University of South Carolina

Department of Computer Science and Engineering

 

CSCE 522 Information Security Principles

Fall 2019

 

 

Section 001/H10: Tuesday, Thursday 1:15 – 2:30 pm, Horizon II, 1400

Section J60:  Virtual classroom, Lectures will be posted automatically to the course Blackboard account 

 

Instructor:                    Csilla Farkas

Office:                         Horizon II, 2253

Office Hours:               Tuesdays 11:45 am – 1:15 pm, Thursdays 2:30 – 4:00 pm, electronically any time or by appointment

Telephone:                   (803)576-5762

E-mail:                         farkas@cec.sc.edu

Class homepage:           http://cse.sc.edu/~farkas/csce522/csce522.htm  

Graduate TA:               Theppatorn Rhujittawiwat

Office: Horizon II, 1215

Office Hours: TBA

Email: theppatorn@gmail.com

 

Course Description: This course will describe the basic principles of information systems security, including cryptography, identifications and authentications, access control models and mechanisms, multilevel database security, steganography, Internet security, and planning and administering security.  The students will gain an understanding of the threats to information resources and learn about counter measurements and their limitations.

 

Text Books

1.       Charles P.Pfleeger and Shari Lawrence Pfleeger, Security in Computing (5th Edition) (Hardcover), Prentice Hall PTR; ISBN: 9780134085043

2.       Online resources

 

Assignments:

• Quizzes: there will be several quizzes randomly given
• Homework assignments: there will be several homework assignments during the semester. 
• Group Project:  group project to enable students to investigate security threats in currently evolving technologies. 
• Exams: two closed book tests will cover the course material.  Final exam is accumulative. 

 

Assignments are always due on the announced day and time. There will be a late submission penalty of 20%/day after the due date for homework and project assignments unless it is approved by the instructor.  Cutoff date for assignments is 1 week after due date!  Exams must be taken as scheduled except in cases of extenuating circumstances such as a documented emergency. 

 

 

APOGEE students:

All students are required to follow the class’ website and submit all assignments on time.  However, APOGEE students (that is students enrolled in section J60) are NOT required to attend the lectures.  All students MUST attend the exams in person.  Exam dates and times will be announced at least 2 weeks in advance. 

 

 

Grading:

There is no curving!

Homework assignments: 15%, Quizzes: 10%, Project: 20%, Midterm: 25%, Final exam: 30%,

Total score that can be achieved: 100

 

Graduate students must perform additional assignments to receive full credit.  These additional assignments include: extra questions on tests and additional homework assignments.

 

Final grade:     90 < A ,  85 < B+ <=90, 80 < B <= 85, 75 < C+ <= 80, 65 < C <= 75,

60 < D+ <= 65, 50 < D <= 60, F  <= 50

 

Specific course information

·         Catalog description: Threats to information resources and appropriate countermeasures.  Cryptography, identification and authentication, access control models and mechanisms, multilevel database security, steganography, Internet security, and intrusion detection and prevention.

·         Prerequisites: CSCE 240 or MGSC 596

·         Required in CIS curricula

 

Specific goals for the course

·         Identify common risks, threats, and countermeasures related to computing systems.

·         Apply knowledge of computer security to personal computer use.

·         Analyze computing situations with respect to security risks, threats, and countermeasures, including the tradeoffs between security and system functionality.

·         Work with others to design and/or implement security measures. 

 

Attendance

Attendance is expected at all class sessions.  In accordance with USC’s Attendance Policy, absence from more than 10 percent of the scheduled class sessions (more than two absences), whether excused or unexcused, is excessive and the instructor may exact a letter grade penalty for such absences. It is of particular importance that a student who anticipates absences in excess of 10 percent of the scheduled class sessions receives prior approval from the instructor before the last day to change schedule as published in the academic and refund calendars on the registrar’s Web site.  See http://registrar.sc.edu/

 

Academic Integrity

You are expected to practice the highest possible standards of academic integrity. Any deviation from this expectation will result in a minimum academic penalty of your failing the assignment and will result in additional disciplinary measures including referring you to the Office of Academic Integrity. Violations of the University's Honor Code include, but are not limited to, plagiarism, cheating, falsification, complicity, and any other form of academic misrepresentation. For more information, see https://www.sa.sc.edu/academicintegrity/

 

Accommodating Disabilities

Reasonable accommodations are available for students with a documented disability. If you have a disability and may need accommodations to fully participate in this class, contact the Student Disability Resource Center:  803-777-6142, TDD 803-777-6744, email sasds@mailbox.sc.edu, or stop by LeConte College Room 112A. All accommodations must be approved through the Office of Student Disability Services.   See https://www.sa.sc.edu/sds/.

 

Diversity

In order to learn, we must be open to the views of people different that ourselves. In this time we share together over the semester, please honor the uniqueness of your fellow classmates and appreciate the opportunity we have to learn from one another. Please respect each other’s opinions and refrain from personal attacks or demeaning comments of any kind. Finally, remember to keep confidential all issues of a personal or professional nature that are discussed in class.

 

 

TENTATIVE  SCHEDULE:

 

            Basic security concepts

            Cryptography, Secret Key

            Cryptography, Public Key

            Identification and Authentication, key-distribution centers, Kerberos

            Security Policies -- Discretionary Access Control,  Mandatory Access Control 

            Access control -- Role-Based, Provisional, and Logic-Based Access Control

            The Inference Problem

            Program Security -- Viruses, Worms, etc.

            Network and Internet Security, E-mail security, User Safety

            Firewalls

            Intrusion Detection, Fault tolerance and recovery

            Information Warfare

            Security Administration, Economic impact of cyber attacks