IS62604: Information Systems Security

1.  Module description

Developing an information systems security program that adheres to the principle of security as a business enabler, must be the first step in an enterprise’s effort to build an effective security program.  This course provides students with an understanding of the threats posed to networked information systems and the knowledge required securing them.  This course provides students with a clear understanding of the fundamentals of information systems security required to address the range of issues they will experience in the field. It examines the essential elements of information system security issues and methods in networking systems. 

2. Learning Outcomes

A. Knowledge and Understanding

At the end of the programme students should be able to demonstrate knowledge and understanding of

1. Fundamental concepts of data encryption /decryption in information systems security
2. Fundamental concepts of  authentication systems and security systems
3.  Social impact of computer security in online transactions, e-commerce and  e-management
4. The principles of design and development including an awareness of standards of practice.
5. Information systems threats, vulnerabilities, risks and controls

B. Cognitive/ Intellectual Skills/ Application of Knowledge

At the end of the programme students should be able to:

1. Apply technical knowledge to produce a technical risk assessment
2. Use principles of encryption /decryption and authentication in the  development of solutions to problems in information systems security
3. apply known encryption /decryption and authentication algorithms to produce innovative designs of information systems security products

4.Integration of theory and practice within the constraints of a given framework

C. Communication/ICT/Numeracy/Analytic Techniques/Practical Skills

At the end of the programme students should be able to:

1. Use competently and safely any information systems security related monitoring instruments
2. Specify, plan, manage, conduct and report on information systems security research project
3. Analyse, evaluate and interpret data and apply them to the solution of information systems security problems.
4. Detection of information systems security attacks and configuration of protective mechanisms e.g. firewalls

D. General transferable skills

At the end of the programme students should be able to:

1. Efficiently manage time and resources in maintaining information systems security
2. Demonstrate problem solving skills specific to information systems security
3. Have the capacity for self-learning in familiar and unfamiliar situations
4. Carry out independently a sustained investigation.

3       Indicative Content

General concepts of Information systems security:          

Definition and examples of information systems security, CIA trend, The Challenges of Information systems Security, Attacks, threats and vulnerabilities in information systems  (Types of attacks, Threats and Assets, Classification of threats, Vulnerabilities and risk analysis), Malicious software and software security (Types of Malicious Software, System corruption & information theft )

Organisation Security:

Organisation security threats, Managing organisation security, Organizational Security Model, Creating and maintaining a user security Policies, Standards, Guidelines, Procedures

 Information systems security and Risk Management:

Security Management, Security Administration, Information security risk assessment and Risk analysis, Information Classification, Layers of Responsibility, Security Awareness Training

Conventional and modern Encryption:

Overview of Services, Mechanisms and Attacks, Classical Encryption Techniques-Cipher model, Substitution techniques, Transportation techniques, Rotor machines, Stenography, Block ciphers.Advanced encryption standard-AES cipher, Triple DES, Blowfish, RC5, Traffic Confidentiality.

Public Key Encryption and Authentication:

Fermat’s and Euler’s theorem, Principles of public key cryptosystems, RSA algorithm, Diffie-Hellman key exchange algorithm, Message authentication codes, Hash functions, Digital signatures.

Security Practice: 

User Authentication Applications: (Password-Based Authentication, Token-Based Authentication, Remote-user Authentication,Biometric authentication), Kerberos & X.509, Electronic Mail security, IP security- Architecture, Authentication Header, Encapsulating security payloads, Web Security- Secure Socket Layer & Transport Layer Security,  Secure Electronic Transaction (SET).

Application Security:

Software and applications security issues, Database Security, Secure systems development, Application development and security, Object-oriented systems and security, Distributed computing and security, Expert systems and security, Mobile and telecommunication security, Patch management

Security Technologies:

Access Control (Access control Principles, Discretionary Access Control, Role-based Access control), Firewalls, Intrusion Detection Systems (IDS) 

4       Learning and Teaching Strategy

A course handbook will be provided in advance and this will contain an in-depth information relating to the course content. This will give an opportunity to the students to prepare the course. The lecture materials will be posted on the web page that will also contain comprehensive web links for further relevant information. The module will be delivered through lectures, tutorial/practice sessions and group discussions. In addition to the taught element, students will be expected to undertake a range of self-directed learning activities.

5       Assessment Strategy

The laboratory or practical’s, tests and examination will assess whether the student has an acceptable level (50%) in the contents of the course. Formative assessment is by means of regular tutorial exercises and end of module assignment. Feedback to students on their solutions and their progress towards learning outcomes is provided during lectures and tutorial classes and off-campus assignments or min-projects. The major component of summative assessment is the written examination at the end of the module. This gives students the opportunity to demonstrate their overall achievement of learning outcomes. It also allows them to give evidence of the higher levels of knowledge and understanding required for above average marks.

6       Assessment Criteria:

For the assignment, criteria will be drawn up appropriate to the topic, based on the learning outcomes.