Program: Information Technology

Course Title: Information Assurance and Security

Course Code: ITec4143
Pre-requisites: ITec2022, ITec3101
Credit hr: - 3

Course Description

This course covers theory and practice of Information system security. Students will learn the
principles of information security, security architectures and models, aspects and methods of
information security such as physical security control, operations security, access control,
security threats, risks, vulnerabilities, Data security Policies/Admin, Security Procedural Control,
Designing secure systems, Cryptography-symmetric and asymmetric. Students will also learn
how to plan and manage security, Security policies, business continuity plans, disaster recover y
plans, and social and legal issues of information security.

Course Objective

At the end of this course the students will be able to know

 Threats, Risks and Vulnerabilities
 Data Security Policies/Admin. Security
 Information Systems Security concepts
 Designing secure systems

Course Content

Chapter 1: Introduction
1.1. Enterprise Security
1.2. Cyber defense
1.3. Enterprise Security within an Enterprise Architecture Context
Chapter 2: Brief Overview of Commercial Issues
2.1. Cryptography
2.2. Web Services Security
2.3. Convergence
2.3.1. Communications and Information
2.3.2. Wired/Wireless PKI (Public Key Infrastructure)
2.3.3. Windows Vista Security: Internet: Protocol versions 4/6
2.3.4. Implementing Enterprise Security Architecture (ESA)
2.3.5. Intrusion Detection System/Prevention (IDS/IPS): Overview
Chapter 3: Network Firewall Security
3.1. Definitions and Terminology
3.2. Internet Security Architecture
3.3. IPv6 Security Considerations
3.4. Host Security (authentication and authorization techniques)
Chapter 4: Key Management
4.1 Need for E-Mail security
4.2 Threats to E-Mail
4.3 Electronic Mail Security
4.4 Pretty good privacy
4.5 S/MIME
Chapter 5: Review of Shared Key Cryptography and Hash Functions
5.1 Basic Public Key Cryptography (DH, RSA, CAs, PKI)
5.2 Introduction to the TCP/IP Stack
5.3 Network Security (ports and protocols)
5.4 Firewalls and Firewall Rules
Chapter 6: Application Security (vulnerabilities of programming/scripting languages)
6.1 Malicious Code (virus, worms, malware)
6.2 Securing Services (shells, e-mail, web servers)
6.3 Identifying Vulnerabilities (tools and techniques)
Teaching & Learning Methods: Lecture, assignments and exercises, Practical
Assessment/Evaluation
Assignments……………………………………………………..15%
Project work……………………………………………………..20 %
Lab Exam…………………………………………………..……25%
Final examination………………………………………….…... 40%

Text book:
S. Bosworth and M. E. Kabay, Computer Security Handbook (4th ed), Willey Inc., 2002.
References:
 D. Schweitzer, Incident Response, Computer Forensics Toolkit, Wiley, 2003.
 S. Garfinkel, G. Spafford and A. Schwartz, Practical Unix and Internet Security (3rd ed), O'Reilly,
2003.
 S. A. Thomas, SSL and TLS Essentials: Securing the Web, Wiley, 2000.