SEC-201: Data Privacy, Security, and Integrity
Course Syllabus
Course Description
Data is one of the most valuable assets in modern software systems, often containing sensitive or personal information that must be protected to uphold the reputation and trustworthiness of these systems. Ensuring data privacy, security, and integrity are essential principles in effective data protection.
In this competency, we will explore three critical aspects of data protection. First, we will examine existing issues and the principles that should be prioritized. Next, we will dive into specific techniques and methods used to safeguard data privacy, security, and integrity, equipping you with the skills to analyze and design modules that ensure robust data protection.
Additionally, this competency will introduce the concepts of data governance, including an overview of relevant laws and regulations. By the end of this competency, you will have the knowledge and skills to handle data responsibly, ensuring security, integrity, and privacy in all aspects of data manipulation.
General Information
| Competency Code | SEC-201 |
|---|---|
| Competency Name | Data Privacy, Security, and Integrity |
| Competency Credits | 4 |
| Competency Duration | 9 Weeks (~6 Hours Per Week = 52 Hours in Total) |
| Instructor | Dr. Charnon Pattiyanon <charnon@cmkl.ac.th> |
Assessing Skills
- [SEC-201:00010] Analyze the sensitivity of data and information - Successful students must be able to identity the sensitivity of data and information used in a software system.
- [SEC-201:00020] Analyze the secure data and information processing - Successful students must be able to design and evaluate secure data processing activities.
- [SEC-201:00030] Evaluate data security in an information system - Successful students must be able to evaluate, design, and implement data security protection techniques, such as encryption or secure key exchange, in a system.
- [SEC-201:00040] Evaluate data integrity in an information system - Successful students must be able to evaluate, design, and implement data integrity assurance techniques, such as message authentication code or digital signatures, in a system.
- [SEC-201:00050] Evaluate data privacy in an information system - Successful students must be able to evaluate, design, and implement data privact preservation techniques, such as data anonymization or zero knowledge proofs, in a system.
- [SEC-201:00060] Analyze the compliance of data privacy laws and regulations - Successful students must be able to understand, analyze, and suggest the compliance of a system to a data privacy law or regulation.
Class Schedule and Topics
| Week | Lecture Topic | Lab/Practical Session Topic |
|---|---|---|
| Week 1 | Lecture 1: An introduction to cybersecurity
|
|
| Week 2 | Lecture 2: Cryptography
|
Lab 1: Encryption and Decryption using Classical Cryptography |
| Week 3 | Lecture 2: Cryptography
|
|
| Week 4 | Lecture 2: Cryptography
|
Lab 2: Encryption and Decryption using Modern Cryptography |
| Week 5 | Lecture 2: Cryptography
|
|
| Week 6 | Lecture 2: Cryptography
|
Lab 3: Secure Chat Application in Python (Part 1: Confidentiality) |
| Week 7 | Lecture 2: Cryptography
|
Lab 4: Secure Chat Application in Python (Part 2: Integrity) |
| Week 8 | Lecture 3: Data Privacy Preservation
|
|
| Week 9 | Assessment Project Presentation |
Assessment and Submission Guideline
This competency requires each student group to submit four deliverables, including:
- A list of team members: This list should include the first name, last name, nickname, email address, and role of each member.
- Selected System Name and Description: This deliverable should provide a short paragraph describing the target system for the assessment project. It can be either an existing system or a new one that your team plans to develop.
- A Presentation Deck: This is the deck used during your presentation session. It must be submitted one day before the presentation date.
- A Final Report: This is the final document summarizing the details of your assessment project. Please refer to the report template provided below.
To support students throughout this competency, the following documents are provided:
- [Group Assessment Instruction (PDF)]
- [Group Assessment Final Report Template (PDF)]
- For students who extend this competency as AO and wish to complete the assessment individually: [Individual Assessment Instruction and Report Template (PDF)]
Grading Rubric
Presentation Grading Rubric
The presentation will be equivalent to 30% of your final score or 200 points out of 600 points (from 6 assessing skills). Some parts will be graded as a group performance, while others will be graded individually. The following rubric will be used for grading the presentation.
- (10 Points) Time Management: Full points will be awarded to the group that could effectively manage their presentation time, staying within the 10-minute limit.
- (10 Points) Individual Effort: Each student will receive full points if they participate equally in the presentation alongside their team members.
- (30 Points) Smoothness of the Presentation: Full points will be awarded to the group that could show evidence of well preparation and rehearsal, ensuring a seamless presentation.
- (50 Points) Completeness of the Content: Full points will be awarded if the presentation content is complete, justifiable, and comprehensive.
- (100 Points) Effectiveness in Answering Questions: Full points will be awarded for each student who can effectively answer audience questions, based on their assigned role. Students must demonstrate a clear understanding of data privacy, security, and integrity mechanisms.
Final Report Grading Rubric
The final report accounts for 70% of your total score, equivalent to 400 points out of 600 points (based on six assessing skills). Each section in the report carries a different score weight. Please refer to the Final Report Template for the detailed score distribution of each section.