Course Objectives

The objectives of this course are to:

  1. Introduce students to the fundamental principles of information security.
  2. Equip students with the skills to identify and analyze threats and vulnerabilities.
  3. Provide hands-on exposure to tools and techniques for safeguarding information.
  4. Foster an understanding of the legal, ethical, and regulatory aspects of information security.
  5. Develop the ability to plan and execute risk management and disaster recovery strategies.

Overall Learning Outcomes

At the end of this course, students should be able to:

  1. Describe the fundamental principles of information security, such as confidentiality, integrity, and availability.
  2. Identify and analyze threats and vulnerabilities that can compromise information security.
  3. Apply techniques and tools, including encryption, access control, firewalls, and intrusion detection systems, to protect information.
  4. Discuss legal and ethical issues related to information security, such as privacy, intellectual property, and cybercrime.
  5. Conduct risk assessments, including risk identification, analysis, evaluation, and mitigation.
  6. Explain standards and best practices in information security, such as ISO/IEC 27001 and NIST Cybersecurity Framework.
  7. Highlight the importance of incident response and disaster recovery planning for business continuity.
  8. Design and implement a comprehensive information security program aligned with organizational goals and regulations.
Detailed Course Content

Module 1: Introduction to Information Security

1.1 Basic concepts and terminologies.
1.2 Principles of information security management.

Module 2: Risk Management

2.1 Risk identification, analysis, evaluation, and mitigation.
2.2 Regulatory environment and compliance requirements.

Module 3: Security Models and Architectures

3.1 Overview of security models and architectures.
3.2 Access to systems and data.

Module 4: Authentication and Network Security

4.1 User authentication methods and techniques.
4.2 Types of network attacks and their countermeasures.
4.3 Securing networks: encryption, firewalls, and intrusion detection systems.

Module 5: Operating System Security

5.1 Vulnerabilities and threats to operating systems.
5.2 Security measures to protect operating systems.

Module 6: Physical Security

6.1 Principles and practices for securing physical assets.

Module 7: Incident Response and Disaster Recovery

7.1 Detecting, responding to, and recovering from security incidents.
7.2 Planning, preparation, and execution of business continuity and disaster recovery plans.

Module 8: Legal and Ethical Issues

8.1 Privacy, confidentiality, and intellectual property.
8.2 Addressing ethical concerns in information security practices.

Teaching/Learning Methods

  • Lectures and interactive discussions.
  • Case studies and role-playing exercises.
  • Practical sessions on network and system security tools.
  • Group projects focusing on risk assessments and incident response planning.

Modes of Assessment

  • Assignments and Practical Projects: 40%
  • Midterm Examination: 20%
  • Final Examination: 40%

Reading List/References

Primary Texts

  1. Anderson, R. (2021). Security Engineering: A Guide to Building Dependable Distributed Systems (3rd ed.). Wiley.
  2. Pfleeger, C. P., & Pfleeger, S. L. (2020). Security in Computing (6th ed.). Pearson.

Supplementary Texts

  1. Shon Harris & Fernando Maymí (2023). CISSP All-in-One Exam Guide (9th ed.). McGraw-Hill.
  2. Stallings, W. (2021). Cryptography and Network Security: Principles and Practice (8th ed.). Pearson.

Additional Resources

  1. Online resources and documentation for NIST Cybersecurity Framework and ISO/IEC 27001.
  2. Research articles from IEEE Xplore on recent developments in information security.