Masters of Science in Information Security
Course Descriptions
All course prerequisites require consent of program chair.
68-500 Computer Organization (3)
This course provides a
thorough study of the principles of operation for a computer system. It covers
the principal
subsystems
of a computer, including the central processing unit (CPU), memory, input/output,
and the communications bus. Number systems and various schemes for the
digital representation of numbers are also discussed.
Additional critical subjects covered include the principles of hierarchical
computer organization, machine instruction sets, addressing modes, CISC
vs RISC, input/output processing, and interrupt handling, as well as the application
of many of these concepts to modern personal computers. The student will
also gain insight into the boot process by installing multiple operating
systems
on a single PC.
68-501 Principles of Programming (3)
This course provides
an introduction to problem solving and algorithm design using C++ or Java.
The following
topics
will be presented: program structure, data types, input/ output, flow
of control, sub-algorithms, and an introduction to classes.
68-505 Introduction to Information Security (3)
This course provides
a broad overview of the threats to the security of information systems,
the
responsibilities
and basic tools for information security, and the levels of training
and expertise needed in organizations to reach and maintain a state
of acceptable
security.
Topics include: an introduction to confidentiality, integrity, availability;
authentication models; protection models; security kernels; secure
programming; audit; intrusion detection and response; operational
security issues;
physical security issues; personnel security; policy formation
and enforcement;
access controls; information flow; legal and social issues; identification
and authentication
in local and distributed systems; classification and trust modeling;
risk assessment.
Note: A series of three workshops, numbered 68-506, 68-507 and
68-508, may be taken instead of 68-505. These three workshops
together cover
the same
material offered in 68-505.
68-510 Data Network: Hardware, Protocols, and Architecture (3)
This course will cover fundamental concepts, principles, and
practical issues relevant
to the
design, analysis, and implementation of enterprise-level trusted
networked information systems. Topics include networking and
security architectures
and techniques
and the protocols defined at the various layers of the Internet
model.
68-515 Operating Systems and Distributed Systems (3)
This course
will present the concepts and principles of multiple user operating
systems:
memory,
CPU, I/O device allocation, scheduling and security, memory
hierarchies, performance
evaluation, analytic models, simulation, concurrent programming
and parallel processors.
It will also discuss distributed computing principles, theory,
implementations, and security; models of distributed systems,
interprocess communications,
distributed objects and remote invocation, coordination and
agreement, distributed transactions,
interoperability, and replication; component frameworks and
middleware such as CORBA and DCE. Security problems in distributed
application
environments will
be analyzed and solutions will be discussed.
68-520 Intrusion Detection, Response and Recovery (3)
Information
security ultimately depends on identifying and applying
available security features
appropriately.
This course discusses the development of a secure information
infrastructure consisting of servers, networks, firewalls,
workstations, and intrusion
detection systems. It also covers principles and practice
related to secure operation
of existing distributed systems. Principles of penetration
testing for assessment of system security are also addressed.
This course will also cover network security management
systems that gather and analyze information to identify
possible
security breaches.
It includes
intrusions
(attacks from outside the organization) and misuse (attacks
from within the organization). Students learn the use
of vulnerability assessment
and scanning
technologies
to determine the security of a network.
68-525 Encryption and Authentication Systems (3)
This
course will present key cryptologic terms, concepts,
and principles.
Traditional
cryptographic
and
cryptanalytic techniques are covered plus perspective
on successes and failures in cryptologic
history, including both single-key algorithms and double-key
algorithms. Issues in network communications, network
security, and security
throughout the different
layers of the OSI model for data communications will
also be discussed in depth, as well as the use of cryptologic
protocols
to provide
a variety of
security
services in a networked environment. Authentication,
access
control, non-repudiation, data integrity, and confidentiality
issues will
also be covered, plus key
generation, control, distribution, and certification
issues.
68-530 Legal and Ethical Issues in Information Security
(3)
Legal and ethical issues are important concepts
in this field.
This
course covers
the following
topics: policy implications of the use of computers
and in particular of the security of computers in
modern society; fundamentals
of American law
with
particular regard to the legal aspects of the use
of computers and of computer security;
the organization and use of the American legal system;
ethical
challenges in a technological environment; identification
of organizations and
materials that can be of assistance in resolving
or responding
to policy, legal,
and ethical
issues; and social and public policy issues pertaining
to the commercial development,
availability, and marketing of both software and
hardware for encryption.
68-550 Operational and Organizational Security (3)
This course covers several issues relating to operations
and
organizations
security
such as: application
of environment and social engineering of physical
security, security implications of disaster recovery
plans, implications
of business
continuity issues,
the security relevance of the education and training
of and users, executives and human resources,
concepts of forensics, and security documentation.
68-551 Information Security Strategies and Risk
Management (3)
This course covers the strategies,
procedures
and policies to
manage and
mitigate
risk in information
systems. It also covers risk analysis techniques
that can be used to identify and quantify both
accidental and malicious
threats to computer
systems
within an organization. In addition to technical
solutions,
the course considers
strategies and policies that will provide cost
effective and
highly
secure systems.
68-555 Security Assurance Principles (3) Security
enforcement rests upon three principles: policy,
mechanism, and
assurance. Policy
specifies the permitted
use of an information system. The security
policy defines the rules by
which the trusted system governs access to
its resources, and thus all information
and services controlled by the trusted system.
Mechanisms within the information system enforce
the policy.
Cryptographic protocols,
audit
logs, and access
controls are examples of security mechanisms.
Assurance is the basis for believing that
the implementation of an information system
enforces the policy as completely as necessary.
This course investigates fundamental assurance
technologies that can be applied to interface
specifications, architectures, and
implementations of information
security mechanisms. Formal security models
are discussed
and applied. Formal and semi-formal specification
techniques are
investigated
and
applied.
Principles
of testing are discussed and applied to demonstrative
and vulnerability testing.
68-557 Project
Management and Information Security (3)
This course will describe the use
of projects to support business objectives in modern organizations.
Topics to be covered include the selection of projects, their initiation,
implementation, control and termination. The roles of the project manager and
project team
members will be covered as well. We will cover the project management life
cycle phases including scope, time, cost, human resources, quality, risk,
and integration management.
68-560 Securing Windows (3)
This is a hands-on course that focuses on current
strategies crackers use to attack Windows systems and how system administrators
may counteract such attacks.
68-561 Securing Linux (3)
This is a hands-on course that focuses on current
strategies crackers use to attack Linux systems and how system administrators
may counteract such attacks.
68-562 Securing Novell (3)
This is a hands-on course that focuses on current
strategies crackers use to attack Novell systems and how system administrators
may counteract such attacks.
68-565 Secure Coding (3)
This course presents best practices for writing
code that is relatively impenetrable to attack. While it is impossible
to write
completely secure applications, it is possible to minimize the risk
of exploitation by considering security issues at every stage of development.
Familiarity
with Java or C++ is required.
68-590 Information Security Project (3)
This course is an in-depth
study of a given information system facility that analyzes and makes
recommendations
about the security
of the facility to include an analysis of vulnerability and risk,
a plan for security auditing, recommendations about possible
use of trusted system technology and cryptography, and identification
of the
relevant regulatory, legal and ethical issues.
Students are required to conduct a capstone project suited to their
individual needs. The capstone project provides an opportunity for
students to demonstrate
what they have learned from the Information Security degree program.
68-599 Independent Study (3)
This is an advanced course that enables
students to carry out independent study under the supervision of
a faculty member.
To top
