RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Similar documents
RYERSON UNIVERSITY Ted Rogers School of Information Technology Management and G. Raymond Chang School of Continuing Education

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Syllabus for CIT 442 Information System Security 3 Credit Hours Spring 2015

Standard Course Outline IS 656 Information Systems Security and Assurance

Faculty of Science & Information Technology

Security+ SY0-501 Study Guide Table of Contents

Ethical Hacking and Prevention

Certified Ethical Hacker (CEH)

The University of Jordan. Accreditation & Quality Assurance Center. COURSE Syllabus

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

FIT5044 Network security. Unit Guide. Semester 1, 2010

ITSY Information Technology Security Course Syllabus Spring 2018

Course Intended Learning Outcomes (CILOs): Upon successful completion of this course, students should be able to:

MLR Institute of Technology

Network Security

UNIT OUTLINE. Network Engineering 304. Mr Iain Murray. Department of Electrical and Computer Engineering Curtin Engineering

SE 4472a: Information Security

ISM 324: Information Systems Security Spring 2014

Department of Computer & Information Sciences. CSCI-342: Introduction to Information Security Syllabus

COURSE OUTLINE. Last Amendment Edition Procedure No. Lecturer /blog Room No. Phone No. / Name.

Networks and Communications MS216 - Course Outline -

ITSY 2330 Intrusion Detection Course Syllabus

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

CompTIA Security+ (Exam SY0-401)

INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad

Syllabus Revised 01/03/2018

Oklahoma State University Spears School of Business Department of Management Information Systems

CS System Security 2nd-Half Semester Review

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

EEL DATA NETWORKS, SYSTEMS, AND SECURITY Fall 2016

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Introduction and Overview. Why CSCI 454/554?

Most Common Security Threats (cont.)

SI - Computer Security

University of San Francisco Course Syllabus and Outline

ITCC112. Course Summary. Description. Objectives

CompTIA Security+ Certification

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Required Textbook and Materials. Course Objectives. Course Outline

CRN150 Fundamentals of Network Security

Systems and Principles Unit Syllabus

COURSE OUTLINE. School of Engineering Technology and Applied Science

Understanding Cisco Cybersecurity Fundamentals

SECURITY & PRIVACY DOCUMENTATION

CEH: CERTIFIED ETHICAL HACKER v9

Textbook Charles Petzold, Programming Windows, 5th edition, Microsoft Press. References - other textbooks or materials none

Course 831 Certified Ethical Hacker v9

South Portland, Maine Computer Information Security

ITCC111. Course Summary. Description. Objectives. Outline

Computer Science Technology Department

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

CSE 544 Advanced Systems Security

San José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

City University of Hong Kong Course Syllabus. offered by Department of Computer Science with effect from Semester B 2017/18

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Cyber Security Program

Bachelor of Information Technology (Network Security)

Syllabus Revised 08/15/2018

INFORMATION SESSION. MS Software Engineering, specialization in Cybersecurity

San José State University Department of Computer Science CS 166 / SE 166, Information Security, Section 4, spring, 2017

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Monfort College of Business Semester Course Syllabus ( ) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed.

Software Development & Education Center Security+ Certification

IST 451: Network Security

Network Security and Cryptography. December Sample Exam Marking Scheme

Academic Course Description

Education Network Security

SYLLABUS DATE OF LAST REVIEW: 012/2016 CIP CODE: Departmental Syllabus SEMESTER: Information Assurance COURSE TITLE: CIST0225 COURSE NUMBER:

City University of Hong Kong. Course Syllabus. offered by Department of Computer Science with effect from Semester B 2016/17

Computer Science Technology Department

Database Security MET CS 674 On-Campus/Blended

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Security Architecture

Unit 2 Essentials of cyber security

ESET 349 Microcontroller Architecture, Fall 2018

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

CS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background

Implementing Cisco Network Security (IINS) 3.0

CS System Security Mid-Semester Review

SAMPLE. ITS350: Information Systems and Security. Course Description and Outcomes

Syllabus Revised 08/21/17

Unit 3 Cyber security

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE

CompTIA Cybersecurity Analyst+

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Computer Science Technology Department

Securing Information Systems

Transcription:

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education COURSE OF STUDY 2017-2018 (C)ITM 820 Information Systems Security and Privacy 1.0 PREREQUISITE The prerequisite for this course is ITM 301. Students who do not have the prerequisite will be dropped from the course. 2.0 INSTRUCTOR INFORMATION Name: Office Phone Number: E-mail address: Faculty/course web site(s): https://my.ryerson.ca Office Location & Consultation hours: Your instructor is available for personal consultation during scheduled consultation hours which are posted on their office door or on the course shell in D2L Brightspace. However, you are advised to make an appointment by e-mail or by telephone before coming to ensure that the professor is not unavoidably absent. E-mail Usage & Limits: Students are expected to monitor and retrieve messages and information issued to them by the University via Ryerson online systems on a frequent and consistent basis. Ryerson requires that any official or formal electronic communications from students be sent from their official Ryerson E- mail account. As such emails from other addresses may not be responded to. 3.0 CALENDAR COURSE DESCRIPTION This course considers the technical, operational, and managerial issues of computer and network security in an operational environment. Industry best-practices relating to computer security including schemes for breaking security, and techniques for detecting and preventing security violations are the core focus of this course. This course will also explore the principles of data privacy, threats to privacy, international and national policy, particularly related to privacy-enhancing technologies as they apply to the management of information systems and e-business. 1 of 7

