INFORMATION SECURITY

Department of Information Systems

Midlands State University
Module Outline 2023

General Information

Lecturer: F. Madzikanda

Class Meetings: As per timetable. Google Classroom

Contact Information: 0774810683
E-mail: madzikandaf@staff.msu.ac.zw
Office Hours: All times

Communication: I believe that open communications channels between all of us add

significantly to the value of the class. You are welcome to contact me any
time. Regularly check our e-learning services

Subject Title: Information Sesurity(INFO 409)

Learning Approach:

36 hours of class activities including - lecture, tutorial, lab, workshop seminar where applicable

Assessment:

Continuous Assessment 30.00%

Examination 70,00%

Objectives:

This subject allows students to acquire the basic core knowledge of the field of Information Securityl, the
protection of information. The emphasis is on identifying vulnerabilities and threats on every components of the
computer system and how they can be protected. This includes topics such as cryptography, authentication,
firewalls, authorization, secure protocols and principles for developing secure software. This course aims
to:

 introduce students to the security concepts;

 describe the qualifications needed to enter and become successful in this field;
 develop students’ practical skills in handling various types of IS threats and examining the IS controls;
and
 prepare students to develop generic skills in communication, individual and team works, case analysis
and reporting, and creative problem solving.
Learning Outcomes:

1. Develop familiarity with and understanding of hot issues in computer and network security

2. Gain hands-on experience with attack and defence techniques

3. Read and analyse scientific papers and present them in a seminar talk

4. Develop the basics of scientific communication

5. Demonstrate knowledge of security threats

6. Create security policies to secure files and print resources

7. Demonstrate knowledge of cryptography, access control and authentication

8. Demonstrate knowledge of operational and organization security

Keyword Syllabus:

INTRODUCTION
 Computer Security Concepts
 Computer Security Defined
 Computer Security Objectives
 Need for Security
 Key Computer Security Terminology

THE MANAGEMENT CONTROL FRAMEWORK

Programming management (application and system programmers)

Security problems
Security measures
Software development aids
 Security Administration
Conducting a security program
Major security threats and remedial measures
Controls of last resort

 Operations Management
Computer operations
Data preparation

APPLICATION CONTROL FRAMEWORK

 Boundary controls
Access controls – functions of an Access control mechanism, object resources, action privileges,
implementing an ACM, dynamics of authorization
Cryptographic controls – private key and public key cryptosystems, transposition ciphers, substituition
ciphers and product ciphers, choosing a cipher system, key management – key generation,key
 distribution, key installation.
Digital signatures – secret messages, signed messages, signed, secret messages
 Input Controls
Data and Instruction Input – data capture methods, data preparation methods, input devices, data codes,
data coding errors, types of codes, check digits, instruction input, data input validation checks, designing
data input validation program, handling of errors
Validation and Error Control – lexical validation, syntactic validation, semantic validation
Communication Controls
Component failure
Subversive threats – passive and active threats
Controls over component failure
Treatment of line errors
Error detection – loop checks, redundancy checks, parity checks
Error correction – error correcting codes, retransmission
Improving network reliability
Controls over subversive threats – link encryption, end to end encryption, message authentication codes,
message sequence numbers, request-response mechanism
Firewalls, intrusion detection systems, secure email,
 Processing Controls
Processor controls – real memory controls, error detection and correction, access controls, operating
system integrity, nature of a secure operating system, functional requirements, design approaches,
operating system integrity threats.
Application software controls – validation checks
 Output Controls - Inference controls
 Security policies
 Legal, Privacy and ethical issues in information security
 Introduction to computer forensics

Text Books

1. Michael E Whitman and Herbert J Mattord, “Principles of Information Security”,

Vikas Publishing House, 2003.
2. Ron Weber, “Information Systems Control and Audit”, Pearson Education, 2004.

Reference Books

1. CISA Review Manual, ISACA publications

2. Hunton, J.E., Bryant, S.M., and Bagranoff, N.A., Core Concepts of Information Technology Auditing, John
Wiley & Sons, 2004
3. Champlain, J.J., Security of Information Systems, John Wiley, 2003