Your browser version is outdated. We recommend that you update your browser to the latest version.

Lecture

2018-2019

This applied lecture deals with information security from a case study approach in which we understand the cause of many violations in order to develop recommendations for professional organizations to improve their security situation.

2 Individual Assignments; 1 Group Project

Written Final Exam

2017-2018

This applied lecture deals with information security from a case study approach in which we understand the cause of many violations in order to develop recommendations for professional organizations to improve their security situation.

3 Individual Projects; 1 Group Project

Written Final Exam

2016-2017

This applied lecture deals with information security from a case study approach in which we understand the cause of many violations in order to develop recommendations for professional organizations to improve their security situation.

2 Individual Assignments; 1 Group Project

Oral Final Exam

This lecture will highlight the advent of information security in parallel with the development and advancement of information systems including the Internet. Outcomes include a deeper understanding of: security fundamentals, the Internet, risk management, data storage (including big data), business vulnerabilities, organizational information systems, governance and compliance, the implication of mobile use, and modern information security methods. Students can expect to apply this knowledge to other aspects of computer science including: software design and development, strategic planning, policy development, and training.

  • Understanding of the fundamental ideas behind data and information including computers and the Internet.
  • Knowledge of basic information constructs and risk handling techniques; students know the most important constructs of information systems.
  • Knowledge of elementary computers and modern uses.
  • Ability to specify and verify simple information handling activities.
  • Overview of knowledge creation and its importance.
  • Technical and formal foundations of data, information, and knowledge creation (syntax and semantics of languages).
  • Introduction to risk (basic definitions and historical reference, measurement, management, and assurance including valuations).
  • Representation of corporate valuations related to information.
  • Further basic elements of data, information, and knowledge.
  • Basic elements of knowledge transference (weak and strong ties).
  • The value of data losses (evolutions and inherent vulnerabilities).
  • Information security shifts from technical toward organizational/behavioral.
  • Formalized acceptance of risk (governance, compliance, reporting).

Security Fundamentals

Class 1: Introduction to computers (the safety of information)

  • Physical security
    • Security by practice: placement, hardware, software
  • Algorithms
    • Encryption foundations, private key encryption, public key encryption
  • Network design
    • Security by design: topology, layering, access controls
  • Protocols
    • Design and acceptance (RFC), network protocols

Class 2: Introduction to the internet (the freedom of information)

  • WWII - Government/Military
    • U.S. design, early adoption, later acceptance
  • Universities
    • Development, collaboration, repositories
  • Business
    • Early models (static), mid-models (Ebay), later models (C2C, G2G)

Class 3: Introduction to risk (inherent and handled)

  • Risk measurement
    • Define risk, understand risk, apply risk
  • Risk management
    • Threats, Assets, Controls
  • Risk assurance
    • SETA

Information Dissection

 

Class 4: What is information?

  • Definitions
    • Symbols, data, information, knowledge
  • Primitive applications
    • Data collection, data storage, data retrieval
  • Modern applications
    • Data collection, data storage, data manipulation, data forecasting, data retrieval

Class 5: What is knowledge?

  • Information transfer
    • Tacit information, explicit information
  • Knowledge creation
    • Data storage and retrieval, data to information, information to data
  • Knowledge companies
    • Service based, client based, information based

Class 6: Why is information valuable?

  • The value of data
    • Personal, company, marketing
  • The value of information creation
    • Sales, marketing, client-specific
  • The danger in information creation
    • Information to data storage, retrieval conversion, temporality, context

Class 7: How is information used?

  • Early adopters
    • Customer focus, growth focus
  • Modern information use
    • Personal data, biometrics (social and legal)
  • Bid data applications
    • Corporate applications, social applications, privacy implications

 

The Value of Data Loss

 

Class 8: The Evolution of Data Loss

  • Focus on notoriety
    • Hackers, crackers, and students (formal and informal)
  • Shift to purposeful damage
    • DDOS, availability, Moore’s Law
  • Extracting value
    • Ransomware, Wikileaks

Class 9: Inherent Vulnerabilities

  • The nature of protocols
    • Open design, designer requirement, societal shift
  • Widespread system use
    • 1G, 2G, 3G, next G (LTE)
  • Cultural ignorance
    • Natural science, social science, IoT

Class 10: Inherent Security Shift

  • Large to small business uses
    • IBM, SAP to local POS
  • Web availability
    • Corporate, local, government, personal
  • Mobile availability
    • Early use, BOYD, modern availability and demand

Class 11: Inherent Security Shift

  • Governance
    • FERPA, HIPAA, SOX, GLBA, GDPR
  • Compliance
    • Federal, state, industry, professional
  • Reporting
    • Federal, state, professional

 

RESERVED FOR GROUP PRESENTATIONS

 

The Advent of Organizational Awareness

 

Class 12: Structural Changes

  • Formal hierarchy
    • CIO, CISO
  • Professional associations
    • ISACA, ISC^2
  • Responsibility
    • PII, stakeholders, shareholders

Class 13: Structural Changes

  • Structural shift
    • Compliance, controls, availability
  • Organizational shift
    • Security design, architectural approach
  • Damage mitigation (insurance)
    • Risk acceptance, long-term implications

Class 14: Perceptions of Risk

  • Varying education and training
    • Static policies, formal training, information education
  • Continual evolution of data
    • Applications, uses, ramifications
  • Rapid advancement in technology
    • Formal structure, global structure, IoT (pervasive)