George Mason University
Computer Science Department

Course Number: ISA562

Course Title: Information Security Theory and Practice

Course Time: Monday 4:30 to 7:10 pm

Room: Innovation Hall 208

Instructor: Arun Sood

Office: Engineering 5327

Office Phone: 703-993-1524

Office Hours: Monday 3:00 to 4:15 PM.

E-mail: asood (at) gmu (dot) edu.

Teaching Assistant: Mohammad Rezaeirad

E-mail: mrezaeir (at) gmu (dot) edu

Office Hours: TBD

E-messages must include ISA562 as the first 5 characters of the Subject line.  Generally e-mail is good for clarifying or confirming information.   I prefer short and precise messages, and you can expect similar responses. If you find that the reply is too terse, and requires clarification - do not hesitate to see the instructor. If you require more details, a face to face meeting is strongly recommended. E-mail is not a substitute for face to face meetings.

Text: Introduction to Computer Security: Matt Bishop - read this FREE through GMU's Safari Online

Supporting Book:  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers: Kevin D. Mitnick; William L. Simon - read this FREE through GMU's Safari Online

Catalog description: 

A technical introduction to the theory and practice of information security, which serves as the first security course for the MS-ISA degree, is required as a prerequisite for all subsequent ISA courses (at the 600 and 700 levels) and subsumes most topics covered by the CISSP examination. Also serves as an entry-level course available to non-ISA students, including MS-CS, MS-IS, and MS-SWE students.

Pre-requisites: INFS 501, 515, 519, and SWE 510, or permission of instructor.
Students not satisfying the prerequisites will be dropped from the class.

Course Content:

Modern enterprise computers are constantly under attack. A number of devices and subsystems are deployed in the enterprise defense.  This course covers the software sub-systems that are involved in defending computer systems.  We will cover the threats, access control and identity management, network and system security, intrusion detection and recovery systems, monitoring and forensic systems.

This course will follow the text, although supplementary material will be required to cover some of the topics.

1.       Security Challenges: Threat models

2.       Access control systems

3.       Security policies

4.       Confidentiality policies

5.       Integrity policies

6.       Hybrid policies

7.       Basic cryptography

8.       Key management

9.       Cipher techniques

10.    Identity management systems: Authentication, passwords, biometrics

11.    Network security protocols: DNSSEC

12.    Vulnerability Analysis

13.    Resilience and intrusion tolerance

14.    Designing Enterprise Security

Course Outcomes:

Students should be able to

• Explain the threats that enterprise systems encounter.  
• Describe the subsystems and components used for cyber security: Firewalls, IDS/IPS, Identity Management, Access Control.
• Describe the metrics used to characterize the performance of the security components and subsystems
• Distinguish between reactive and proactive cyber security strategies

Lecture Strategy

Your active participation in the class discussions is encouraged. The instructor is interested in encouraging participation of ALL the students, and any suggestions that will facilitate this effort are solicited.

At the beginning of each class a few minutes will be used to review market and technology trends that have a security implication. To show the connection between the lectures and existing architectures, students will be required to explore the internet and obtain information about commercial systems.

Homework

All homework must be prepared using a word processor.

Late Policy

Late homework will be accepted with a penalty of 20% per day within 3 days after deadlines and will not be accepted three days after due date, unless under prearranged conditions.

Grade

The grade will be computed on the following basis:

Exam I: 20%; Exam II: 20%; Final: 25%; Quizzes and Homework: 25%, and Class Participation: 10%.

There will be several short quizzes. Class Participation is recorded on a daily basis.

Tentative grade cut-offs: A >90%, B > 80%, C >65%, D >50%.

Grade Appeal Policy:

If you feel you deserve a better grade on an assignment or exam, you can appeal your grade in writing. Written grade appeals will only be accepted within 7 days of you receiving the grade. The appeal should clearly explain why you feel you deserve a higher grade. I will never lower your grade due to an appeal, but I may or may not raise your grade depending on your justification.

Exam Content

The exams in general will include questions relating to concepts, definitions, analysis and design. You are strongly urged to solve the problems at the end of each chapter. You should not be surprised to find some questions similar to these problems in the various exams.

Exams Schedule (Tentative):

Exam 1:  March 6; Exam 2: April 24, Final:  Monday May 15: 4:30 – 7:15 pm

Spring break (no class): March 13. Last Class:  May 1.

School Calendar http://registrar.gmu.edu/calendars/

Make - up exams are strongly discouraged.

Award of IN grade:

The IN grade policy as indicated in the catalog will be strictly adhered to. You must provide the necessary back-up documentation (e.g. medical certificate) for your application to be considered favorably. In all circumstances the written request, with all the back up documentation, must be received before the final exam week.

Honor Code

Honor Code procedures will be strictly adhered. Students are required to be familiar with the honor code. You must not utilize unauthorized material or consultation in responding to your tests. Violations of the honor code will be reported. Unless otherwise stated, homework assignments must be based on the student’s own effort. Information on the university honor code can be found at  http://oai.gmu.edu/the-mason-honor-code-2/.  In addition to the GMU Honor Code, students in Computer Science courses must adhere to the Computer Science policies http://cs.gmu.edu/resources/honor-code/ Similarity detection software may be used to assist in finding honor code violations, should they occur.

Disability Services

The Office of Disability Services (ODS) is available to serve all students with disabilities, including those with cognitive (e.g., learning, psychological, and closed head injury), sensory, mobility, and other physical impairments. If you are a student with a disability and you need academic accommodations, please contact the Disability Resource Center (DRC) at 703.993.2474. All academic accommodations must be arranged through that office.

Links to the University Catalog and the University Policies website:

University Catalog: http://catalog.gmu.edu/

University Policies: http://universitypolicy.gmu.edu/