Overview
The security of computer networks and information is a serious concern for all organizations and enterprises, and it has become increasingly so as organizations and people are increasingly connected through and dependent on the internet. Computer Science 660: Enterprise Information and Network Security provides you with opportunities to review and explore definitions of network and information security; vulnerabilities of network and information assets; and threats and attacks to the security of enterprise networks and information.
This course covers many topics and is both problem-driven and research-based. Each unit will guide you in topics of study and ask you leading questions to review and explore important concepts, principles, theories, algorithms, protocols, schemes, standards, tools, systems, policies, and government regulations in specific areas of information and network security.
For each assignment, you will conduct in-depth research, write a paper on a topic approved by your instructor, and solve various security-related problems.
While efforts have been made to accommodate students who come to this course with different backgrounds and depths of knowledge, students taking this course are assumed to have a science degree or equivalent and a background in computing and information systems.
Outline
Unit 1: Defining Enterprise Network and Information Security
In this unit, you will explore topics that help define network and information security for various enterprises and organizations. These topics include network and information assets to be secured, goals of enterprise information security, threats to security, and real cases of security attacks. You will learn general security concepts, terminologies, and issues, and you will gain some technical background in network and information assets, security goals, general security concerns, threats, and security models. After completing this unit, you will have a good understanding of enterprise network and information security and be able to define network and information security for a given enterprise.
Unit 2: Fundamental Technologies Enabling and Defending Security
Certain security goals—such as confidentiality, integrity, availability, and authenticity—can only be achieved and protected by using appropriate enabling and defending technologies. In this unit, you will explore topics related to cryptography and other technologies essential in maintaining the confidentiality and integrity of enterprise data. You will also study algorithms and schemes for hashing and keyed hashing, and you will explore topics related to authentication and access control of users, services, and data.
The focus of this unit is on the essential principles, theories, algorithms, schemes, and technologies in cryptography, authentication, and access control. After completing this unit, you will be able to explain what symmetric and asymmetric cryptography are and how some classical and modern cryptographic schemes and algorithms work, such as Caesar cipher, RSA, Diffie–Hellman, and public key cryptography. You will also be able to explain how some fundamental authentication and access control schemes/models work, as well as their strengths and weaknesses in ensuring the authenticity and availability of network and information assets. Finally, you will be able to choose appropriate security schemes and algorithms, as well as authentication and access control schemes, to achieve required security goals for a given application.
Unit 3: Vulnerabilities, Risks, Threats, Attacks, and Challenges
To win a battle, you must know the strengths and weaknesses of both you and your enemy. This also applies to enterprise network and information security. In this unit, you explore various vulnerabilities in computer systems and networks, as well as threats to enterprise network and information security. These threats include various computer worms, viruses, bots, phishing schemes, and potential intrusions and attacks on enterprise networks and information, as well as network services. You will also learn about the challenges in ensuring the security of enterprise network and information assets.
Unit 4: Protocols, Standards, Tools, and Systems for Network and Information Security
In a networked environment (like the internet), certain security goals can only be achieved through the collaboration of clients and servers. Computers collaborate by following certain standards and protocols, with the assistance of security systems. In this unit, you will study some well-known protocols and standards, such as DES, Triple DES, AES, IDEA, the Kerberos protocol, and public key infrastructure (PKI). You will also study security protocols designed and implemented at different network layers, particularly secure IP protocol (IPSec), Secure Socket Layer (SSL), and transport layer security (TLS). Protocols and systems designed for special purposes, such as firewalls, VPNs, IDS, and IPS, are also explored.
Unit 5: Systems Security
Today’s enterprises are heavily dependent on many types of computer-based systems, which store or transmit their information assets. The security of such systems is essential and critical to enterprises. In this unit, you will study security issues and the technological requirements of systems commonly deployed and used by enterprises. After completing this unit, you will be able to explain the principle of firewalls. You will also be able to describe the main security features of some well-known systems, as well as their weaknesses.
Unit 6: Enterprise Information and Network Security Management
Securing the information assets of an enterprise can be very technical and costly. However, even with advanced and expensive technologies, systems, and personnel in place, the security of an enterprise’s network and information assets cannot be guaranteed if the technologies and systems are not used properly or the personnel is inadequately trained. In this unit, you will explore topics related to information security management. After completing this unit, you will be able to explain the roles of security training and security auditing, as well as security assessment and planning at enterprises. You will be able to discuss the policies, standards, and government regulations that are helpful—even critical—for enterprises in managing their information security.
Learning outcomes
Upon successful completion of this course, you should be able to
- clearly define the scope and purposes of enterprise information and network security.
- analyze, design, and use security protocols, policies, tools, and systems to achieve confidentiality, integrity, and availability of information and services.
- analyze, design, and use security protocols, policies, tools, and systems to achieve authenticity of users, service, and data.
- analyze, design, and use security protocols, policies, tools, and systems to achieve accountability of users in cyberspace.
- explain the roles of security training, security auditing, and security assessment and planning for enterprises, and discuss the policies, standards, and government regulations that are either helpful or critical for enterprises in managing their information security.
- identify research problems related to computer, network, and information security, and conduct research and write publishable technical papers.
Evaluation
To receive credit for COMP 660, you must achieve a course composite grade of at least B– (70 percent), an average grade of at least 60 percent on the assignments, and a grade of 60 percent on the final exam.
The weighting of the composite grade is as follows:
| Activity | Weight |
| Assignment 1 | 20% |
| Assignment 2 | 20% |
| Assignment 3 | 20% |
| Participation (online discussion) | 10% |
| Final examination | 30% |
| Total | 100% |
Your final exam must be invigilated through ProctorU. The exam must be requested in advance, and you must pay the ProctorU invigilation fee.
For more information about exams, see the School of Computing and Information Systems exam information page.
Materials
All course materials are found online.
If you are completely new to the subject of this course, you are encouraged to get a copy of a university textbook that covers general topics and standard technologies related to information security.