ICS 425: Computer Security and Ethics

Description: Theoretical results, security policy, encryption, key management, digital signatures, certificates, passwords. Ethics: privacy, computer crime, professional ethics. Effects of the computer revolution on society.

Objectives

• Analyze the information assurance (IA) context
• Analyze and design IA policies and plans
• Apply the principles of management
• Understand and apply the information perspective

Course Learning Outcomes: See objectives.

Program Learning Outcomes

• a. Students can apply knowledge of computing and mathematics appropriate to the discipline
• b. Students can analyze a problem, and identify and define the computing requirements appropriate to its solution
• c. Students can design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs
• d. Students can function effectively on teams to accomplish a common goal
• f. Students can communicate effectively with a range of audiences
• g. Students can analyze the local and global impact of computing on individuals, organizations, and society
• h. Students can recognize the need for and an ability to engage in continuing professional development
• i. Students can use current techniques, skills, and tools necessary for computing practice
• j. An ability to use and apply current technical concepts and practices in the core information technologies. [BA IT only]

Prerequisites: at least two ICS 300-level courses or consent.

Textbook(s): Course notes.

Grading: Participation (10%) Homework (4) (70%) Final (20%)

Policies: Due to the special nature of Computer Security certain additions to the above policies will be in effect, they are the following:

• Where appropriate, every experiment run in conjunction with this course will have certain rules and regulations regarding its conduct. These will be explained when the assignments are given and students are expected to comply with any additional restrictions.
• To the extent that classroom computers are used to stage attacks under controlled circumstances, they will be physically disconnected from all external networks. All student users must maintain this lack of connection and must verify this lack of connection (with instructor help) before running any malicious code or exploit.
• Students may be allowed to attempt to run harmful software and obtain root access on classroom computers isolated from the network, as long as the students in question agree to fix any problems they cause (e.g. hardware damaging code).
• Security flaws and other problems should be pointed out immediately to the instructor.
• Any student running an exploit in connection with assignments in this class must file an Exploit Approval form with the instructor, before running any malicious code or attempting any exploit on any classroom computer.
• Students are responsible for the consequences of any actions they take without the knowledge of the lab instructor.

Schedule

• Week 1: Overview
• Weeks 2, 3: IA Policy, law, and regulations
• Week 4: IA Policies, IA Framework & Access Control Systems
• Week 5: Security Planning
• Week 6: Security Operations, Certification, Accreditation
• Week 7: Incident Response and Disaster Recovery
• Week 8: Technologies and Mechanisms
• Week 9: Security Architecture and Network Security
• Week 10: Cryptography
• Week 11: Key Management and Digital Signatures
• Week 12: Authentication: attacking passwords, challenge-response systems
• Week 13: IA Auditing
• Week 14: Security Awareness Training
• Week 15: Presentations
• Week 16: Review
• Week 17: Final exam