Course title: IS251: Information Systems Security

Course Aims:

The aims of this course are to:

i. Develop an understanding of the role of procedures, policies, standards and
guideline in information systems security.
ii. Develop an understanding of the fundamentals of cryptography, cryptographic
techniques and network security.
iii. Enable students to categorize threats and classify security strategies based on
system security principles.

Course status: Core

Credit rating: 8 credits

Total hours spent: 80 hours

Course Expected Learning Outcomes

By the end of the course, students should be able to:

i. Describe basic information security concepts and defense methods.
ii. Explain Symmetric and Asymmetric Encryption crypto systems.
iii. Design Authentication Applications.
iv. Apply network and information security concepts and cryptographic algorithms.

Course Contents

Introduction to Security Concepts; goals, security threats, attacks,

vulnerabilities, risks and countermeasure, Information security management
taxonomy, policy formation & ethical and legal issues;
Malicious software and network security; Viruses, Trojans, Spyware,
Backdoors, Trapdoors and Rootkits; Intrusion detection and prevention
mechanisms, firewall taxonomy, wireless network security
Cryptography; History and Overview of Cryptography, Encryption basics,
symmetric encryption algorithms: block ciphers and stream ciphers, asymmetric
encryption and Public Key Infrastructure. Secure One-Way Hash Function and
Message Authentication Codes (MD4, MD5, SHA-1, SHA-2, MAC and keyed-
MAC.
 Access Control; Key Certificates and Digital Signatures. E-mail, Web and E-
Commerce security (PGP, PKI and SSL). Access Control mechanisms, Access
Control Lists, Capability Lists, Operating Systems Access Control, Security of
Linux and Windows File Systems and personnel and physical security.
Authentication: Authentication mechanisms and technologies for
authentication, Challenge-response systems, Smartcards, Security Tokens,
Biometry and Kerberos.
Emerging Trend in IT Security: Cyber-security, Trusted Computing,
Quantum Cryptography, cloud computing security, proivacy and data theft
issues, Designing secure systems.
Teaching and learning activities: Lectures 30 hours, seminars 15 hours, assignments 15
hours and independent study 20 hours.
Assessment methods: Continuous assessment will comprise 30 marks and Final Examination
70 marks.

Reading List:

1. William Stallings (2010). Cryptography and Network Security: Principles and

Practice, 5th Edition. USA: Prentice Hall.
2. Ross J. Anderson (2008). Security Engineering: A Guide to Building
Dependable Distributed Systems. Wiley.
3. Larry Ullman (2013). Effortless E-Commerce with PHP and MySQL, 2nd
Edition (Voices That Matter). USA: Pearson Education.
4. Gurpreet Dillon (2007). Principles of Information Systems Security: Text and
Cases, 1st Edition. Wiley.
5. Mark Stamp (2005). Information Security: Principles and Practice. Wiley.