Scribd
Upload
69 views4 pages

Information Systems Security Course

The course introduces concepts of information security and developing security policies. Over 12 weeks, topics will include cryptography, authentication, access control, communication security, and privacy. Students will be assessed through two in-class tests worth 15% each (CAT 1 and CAT 2) and a final exam worth 70%. The document outlines policies on attendance, missed tests, and late assignments.

Uploaded by

Antony Munyao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
69 views4 pages

Information Systems Security Course

The course introduces concepts of information security and developing security policies. Over 12 weeks, topics will include cryptography, authentication, access control, communication security, and privacy. Students will be assessed through two in-class tests worth 15% each (CAT 1 and CAT 2) and a final exam worth 70%. The document outlines policies on attendance, missed tests, and late assignments.

Uploaded by

Antony Munyao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

Course : CMT 405 – Information Systems Security

Semester: September - December 2021 Lecturer: William K. Mirugi

Meetings: Monday 7.00 am - 10.00 am

Purpose
This course introduces the concepts and issues related to securing information systems and development of policies to implement information
security controls.

Objectives
At the end of this course learners should be able to:
1. Define information security
2. Understand the significance of risk analysis of a system
3. Use appropriate security detection and prevention strategies
4. Develop an information system security policy
5. Discuss and evaluate a security solution of a given system
Course Outline and Schedule
Week TOPIC CONTENT/DETAILS COMMENT
1 Background and Basic CIA, Authentication, Non-repudiation, security service and security mechanism,
Concepts security policy
2 Cryptography Symmetric ciphers, Asymmetric ciphers, Hash functions, Message Authentication
Code, Digital signature, Diffie-Hellmann key exchange
3 Key Management and • NIST SP800-57 Key Management, Key State transition diagram, different states,
PKI “protection” and “processing”, cryptoperiods
•PKI, CA and RA, and root, PKI models/trust structures, X.509 Certificates, binding
id+key
4 Authentication • Message authentication and user authentication, User authentication methods,
Biometrics, Passwords, Non-repudiation, digital signature
5 Security Models and Security Models, Meaning of mandatory/discretionary AC Cat 1
Access Control
6 Communication Authentication protocol, HTTP Basic Authentication / Digest Authentication,
Security SSL/TLS, IPSec
Identity and Access Entity/identity/identifier/digital identity, Identity management models, Zooko’s
Management triangle, Federation, SAML
7 Perimeter Security • Firewall types – Strengths and weaknesses
• Intrusion detection system types – Strengths and weaknesses
Physical Security Environmental Security, Physical Access Control, Social Engineering Attacks and
Defences
8 Computer Security and Microprocessor security protection rings, Trusted Computing principles, TPM Cat 2
Trusted Systems (Trusted Platform Module)
9 Security Management ISO/IEC 27001, ISO/IEC 27002, Secure Development Lifecycle
10 Risk Management and • Risk management principles –Risk –Threat –Vulnerability,
Business Continuity • Business Continuity Planning principles – BIA, downtime, options for alternative
sites
11 Application Security Buffer Overflow, SQL Injection, Cross-Site Scripting, Malware and botnets
12 Privacy and Computer History of privacy, OECD principles, Privacy problems in Web 2.0, Meaning of
Forensics computer forensics, 4 main steps of computer forensics
Assessment Criteria
The final mark is determined by Continuous Assessment Tests (CATs) and a final exam as detailed below:
 CAT 1: 15%, CAT 2: 15%, Final exam: 70%

Textbooks for the course


1. Principles of Information Security, Michael E. Whitman and Herbert J. Mattord, 3rd Edition, 2008

Policy on Attendance and Tardiness


It is expected that unless for unavoidable circumstances, a student should attend all classes and on time. If a student misses a total of six hours in
a semester he/she will be disqualified from sitting for the end of year exam.

Policy on Missed Test and / or Examination


It is expected that in case a student misses a test or an assignment deadline that he consult the lecturer before the due date and ensure that if
agreed upon he/she sits for missed CAT within a period of one week after reporting to college. Failure to this the student will earn 0 (zero marks)
in the CAT. The lecturer is supposed to fill in a form. Delayed assignment will cost the student 1 mark per day unless otherwise agreed between
the student and the lecturer (see the attached form).

Lecturer.............................................................................Signature...............................................................Date.........................................................

HOD……………………...............................................Signature................................................................Date...........................................................
CAT /ASSIGNMENT POSTPONEMENT FORM: To be filled by the lecturer

Student Names Reason/Evidence/agreement for postponement Lecturers


ID comment/Signature

You might also like