ISA 562: Information Security Theory and Practice


Mohamed Sharif, PhD.
Home: 571.333.8555

Mobile: 301.674.0973

Teaching Assistant:

Course Description:

This course is a broad introduction to the theory and practice of information security. It serves as the first security course for the MS-ISA degree and is required as a prerequisite for all subsequent ISA courses (at the 600 and 700 levels). It also serves as an entry-level course available to non-ISA students, including MS-CS, MS-ISE, and MS-SWE students.

Course Prerequisites

   INFS 501, 515, 590, and SWE 510, or permission of instructor.            

Course Material

Required:  Official (ISC)2 Guide to the CISSP CBK

Required:  Computer Security: Art and Science, Matt Bishop. Addison-Wesley ISBN: 0201440997

Reference: Computer Security: Principles and Practice, by William Stallings and Lawrie Brown

Reference: Security in Computing, 4/e, by C. Pfleeger and S. Pfleeger

Reference: Network Security, Private Communication in a Public World 2nd Edition by C. Kaufman, R. Perlman and M. Speciner.

Reference: Corporate Computer and Network Security by R. Panko

Reference: Network Security Essentials: Applications and Standards, 3/eby W. Stallings.

Reference: Cryptography and Network Security 2nd Edition by W. Stallings

Reference: Applied Cryptography 2nd Edition by B. Schneier

Reference: Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S. Vanstone.

Reference: Designing Network Security by M. Kaeo Cisco Press

Reference: Internet & TCP/IP Network Security by U. Pabrai and V. Gurani.

Reference: Fundamentals of Computer Security Technology by E. Amoroso

Reference: Building Internet Firewalls by D. Chapman and E. Zwicky

Reference: Firewalls and Internet Security by W. Cheswick and S. Bellovin

Reference: The CERT Guide to System and Network Security Practices by J. Allen

Reference: WWW.Security by R. MacGregor, A. Aresi and A. Siegert

Reference: Inside Internet Security by J. Crume

Reference: Secure Commerce on the Internet by V. Ahuja

Some helpful Links: Material available at the Bishop Companion Site and Stallings Companion site by Stallings.

Grading policy

Weights, Five or four quizzes 30% total, one midterm Exams 30% each, Final exam 40%.

No exam make up will be given

Late Submissions: Discouraged but allowed under exceptional circumstances with prior approval of the instructor.

Incompletes: No Incompletes will be given. Except extreme case

Honor Code Violations: All violators will be reported under all circumstances, and results in a course grade of F, in addition to any other penalties imposed by the university and/or the CS department.

Two students submitting a common or significantly similar copy of homework is a honor code violation.

Course Administration

Class Meetings: Thursday 07:20 10:00 PM in Loudoun 1 RM 232

Instructor Office Hours: by appointment

Examinations: All Examinations are in class, individual (no collaborations), closed book, neighbor and notes.


Additional Handout

Approximate Course Schedule



Readings from Bishop

Giving Out

Due in Class

Week 1
Jan 22

Information Security Overview

Ch 1



Week 2
Jan 29

Access Control

Ch 2, 3, 15



Week 3
Feb 05

Access Control

Ch 2, 3, 15



Week 4
Feb 12

Security Policies

Ch 4

Quiz 1 


Week 5
Feb 19

Confidential Policies

Ch 5



Week 6
Feb 26

Integrity Policies

Ch 6



Week 7
Mar 05

Hybrid Policies

Ch 7 

Quiz 2 


Week 8
Mar 12

 No class (Spring Recess)                




Week 9
Mar 19

Exam 1




Week 10
Mar 26


Ch 9



Week 11
Apr 02

Key Management

Ch 10,



Week 12
Apr 09

Network Security

Ch 26

Quiz 3


Week 13
Apr 16

Transport/ application Security

Ch 11



Week 14
Apr 23

Authentication and DB security

Ch 12



Week 15
Apr 30

System and user Security & Physical security

Ch 27 & 28

Quiz 4 


Week 16
May 07