CMKL 18-631: Introduction to Information Security

Course Syllabus

Course Description

Our growing reliance on information systems for daily activities, ranging from remote communications to financial exchanges, has made information security a central issue of our critical infrastructure. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective, taking into account technical, economic and policy factors. Topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; policy and export control laws, in the U.S., Japan, and elsewhere; privacy; management and assurance; economics of security; and special topics in information security. Prerequisites: The course assumes a basic working knowledge of computers, networks, C and UNIX programming, as well as an elementary mathematics background, but does not assume any prior exposure to topics in computer or communications security. Students lacking technical background (e.g., students without any prior exposure to programming) are expected to catch up through self-study.

General Information

Course Code CMKL 18-631
Course Name Introduction to Information Security
Course Credits 12 Credits
Competency Duration 15 Weeks (3 Lecture Hours Per Week = 45 Hours in Total)
Instructor Dr. Charnon Pattiyanon <charnon@cmkl.ac.th>
Dr. Raveekiat Singhaphandu <raveekiat@cmkl.ac.th>

Class Schedule and Topics

Week Session Instructor Lecture Topic
Week 1 #1 Dr. Charnon Pattiyanon Lecture 1: Basic Concepts of Information Security and Its Properties
  • Security Threats in History
  • Cyber Attacks
  • Cybersecurity Pillars and Properties
[Lecture 1 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 2: Security Threat Modeling
  • Weakness and Vulnerability
  • Attack Tree Analysis
  • Fault Tree Analysis
  • Abuse Analysis
  • MS SDL
  • Taint Analysis
  • Basic Security Models
[Lecture 2 (PDF)]

Assignment 1 Announcement (5%)
Week 2 #1 Dr. Charnon Pattiyanon Lecture 3: SQL Injection and XSS Attacks
  • SQL Injection Attack
[Lecture 3 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 3: SQL Injection and XSS Attacks
  • Cross-Site Scripting (XSS) Attack
[Lecture 3 (PDF)]

Assignment 2 Announcement (2%)
Assignment 3 Announcement (3%)
Week 3 #1 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Fundamentals of Cryptography
  • Cryptography in History
  • Classical Cryptography
    • Substitution Ciphers, e.g., VigenĂ©re Ciphers, Playfair Ciphers
    • Transposition Ciphers
[Lecture 4 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Properties of Good and Trustworthy Ciphers
  • Introduction to Symmetric Key Cryptography
  • One-Time Padding Scheme
  • Stream Ciphers
  • RC4 Scheme
[Lecture 4 (PDF)]
Week 4 #1 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Introduction to Block Ciphers
  • Feistel Network
  • Data Encryption Standard (DES)
  • Security of DES
  • Triple DES (3DES)
[Lecture 4 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Advanced Encryption Standard (AES)
  • Modes of Operation for Block Ciphers
[Lecture 4 (PDF)]
Week 5 #1 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Introduction to Asymmetric Key Cryptography
  • Mathematical Fundamentals for Asymmetric Key Cryptography
  • Diffie-Hellman Key Exchange Mechanism
  • Issues of DH Key Exchange Mechanism
  • RSA Algorithm
[Lecture 4 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 4: Cryptography
  • Introduction to Data Integrity Assurance
  • Hash Function
  • Message Authentication Code
  • Digital Signature
[Lecture 4 (PDF)]

Assignment 4 Announcement (10%)
Week 6 #1 Dr. Charnon Pattiyanon Lecture 5: Access Control
  • User Authentication and Authorization
  • Access Control Policy Models
[Lecture 5 (PDF)]
#2 Dr. Charnon Pattiyanon Lecture 6: Vulnerability Assessment
  • Information Security Framework
  • Risk Analysis and Management
[Lecture 6 (PDF)]
Week 7 #1 Mid-Term Exam
#2 Dr. Charnon Pattiyanon Lecture 6: Vulnerability Assessment
  • Code Review
  • Penetration Testing
[Lecture 6 (PDF)]
Week 8 #1 Fall Break No Class
#2 Fall Break No Class
Week 9 #1 Dr. Raveekiat Singhaphandu Lecture 7: Buffer Overflow
#2 Dr. Raveekiat Singhaphandu Lecture 7: Buffer Overflow
Week 10 #1 Dr. Raveekiat Singhaphandu Lecture 8: Network Fundamentals
  • Security Protocols
  • SSL/TLS
#2 Dr. Raveekiat Singhaphandu Lecture 9: Network Security
  • TCP Vulnerabilities
Week 11 #1 Dr. Raveekiat Singhaphandu Lecture 9: Network Security
  • DDoS Attack
#2 Dr. Raveekiat Singhaphandu Lecture 10: Web Security, Anonymity
Week 12 #1 Dr. Raveekiat Singhaphandu Lecture 10: Web Security, Anonymity
#2 Dr. Raveekiat Singhaphandu Lecture 11: Security Economics / Psychological Aspect, Online Crime
Week 13 #1 Dr. Raveekiat Singhaphandu Lecture 11: Security Economics / Psychological Aspect, Online Crime
#2 Dr. Raveekiat Singhaphandu Lecture 12: Security Economics / Psychological Aspect, Online Crime
Week 14 #1 Dr. Raveekiat Singhaphandu Lecture 12: Security Economics / Psychological Aspect, Online Crime
#2 Dr. Raveekiat Singhaphandu Lecture 13: Usable Security, Management and Assurance
Week 15 #1 Dr. Raveekiat Singhaphandu Lecture 13: Usable Security, Management and Assurance
#2 Final Exam

Grading Rubric

Grade Distribution

  • 35% Assignment / Quizzes
  • 25% Mid-Term Exam
  • 40% Final Exam

Grading Criteria

  • 00% - 59% F (Failure to meet the requirements)
  • 60% - 62% D-
  • 63% - 66% D (Marginal, poor, or unsatisfactory performance)
  • 67% - 69% D+
  • 70% - 72% C-
  • 73% - 76% C (Satisfactory or average performance, meeting the minimum requirements for the course)
  • 77% - 79% C+
  • 80% - 82% B-
  • 83% - 86% B (Very good or good performance, indicating a solid grasp of the material.)
  • 87% - 89% B+
  • 90% - 92% A-
  • 93% - 96% A (Exceptional or outstanding performance, showing a deep understanding of the subject matter.)
  • 97% - 100% A+