COMP7906A - Introduction to cyber security

Semester 1, 2022-23

Professor
K.P. Chow
Teaching assistant
Yan Qi Quincy Hui
Syllabus The aim of the course is to introduce different methods of protecting information and data in the cyber world, including the privacy issue. Topics include introduction to security; cyber attacks and threats; cryptographic algorithms and applications; network security and infrastructure.

Mutually exclusive with: ICOM6045 Fundamentals of e-commerce security
Introduction by Professor Information is an invaluable asset of an organization.  An organization may suffer huge financial loss or even be hold legally liable if it does not take appropriate steps to protect its information in the cyber world.  Cyber security plays a vital role in protecting information.  It is important to understand cyber security is a process which technology is only a means to an end.  Furthermore, attempts to achieve 100% security are impossible. Instead the key is to reduce cyber security risks that an organization faces to an acceptable level.  To achieve this, the risk management cycle is the common approach that cyber security professionals use.  It is also important to understand that as Bruce Schneier, a respected cryptographer, pointed out functionality does not guarantee security.  Furthermore, you cannot just choose an algorithm, implement it and test that it work, then assume you have a secure product.  Sound understandings of cryptographic algorithms and security protocol analysis are important in this aspect.  The course aims to clear up some of these misconceptions by discussing cyber security management best practices, cryptographic algorithms, and security protocol analysis.  Furthermore, the course will also discuss analytics techniques and the application of such techniques to augment cyber security programs.  Please note that this course is not an information security management per se course, information security analysis techniques will be covered and students are expect to be able to apply this to perform case analysis.
Learning Outcomes
Course Learning Outcomes Relevant Programme Learning Outcome
CLO1. Able to understand the information security management process and perform basic information security risk assessment tasks PLO.6, 7, 8, 9, 10, 11, 12, 13
CLO2. Able to understand the design principles of cryptographic algorithms and perform analysis on them PLO.5, 6, 7, 8, 9, 16
CLO3. Able to perform information security protocol and application analysis PLO.5, 6, 7, 8, 9, 10, 11, 12, 16
CLO4. Able to apply cyber security analytics techniques for cyber security monitoring and threat detection PLO.5, 6, 7, 8, 9, 10, 11, 12, 16
View Programme Learning Outcomes
Pre-requisites

Ideally, students are expected to have basic knowledge and skills that are equivalent to

  1. an undergraduate discrete mathematics course such as those in the MIT course "Mathematics for Computer Science (MIT course number 6.042J / 18.062J)". More information is available at https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-042j-mathematics-for-computer-science-fall-2010/index.htm and the textbook of this course is available at https://courses.csail.mit.edu/6.042/spring17/mcs.pdf;
  2. an undergraduate course in basic statistics such as those in the MIT course "Applied Statistics (MIT course number 15.075)". More information is available at http://dspace.mit.edu/bitstream/handle/1721.1/72947/15-075-spring-2003/contents/index.htm; and
  3. an introductory programing course such as those in the MIT course "Introduction to Computer Science and Programming Using Python (MIT course number 6.0001)". More information is available at https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-0001-introduction-to-computer-science-and-programming-in-python-fall-2016/

Please note that review of the essential topics in these three areas will be provided in class. 
CCompatibility Students who have taken "ICOM6045 Fundamentals of e-commerce security" should not be allowed to take COMP7906.
Topics covered
Course Content No. of Hours Course Learning Outcomes
1. Cyber security management discusses the different components of the risk management cycle with emphasis on cyber security risk assessment and audit. This is because in order to formulate efficient information protection program for an organization, one must first understand the various risks that an organization faces. One also needs to understand the importance and approaches of cyber security audit to ensure that appropriate safeguards are implemented as technology evolves. 6 CLO1
2. Cryptographic algorithms are the foundations of information security technology. We will emphasis on the analysis of the Data Encryption Standard (DES), Advanced Encryption Standard (AES), RSA, and Diffie-Hellman to illustrate the important principles in cryptographic algorithm design and implementation. 9 CLO2
3. Security protocol analysis techniques for analyzing potential security issues of a system or solution. 6 CLO3
4. Security analytics makes use of various data analytics techniques and tools for security monitoring and threat detection. 9 CLO4
 
Assessment
Description Type Weighting * Examination Period ^ Course Learning Outcomes
Take home assignment covering topics in information security management, risk assessment, and cryptographic algorithms Continuous Assessment 30% -- CLO1, CLO2, CLO3, CLO4
Midterm covering topics in information security management, risk assessment, and cryptographic algorithms Continuous Assessment 20% - CLO1, CLO2
Written examination covering all the topics covered in class Written Examination 50% 8 - 23 December 2022 CLO1, CLO2, CLO3, CLO4
* The weighting of coursework and examination marks is subject to approval
^ The exact examination date uses to be released when all enrolments are confirmed after add/drop period by the Examinations Office.  Students are obliged to follow the examination schedule.  Students should NOT enrol in the course if they are not certain that they will be in Hong Kong during the examination period.  Absent from examination may result in failure in the course. There is no supplementary examination for all MSc curriculums in the Faculty of Engineering.
Course materials Prescribed textbook:
  • William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall.
Recommended readings:
  • Scott Barman, Writing Information Security Policies, 1st edition, New Riders Publishing, 2002.
  • Matt Bishop, Computer Security: Art and Science, 1st edition, Addison-Wesley Professional, 2002.
  • Charles J. Brooks, Christopher Grow, Philip Craig, Donald Short, Cybersecurity Essentials, 1st edition, Sybex, 2018.
  • Niels Ferguson, Bruce Schneier, Practical Cryptography, 1st edition, John Wiley & Sons, 2003.
  • Ivan Palomares Carrascosa (editor), Harsha Kumara Kalutarage (editor), Yan Huang (editor), Data Analytics and Decision Support for Cybersecurity: Trends, Methodologies and Applications, 1st edition, Springer, 2017.
  • Dieter Gollmann, Computer Security, 3rd edition, John Wiley & Sons, 2006.
  • Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt, 1st edition, Addison-Wesley Professional, 2007.
  • Anne Kohnke and Ken Sigler, Implementing cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework, 1st edition, Auerbach Publications, 2017.
  • Thomas R. Peltier, Information Security Risk Analysis, 3rd edition, Auerbach Publications, 2005.
  • B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition, John Wiley & Sons, 1995.
  • Mark Talabis and Robert McPherson, Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data, 1st edition, Syngress, 2014.
Session dates
Date Time Venue Remark
Session 1 14 Oct 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 2 21 Oct 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 3 4 Nov 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 4 9 Nov 2022 (Wed) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 5 11 Nov 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 6 16 Nov 2022 (Wed) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 7 18 Nov 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 8 23 Nov 2022 (Wed) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 9 25 Nov 2022 (Fri) 2:00pm - 5:00pm GH-P603 Face-to-face
Session 10 30 Nov 2022 (Wed) 2:00pm - 5:00pm GH-P603 Face-to-face
GH - Graduate House
Add/drop 1 September, 2022 - 21 October, 2022
Maximum class size 84
Back