COMP7301A - Computer and network security

Semester 1, 2017-18

Instructor
Dr. Russell S.W. Yiu
Teaching assistant
Miss Jun Zhang
Syllabus The aim of the course is to introduce different methods of protecting information and data in computer and information systems from unauthorized disclosure and modification. Topics include introduction to security; cryptographic algorithms; cryptographic infrastructure; internet security; secure applications and electronic commerce.
Introduction by Instructor Information is an invaluable asset of an organization. An organization may suffer huge financial loss or even be hold legally liable if it does not take appropriate steps to protect its information. With the rapid growth of information technology usages, computer and network security play a vital role in protecting information. However, there are many misconceptions in many areas of computer and network security. It is important to understand that computer and network security is a process which technology is only a means to an end. Furthermore, attempts to achieve 100% security are impossible. Instead the key is to reduce information security risks that an organization faces to an acceptable level. To achieve this, the risk management cycle is the common approach that information security professionals use. It is also important to understand that as Bruce Schneier, a respected cryptographer, pointed out functionality does not guarantee security. Furthermore, you cannot just choose an algorithm, implement it and test that it work, then assume you have a secure product. Sound understandings of cryptographic algorithms and security protocol analysis are important in this aspect. The course aims to clear up some of these misconceptions by discussing information security management best practices, cryptographic algorithms, and security protocol analysis. Please note that this course is not an information security management per se course, information security analysis techniques will be covered and students are expect to be able to apply this to perform case analysis.
Learning Outcomes
Course Learning Outcomes Relevant Programme Learning Outcome
CLO1. Able to understand the information security management process and perform basic information security risk assessment tasks. PLO.6, 7, 8, 9, 10, 11, 12, 13
CLO2. Able to understand the design principles of cryptographic algorithms and perform analysis on them. PLO.5, 6, 7, 8, 9, 16
CLO3. Able to perform information security protocol and application analysis. PLO.5, 6, 7, 8, 9, 10, 11, 12, 16
View Programme Learning Outcomes
Pre-requisites

Students are expected to have basic knowledge and skills that are equivalent to an undergraduate discrete mathematics course such as those in the MIT course “Mathematics for Computer Science (Spring 2017)”. The textbook of this course is available at https://courses.csail.mit.edu/6.042/spring17/mcs.pdf

Please note that review of the most important topics in discrete mathematics will be provided in class.

Compatibility Students who have taken "ICOM6045 Fundamentals of e-commerce security" should not be allowed to take COMP7301.
Topics covered
Course Content No. of Hours Course Learning Outcomes
1. Information security management discusses the different components of the risk management cycle with emphasis on information security risk assessment and audit. This is because in order to formulate efficient information protection program for an organization, one must first understand the various risks that an organization faces. One also needs to understand the importance and approaches of information security audit to ensure that appropriate safeguards are implemented as technology evolves. 10 CLO1
2. Cryptographic algorithms are the foundations of information security technology. We will emphasis on the analysis of the Data Encryption Standard (DES), Advanced Encryption Standard (AES), RSA, and Diffie-Hellman to illustrate the important principles in cryptographic algorithm design and implementation. 10 CLO2
3. Security protocol analysis techniques for analyzing potential security issues of a system or solution. 10 CLO3
 
Assessment
Description Type Weighting * Examination Period ^ Course Learning Outcomes
Take home assignment covering topics in information security management, risk assessment, and cryptographic algorithms Continuous Assessment 30% - CLO1, CLO2
Midterm covering topics in information security management, risk assessment, and cryptographic algorithms Continuous Assessment 20% - CLO1, CLO2
Written examination covering all the topics covered in class Written Examination 50% Dec 8 to 23, 2017 CLO1, CLO2, CLO3
* The weighting of coursework and examination marks is subject to approval
^ The exact examination date uses to be released when all enrolments are confirmed after add/drop period by the Examinations Office.  Students must oblige to the examination schedule. Students should NOT enrol in the course if they are not certain that they will be in Hong Kong during the examination period.  Absent from examination may result in failure in the course. There is no supplementary examination for all MSc curriculums in the Faculty of Engineering.

For reference:
Course materials Prescribed textbook:
  • William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall.
Recommended readings:
  • Scott Barman, Writing Information Security Policies, 1st edition, New Riders Publishing, 2002.
  • Matt Bishop, Computer Security: Art and Science, 1st edition, Addison-Wesley Professional, 2002.
  • Niels Ferguson, Bruce Schneier, Practical Cryptography, 1st edition, John Wiley & Sons, 2003.
  • Dieter Gollmann, Computer Security, 3rd edition, John Wiley & Sons, 2006.
  • Thomas R. Peltier, Information Security Risk Analysis, 3rd edition, Auerbach Publications, 2005.
  • B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition, John Wiley & Sons, 1995.
  • Harold F. Tipton, Micki Krause, editors, Information Security Management Handbook, Volumes 1 – 3, 4th edition, Auerbach Publications.
Session dates
Date Time Venue Remark
Session 1 5 Sep 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 2 12 Sep 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 3 19 Sep 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 4 26 Sep 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 5 3 Oct 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 6 10 Oct 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 7 24 Oct 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 8 31 Oct 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 9 7 Nov 2017 (Tue) 7:00pm - 10:00pm CB-A  
Session 10 14 Nov 2017 (Tue) 7:00pm - 10:00pm CB-A  
CB - Chow Yei Ching Building
Add/drop 1 September, 2017 - 14 September, 2017
Quota 100
Back