Information and Network Security
Information security is about protecting information (and information systems) against unauthorised access and tampering. Avoiding security breaches has a high priority for organisations storing and handling confidential data.
The main aim of this module is to provide broad coverage of the field of information security. This course covers the technical as well as the management side of security in information systems. Despite being an essential part of security, technical methods such as cryptography are not enough to guarantee a high level of security. They have to be embedded into a wider context in order to make them more effective. Users of technology have to understand the underlying principles and follow certain policies to avoid security breaches. This module introduces the fundamental approaches to security engineering and includes a detailed look at some important applications.
- Overview of Information Security
- Access Control Matrix Model
- Security Policies
- Social Engineering
- Basic Cryptography
- Identity Management
- Access Control Mechanisms
- Assurance and Trust
- Network Intruders and Intrusion Detection
- Firewalls and Malicious Software
- Cryptographic Protocol Concepts
- Key Exchange
- Economics of Information Security
Two-hour written examination (80%) and practical coursework (20%).
- Keith M. Martin, Everyday Cryptography: Fundamental Principles and Applications, 2012, ISBN 978-0-19-969559-1
- Ross Anderson, Security Engineering 2nd edition, John Wiley & Sons, 2008, ISBN 978-0-470-06852-6
- William Stallings, Cryptography and Network Security 5th edition, Pearson, 2010, ISBN 978-0136097044
- Matt Bishop, Computer Security: Art and Science, Addison-Wesley, 2002, ISBN 978-0201440997
- Bruce Schneier, Applied Cryptography, John Wiley & Sons, 1996, ISBN 0-471-11709-9