Course Outline ACIT 3630 – Information Assurance and Security

Course Outline
ACIT 3630
Information Assurance and Security
School of Computing and Academic Studies
Program: Computer Information Technology
Option: N/A
Start Date:
September 2011
Total Hours:
Hours/Week:
60
4
Total Weeks:
Lecture:
15
2
Lab:
Prerequisites
Course No.
Course Name
ACIT 2620
2
End Date:
December 2011
Term/Level:
Shop:
3
Course Credits:
Seminar:
4
Other:
is a Prerequisite for:
Course No. Course Name
Principles of Enterprise Networking
 Course Description
This course is designed to provide students with a practical understanding of basic security issues in a typical
network. Topics will include understanding basic exploits and identifying security vulnerabilities. Students will
learn how to use available tools to secure systems on a LAN. Auditing, hacker identification and log file analysis
tools will be presented and used in the labs.
 Evaluation
Final Examination
25%
Midterm Examination
25%
Reports
20%
Lab Exercises
15%
Project
15%
TOTAL
100%
 Course Learning Outcomes/Competencies
Upon successful completion, the student will be able to:
 Discuss the depth, breath and significance of network security.
 Highlight what types of vulnerabilities are inherent in network design and what vulnerabilities result from
design errors or business driven design compromises.
 Explain the types of countermeasures, their scope and function, are available to mitigate network security
risks.
 Use the tools available to detect and respond to both internal and external security compromises.
 Discuss User authentication and Access Control techniques and technologies are currently considered ′best
practice′ for ensuring secure user network access.
 Outline which techniques and technologies are currently considered ′best practice′ for ensuring maximum
availability of network resources while minimizing risk of compromise.
 The students will also participate in a group project designed to give them practical experience exploiting
network vulnerabilities in a controlled environment.
Course Outline
ACIT 3630 – Information Assurance and Security
(cont’d.)
 Verification
I verify that the content of this course outline is current.
Bethany Edmunds
July 26, 2011
Authoring Instructor
Date
I verify that this course outline has been reviewed.
Program Head/Chief Instructor
Date
I verify that this course outline complies with BCIT policy.
Dean/Associate Dean
Date
Note: Should changes be required to the content of this course outline, students will be given reasonable notice.
2
Course Outline
ACIT 3630 – Information Assurance and Security
(cont’d.)
 Instructor
Bethany Edmunds
Office Location: SW2-262
Office Hrs.:
As posted
Office Phone: 604-431-4947
E-mail Address: Bethany_Edmunds@bcit.ca
 Learning Resources
Required:
W. Stallings, L.Brown Computer Security: Principles and Practice (2008) Pearson Prentice-Hall 978-013-600424-0
Web Resources as directed by the course instructor
Recommended Reading:
Recommended Links:
http://www.cert.org
http://www.sans.org/
http://isc.incidents.org/
http://cve.mitre.org/
CERT program from SEI
SysAdmin, Audit, Network, Security Institute
Internet Storm Center for intrusion detection
Common Vulnerability & Exposure
Top Attacks:
http://www.sans.org/top20/
Top 20 attacks tracked by SANS
Open Source Tools:
http://www.winpcap.org/windump/
http://www.snort.org/
http://www.nessus.org/
http://nmap.org/download.html
http://metasploit.com/
for windump (tcpdump) capturing packets
for network intrusion and detection
for network vulnerability scanner
for network mapper security scanner
for penetration testing
Linux system level symbolic source debugger:
http://sourceforge.net/projects/pice
Private ICE interactive kernel debugger
 Information for Students
(Information below can be adapted and supplemented as necessary.)
Assignments: Late assignments, lab reports or projects will not be accepted for marking. Assignments must be done on an
individual basis unless otherwise specified by the instructor. All lab exercises will be counted toward the final mark.
Quizzes: Quizzes are closed book. All quizzes will be counted toward the final mark.
Makeup Tests, Exams or Quizzes: There will be no makeup tests, exams or quizzes. If you miss a test, exam or quiz, you will
receive zero marks. Exceptions may be made for documented medical reasons or extenuating circumstances. In such a case, it
is the responsibility of the student to inform the instructor immediately.
3
Course Outline
ACIT 3630 – Information Assurance and Security
(cont’d.)
Ethics: BCIT assumes that all students attending the Institute will follow a high standard of ethics. Incidents of cheating or
plagiarism may, therefore, result in a grade of zero for the assignment, quiz, test, exam, or project for all parties involved
and/or expulsion from the course.
Attendance: The attendance policy as outlined in the current BCIT Calendar will be enforced. Attendance will be taken at the
beginning of each session. Students not present at that time will be recorded as absent.
Illness: A doctor’s note is required for any illness causing you to miss assignments, quizzes, tests, projects, or exam. At the
discretion of the instructor, you may complete the work missed or have the work prorated.
Attempts: Students must successfully complete a course within a maximum of three attempts at the course. Students with two
attempts in a single course will be allowed to repeat the course only upon special written permission from the Associate Dean.
Students who have not successfully completed a course within three attempts will not be eligible to graduate from the
appropriate program.
Course Outline Changes: The material or schedule specified in this course outline may be changed by the instructor. If
changes are required, they will be announced in class.
4