really wonderful and I enjoyed it. The topics Dr. Wang covered in the class are very useful regarding information security theory and practice. I can use this knowledge in real world applications and job search. I advice my junior fellow students to take this course."
• "What I like most about this course was the content of the course. The organization of the content made it easy to grasp and learn. The course content was also up-to-date with the most recent development, concepts, attacks, prevention mechanisms, and the instructor gave us interesting examples pertaining to information security which kept the class interested. This course also helped me consider Information Security as a career objective.
  "What I did not like about the course was that I personally felt that the content was too much considering the fact that it was a summer semester of only 10 weeks."
• "The course was very well organized and well paced for a summer term. Information security was an interesting topic for me and I enjoyed learning stuff related with database security, network security, and operating systems security. I don't have any dislikes."
• "The course is very good. It introduced a lot of knowledge about information security. I liked it most about is that it introduced OS security, data security, and how to prevent unauthorized access etc. But I feel for a summer course, the course load was too heavy, it is hard to digest in such a short term."
• "This course is a good course to get knowledge on security related to information technology. I liked the coverage of different ways of making the data secure like cryptography, encryption of files to make them secure from the attackers. I learnt about various malicious logics, viruses, and how the attacker attacks, OS, networks, database, and about program security. Buffer overflow is new to me. Now I can think of security aspects also when I write the code for programs. The course has helped me to learn about a new aspect which is security. I'm satisfied with this course."
• "This is very informative class where we have learned some most up-to-date knowledge and technology. I wish I took this class in a longer semester, so I will have enough time to learn more and to digest what was taught."
• "First, I'd like to say I really like this course. I learned a lot from this course. The most impressive thing in this course is that there is rich study materials in class. Dr. Wang did an excellent teaching in this class: easily understood, the assignments are very good and challenging."
• "This course was a great opportunity to [brush?] up with different aspects of information security. I believe I have acquired the basic knowledge now to pick one or two of the fields and become an expert. I really like the lab which were very practical. I did not like the fact that attendance was mandatory and counted for such a great percentage of final grade."
• "Very good course. Every CS student should take it to understand the security risks of the world we live in. I liked the research paper assignment. I learned alot."
• "The course provided best information on security issues. I have worked almost a year in computer field and never learned such a great deal of information. I mainly liked topics on network, database, application security as well as risk analysis part.
  "The fact I didn't like is the class time 8pm -- 10pm, 10 weeks was too short to learn such a nice subject. I would suggest to learn this course in either spring or fall semester."

1. Go to http://webct.usg.edu.
2. Click on the "Log in to myWebCT" link (DO NOT CLICK ON CREATE myWEBCT).
3. When asked, put in your user name and passwd following the format below:
   • username: Firstname_Lastname_last4digits of SSN
     (Example: John_Doe_1234)
   • password: SSN (no dashes or spaces)
     Or if you are a previous user with this ID, the password that you have been using.
   Please note that these are case sensitive.

Note for Students:

• If you have registered to this course but have problems to log into the course web site, please let the instructor know immediately.
• If you registered later than the scheduled registration time, your web account will be created after the "Add-Drop" deadline.
• Your WebCT account is managed by the USG (University System of Georgia).