Course Name: Introduction to Information Security
Program: Computer science
Course Module: Optional
Responsible: Jianrong Wang
Department:Tianjin International Engineering Institute
Time Allocation(1 credit hour = 45 minutes)
The course is optional designed for Engineering Mater of Computer Science in TIEI. The course is to introduce e-government security and information security with the basic knowledge of information security and related technologies.
The main contents include: information security architecture, hacker attacks, data encryption, network security, database security technology, operating system security technology, security framework, and e-government security framework and e-government security-related application technology.
Through taking this course, students will achieve the e-government security and information security knowledge and an overall knowledge, understanding e-government, and achieve security and important information on security as well as information security awareness raising, access to information based on security technology and network security technology so as to help students with abilities and skills of some e-government system security design and management.
Computer Network: the basic knowledge of computer networks, data communication basics, computer network architecture, computer local area network technology and so on.
Probability: the basic knowledge of probability, conditional probability and independence of events, random variables and probability distribution, 2D random variables and probability distribution.
To understand information security’s importance.
To master the key concepts of information security and how they “work”.
To develop a “security mindset:” learn how to critically analyze situations of computer and network usage from a security perspective, identifying the salient issues, viewpoints, and trade-offs.
Introduction: The importance of information security.
Access Control and Identity Management: the access control models; terminology; best practices; tools; remote control access.
Cryptography: cryptographic attacks; the tools to ensure data integrity; hashing; symmetric and asymmetric encryption; certificates; methods of implementing cryptography.
Policies, Procedures and Awareness: security classification levels; documents; business continuity plans; risk management considerations; incident response; trusted computing; software development concerns; management of employees.
Physical Security: the fundamentals of physically securing access to facilities and computer systems; protecting a computer system with proper environmental conditions and fire-suppression systems; securing mobile devices and telephony transmissions.
Perimeter Defenses: concepts about perimeter defenses to increase network security; types of perimeter attacks; security zones and devices; configuring a DMZ; firewalls; NAT router; VPNs; Network Access Protection (NAP); security for wireless networks.
Network Defenses: network device vulnerabilities and defenses; security for a router and switch; intrusion monitoring and prevention.
Host Security Defenses: the types of malware; how to protect against malware; protecting against password attacks; hardening a Windows system; configuring GPOs to enforce security; managing file system security; network security of a Linux system.
Application Defenses: basic concepts of securing web applications from attacks; fortify the internet browser security; securing e-mail from e-mail attacks.
Data Defenses: the elements of securing data, such as implementing redundancy through RAID; proper management of backups and restores; file encryption; secure protocols; cloud computing.
Assessments and Audits: examines tools that can be used to test and monitor the vulnerability of systems and logs.
Textbooks & References
Kaufman C, Perlman R and Speciner M.Network security: private communication in a public world. Prentice Hall Press, 2002.
Pfleeger C P and Pfleeger S L.Security in computing. Prentice Hall Professional Technical Reference, 2002.
William Stallings.Cryptography and Network Security: Principles and Practices(4nd ed).Prentice Hall, 2006.
Shabtai A, Elovici Y and Rokach L.Introduction to Information Security. Springer US, 2012.
CT1: To harden the understanding of servers and clients.
CT2: To recognize common attack patterns. To evaluate vulnerability of an information system and establish a plan for risk management. Explain the Public Key Infrastructure process.
CT3: To demonstrate how to detect and reduce threats in Web security. To evaluate the authentication and encryption needs of an information system.
CT4: To demonstrate how to secure a wireless network. To evaluate a company’s security policies and procedures.
CS1: To master the basic theories of information security, and understand the development status and trends of information security.
CS2: To gain a comprehensive and solid foundation of information security to analyze network and information.
To understand the key concepts of information security and how they work. - Level: N
To learnhow to critically analyze situations of computer and network usage from a security perspective, and have the skills to identify the salient issues, viewpoints, and trade-offs. - Level: M
Students: Computer science,Year 2