Pre-requisite information

1. CS220 Discrete Structures is required for this course. Students without this pre-requisite can be registered only with the permission from the instructor.
2. Students should possess the reasoning skill equivalent to that required under the LASAR requirement for Scientific Methodology and Quantitative Reasoning.
3. In this course, students are expected to participate in a survey related to individual privacy perspective. Whenever resources are available, students may also participate in evaluating biometrics technologies (e.g., fingerprint, voice, and iris) for security control. If students wish to participate in evaluating biometrics technologies, students are expected to agree to the protocol described under the IRB 09-03-16-01, which was approved by Queens College IRB00004578. A copy of the protocol is available upon request by sending an email to xiuyi.huang@qc.cuny.edu

Some details

Information and Computer Security is an introductory course for individuals interested in the theory and practice of security control and privacy protection. We will first introduce the concepts behind security control and privacy protection as applied to ascertain confidentiality, integrity, and availability (of the information and/or computer system). Here are some of the issues that we will explore in the class: What is privacy? How does security and privacy differ from each other? How security control and privacy protection may be achieved through technical and non-technical means?

We will use the SANS NewsBites as a resource for the case study on the REAL information leaks and computer security breach. We will also use the "case reports" from the ACLU (American Civil Liberties Union) and EFT (Electronic Frontier Foundation) to discuss issues surrounding privacy, digital rights, among others. Selected techniques and technologies used for security and privacy safeguard will be illustrated; specifically, how cryptography can be used to realize privacy preserving secure computation for information retrieval, and how multi-modal biometrics technologies can be used to achieve non-repudiation on information and/or computer access. While the technical details of these techniques are not the focus of the illustration, these selected techniques and technologies will be used as a basis to introduce the concept of risk assessment and management, as well as the metrics and methods used for evaluating the strength of security control and privacy protection offered by an information computer system.

Although this course is offered as a Computer Science elective, this course will maintain a balance on the coverage between computer science techniques, social implication, and security/privacy awareness. The depth on the technical and non-technical coverage will be determined at the beginning of the semester according to the level of interest and the background of the students.

At the end of the course, students will gain a basic understanding on the concept of security and privacy, and how this concept can be applied to evaluate the security and privacy aspect of an information system or a computer system. Equally important, students will be aware of the resources available for learning the latest development in the area.

Below is a non-exhaustive list of the references and resources that we may be using in the class:

1. http://csrc.nist.gov/
2. http://www.sans.org/security-resources/
3. http://its.ucsc.edu/security_awareness/training.php
4. http://www.aclu.org
5. http://www.eff.org
6. http://homepages.cwi.nl/~cramer/papers/CRAMER_revised.ps (A classical introduction to Secure Multi-party Computation at a not really intro level for undergraduates)
7. CISSP Exam, Susan Hansche et al, Auerbach Publisher, ISBN: 084931707X, 2003 or latest edition.
8. Biometric Technologies and Verification Systems Vacca, John R. 2007, Approx. 656 p., Paperback ISBN-13: 978-0750679671.