News

SSST Subjects

Information Systems Security

 
 

Parent School / Dept

  • Information Systems Security
 

Programme(s) where module is offered

  • BSc Information Systems with Electrical Engineering;
  • BSc Information Systems with Economics;
  • BSc Information Systems with Management;
  • BSc Information Systems with International Relations;
  • BSc Information Systems with Political Science;
 

Status (core, option, free choice)

Core

 

FHEQ Level

5

 

Unit Value

8 ECTS

 

Term taught

Fall

 

Pre-Requisite Modules or Qualifications

None

 

Module Code

IS 385

 

Module coordinator

Aldina Bibovic

 

Applicable From

2016

 

Educational Aims of the Module

  • Rapid advances in technology have positive effects on modern life, but also bring drawbacks. Every new technology reintroduces the question of whether security provided for the previous technology is applicable to the new one.
  • Security as an inevitable integral part of today’s information systems became even more so with the expansion and popularization of the Internet.
  • The Internet, as a tool which brought unexpected and advanced ways of human communication and interaction, forced the consideration of security requirements of security-unaware and predominantly security-inexperienced users. In other words, dealing with the Fundamental Dilemma of Security.
  • Therefore, the aim of the module is to define what information, computer and network security is, and point out the objectives of this area. In addition to which, equip students with analytical skills to identify security threats to vulnerabilities in a system, problem solving skills to create security policies and recovery plans, and practical skills to implement security plans and policies.

Thus, aims are:

  • Studying information, network and application security.
  • Evaluate security Risks and Threats.
  • Demonstrating and applying the working of various private and public key ciphers, as well as cryptographic protocols.
  • Surveying security tools and applications; including e-mail security, IP security, biometrics.
  • Understanding of a broad range of issues related to information system security management.
 

Module Outline/Syllabus

  • Information Security Governance: Confidentiality, integrity, and availability concepts, Security governance principles, Compliance, legal and regulatory issues, Professional ethic, Security policies, standards, procedures and guidelines, Security Assessment and Testing,
  • Asset Security and Risk Management: Information and asset classification, Ownership (e.g. data owners, system owners), Risk assessment, Data security controls,
  • Communications and Network Security: Secure network architecture design, Secure network components, Secure communication channels, Network attacks and Countermeasures,
  • Identity and Access Management: User Identity, Access Control Techniques, Methods of Attack and Countermeasures,
  • Security Operations: Operations Controls, Elements of Physical Security,
  • Cryptography: Crypto Concepts, Methodologies, and Practices, Classical cryptography, Modern cryptography, Public Key Infrastructure
  • Software Development Security: System Development Controls, Application Issues (Cross-Site Scripting, Buffer Overflows), Malicious Code
 

Student Engagement Hours

Type Number per Term Duration Total Time
Lectures 30 2 hours 60 hours
Laboratory sessions 15 2 hours 30 hours
Total Guided/Independent Learning Hours 110
Total Contact Hours 90
Total Engagement Hours 200
 

Assessment Method Summary

Type Number Required Duration / Length Weighting Timing / Submission Deadline
Quiz 10 10 minutes 10% Weeks: 2-6, 8-12
Mid-term exam 1 90 minutes 20% Week 7
Project (individual / group) 1 2000 words 20% Week 10
Final exam 1 180 minutes 50% Week 15
 

Module Outcomes

Intended Learning Outcomes:

  • Understand the technical and social nature of IS Security
  • Knowledge of the main IS Security services : confidentiality, integrity, availability
  • Demonstrate the knowledge of security objectives and mechanism to achieve the same
  • State the characteristics of typical security architectures, including multi-level security systems
  • Explain concepts related to various cryptographic tools
  • Explain and compare the various access control policies and models as well as the assurance of these models
  • State the basic concepts and general techniques in security auditing and risk assessment
  • Understand PKI and certification within wired and wireless networks
  • Determine appropriate mechanisms for protecting information systems ranging from operating systems, to database management systems, and to applications.

