Course description Students in this course will study the techniques for protecting data within a computer and protecting data as it moves through a network. Data and system security and reliability will be considered in a distributed environment. Topics will include encryption, authentication and digital signatures, threats to the computer system, and system reliability.

Statement of objectives

The course is designed to help students meet the following major objectives:

a. To introduce fundamental concepts in computer security.

b. To explore important computer security technologies and measures.

c. To explain process of implementing and managing computer security.

Schedule of sessions :

Week 1 Introduction and Course Overview Define Information Security, Protecting Confidentiality, Integrity and Availability of information, Personally Identifiable Information (PII), Data privacy

The Threat Environment: Attackers and their Attacks Security policy and risk management Governance and regulatory compliance

Week 2 Cryptography The Elements of Cryptography (Hands-on activity: Using encryption to exchange documents via e-mail) Public Key Infrastructure – Digital certificates Digital Signatures (Practical demo: Using encryption to protect integrity of a document) Cryptographic System Standards

Week 3 Securing computer networks Protection of wired and wireless computer networks (Hands-on activity: Setting up and protecting a wireless network) (Practical demo: Using a wireless network traffic analyzer/sniffer)

Week 4 Access control Identification (Practical demo: Using encryption for identification), AAA (Authentication, Authorization, Accountability), Identity Management, Directory Services

Week 5 Security Technologies Firewalls (Hands-on activity: Configuring a firewall) Virtual Private Networks (Hands-on activity: Setting up and using a VPN), Intrusion Detection and Intrusion Prevention Systems

Week 6 Host and Data Security Malicious code Viruses, Trojans, Worms Security hardening of operating systems, security baselines, vulnerability management, patch management (Practical demo: Securing a PC and testing vulnerability)

Week 7 Internet security Security Infrastructure for Internet Access (Practical demo: What is a proxy server? And a reverse proxy?) E-Commerce Security Requirements, Internet browser security, security of messaging Application security, XSS (Cross-site scripting) (Practical demo: Web site vulnerable to XSS attack – risk to Internet users) Security assessment of Web applications

Week 8 Data security Data backup, retention, and redundancy. Database security. Business continuity and Disaster recovery planning. Cloud computing