4.0 COURSE OVERVIEW This course provides the opportunity for the student to explore computer security and network security in an operational environment. Current industry best practices relating to computer security including schemes for breaking security, and techniques for detecting and preventing security violations are core focus of this course. Emphasis will be on the development of appropriate safeguards, the study of different types of security systems, and the development of appropriate security for the perceived risk. Each student will explore various aspects of computer security through assignments, software deployment, selected readings and a group research project. 5.0 COURSE OBJECTIVES This course provides students with a detailed review of the industry-accepted methods for securing computer applications and computer networks. The course will provide an awareness of the risks and threats to computer operations and communications and an overview of the different types of security techniques. The course will address issues and challenges associated with implementing the appropriate level of security to meet the needs of the organization. Upon completion of the course, students should be able to: 1. Explain the fundamental principles of Information Technology Security and Privacy, and Data Protection. 2. Explain the concepts of threat, evaluation of assets, information assets, physical, operational, and information security, and how they are related. 3. Describe the need for the careful design of a secure organizational information infrastructure 4. Describe risk analysis and risk management in the context of business. 5. Describe both technical and administrative mitigation approaches. 6. Explain the need for a comprehensive security model and its implications for the security manager. 7. Demonstrate knowledge of security technologies. 8. Demonstrate knowledge of basic cryptography, its implementation considerations, and key management. 9. Demonstrate knowledge of designing and guiding the development of an organization s security policy. 10. Demonstrate knowledge of determining appropriate strategies to assure confidentiality, integrity, and availability of information. 11. Apply risk management techniques to manage risk, reduce vulnerabilities, threats, and apply appropriate safeguards/controls. 12. Describe privacy issues associated with storing and distributing digital data. 13. Explain Privacy-by-Design (PbD) framework. 14. Explain security issues associated with the emergent cloud computing technology and IoT. 6.0 EVALUATION The grade for this course is composed of the mark received for each of the following components: Evaluation Component Percentage of the Final Grade Four Assignments (5% each) 20% 2 of 7

Group Project 10% Midterm Examination 30% Final Examination 40% Total 100% NOTE: Students must achieve a course grade of at least 50% to pass this course. Citation Format for Essays and Term Papers All essay assignments, term paper and other written works must adhere with APA citation format. Technical errors (spelling, punctuation, proofing, grammar, format, and citations) and/or inappropriate levels of language or composition will result in marks being deducted. You are encouraged to obtain assistance from the Writing Centre (www.ryerson.ca/writingcentre) for help with your written communications as needed. You can find APA guidelines and academic referencing from the following online resources: a) Ryerson Writing Support Web site: http://www.ryerson.ca/content/dam/studentlearningsupport/resources/citationconventions/apa%20basic%20style%20guide.pdf b) Ryerson Library for APA style guide: www.ryerson.ca/library/subjects/style/apa.html 7.0 POSTING OF GRADES All grades, on assignments or tests must be posted or made available to students through the return of their work. Grades on final exams must be posted. However, as there may be other consideration in the determination of final grades, students will receive their official final grade in the course only from the Registrar. Final official course grades may not be posted or disclosed anywhere by an instructor. Posting of grades on the Course Management System (D2L Brightspace) is preferred. If grades are posted in hard copy they must be posted numerically sorted by student identification number after at least the first four digits have been removed. Instructors must inform students in all course management documentation of the method to be used in the posting of grades. Students who wish not to have their grades posted must inform the instructor in writing. Some graded work will be returned to students prior to the last date to drop a course without academic penalty. 8.0 TOPICS SEQUENCE & SCHEDULE Session Topic Learning Outcomes Readings Activities & Due Dates 1 Security Concepts: Introduction, Framework Explain what assets we need to protect. Explain how those assets are threatened. Explain the best options to counter those threats. Ch. 1 3 of 7