Teaching and Learning Strategy:

  • Lectures provide core information on specific topics (ILO:1-9)
  • Laboratory sessions (ILO:1-6)
  • Tutorials use examples and solutions to illustrate the theory and give students an opportunity to put their knowledge to practice (ILO:1-6)
  • Case-study discussion (ILO:1-6)
  • Homework/assignments: use of security tools (ILO:1-9)
  • Self-study (ILO:1-9)
  • Participation in class work: Laboratory and in-class participation (ILO:1-6)

Assessment Strategy:

  • Mid-term exam (ILO: 1-4, 7)
  • Final exam (ILO: 1-9)
  • Project (ILO: 1-9)
  • Quiz (ILO: 1-9)

Practical Skills:

  • Apply cryptography and cipher algorithms to IS security
  • Ability to plan and design IS security, select and use specific tools and techniques to support effective IS security (e.g. PGP, SSL)
  • Ability to conduct simple risk assessment on the most common information assets
  • Ability to identify security threats through the use of tools such as password cracker, port-scanner, packet-sniffer, memory space recovery

Teaching and Learning Strategy:

  • A mixture of lectures, exercises in the class, and case studies are used to deliver the various topics in this module. (PS:1-4)
  • Some material is covered using a problem-based format to advance the learning objectives. Other material is covered through directed study to enhance students’ independent learning ability. Some case studies, largely based on consultancy experience, are used to integrate these topics and demonstrate to students how the various techniques are interrelated and can be applied in real-life situations. (PS:1-4)
  • Tutors will use discussions in the class to test student subject knowledge (PS:1-4)
  • Students will benefit from the expertise of external guest lecturers (PS:1-4)
  • Students will have the opportunity to present their work and participate in group discussions (PS:1-4)

Assessment Strategy:

  • Project (PS:1-4)
  • Mid-term exam (PS:3, 4)
  • Final exam (PS:1-4)
  • Quiz (PS: 1, 3, 4)

Transferable Skills:

  • Creative thinking skills
  • IT skills
  • Team working skills
  • Presentation skills

Teaching and Learning Strategy:

  • Class exercises and lectures (TS:1-4)
  • Project work and group discussion (TS: 1-4)
  • Practical lessons in the lab (TS: 2)

Assessment Strategy:

  • Project (TS:1-4)
  • Quiz (TS:1, 2)
  • Mid-term exam (TS: 1, 2)
  • Final exam (TS: 1, 2)
 

Key Texts and/or other learning materials

Set text

  • Vacca R. John .,(2013), Computer and Information Security Handbook, 2nd Edition, Morgan Kaufmann,

Supplementary Materials

  • Boyle R. and Panko R., (2013) Corporate Computer Security, 3rd Edition, Prentice Hall
  • Stallings W., (2013) Cryptography and Network Security: Principles and Practice, 6th Edition, Prentice Hall
  • Stallings W., Brown,(2011). Computer Security – Principles and Practice, 2nd Edition, Pearson International,
  • Kim P., (2014), The Hacker Playbook: Practical Guide To Penetration Testing, CreateSpace Independent Publishing Platform
  • Anderson, R., (2008), Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, John Wiley & Sons

Please note

This specification provides a concise summary of the main features of the module and the learning outcomes that a typical student might reasonably be expected to achieve and demonstrate if he/she takes full advantage of the learning opportunities that are provided.

More detailed information on the learning outcomes, content and teaching, learning and assessment methods of each module and programme can be found in the departmental or programme handbook.

The accuracy of the information contained in this document is reviewed annually by the University of Buckingham and may be checked by the Quality Assurance Agency.

Date of Production : Autumn 2016

Date approved by School Learning and Teaching Committee: 28th September 2016

Date approved by School Board of Study : 12th October 2016

Date approved by University Learning and Teaching Committee: 2nd November 2016

Date of Annual Review: December 2017

Ptica

Visit us

Hrasnička cesta 3a, Sarajevo, 71 000

Bosnia and Herzegovina

Entrance Exams are held at SSST, from April to September, starting at 9:00 a.m.

Contact us

Tel: +387 33 975 002

Fax: +387 33 975 030

administration@ssst.edu.ba

admissions@ssst.edu.ba

Download brochure

Get the manual for freshman and prepare
for SSST Entrance Exam.

Download Download here

SSST © 2024 All rights reserved | Made by MANIA