Introduction to security and information assurance. Information confidentiality, availability, protection, and integrity. Security systems lifecycle. Risks, attacks, and the need for security. Legal, ethical, and professional issues in information security. Risk management including identification and assessment. Security technologies and tools. Security laws, audit and control. Cryptography foundations, algorithms and applications. Physical security, security and personnel, security implementation and management. Securing critical infrastructure. Trust and security in collaborative environments.

Network infrastructure security issues, including perimeter security defences, firewalls, virtual private networks, intrusion detection systems, wireless security, and network security auditing tools. Secure network applications. Network security protocols such as SSL, SSL/TLS, SSH, Kerberos, IPSec, IKE. Network threats and countermeasures. Network auditing and scanning. VoIP Security. Remote exploitation and penetration techniques. Network support for securing critical infrastructure. Design and development of software-based network security modules and tools based on hands-on experiences and state-of-the-art technologies.

Methodical approaches for collecting and preserving evidence of computer crimes, laws/regulation, and industry standards. Hands-on experience on identifying, analyzing, recreating, and addressing cyber based crimes. Ethical issues associated with information systems security. Foundational concepts such as file system structures, MAC times, and network protocols. Use of tools for evidence recovery. Use of established forensic methods in the handling of electronic evidence. Rigorous audit/logging and date archival practices. Prevention, detection, apprehension, and prosecution of security violators and cyber criminals, and general legal issues.

Security of wireless networks such as cellular networks, wireless LANs, mobile ad hoc networks, wireless mesh networks, and sensor networks. Overview of wireless networks. Study of threats and types of attacks, including attacks on MAC protocols. Selfish and malicious behavior in wireless routing protocols. Countermeasures/solutions and their limitations. Encryption and authentication. Secure hand-off techniques. Energy-aware security mechanisms. Secure multicasting. Key pre-distribution and management in wireless networks.

Secret key encryption; Block and stream ciphers, Encryption standards;  Number theory: Divisibility, Modular arithmetic, Group theory and Finite fields; Public key encryption:  RSA, ElGamal and Rabin cryptosystems; Diffie-Hellman key exchange; Cryptographically secure hashing; Authentication and digital signatures; Digital signature standard (DSS), Randomized encryption; Cryptocurrency, Blockchain models and applications. Security issues and their solutions in Blockchain models and applications. Blockchain payment networks.

Note: Cannot be taken for credit with ICS 440

Introduction to penetration testing and ethical hacking, requirements and legal issues, setting up virtual lab; Exploring Kali Linux and Metasploit framework, hacking and penetration testing phases; Information gathering through passive and active reconnaissance, footprinting, social engineering, port scanning; Advanced fuzzing techniques; Exploitation, password attacks and gaining access to remote services; Web penetration testing and web-based exploitation; Maintaining access with backdoors and rootkits; Bypassing defense applications; Wireless and mobile device hacking techniques; Writing penetration testing report; Tools and programming available for penetration testers in both Windows and Linux platforms such as Kali Linux, OpenVAS, Burp, NMAP, Netcat, Python, etc.

Note: Cannot be taken for credit with ICS 442

Data privacy: definition and terminologies. Difference between data security and privacy. Data privacy attacks. Data privacy laws and regulations. Privacy risk and impact assessment. Privacy engineering, management, and evaluation. Data anonymization. Statistical privacy. Differential privacy. Cryptographic privacy. Homomorphic encryption. Secure multi-party computation. Secure data outsourcing. Data hiding and steganography. Anonymous networks. Trusted execution environment. Applications of privacy preserving technologies in computer systems and applications.

Note: Cannot be taken for credit with COE 426

Security in requirements engineering; Secure designs; Risk analysis; The SQUARE Process Model; Threat modeling; Defensive coding; Software protection; Fuzzing; Static analysis and security assessment; Memory leaks, buffer and heap overflow attacks, injection attacks.

Note: Cannot be taken for credit with SWE 445

A graduate student will arrange with a faculty member to conduct an industrial research project related to the cybersecurity as the field of the study. Subsequently the students shall acquire skills and gain experiences in developing and running actual industry-based project. This project culminates in the writing of a technical report, and an oral technical presentation in front of a board of professors and industry experts.