ICS 355: Security and Trust I: Resource Protections
Description: Security and trust in computers, networks, and society. Security models. Access and authorization. Availability and Denial-of-Service. Trust processes and network interactions.
Objectives: Students can explain and structure the basic concepts and techniques needed by every security professional.
Program Learning Outcomes
- a. Students can apply knowledge of computing and mathematics appropriate to the discipline
- b. Students can analyze a problem, and identify and define the computing requirements appropriate to its solution
- c. Students can design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs
- d. Students can function effectively on teams to accomplish a common goal
- e. Students have an understanding of professional, ethical, legal, security and social issues and responsibilities
- f. Students can communicate effectively with a range of audiences
- g. Students can analyze the local and global impact of computing on individuals, organizations, and society
- h. Students can recognize the need for and an ability to engage in continuing professional development
- i. Students can use current techniques, skills, and tools necessary for computing practice
- j. An ability to use and apply current technical concepts and practices in the core information technologies. [BA IT only]
Prerequisites: 241 or (MATH 301 and 371).
Textbook(s): 1. Lecture Notes
2. Dieter Gollman, Computer Security (Wiley 2011, 3rd ed)
3. Ross Anderson, Security Engineering (Wiley 2008, 2nd ed)
Grading: Homework assignments (30%)
In-Class assignments (30%)
Exams (40%)
Schedule: 1. Assets and attacks. Prevention, detection and deterrence.
2. Physical security, computer security, system security, data security.
3. Perimeter and defense in depth.
4. Trust process. Trust transformation and relocation. Web of trust.
5. Reputation and feedback
6. Access control and authorization
7. Security models and multi-level security
8. Availability and Denial-of-Service
9. Malware and fraud
10. Privacy and anonymity