King Fahd University of Petroleum & Minerals

College of Computer Sciences and Engineering

Information and Computer Science Department

 SEC 511: Principles of Information Assurance & Security (3-0-3)
[Graduate Course]

Syllabus – Fall Semester 2015-2016 (151) [PDF]

Website:

All course material and resources are posted in Blackboard (WebCT) http://webcourses.kfupm.edu.sa

Class Time, Venue and Instructor Information:

Course Catalog Description

Introduction to information assurance and security. Information confidentiality, availability, and integrity. Security systems lifecycle. Risks, attacks, and the need for security. Legal, ethical, and professional issues in information security. Risk management including identification and assessment. Security technologies and tools. Security laws, audit and control. Cryptography foundations, algorithms and applications. Physical security, security and personnel, security implementation and management. Securing critical infrastructure. Trust and security in collaborative environments.

Pre-requisites:  Graduate Standing

Course Objectives

This course is an introductory course to information assurance and security (IAS). It provides a wide coverage of a variety of technical and administrative aspects of IAS.

Course Learning Outcomes

Upon completion of the course, you should be able to:

1. Demonstrate the ability to use security lingo and terminology.
2. Identify and describe key issues associated with IAS.
3. Explain potential threats, risks and attacks to information assets.
4. Describe the lifecycle of information security systems.
5. Discuss various security methods, procedures and tools for detection and reaction to threats.
6. Effectively use common tools for information assurance and security.
7. Describe various administrative, legal, ethical and professional issues and liabilities related to IAS in computer and network environment, and best practices to write a security policy.
8. Gain skills and demonstrate ability to conduct research in the field of IAS.

Required Material

}  No official textbook for the course. However, a number of selected book chapters and papers will be identified throughout the semester.

}  Lecture notes and some recommended websites

} Sample Lecture: Introduction to IAS

Other Recommended References

}  Principles of Information Security, 5/E, Michael E. Whitman, Herbert J. Mattord, Cengage Learning, January 2014.

}  Computer and Information Security Handbook, John R. Vacca (Ed.), MK, Elsevier, 2013. [Available thr sciencedirect.com]

}  Cryptography & Network Security, Behrouz Forouzan, McGraw-Hill, 2008.

}  Cryptography and Network Security: Principles and Practice, 6/E, William Stallings, Prentice Hall, 2014.

}  Security+ Guide to Network Security Fundamentals, 5/E, Mark Ciampa, Course Technology, 2014.

}  Hacking Exposed: Network Security Secrets and Solutions, 7/E, Stuart McClure, Joel Scambray, George Kurtz, McGraw-Hill Osborne, 2012.

}  Hacking Exposed Malware and Rootkits, Michael Davis, Sean Bodmer, Aaron LeMasters, McGraw-Hill Osborne, 2009.

}  Hacking Exposed Web Applications, 3/E, Joel Scambray, Vincent Liu, Caleb Sima, McGraw-Hill Osborne, 2010.

}  Computer Viruses and Malware, John Aycock, Advances in Information Security, Springer, 2006.

Assessment Plan

Tentative Topics and Some References

}  Research skills: Writing academic papers, Latex, GNUPlot. (Plenty of online resources)

}  Introduction to Information Assurance and Security (Ch. 1, Principles of Information Security)

}  Overview of Cryptography (Selected chapters from Cryptography and Network Security Book).

}  Securing Organizations (Ch.1, Security Handbook)

}  System Intrusions (Ch. 3, 4, Security Handbook)

}  Firewalls (Ch. 21, Security Handbook)

}  Mathematical Model to Security Policies

}  Malware (Ch. 2,3, Computer Virus and Malware Book)

}  Web Application Security (OWASP Resources)

}  Computer and Network Forensics (Ch. 19, 20, Security Handbook)

}  Trust and security in collaborative environments

}  Legal, Ethical, and Professional Issues (Ch. 3, Principles of Information Security, Saudi Laws).

How to do well and become a star?

Academic Skills

}  How to write a good research paper and give a good research talk

}  How to Give an Academic Talk, PDF

}  Paper Writing and Paper Reviewing

}  How to Write a Paper

}  A simple guide to LaTeX - Step by Step

} ShareLaTeX, the Online LaTeX Editor (Documentation)

} TeX - LaTeX Stack Exchange

} MiKTeX Project Page

Other Resources on the Web:

} NIST Glossary of Key Information Security Terms

} SANS Information Security Training - Cyber Certifications - Research

}  SANS Institute: Information Security Resources

} SANS Institute- Reading Room

}  OWASP

} CISSP - Certified Information Systems Security Professional

} Stallings ComputerSecurity

} Information Security Training Boot Camps - InfoSec Institute

} Black Hat - Featured Video Archive

}  Bishop Computer Security Textbooks

} Tools - IT Security Career

} SecTools.Org Top Network Security Tools

} SEED Project

} The Biometric Consortium

} Cloud Security Alliance

} The Honeynet Project

} Secure Coding - The CERT Division

} Microsoft Internet Safety and Security Center

} USENIX

} Student Projects

}} Some Related Courses at Other Institutions

• Professor Hossein Saiedian EECS710 Fall 2014

• CSEN 1001- Computer and Network Security - Faculty of Media Engineering and Technology

• CS155 Course Syllabus, Stanford

• 6.857- Computer and Network Security - Massachusetts Institute of Technology - Spring 2012