This course is designed for bachelor of science students with major in computer science. Although level 3000 course this is an introduction to the computer security topic. Prior to registering for this course students should have already acquired basic knowledge in operating systems, networking concepts, computer programming and feel comfortable with college level algebra.
The course description from Webster University undergraduate catalog:
Students in this course will study the techniques for protecting data within a computer and protecting data as it moves through a network. Data and system security and reliability will be considered in a distributed environment. Topics will include encryption, authentication and digital signatures, threats to the computer system, and system reliability. Prerequisites: COSC 1560 Computer programming II and junior standing.
The course contents (updated in 2018):
Introduction and the course overview. Information – crown jewels that need protection. Define Information Security. What is the value of information? Introduce information classification concepts. Introduce principles for protecting Confidentiality, Integrity and Availability of information. Define Personally Identifiable Information (PII). Introduce concepts of assuring data privacy.
Describe the threat environment: Attackers and their Attacks.
Dual nature of risk – opportunities and hazards. Introduce importance of having organizational Security Policy and Risk Management business process.
The rule of law. Introduce Information security Governance Framework and Regulatory Compliance requirements. Focus on EU GDPR – privacy by design and the right to be forgotten.
Introduction to cryptography: The Elements of Cryptography. Symmetric – private key cryptography, asymmetric – public key cryptography, cryptographically-secure pseudo-random number generator, secure one-way hash function (hands-on activity: Using encryption to preserve confidentiality and integrity of documents exchanged via e-mail) Public Key Infrastructure (PKI) and key management – Digital certificates, Digital Signatures (Practical demo: Using encryption to preserve integrity and confidentiality of electronic documents), Cryptography Standards. What is quantum cryptography? What is quantum computing resistant cryptography?
Access control: Identification, Authentication, Authorization, Accountability (AAA), Identity Management, Directory Services for managing information security, Password usage and selection, multi-factor authentication, Importance of logging and log management. (Practical demo: Using cryptographic functions for identification)
Securing computer networks vs. securing data in transit: Protection of wired and wireless computer networks. Identification and mutual authentication of network components and network users. Detecting rogue network devices. (Hands-on activity: Setting up and protecting a wireless network and its users.) (Practical demo: Using a wireless network traffic analyzer/sniffer). Verifying security controls. Network segregation.
Network and hosts security technologies: Introduction to network firewalls and host-based firewalls (Hands-on activity: Configuring a network firewall and segregating network segments). Virtual Private Networks (VPN) – site-to-site and client-to-site VPN, IPSec and SSL VPN. (Hands-on activity: Setting up and using a VPN gateway). Network and host-based Intrusion Detection (IDS) and Intrusion Prevention Systems (IPS).
Host and Data Security: Malicious code (malware). Viruses, Trojans, Worms – definitions, classification, detection, propagation, corrective measures, preventive measures. Security hardening of operating systems, security baselines, vulnerability management, patch management (Practical demo: Securing a standalone computer and testing for vulnerabilities). Introduction to anti-malware systems and end-point security. The Internet and computer malware, drive-by infection, mobile malicious code, unsolicited messaging – spam, phishing. Internet of Things (IOT) and its (in)security.
The Internet security: Security Infrastructure for Internet Access (Practical demo: What is a proxy server? What is a reverse proxy server?) E-Commerce Security Requirements, Internet browser security, security of messaging application security, XSS (Cross-site scripting) (Practical demo: Web site vulnerable to an XSS attack – risk to Internet users) Security assessment of Web applications. Open Web Applications Security Project (OWASP) and security assessment tools for Web applications.
Data security: Data backup, retention, and redundancy. Database security. Detecting and preventing SQL injection attacks. Business continuity and Disaster recovery planning. Cloud computing risks and security measures.