National University Of Science and Technology

Faculty of Applied Science

Department of Computer Science

Course Outline

Course Name: Information Security And Auditing Course Code: SCS 4110
Produced: 2021 Revised: 2022
Author: Mr S Ncube Office: Contact Details: 0775176782
Venue: FD99 namatirai.marabada@nust.ac.zw

Weighting Full Course

Hours/week Refer to Departmental Timetable
Pre-requisite
Co-requisite

Objectives of the course:

1. Explain the objectives of information security
2. Analyze the tradeoffs inherent in security
3. Explain the importance and application of each of confidentiality, integrity, and
availability
4. Understand the basic categories of threats to computers and networks
5. Discuss issues for creating security policy for a large organization 6. Defend the
need for protection and security, and the role of ethical considerations in
computer use
7.Describe efficient basic number-theoretic algorithms, including greatest common
divisor, multiplicative inverse mod n, and raising to powers mod n.
8.Describe at least one public-key cryptosystem, including a necessary complexity-
theoretic assumption for its security.
9.Create simple extensions of cryptographic protocols, using known protocols and
cryptographic primitives.

Course Content

1. Physical Computer Security

 Physical Threats to computer systems security

 Defences against physical threats to computer systems.
 Hardware threats, Electrical threats, Environmental threats and
Maintenance threats

2. Developing a Security Policy

 This entails detailed enterprises requirements with respect to network
access of enterprise on-line resources, who, how, why and to what a
particular individual has access to.
 Describe how a security policy is implemented in an Enterprise.
 Identify the key components of a security policy.
  Rules and processes that govern how a security policy is applied in
network communications.
 Components of a security policy.

3. Network and Web Security

 Implementation of security within the seven layers of the OSI and
TCP/IP suites (security protocols).
 Protocol Data Unit protection against, spoofing, man in the middle
attacks.
 Vulnerability of the network and exposure to worms, viruses.
 Open versus Closed networks.

5. Digital Signatures and Cryptography

 Data and information security techniques, encryption and decryption
methods.
 Stenographic techniques.

6. Network Intrusion Detection Systems and Firewalls

 Introduction to Intrusion detection and prevention systems.
 Passive and reactive systems.
 Host based and hybrid detection systems.
 Firewall rules and application.

7. Platform (OS) and Ubiquitous Security

 Security of Operating systems
 Application of Security systems on Linux and Windows platforms
 Suitability of biometrics,
 Factors affecting a biometric feature for usability in data security,
validation and verification.
 Mobile phone, iPad and notebook security.

8. E-commerce Security
 Identity theft and protection.
 E-banking security,
 On-line purchasing security implementation.

9. Practical Security Simulation

 Involves simulation of a security algorithm using a programming
language of choice.

Continuous assessment will take the form of two tests, two assignments and a group
project. There will be impromptu quizzes as part of continuous assessment. The
final exam shall contain 5 questions of which you are required to answer any four
questions of your choice.

Recommended sources

• Computer Networks and Open Systems by Fred Halsall

• Networking Security 5th Ed by Ed Tittel
• E-commerce 7th Annual Ed by B & Jo Enterprises
• Network Protocols Handbook 2nd Edition. 2004 - 2005 Javvin Technologies Inc