Applied Information Security (Summer University) (Spring 2024)

Abstract

This is a hands-on course that teaches the basic principles of computer security. You will get in-depth experience with cyberattacks, and how to prevent them. The course activities enable you to personalize the course to match your unique background.

Description

In this course, you learn how to determine security requirements, and how to identify risks to these requirements. You get hands-on experience with concrete cyberattacks that realize these risks. You learn how to audit a system to determine that an attack has taken place. Most importantly, you get experience with many methods and tools that prevent cyberattacks, including cryptography, authentication, authorization, and hardening. Finally, you learn how to design a user experience such that users can conform to security requirements.

Computer security touches on all areas of computer science. By taking this course, you will therefore gain a better understanding of how computers work. Furthermore, computer security is interdisciplinary by nature. You will get the opportunity to immerse yourself in your choice of the many disciplines that underpin computer security, including computer systems, programming languages, mathematics, and social sciences.

This course provides a window into the activities of security analysts, penetration testers, forensic analysts, security architects, and security engineers. This course can thus function as a starting point for pursuing such careers.

Ultimately, the goal is to enable you to make appropriate security-related decisions. The course does so by teaching you how to think clearly about security, by focusing on basic principles.

Formal prerequisites

Before taking this course you must: 

• Be able to design, implement, and test, medium-sized programs in a mainstream programming language, like Java, C#, Python, or JavaScript.
• Be able to apply basic algorithms and data structures to solve problems.
• Be able to apply basic logic and mathematical reasoning on discrete mathematical structures, such as sets, relations, functions, (discrete) probability, and combinatorics.

These requirements can be satisfied by taking a course on Introductory Programming, Discrete Mathematics, and Algorithms and Data Structures (the last of which can be taken in parallel with this course). In particular, 2nd semester SD students at ITU can take this course.

Intended learning outcomes

After the course, the student should be able to:

• Determine security requirements for a system, and analyze a system for security risks
• Identify, list, and explain standard cyberattacks on systems
• Identify, list, and discuss major principles of computer security.
• Identify, list, and explain Lampson’s “gold standard” mechanisms for computer security (authentication, authorization, audit).
• Identify, explain, and apply isolation in computer security.
• Identify, explain, and apply cryptography in computer security.
• Describe basic computer forensics techniques.
• Design and discuss usability in computer security.

Ordinary exam

Exam type:
C: Submission of written work, External (7-point scale)
Exam variation:
C11: Submission of written work