Information Security
FCM 700, Section 01
Spring 2013

Instructor: Prof. Douglas Salane

  • office: 4213N
  • e-mail:dsalane@jjay.cuny.edu
  • web site: http://web.math.jjay.cuny.edu

Class Meetings:

  • Thurs., 6:15 - 8:15pm
  • Room NB 1.101

Office Hours: Tues. and Thurs., 2:00 - 3:00 pm, or by appointment

Course Description: The course introduces fundamental principles and practices of information security. Case studies provide a glimpse of the current state of information security by examining recent notable data breaches, information system exploits and efforts to build secure systems. Core topics covered include the use of encryption to obtain information security properties, multilevel and multilateral security, risk management as the driving force behind computer security and techniques for monitoring security policy compliance. Also discussed is the role that both legal requirements and industry standards play in information security.

Course Objectives:

  • Understand basic information security models, polices and mechanisms
  • Be familiar with prominent current threats to information systems in selected industries
  • Understand the methodologies that allow one to determine the risk posed by a threat and the appropriate way to mitigate the risk
  • Understand the role psychology and economics play in the design and compromise of information systems
  • Know the requirements for identification and authentication
  • Understand the importance of industry and legal standards in the design and operation of information systems
  • Develop a working knowledge of the use of cryptography to obtain security properties
  • Be familiar and know how to use credible information sources that are needed to protect information systems

Prerequisties: The course requires some basic background in computing and mathematics, particularly familiarity with function concepts. The level of computing background will depend on the type of projects the student chooses. For example, a project that requires deployment of SNORT to monitor for policy compliance will require the student to be familiar with various network protocols.

Suggested Texts:

  • Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems (2nd Edition). Wiley Publishing, Inc. (2008). ISBN: 978-0-470-06852-6
  • William Stallings. Network Security Essentials: Applications and Standards (4th Edition). Pearson Education, Inc. (2011). ISBN-13: 978-0-13-610805-4


  • I'll provide more information on the suggested texts the first day of class.

Supplemental Resources:

  • Michael E. Whitman and Herbert J. Mattord. Readings and Cases in Information Security: Law and Ethics. Course Technology Cengage Learning (2011). ISBN:-13: 978-1-4354-4157-5
  • Matt Bishop. Introduction to Computer Security. Addison Wesley Professional (2005)
  • A.J. Menezes, P.C. van Oorschot and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press (2001)
  • Charles Pfleeger and Shari Pfleeger. Analyzing Computer Security: A Threat/Vulnerability/Counter Measure Approach Prentice Hall (2012).ISBN-10: 0132789469
  • Thomas Corman et al. Introduction to Algorithms (2nd edition). The MIT Press (2001)
  • Dieter Gollmann. Computer Security (3rd edition). John Wiley & Sons, LTD (2011)
  • Check the course outline for assigned papers and readings on web sites.

Assignments and Grading:

Readings and Quizzes (45%): Readings and papers will be assigned each week from the texts and the information and computer security literature. For each assigned paper students must hand in a one page or longer review of the paper. The review should include a brief summary (in your own words), as well as comments on what you liked about the paper and what you did not like about the paper or thought was lacking. Finally, there should be a brief closing paragraph on the impact of the paper on the particular area addressed. Students may want to include citations to related work. Students must be prepared to discuss the assigned readings and papers in class.

Projects (30%): There will be three projects assigned during the semester. These may take the form of an extended research paper or a software project, for example, configuring an intrusion detection system to monitor for policy compliance. Those doing a software project must provide complete project documentation and experimental results. The instructor will provide a list of possible projects. Students who have their own ideas for projects should discuss them with the instructor.

Presentations (15%): Students will be required to give one or more presentations during the semester. The presentation will be based on a topic we are discussing or may take the form of a progress report on a project.

Class Participation (10%): Students must be prepared to discuss the assigned readings and participate in class discussions.

Responsibilities: Students are expected to attend all classes and hand in assignments on time. Assigned readings and the reviews must be completed before the start of each class. Students are expected to participate in class discussions.

Academic Honesty: You only learn if your work is your own. Cheating on projects or copying assignments will not be tolerated. Please review the College's policies on Plagiarism and Cheating.

Schedule of Topics