Information and Computer Security is an introductory course for individuals interested in the theory and practice of security control and privacy protection. We will first introduce the concepts behind security control and privacy protection as applied to ascertain confidentiality, integrity, and availability (of the information and/or computer system). Here are some of the issues that we will explore in the class: What is privacy? How does security and privacy differ from each other? How security control and privacy protection may be achieved through technical and non-technical means?
We will use the SANS NewsBites as a resource for the case study on the REAL information leaks and computer security breach. We will also use the "case reports" from the ACLU (American Civil Liberties Union) and EFT (Electronic Frontier Foundation) to discuss issues surrounding privacy, digital rights, among others. Selected techniques and technologies used for security and privacy safeguard will be illustrated; specifically, how cryptography can be used to realize privacy preserving secure computation for information retrieval, and how multi-modal biometrics technologies can be used to achieve non-repudiation on information and/or computer access. While the technical details of these techniques are not the focus of the illustration, these selected techniques and technologies will be used as a basis to introduce the concept of risk assessment and management, as well as the metrics and methods used for evaluating the strength of security control and privacy protection offered by an information computer system.
Although this course is offered as a Computer Science elective, this course will maintain a balance on the coverage between computer science techniques, social implication, and security/privacy awareness. The depth on the technical and non-technical coverage will be determined at the beginning of the semester according to the level of interest and the background of the students.
At the end of the course, students will gain a basic understanding on the concept of security and privacy, and how this concept can be applied to evaluate the security and privacy aspect of an information system or a computer system. Equally important, students will be aware of the resources available for learning the latest development in the area.
Below is a non-exhaustive list of the references and resources that we may be using in the class: