CS5293 Topics on Information Security

Part I

Course Duration: One semester
Credit Units: 3
Level: P5
Medium of Instruction: English
Prerequisites: Nil
Precursors: CS5285 Information Security for eCommerce or equivalent
Equivalent Courses: Nil
Exclusive Courses: Nil

Part II

Course Aims:
This course aims at providing students with a solid understanding of a range of topics in the area of information security, with emphasis on identification of security threats to actual systems and the appropriate countermeasures.  On completion of the course students should be able to specify, evaluate and develop computer systems and software applications to meet the required security objectives.

Course Intended Learning Outcomes (CILOs)
Upon successful completion of this course, students should be able to:

No.

CILOs

Weighting
(if applicable)

1.

identify the current issues and trends in information security;

 

2.

identify common security threats to computer systems;

 

3.

evaluate and specify practical computer systems and software applications to achieve security objectives;

 

4.

analyze the common security attacks and apply corresponding countermeasures;

 

5.

recognize and apply software coding techniques to deal with common security threats.

 

Teaching and Learning Activities (TLAs)
(Indicative of likely activities and tasks designed to facilitate students’ achievement of the CILOs. Final details will be provided to students in their first week of attendance in this course)

Teaching pattern:
Suggested lecture/tutorial/laboratory mix: 2 hrs. lecture; 1 hr. tutorial.

This course aims at developing a solid understanding in a range of topics in the area of computer and information security. Student will acquire adequate understanding and skill to specify, evaluate and develop computer systems and software applications with appropriate security measures.

Based on the course ILOs, the teaching/learning activities of the course may include:

CILO No.

TLAs

Hours/week
(if applicable)

CILO 1 - CILO 5

 

 

Lab Exercise: Students will work with selected security and attacking tools to learn how adversaries make use of tools to attack computer systems and how bad coding compromises information security.  Students will also learn to use these tools as a first line of defence against potential security threats and appreciate their role in a comprehensive security system.  

 

CILO 1,
CILO 2,
CILO 3,
CILO 4

Case Study: Students will be provided with different systems architecture and designs or/and cases of security attacks.  Students are required to identify the security threats, evaluate and critically analyze the security systems in different scenarios.  

 

CILO 1

Lectures: Basic background information on some of the latest development in computer security technologies, with examples drawn from real-life systems will be disseminated and students may be  required to perform research on the topic and submit a report.  

 

Assessment Tasks/Activities
(Indicative of likely activities and tasks designed to assess how well the students achieve the CILOs. Final details will be provided to students in their first week of attendance in this course)

   Examination duration:  2 hours
   Percentage of coursework, examination, etc.:  30% CW; 70% Exam

The course ILOs are accessed using the following approach:

CILO No.

Type of Assessment Tasks/Activities

Weighting
(if applicable)

Remarks

CILO 1

Coursework: Students may be required to complete a report on an assigned topic or a topic selected by the students to identify the current issues and trends in computer security. The quality and relevance of their research findings will be a measure for this ILO.
Exam: The exam will include questions to assess the ability of the students to identify and describe contemporary issues in computer security.

 

 

CILO 2

Coursework: Assignments will be given to the students to assess the ability of the students to identify security threats.
Exam: The exam will include questions to assess the ability of the students to identify security threats in a certain system and the way to prevent/mitigate/detect attacks.

 

 

CILO 3

Coursework: Students may be required to perform a study on an assigned topic or a topic selected by the students to evaluate and assess the limitations of existing technologies and systems, with specific recommendations on how to improve an existing design. Students may be required to analyze the effectiveness of the various security protocols, architecture, systems and tools in the context of the design and evaluation of secure information systems to meet the prescribed security objectives.
Exam: The exam will include questions to assess the student’s ability to specify and evaluate the architecture of a secure computer system.

 

 

CILO 4

Coursework: Students may be required to complete a report on an assigned topic or a topic selected by the students. Students should be able to compare and contrast the various security technologies. The quality of the analysis in the report will be a measure for this ILO. The assignment will also include questions to assess whether the students can explain how the various attacks and defenses work.
Exam: The exam will include questions to assess the student’s understanding in how the various attacks and defenses work.

 

 

CILO 5

Exam: The exam will include questions to assess the ability of the students to explain how the secure coding techniques may improve the security of systems.

 

 

Grading of Student Achievement: Refer to Grading of Courses in the Academic Regulations
Grading pattern: Standard (A+, A, A-…F)
For a student to pass the course, at least 30% of the maximum mark for the examination must be obtained 

Part III

Keyword Syllabus:

The syllabus will evolve with time as current topic changes.  The following are example keyword syllabus:  security policies; hardware security, OS security, file system protection, access control; cryptographic tools; identity and credential management, security administration; hacking attacks and countermeasures, probing tools, malicious codes, virus, security administration; evaluating system security,  secure computing platforms; security development process; intrusion detection; mobile security.

Syllabus

Topics will be selected from following:

1.Security Attacks : port scanning, vulnerability scanning, network mapping, password attacks, session hijacking, phishing, Web application attacks, sniffing, IP spoofing, denial of service attack; virus, Trojan Horse, spyware and rootkits, malicious mobile codes, backdoors
 
2.OS Security: authentication, access control mechanism
 
3.Software Security : secure coding techniques: canonical representation, database input, Web-specific and internationalization issues, buffer overrun and access control, security code review, security issues in documentation
 
4.Current issues in information security: security evaluation, computer forensics, contemporary access control paradigms, mobile security

Related Links
Department of Computer Science