CS-573 Fundamentals of Cybersecurity
Description:
This course provides an overview of Information Security and Assurance. Students will be exposed to the spectrum of security activities, methods, methodologies, and procedures with emphasis on practical aspects of Information Security. Topics include: security principles, threats, attacks, security models, security policies, overview of authentication, encryption, and certifications, security detection, security in Unix and Windows environments, business risk analysis, protection of information assets, examination of pre- and post-incident procedures, and an overview of the information security evaluation.
Syllabus:
1 Security principles, threats and attack techniques Introduction to security; Information Security; Security triad: Confidential, Integrity, Availability; Focus of control; Security threats and attacks; Security management. 2 Authentication and access control Identification; Authentication; Authentication by passwords; Protecting passwords; Access control structures; Types of Access Control. 3 Lattice and reference monitors Security Levels and Categories; Lattice Diagram; Reference Monitors; Security Kernel; Hardware Security Features; Protecting Memory. 4 Security models Bell-LaPadula; Biba; Non-deducibility; Non-interference; Other models. 5 Unix security, Windows security Subjects, objects and access control; General security principles; Access components; Access decisions; Administration and management issues. 6 Cryptography Cryptographic mechanisms; Digital signatures; Encryption; Certificates. 7 Authentication in distributed systems Key establishments and authentication; Kerberos; Public key infrastructures; Single sign-on. 8 Software security and database security Memory management; Data and code; Relational databases; Access control in databases; Statistical database security. 9 Network security Protocol design principles; ISO architecture; IP security; SSL/TLS; Firewalls; Intrusion detection. 10 Java Security, Mobile Security GSM security; Wireless LAN security. 11 Protection measures Business risk analysis; Prevention, detection and response; Information classifications; Security evaluation. 12 Security evaluation Orange/Red book, TNI; ITSEC; Common criteria.