Abstract
This subject provides students with a general introduction to IT security with a focus on security as it relates to information systems and internetworking. The subject starts with general security concerns and then goes on to discuss them in detail. Topics covered include authentication protocols, communication and network infrastructure security, basics of encryption, application and user security, operational and organisational security and intrusion detection systems.
Objectives
Upon successful completion of this subject, students should:
- be able to explain common attacks against network assets, the associated threats and vulnerabilities, and what network security personnel do to secure assets;
- be able to explain how to use cryptography to help protect information and how to choose an appropriate encryption method for an organization;
- be able to implement security-enhanced computing baselines in an organization;
- be able to help protect information in an organization by using authentication and access control;
- be able to deploy and manage certificates;
- be able to help protect transmission of data by identifying threats to network devices and implementing security for common data transmission, remote access and wireless network traffic;
- be able to help protect web servers against common attacks and configure security for web browsers;
- be able to help protect e-mail messages and instant messaging from common security threats;
- be able to identify common security threats and vulnerabilities to directory services and DNS, and then apply security methods to help protect them;
- be able to identify network perimeter threats and monitor perimeter security for a network;
- be able to identify types of security policies to manage operational security, and then use these policies to ensure compliance by users in an organization;
- be able to preserve business continuity by implementing a security-enhanced disaster recovery strategy, communicating risks to others and performing secure backup and recovery; and
- be able to identify, respond to and assist in the formal investigation of security incidents.
Syllabus
The subject will cover the following topics:
- Introduction to network and cyber security
- Network design elements and components
- Compliance and operational security
- Cyber security threats and vulnerabilities
- Types of cyber attacks
- Risk mitigation strategies
- Appropriate security controls
- Disaster recovery plans and procedures
- Application, data and host security
- Access control and identity management
- Cryptography introduction
- Intrusion detection systems
- Preparing for CompTIA Security+ certification
Assessment Information
| 1 | Case Study: Part 1 | 5 % | 29-Jul-2019 | 20-Aug-2019 | |
| 2 | Case Study: Part 2A and 2B | 10 % | 19-Aug-2019 | 09-Sep-2019 | |
| 3 | Case Study: Part 3A and 3B | 40 % | 23-Sep-2019 | 17-Oct-2019 | |
| 4 | Final Exam | 45 % | To be advised | – |
