Al-Imam Muhammad Bin Saud Islamic University

College of Computer and Information Sciences

Information Systems Department

Syllabus IS433: Information Security

Instructor
[name]

Office
No.

FR-

Phone

e-Mail

[86838]

[email]@ccis.imamu.edu.
sa

Office
Hours
[day and
time]

Course Description:
This course is an introduction to the various technical and administrative aspects of
Information Security and Assurance. The course provides the foundation for
understanding the key issues associated with protecting information assets, determining
the levels of protection and response to security incidents, and designing a consistent,
reasonable information security system, with appropriate intrusion detection and
reporting features. The purpose of the course is to provide the student with an overview
of the field of Information Security and Assurance. Students will be exposed to the
spectrum of Security activities, methods, methodologies, and procedures. Coverage will
include inspection and protection of information assets, detection of and reaction to
threats to information assets.

Main Learning Objectives:

This course aims to provide students with an academic overview of Information Security
covering its main domains. Each domain will be comprehensively studied in an undergrad suitable depth. By completion of this course, students should appreciate the
significance of Information Security in the IT realm, and be able to demonstrate in-depth
knowledge of Information Security management key principles and techniques.
Upon successful completion of this course, students will be able to:
Identify and prioritize information assets and threats.
Define an information security strategy and architecture.
Plan for and respond to intruders in an information system
Describe legal and public relations implications of security and privacy issues.
Present a disaster recovery plan for recovery of information assets after an incident.

Topics:
Chapter 1: Introduction to Information Security
This chapter will introduce the main concepts, definitions, terms in information security. In addition,
the chapter will introduce the main topics covered in this course.

Chapter 2: Basic Cryptography

In this chapter, well discuss some of the basic elements of cryptography. This chapter will lay the
foundation for the remaining crypto chapters, which, in turn, underpin much of the remainder of the
book. well attempt to provide enough of the details so that you not only understand the what but
can also appreciate the why.

Chapter 3: Symmetric Key Cryptosystems

In this chapter, we discuss the two branches of symmetric key cryptography: stream ciphers and block
ciphers. Stream ciphers are like a one-time pad, except that we trade provable security for a relatively
small (and manageable) key. Block ciphers are based on the concept of a codebook, where the key
determines the codebook. The internal workings of block cipher algorithms can be fairly intimidating,
so it may be useful to keep in mind that a block cipher is really just an electronic codebook.

Chapter 4: Public Key Cryptosystems

Public key crypto is sometimes know as asymmetric cryptography, two key cryptography, or even
non-secret key cryptography. In symmetric key cryptography, the same key is used to both encrypt
and decrypt. In public key cryptography, one key is used to encrypt and a different key is used to
decrypt. As a result, the encryption key can be made public. This solves one of the most vexing
problems of symmetric key crypto, namely, how to securely distribute the symmetric key.

Chapter 7: Access Control-Authentication

Authentication deals with the problem of determining whether a user should be allowed access to a
particular system or resource. In this chapter, our focus is on the methods used by humans to
authenticate themselves to machines. Authentication raises many issues related to protocols,
particularly when the authentication occurs over a network. This is also the environment where most
machine-to-machine authentication occurs.

Chapter 8: Access Control-Authorization

Authorization is the part of access control concerned with restrictions on the actions of authenticated
users. In this chapter, well extend the traditional notion of authorization to include a few additional
forms of access control. Well discuss CAPTCHAs, which are designed to restrict access to humans, and
well consider firewalls, which can be viewed as a form of access control for networks. Well follow up
the section on firewalls with a discussion of intrusion detection systems, which come into play when
firewalls fail to keep the bad guys out.

Chapter 9: Authentication Protocols

Protocols are the rules that must be followed in some particular interaction. In the context of
networking, protocols are the rules followed in networked communication systems. Examples of formal
networking protocols include HTTP, FTP, TCP, UDP, PPP, and many, many more. In this chapter, well
consider generic authentication protocols in order to better understand the fundamental issues
involved in the design of such protocols.

Chapter 10: Security Protocols

In this chapter, well discuss four security protocols that are used extensively in the real world. First on
the agenda is the Secure Socket Layer, or SSL, which is used to secure most Internet transactions
today. The second protocol that well consider in detail is IPSec, which is a complex and overengineered protocol with several security flaws. Then we will discuss Kerberos, a popular
authentication protocol built on symmetric key cryptography.

Chapter 11: Software Flaws and Malware

In this chapter, well discuss several security issues related to software. First, well consider
unintentional software flaws that can lead to security problems. A classic example of such a flaw is the
buffer overflow, which well discuss in some detail. Then we consider malicious software, or malware,
which is intentionally designed to do bad things. Computer viruses and worms are examples of
malware.

Textbook and Resources:

Main Textbook:
Information Security Principles and Practice, Edition 2 (2011).
Written by: Mark Stamp
ISBN: 978-0470626399
Publisher: Wiley Publications
Other Resources:
Understanding Cryptography
Written by: Christof Paar; Jan Pelzl
ISBN: 978-3-642-04100-6
Publisher: Springer
Computer Security
Written by: Dieter Gollmann
ISBN: 978-1-119-95877-2
Publisher: John Wiley&Sons, Incorporated
[Blackboard]: http://imamu.blackboard.com

Tentative Semester Schedule

Week
Week 01
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week
Week

02
03
04
05
06
07
08
09
10
11
12
13
14
15
16

Tentative Schedule
Overview of the course ; Introduction of
the Syllabus of IS433
Chapter 1
Chapter 2
Chapter 3 + [Announce project]
Chapter 3 + [Quiz #1]
Chapter 4
Chapter 4
Chapter 4 + [Midterm]
Chapter 7
Chapter 7
Chapter 8
Chapter 9 + [Quiz #2]
Chapter 10
Chapter 10 + [Project demonstration]
Chapter 11
[Final Exam]

Project and Assignments

The students are asked to do two lab quizzes and one project as follows:
Quiz #1: cover topics discussed in Chapters 1, 2 and 3.
Quiz #2: cover topics discussed in Chapters 4, 7 and 8.
Project: this is a group-based project, where the size of the group depends on the number
of the students in each session. The project covers the core issues discussed through the
course. The project should be divided into three sections: implementation, documentation
and presentation.

Evaluation
Class Contribution
Quizzes
Mid-Term
Project
Final Exam

5%
20%
20%
15%
40%