Fundamentals of Information Security

Fundamentals of Information Security


Fall 2011
08/22/2011 - 12/11/2011

Course Information

Section 003
MW 19:35 - 21:20
RGC1 117
Ronald Mendell

Section 004
Sa 09:00 - 12:45
RGC1 004
Ronald Mendell

Office Hours

No office hours have been entered for this term

Course Requirements


There are no prerequisites for this course.


Class Structure

Class time will contain lectures, demonstrations, class discussions, and labs.



Two exams will be given, a midterm and a final. Exams may be multiple choice or essay or a combination of both. Exams must be taken on the scheduled date or within the scheduled time frame. If you miss an exam you will receive a grade of zero for that exam, unless prior arrangements have been made to take the comprehensive final, or there was a compelling, verifiable personal emergency that prevented your attendance and giving as soon as possible notice to the instructor. There are no “make-up exams,” rather the student will be permitted, if approved by the instructor, to take a comprehensive final exam in lieu of the missing exam.


Lab Exercises

Labs exercises in class will a part of the course.  The instructor will brief the class on lab exercises at appropriate times during the course. Some lab exercises may be assigned as homework depending upon the needs of the class.



Grade Policy:

Grades will be based both on concepts and practical applications.


Exams = 80%

Classroom Participation = 20%


Grade Scale:

A = 90 - 100

B = 80 - 89

C = 70 - 79

D = 60 - 69

F = below 60


Required texts

Principles of Computer Security: Security+ and Beyond

Wm. Arthur Conking, Gregory B. White, et al

(McGraw Hill, 2010) ISBN: 978-0-07-163375-8


Recommended but not required texts:

 Security+ by Emmett Dulaney, Sybex 2009, ISBN: 978-0-470-37297-5.

 Computer Forensics by Marie-Helen Maras, Jones & Bartlett 2012, ISBN: 978-1-4496-0072-3

Course Subjects


The course provides instruction in security for network hardware, software, and data including using physical security measures, instituting backup procedures, protecting systems against attacks and intrusions, and gaining protection from malware. And, the course covers applying these concepts to the theme of “Protecting Yourself in the Digital Age.”


Class Schedule: The following is a tentative schedule for the course. The instructor reserves the right to make schedule changes based on the needs of the students in the class.




1 & 2

Introduction and Security Trends
General Security Concepts and introduction to what is an “infosphere”

Inside the Security Mind

3 & 4


Operational Security and People’s Role in Information Security









7 & 8

Internet Standards and Physical Security

9 & 10

Network Security and Infrastructure

11 & 12

EXAM 1 Assigned


Authentication and Wireless

Midterm Exam Assigned


13 & 14

EXAM 1 Due

Intrusion Detection Systems and Security Baselines

Midterm Exam due

15 & 16

Attacks and E-mail

17 & 18

Web Security and Software Security


19 & 20

Disaster Planning and Risk Management


21 & 22

Change and Privilege Management

23 &24

Computer Forensics and the Law



Privacy Issues and Review for Final


Final Exam – emphasis on last half of course

Student Learning Outcomes/Learning Objectives

At the completion of this course, the student will have demonstrated the ability to:


Understand how information security can counteract attempts to attack an individual’s “infosphere,” the person’s sensitive information.


Understand how people are the weakest components in any security system.

Identify social engineering schemes.

Develop appropriate countermeasures.


Learn the fundamentals of cryptography and how cryptography serves as the central language of information security.

Identify the basic cryptographic tools.

Implement cryptography to protect the confidentiality and integrity of data.


Develop and Implement Physical Security

Identify and assess current and anticipated security risks and vulnerabilities

Monitor, evaluate, and test security conditions and environment

Implement, extend, and refine physical security plans and policies


Ensure Infrastructure and Network Security

Gather data and analyze security requirements

Identify, analyze, and evaluate infrastructure and network vulnerabilities

Develop critical situation contingency plans and disaster recovery plan

Implement/test contingency and backup plans and coordinate with stakeholders

Monitor, report, and resolve security problems

Designing Perimeter Security for a Network


Understand Security Baselines

Establishing baselines for computer systems

Testing networks and computers for vulnerabilities


Understand the Roles of Computer Forensics and the Law in Information Security.

Using basic computer forensics software to analyze information on a personal computer.

Using a digital camera as a tool in forensics and information security work.


Understand the basic software tools for assessing the security posture of a computer or a network.


Understanding how issues of privacy affect information security.