CS 571 - Case Studies in Computer Security
This course examines security challenges and failures holistically, taking into account technical concerns, human behavior, and business decisions. Using a series of detailed case studies, students will explore the interplay among these dimensions in creating secure computing systems and infrastructure. Students will also apply lessons from the case studies to emerging secure-systems design problems. The course requires active participation in class discussions, presentations, and writing assignments. It does not involve programming, but assumes that students have substantial prior experience with security protocols, attacks, and mitigations at the implementation level. This course satisfies the behavioral component of the MS specialization in computer security.
CS 557 - Software Security Design and Analysis
Software is responsible for enforcing many central security goals in computer systems. These goals include authenticating users and other external principals, authorizing their actions, and ensuring the integrity and confidentiality of their data. This course studies how to design, implement, and analyze mechanisms to enforce these goals in both web systems and programs in traditional languages. Topics include: identifying programming choices that lead to reliable or flawed security outcomes, successful and unsuccessful strategies for incorporating cryptography into software, and analysis techniques that identify security vulnerabilities. The course will cover both practical and theoretical aspects of secure software, and will include a substantial secure software design project.
CS 558 - Computer Network Security
This course covers core security threats and mitigations at the network level. Topics include: denial-of-service, network capabilities, intrusion detection and prevention systems, worms, botnets, Web attacks, anonymity, honeypots, cybercrime (such as phishing), and legality and ethics. The course prepares students to think broadly and concretely about network security; it is not designed to teach students low-level tools for monitoring or maintaining system security. Assignments and projects will assess each student’s ability to think both conceptually and practically about network security.
MIS 582 - Information Security Management
This course introduces students to the fundamentals of Information Security Management. It is designed to develop in students an understanding of and appreciation for the importance of information security to all enterprises, and to enable current and future managers to understand the important role that they must play in securing the enterprise. This course is appropriate for any student interested in gaining a managerial-level understanding of information security. A combination of readings, lectures, case studies, guest speakers, and discussion of real world events will be used to bridge the gap between theory and practice. The course will primarily explore the Common Body of Knowledge (CBK) of information security, along with other related topics. It will also explore the interaction between People, Process and Technology as the cornerstone of any effective information security program. Upon completion of this course, the student will have an in-depth understanding of the essential components of a comprehensive information security program, as well as an understanding of the technology at work behind the scenes.