CS4394 Information Security and Management
Course Duration: One Semester
Credit Units: 3
Medium of Instruction: English
CS3102 Operating Systems /or
CS3103 Operating Systems /or
CS3161 Operating System Principles
Equivalent Courses: Nil
Exclusive Courses: Nil
1. Course Aims:
The course provides an overview of the concepts and technologies, management and legal issues for the protection of data during processing, storage and transmission. It is important that information security requirements be understood at the organizational level; appropriate information security policy be derived; cost-effective information security solution be planned and deployed; and evidence to auditors be provided on how well an organization has performed when required.
2. Course Intended Learning Outcomes (CILOs):
(state what the student is expected to be able to do at the end of the course according to a given standard of performance)
Upon successful completion of this course, students should be able to:
|1.||describe threats in IT environment; recognize and inquire the relationship of threat, vulnerability, countermeasure, and impact in organizational information security; || |
|2.||formulate basic information security policy for an organization and design appropriate guidelines in implementing the policy; || |
|3.||describe the information security management framework and the roles of Information Security Management Standards in this framework; || |
|4||recognize and critique legal issues in information security. || |
3. Teaching and learning Activities (TLAs):
(designed to facilitate students’ achievement of the CILOs)
Suggested lecture/tutorial/laboratory mix: 2 hrs. lecture; 1 hr. tutorial.
|ILO No||TLAs||Hours/week(if applicable)|
|CILO 1- 4 ||Lectures to introduce the basic concepts, the relationship of these concepts and their practical use in information security technology management ||2 hours/ week|
|CILO 1- 4||Tutorial sessions used for understanding the concepts related to the lectures and discussing some real life examples in applying the concepts ||1 hour/ week|
4. Assessment Tasks/Activities:
(designed to assess how well the students achieve the CILOs)
The Course ILOs are assessed using the following approach:
|ILO No||Type of assessment tasks/activities||Weighting (if applicable)||Remarks|
|CILO 1||Coursework: Students are required to identify threats, vulnerabilities, and countermeasures in a given security scenario, and inquire on their effectiveness.|
Examination: Questions assessing understanding of basic information security technologies, threats, vulnerabilities and their relationship.
| || |
|CILO 2||Coursework: Students are required to design simple information security policy, and its associated guidelines.|
Examination: Questions assessing understanding of concepts and contents in an information security policy.
| || |
|CILO 3||Examination: Questions assessing understanding of importance of the standard and how standards are used in planning and auditing of information security in an organization. || || |
|CILO 4||Examination: Questions assessing understanding of issues and principles of related legal aspects related to information security. || || |
5. Grading of Student Achievement:
Examination duration: 2 hours
Percentage of coursework, examination, etc.: 30% CW; 70% Exam
Grading pattern: Standard (A+AA-…F)
For a student to pass the course, at least 30% of the maximum mark for the examination must be obtained.
Overview of Information Security: Risks and attacks, organizational requirements. Information Security Technologies: Access Control, Cryptographic techniques, Authentication and Public Key Infrastructures. Information Security Management: Policy, Risk Assessment, and Standards. Legal Issues: Computer Crimes and Forensics, Information Security Audits.
Department of Computer Science