Tentative Lecture Plan

 

Tentative lecture flow will be as follows. Some changes may occur depending upon the pace of the class. In the table below, texts highlighted in GREEN in Topics column represent notes I add after the class - in particular with regards to coverage.

Some helpful notes: Some previous experiences of the students and mine that may be helpful to you are as follows:

·         Students who have taken this course have felt that this is a very dense course - primary reason for it being dense is our goal to maintain the NSA IA standards.

·         In earlier offerings of this course, students who lacked strong mathematical background had found the first half of the course, which is focused on theoretical issues, quite challenging. Students are strongly recommended to read the materials before it is covered in the class. Most of the lecture materials will be similar to earlier offerings of the course, with updates and corrections.

·         The second half of the course content is much softer and less effort is needed to understand the concepts - but a lot of reading is required. This helps students to concentrate more on projects and labs/programming assignment.

·         The course is designed primarily with the overall security track in mind. The coverage is also expected to provide a foundational knowledge and broad understanding of security field, if this is the only course the student plan to take.

Tentative Course Schedule

 

 

Lecture/Date

 

Topics

Slides

Week 1

(Aug 30)

Introduction to the course;

Chap 1: Overview of Security

Chap 12: Design principles

 

(Covered till Slide 31 of Lecture 1)

 

(Lecture 1)

Week 2

(Sept 6)

 

Chap 2.2  Access Control Matrix

 

Access control in OS Unix

(Garfinkel book in Text book list in the main page)

 

Microsoft Reference (http://technet.microsoft.com/en-us/library/cc781716.aspx)

 

(Covered till Slide 21 of Lecture 2.1)

 

(Lecture 2.1)

 

Math Review

(Lecture 2.2)

 

 

Week 3

(Sept 13)

 

(Quiz 1: THERE WILL BE A QUIZ)

 

Chap 3 : HRU Access Control Model and results

Chap 4 - 6 : Security Policies, Confidentiality and Integrity Models

 

(Covered till Slide 7 of Lecture 2.2)

 

(Lecture 3)

Week 4

(Sept 20)

 

Chap 4 - 6 : Security Policies, Confidentiality and Integrity Models

Chap 7 : Hybrid Models: Clark Wilson, Chinese Wall,

[recommended readings:

ANSI INCITS 359-2004 RBAC STANDARD  OR NIST RBAC

 The Economic Impact of Role-Based Access Control”]

 

(Covered till Slide 26 of Lecture 3)

 

(Lecture 4)

(Lecture 5)

Week 5

(Sept 27)

 

Continue Lecture 4 and 5

 

Week 6

(Oct 4)

 

Chap 9: Basic Cryptography and Network Security

 

(Lecture 6)

 

Week 7

(Oct 11)

 

Continue Lecture 6

Week 8

(Oct 18)

NO CLASS (Oct 17/Monday is Fall Break; Monday class on Tuesday)

Week 9

(Oct 25)

MIDTERM

Week 10

(Nov 1)

 

Video lectures:  Lecture 6 + Risk Analysis

(IEEE CIC – no class)

 

(Risk Analysis Slides)

Week 11

(Nov 8)

 

Continue Lecture 6

Chap 10, 11: Key management, Network security

 

(Covered till Slide 25 of Lecture 7)

 

(Lecture 7)

Week  12

(Nov 15)

 

(Continue Lecture 7)

 

Authentication & Identity (Chap 11)

 

(Covered till Slide 7 of Lecture 8)

 

(Lecture 8)

Week 13

(Nov 22)

 

Information Privacy (including Healthcare privacy)

Healthcare IT Security & Privacy

 

[References papers (Paper1, Paper2) ]

 

[Recommended reading: NIST Document on on HIPAA Security Rule]

 

Following are assigned as VIDEO LECTURES

IDS, Auditing, Firewalls (Chap 22, 21)

Legal Issues (Stallings book; Chap 18), Physical Security

 

 

(Lecture 9: Privacy)

 

(Lecture 10: HealthITSP)

 

VIDEO LECTURES

(Lecture 12)

(Lecture 13)

Week  14

(Nov 29)

 

(Continue lecture on Privacy/healthITSP)

 

Software Security:

Strings, Race Conditions, SQL Injection / Cross-site Scripting

(Chapter on String & Race Conditions from Seacord’s Secure Programming in C/C++)

 

 

(Lecture 11)

Week  15

(Dec 6)

 

Week  16

(Dec 13)

Exam