Dr. Russell S.W. Yiu
Miss Jun Zhang
The aim of the course is to introduce different methods of protecting
information and data in computer and information systems from unauthorized
disclosure and modification. Topics include introduction to security;
cryptographic algorithms; cryptographic infrastructure; internet security;
secure applications and electronic commerce.
|Introduction by Instructor
||Information is an invaluable asset of an
organization. An organization may suffer huge financial loss or even be hold
legally liable if it does not take appropriate steps to protect its
information. With the rapid growth of information technology usages,
computer and network security play a vital role in protecting information.
However, there are many misconceptions in many areas of computer and network
security. It is important to understand that computer and network security
is a process which technology is only a means to an end. Furthermore,
attempts to achieve 100% security are impossible. Instead the key is to
reduce information security risks that an organization faces to an
acceptable level. To achieve this, the risk management cycle is the common
approach that information security professionals use. It is also important
to understand that as Bruce Schneier, a respected cryptographer, pointed out
functionality does not guarantee security. Furthermore, you cannot just
choose an algorithm, implement it and test that it work, then assume you
have a secure product. Sound understandings of cryptographic algorithms and
security protocol analysis are important in this aspect. The course aims to
clear up some of these misconceptions by discussing information security
management best practices, cryptographic algorithms, and security protocol
analysis. Please note that this course is not an information security
management per se course, information security analysis techniques will be
covered and students are expect to be able to apply this to perform case
Students are expected to have basic knowledge and skills that are
equivalent to an undergraduate discrete mathematics course such as those in
the MIT course “Mathematics for Computer Science (Spring 2017)”. The
textbook of this course is available at
Please note that review of the most important topics in discrete
mathematics will be provided in class.
||Students who have taken "ICOM6045
Fundamentals of e-commerce security" should not be allowed to take COMP7301.
- William Stallings, Cryptography and Network Security:
Principles and Practice, 7th edition, Prentice Hall.
- Scott Barman, Writing Information Security Policies, 1st
edition, New Riders Publishing, 2002.
- Matt Bishop, Computer Security: Art and Science, 1st
edition, Addison-Wesley Professional, 2002.
- Niels Ferguson, Bruce Schneier, Practical Cryptography,
1st edition, John Wiley & Sons, 2003.
- Dieter Gollmann, Computer Security, 3rd edition, John
Wiley & Sons, 2006.
- Thomas R. Peltier, Information Security Risk Analysis,
3rd edition, Auerbach Publications, 2005.
- B. Schneier, Applied Cryptography: Protocols,
Algorithms, and Source Code in C, 2nd edition, John Wiley &
- Harold F. Tipton, Micki Krause, editors, Information
Security Management Handbook, Volumes 1 – 3, 4th edition,
||1 September, 2017 - 14 September, 2017