Course Outline

Course Outline

CS 620 - Introduction to Information Security

Course Description:
Overview of the threats to the security of information systems, the security responsibilities faced by users and managers of computer systems, the discussion of basic tools available for implementing computer security, and consideration of the ethical and legal responsibilities facing computer users.
Course Prerequisites:
Completion of the computer science core or permission of the CS graduate coordinator.
Textbook(s):

Bandits on the Information Superhighway, Daniel J. Barrett, O'Reilly & Associates, Inc., l996, ISBN: l-56592-l56-9

Information Warefare and Security, Dorothy E. Denning, Addison-Wesley Publishing Company, l999, ISBN: 0-20l-43303-6

Statement of Purpose:
CS 620 is the first course in the information security component of the MS/Computer Science (Information Security emphasis) degree program. It is assumed that each student already possesses the basic of programming, computer principles, and basic management principles. This course is aimed at the computer practitioner/user or manager who must be VERY aware of all tenets of computer security in order to protect their organization’s most vital asset—their information.
As the course is an overview of computer security, in-depth analysis/design of specific security tools (i.e. data base [DB] security, operating systems [OS] security, cryptographic techniques, etc.) will be presented in subsequent courses in the CS program.
In summary, this course lays the groundwork of the "big picture" and assumes that the detail will be presented later.
Plagiarism:
… "The deliberate act of copying writing, and claiming as one’s own the information, ideas or phrasing of another person without proper acknowledgment of their true source." (Source: JMU graduate student handbook). We will thoroughly discuss this policy when we embark on the projects. Documentation applies in both direct quotations and paraphrases. In certain cases, ideas should also be documented. Care should be exercised to insure that proper credit is given to the author. Infractions will be considered a serious offense when evaluating all projects. Dr. Forcht will provide documentation guidelines for references/citations.
Honor Code:
Each student should refer to the Honor Code as outlined in the JMU General Catalog and JMU Graduate Student Handbook. The Honor Code applies to any examinations and ALL projects/presentation submitted for credit. It is not only the instructor’s obligation to report all infractions to the Honor Council, but yours as well. If other students are allowed to violate the Honor Code, it cheapens your education/degree. In certain cases, you will be completing projects that may involve working with others. It is quite acceptable to work with others, and I strongly encourage you to do so, but please bear in mind that the work you submit must be your own if the project is an individual one and not a designated group project.
Hacking:
The practice of "hacking" (breaking into someone’s computer system) is well documented. You will see many cases in your readings/discussions during this course. Please bear in mind, however, that "hacking" is a serious offense and is treated as such by organizations whose systems are violated. Under no circumstances is it warranted for a student, out of curiosity or malicious intent, to break into anyone’s computer system (including JMU’s). Please do not attempt to do so without prior consent/knowledge of the authorizing parties. As legal adults, your violations will be dealt with as in any other theft—to the fullest extent of the law. It is no longer considered "cute" and "creative" to break into someone’s computer system—it is considered a serious crime. Please cooperate on this!
Ethical Use of Computers:
Please refer to the Ethics Statement regarding ethical use of computers. These policies have been adopted by JMU and govern all students using computers in any course. It is your obligation to orient yourself with these rules.
Course Intent:
This course is intended for two groups of people:

Those who will, or presently do, encounter computer systems as part of their personal and organizational lives.

Those who will, or are, directly involved with computers and will provide computing tools and systems for others.

Objectives of Course:
After completion of the course, the student will be able to:

Describe and analyze the security of an actual computing facility in terms of protection, prevention, detection, and correction.

Analyze the vulnerability of a computing facility and how to measure vulnerability/risk analysis factors.

Describe computer viruses and other malicious code and investigative/correction/detection measures.

Understand the role of auditing and monitoring techniques as they relate to computer security.

Compare and contrast various security strategies and technologies using ROI (Return on Investment) techniques.

Understand the basic concepts of trusted computer systems, database security, telecommunications security, cryptography, and Internet security.

Describe issues relating to physical security and perimeter protection.

Describe personnel security, staff training, ethics and confidentiality statements, and other related "people" issues.

Identify the legal and regulatory constrictions relating to computer security.

Describe access control techniques, authentication measures, password management and logging/recording techniques.

Portfolio Preparation: (Individual Project)
CS 620 will prepare students to achieve the stated content goal of the program portfolio as follows:
Report research locating and evaluating those policies and regulations specific to an installation and testing compliance with those policies.

Identify and describe the contents of information security regulations and guides that regulate government and private information systems, and chart the relationships among information security components.
Use basic information security concepts to produce an overview report on system security status and review organizational documentation on a system.

Grading/Evaluation Policy:

Individual Project 100

Group Project (written) 100

Group Project (presentation) 100

Assignment I 100

Assignment II 100

Assignment III 100

Assignment IV 100

Discussion Group Participation 300

Total Points 1000

900-1000 points = A - (90-100%)

800-899 points = B - (80-89%)

700-799 points = C - (70-79%)

600-699 points = D - (60-69%)

599/below points = F - (59%/below)

Schedule:
Please note schedule changes if/when they occur.

First Saturday
0900 On-Site Saturday, August l4, l999

Overview of course

Discussion of schedule

Description of course content/methodology

Week 1 On-line August l5-22, l999 Assignment I (Group A)

Week 2 On-line August 23-29, l999 Assignment II (Group B)

Week 3 On-line August 30-September 5, l999 Assignment III (Group C)

Week 4 On-line September 6-l2, l999 Assgnment IV (Group D)

Week 5 On-line September l3-l9, l999 Individual Project - Portfolio Entry (Instructor)

Week 6 On-line September 20-25, l999 Work on Group Projects

Last Saturday
0900 On-Site Saturday, September 25, l999 Present Group Projects

Individual Project	100
Group Project (written)	100
Group Project (presentation)	100
Assignment I	100
Assignment II	100
Assignment III	100
Assignment IV	100
Discussion Group Participation	300
Total Points	1000

First Saturday 0900	On-Site	Saturday, August l4, l999	Overview of course Discussion of schedule Description of course content/methodology
Week 1	On-line	August l5-22, l999	Assignment I (Group A)
Week 2	On-line	August 23-29, l999	Assignment II (Group B)
Week 3	On-line	August 30-September 5, l999	Assignment III (Group C)
Week 4	On-line	September 6-l2, l999	Assgnment IV (Group D)
Week 5	On-line	September l3-l9, l999	Individual Project - Portfolio Entry (Instructor)
Week 6	On-line	September 20-25, l999	Work on Group Projects
Last Saturday 0900	On-Site	Saturday, September 25, l999	Present Group Projects