INFS 6320 Advanced Integrated Security and Assurance
Tel. No.: 904-8348 Office: N 335
Website: D2L (elearn.mtsu.edu) Email: mmurtaza
Office Hours: MW 4:30 – 6 PM; Th 11:05 – 2:35 PM
Catalog description:
An integrated approach to the development, implementation, and assurance of an information systems security program. Students will combine and apply the principles from security and assurance into proactive planning that attains compliance, efficiency and effectiveness.
Course Objective:
To be able to identify, plan and implement a complete, consistent and robust security program and architecture aimed at protecting the assets of the organization that is based on an understanding of the risks, tools, technologies and management practices found within the industry.
Suggested references
(not required):
“Security Metrics” by Andrew Jaquith (Addison Wesley)
“Counter Hack Reloaded” Second Edition, by Ed Skoudis (Prentice Hall)
“Security Engineering” Second Edition by Ross Anderson (Wiley)
Online resouces (to be assigned)
Course Evaluation: Student performance assessment is based on quizzes, assignments, case study, and research paper/presentations as follows:
|
Quizzes (2-3) |
45% |
|
Assignments |
15% |
|
Case Study |
15% |
|
Research Paper/Presentation |
25% |
93 and above A, 90 to 92.9 A-,
87 to 89.9 B+, 83 to 86.9 B, 80 to 82.9 B-,
77 to 79.9 C+, 73 to 76.9 C, 70 to 72.9 C-,
67 to 69.9 D+, 63 to 66.9 D, 60 to 62.9 D-,
Below 60 F
Case Presentations:
A list of short Info Sec cases would be provided (D2L), you can create an online powerpoint presentation on one of the cases and upload it to D2L.
Research Topics for paper/presentation:
You have to select a security topic of current interest/research, find a few journal articles on the topic and write a research paper and also (powerpoints) present it to the class during the last 4 weeks of the course. You can select, with instructor’s permission, a topic of your interest; some of the suggested topics for the research are as follows (but you are not limited to these):
VOIP security
RFID security
Virtual machines and security
Web Services / grid computing security
New user authentication methods– biometrics
Cloud computing security
Health Information security
Security in Government
Digital resources security
Security and Compliance
E-Discovery
Security & culture
Tentative Schedule:
1/26 - Introduction/overview
Anatomy of an attack (Vulnerabilities)
2/ 2 - Verification and analysis of secure systems
General security design (Access control mechanisms, attacks)
2/9 - Web application security (XSS, SQL-injection, Scriptin and Ajax)
PKI, Certificates (TLS, SET and IPSec)
2/16 - Threat Modeling
Database security, compliance
Economics of Security and Privacy
2/23 - Security Metrics
System hardening
Security and Regulatory compliance
3/2, 16, 23, 30 Online
Quiz 1 – topics covered in class
Quiz 2 – topics covered in online topics
4/6 Student Presentations
4/13 Student Presentations
4/20 Student Presentations
4/27 Current & Future Issues
Quiz 3 – Current topics