FCM 700, Section 01
Instructor: Prof. Douglas Salane
- office: 4213N
- web site: http://web.math.jjay.cuny.edu
- Thurs., 6:15 - 8:15pm
- Room NB 1.101
Office Hours: Tues. and
Thurs., 2:00 - 3:00 pm, or by appointment
The course introduces fundamental
principles and practices of information security. Case studies provide a glimpse of the current
state of information security by examining recent notable data breaches,
information system exploits and efforts to build secure systems. Core topics covered include the use of
encryption to obtain information security properties, multilevel and
multilateral security, risk management as the driving force behind computer
security and techniques for monitoring security policy compliance. Also discussed is the role that both legal
requirements and industry standards play in information security.
- Understand basic information security models, polices and mechanisms
- Be familiar with prominent current threats to information systems in selected industries
- Understand the methodologies that allow one to determine the risk posed by a threat and the appropriate way to mitigate the risk
- Understand the role psychology and economics play in the design and compromise of information systems
- Know the requirements for identification and authentication
- Understand the importance of industry and legal standards in the design and operation of information systems
- Develop a working knowledge of the use of cryptography to obtain security properties
- Be familiar and know how to use credible information sources that are needed to protect information systems
The course requires some basic background in computing and mathematics, particularly familiarity with function concepts.
The level of computing background will depend on the type of projects the student chooses. For example, a project that requires
deployment of SNORT to monitor for policy compliance will require the student to be familiar with various network protocols.
Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems (2nd Edition). Wiley Publishing, Inc. (2008). ISBN: 978-0-470-06852-6
William Stallings. Network Security Essentials: Applications and Standards (4th Edition). Pearson Education, Inc. (2011). ISBN-13: 978-0-13-610805-4
- I'll provide more information on the suggested texts the first day of class.
Michael E. Whitman and Herbert J. Mattord. Readings and Cases in Information Security: Law and Ethics.
Course Technology Cengage Learning (2011). ISBN:-13: 978-1-4354-4157-5
Matt Bishop. Introduction to Computer Security. Addison Wesley Professional (2005)
A.J. Menezes, P.C. van Oorschot and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press (2001)
Charles Pfleeger and Shari Pfleeger. Analyzing Computer Security: A Threat/Vulnerability/Counter Measure Approach
Prentice Hall (2012).ISBN-10: 0132789469
Thomas Corman et al. Introduction to Algorithms (2nd edition). The MIT Press (2001)
Dieter Gollmann. Computer Security (3rd edition). John Wiley & Sons, LTD (2011)
Check the course outline for assigned papers and readings on web sites.
Assignments and Grading:
Readings and Quizzes (45%): Readings and papers will be assigned each week from the texts and the information and computer
security literature. For each assigned paper students must hand in a one page or longer review of the paper.
The review should include a brief summary (in your own words), as well as comments on what you liked about the
paper and what you did not like about the paper or thought was lacking. Finally, there should be a brief
closing paragraph on the impact of the paper on the particular area addressed.
Students may want to include citations to related work. Students must be prepared to discuss the assigned
readings and papers in class.
Projects (30%): There will be three projects assigned during the semester. These may take the form of an extended research paper or a software project, for example, configuring an intrusion detection system to monitor for policy compliance. Those doing a software project must provide complete project documentation and experimental results. The instructor will provide a list of possible projects. Students who have their own ideas for projects should discuss them with the instructor.
Presentations (15%): Students will be required to give one or more presentations during the semester. The presentation will be based on a topic we are discussing or may take the form of a progress report on a project.
Class Participation (10%): Students must be prepared to discuss the assigned readings and participate in class
Students are expected to attend all classes and hand in assignments on time. Assigned readings and the reviews must
be completed before the start of each class. Students are expected to participate in class discussions.
Academic Honesty: You only learn if your work is
your own. Cheating on projects or copying assignments will not be
tolerated. Please review the College's policies on Plagiarism and Cheating.
Schedule of Topics