Explain confidentiality, integrity and availability triad 2 Cryptographic Tools: Symmetric Encryption, Public Key Encryption, Hash Functions, Digital Signatures Describe various types of algorithms and their applications Explain the basics of encryption Describe modern cryptography methods Describe message authentication methods 3 User Authentication: Password, Describe the four general means of Token and Biometric authenticating a user s identity Authentication; Explain passwords authentication methods Access Control: Access Control Describe token-based user and Access Management authentication Explain how access controls & user authentication Distinguish among subjects, objects, and access rights 4 Database and security attacks: Discuss the unique need for Database Access Control, SQL database security Injection Attacks Describe SQL injection attacks Compare different approaches of Security Attacks: Denial of Service database security Explain the basic concepts of DoS & DDoS attacks 5 Malicious Software: Viruses, Describe three broad malware uses Worms, SPAM, Trojans, Bots, to propagate Phishing, Spyware, Rootkits Discuss the basic operations of viruses, worms, Trojan horses, and logic bombs Discuss the different threats posed by bots, spams, spyware, and rootkits Discuss the backdoor vulnerabilities of systems 6 Firewall, Intrusion Detection and Explain snort architecture Prevention Systems Explain the purpose of honeypots Describe different types of honeypots and sandboxes Explain the role of firewalls, proxies, and NAT in a network 7 Midterm Examination Describe software security vulnerabilities Software and OS Security Explain the role of input fuzzing technique for software testing Explain the features of Windows and Linux\Unix security Discuss virtualization and hypervisor management 8 Cloud Computing and IoT Security Explain types of cloud services and deployment models. Explain cloud security approaches Explain IoT and its major components Explain Fog computing Explain the function of IoT gateway security Ch. 2 Ch. 3 & 4 Assignment 1 Ch. 5 & 7 Ch. 6 Ch. 8 & 9 Ch. 11 & 12 Assignment 2 Intro. to Group Project Ch. 13 Assignment 3 4 of 7

Explain IoT security and privacy 9 Wireless Network Security Privacy Enhancing Technologies Explain components of 802.11 standards and WLAN Explain WEP and WPA authentication methods Describe advanced features of 802.11i technology Explain security vs. privacy Describe Privacy by Design (PbD) framework Explain the concept of privacy acts such as EU directives, PIPEDA, and ISO standards 10 IT Security Management and Risk Explain ISO IT security standards Assessment Explain the process involved in IT Security Controls, Plans and security management Procedure Discuss organizational IT security policy Discuss IT security plans Identify security threats and security risk assessments Discuss security training and awareness 11 Advanced Encryption Techniques Describe the general model for the symmetric encryption process. Discuss types of attacks on encrypted messages Describe block encryption algorithms: DES, 3DES, and AES. Describe stream cipher RC4. Describe the operation of secure hash algorithms (SHA) Explain Public-Key cryptography algorithms and their applications 12 Internet Security Explain S/MIME Explain key components of SSL/TLS Discuss SSL/TLS attacks Explain the scope of IPSec and its security associations 9.0 TEACHING METHODS Ch. 24 Ch. 14, 15 & 18 Ch. 20, 21 Ch. 22 Assignment 4 Group Project This course will incorporate the following teaching and learning methods: Regular lectures, prescribed weekly readings, problem based assignments, group project work, and case study discussions are the main teaching activities that occur in this course. Since a major component of this course is problem-based learning the four individual assignments provide the students practice and progressive skill-building that they can apply in the group based project. The group project work allows the students to apply the analytical techniques that were introduced in class and practiced in the problem sets. In addition, by working in small teams the students develop group interaction and individual and group presentation skills. The instructor will establish an active learning environment by engaging the students in a Socratic exchange of relevant questions and ideas. Students should expect a frequent and substantive interaction between the instructor and students and among students in every class. 5 of 7

Those students that actively participate in the learning process will gradually assume ownership of the knowledge contained in the course materials. In addition to ownership of the course content, the students will master a set of skills that they can use to develop communications networks. 10.0 TEXTS & OTHER READING MATERIALS Title: Computer Security: Principles and Practice, 4 th Edition Author: William Stallings and Lawrie Brown Publisher: Pearson ISBN: 978-0134794105 Suggested/Recommended Textbook Title: Cloud Computing, Automating the Virtualized Data Center Authors: Venkata Josyula, Malcom Orr & Greg Page Publisher: Cisco Press ISBN: 978-1285448367 Title: Principles of Information Security (6 th Edition) Authors: Michael E. Whitman, Herbert J. Mattord Publisher: Course Technology ISBN: 978-1337102063 11.0 VARIATIONS WITHIN A COURSE All sections of a course (Day and CE sections) will follow the same course outline and will use the same course delivery methods, methods of evaluation, and grading schemes. Any deviations will be posted on D2L Brightspace once approved by the course coordinator. 12.0 OTHER COURSE, DEPARTMENTAL, AND UNIVERSITY POLICIES For more information regarding course management and departmental policies, please consult the Appendix of the Course of Study which is posted on the Ted Rogers School of Information Technology Management website, http://www.ryerson.ca/content/dam/itm/documents/cos/appendix.pdf. This appendix covers the following topics: 12..1 Attendance & Class Participation 12..2 Email Usage 12..3 Request for Academic Consideration 12..3.1 Ryerson Medical Certificate 12..3.2 Academic Accommodation for Students with Disabilities 12..3.3 Religious, Aboriginal or Spiritual Observance 12..3.4 Re-grading and Recalculation 12..4 Examinations & Tests 12..4.1 Period of Prohibition from Testing 12..4.2 Make-Up of Mid-Term Tests, Assignments and Other Assessments During the Semester 12..4.3 Make Up of Final Exams 12..4.4 Missing a Make-Up 12..5 Late Assignments 12..6 Standard of Written Work 12..7 Academic Grading Policy 6 of 7

12..8 Academic Integrity 12..8.1 Turnitin.com 12..9 Student Rights 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback