IT 340

Computer and Information Security (3 credits)

Text:  Corporate Computer Security, 4rd Edition by R. Boyle and R. Panko, Pearson, 2015

Course Information: Fundamentals of computer security, security mechanisms, information states, security attacks, threat analysis models, vulnerability analysis models, introduction to cryptography, authentication, intrusion detection, intrusion prevention (firewalls), operating systems security, database security, software security, host hardening, incident and disaster response.

Prerequisite: Upper-level IT eligibility

Required/Elective: Required

Course Outcomes:

Students should be capable of:

  1. Explaining key security concepts such integrity, confidentiality, availability, non-repudiation, and authentication
  2. Discussing the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and remediation
  3. Discussing protection mechanisms such cryptography, intrusion prevention systems (firewalls), intrusion detection systems
  4. Explaining the key factors involved in authentication and how they are used to verify identity and grant access to a system; explain the characteristics of strong passwords

Student Outcomes: 

A. An ability to apply knowledge of computing and mathematics appropriate to the program’s student outcomes and to the discipline

G. An ability to analyze the local and global impact of computing on individuals, organizations, and society

I. An ability to use current techniques, skills, and tools necessary for computing practice

M. An understanding of best practices and standards and their application

Course Topics:

 

  1. Security: history and terminology
  2. Security services: availability, integrity, confidentiality, authentication, non-repudiation
  3. Security vulnerabilities: inside attacks, external attacks, black hat, white hat, carelessness, ignorance, hardware software, network, physical access
  4. Security lifecycle and de sign principles
  5. Information states
  6. Threat and vulnerability analysis models
  7. Security mechanisms: authentication, biometrics, cryptography, intrusion detection
  8. Security attacks: social engineering, denial of service, protocol attacks, active and passive attacks, buffer overflow attacks
  9. Intrusion detection and intrusion prevention systems
  10. Malware (viruses, Trojan horses, worms)
  11. Information states: storage, transmission, processing
  12. Operating systems, database, and software security
  13. Host hardening, Incident and disaster response

One of 34 U.S. public institutions in the prestigious Association of American Universities
44 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
—ALA
23rd nationwide for service to veterans —"Best for Vets," Military Times
KU Today