CS507 Information Security

CS507: Information Security

CS507 Information Security provides a comprehensive overview of the principles, technologies, and practices required to protect digital information and systems. In an increasingly connected world, this field is of critical importance. This course introduces the foundational "CIA Triad" (Confidentiality, Integrity, Availability) and explores the various threats, vulnerabilities, and countermeasures that define the cybersecurity landscape.

This course is not just about technical "hacking"; it's a broad survey that covers the technical, administrative, and physical aspects of security. You will learn how to identify assets, assess risks, and implement a "defense -in -depth" strategy to protect an organization. Topics range from the mathematics of cryptography to the psychology of social engineering, providing a complete picture of the challenges involved.

Key Topics Covered:

• Foundations of Security: The CIA Triad (Confidentiality, Integrity, Availability), plus non-repudiation and authentication. Understanding threats, vulnerabilities, and risks.
• Cryptography: The core technology for ensuring confidentiality and integrity.
  • Symmetric Encryption: Using a single shared key (e.g., DES, AES).
  • Asymmetric (Public-Key) Encryption: Using a pair of public and private keys (e.g., RSA).
  • Hashing and Digital Signatures: Verifying data integrity (e.g., MD5, SHA-256) and authenticating the sender.
• Access Control: Mechanisms for determining "who is allowed to do what." This includes authentication (passwords, biometrics, 2FA) and authorization (Access Control Lists, Role-Based Access Control).
• Network Security: Securing data in transit. This includes firewalls, Intrusion Detection Systems (IDS), Virtual Private Networks (VPNs), and secure protocols (e.g., SSL/TLS, which powers HTTPS).
• Software and Web Security: Common vulnerabilities in applications, such as SQL Injection, Cross-Site Scripting (XSS), and Buffer Overflows.
• Risk Management: The business-oriented process of identifying, assessing, and mitigating risks to an organization's assets.
• Operational Security: The human side of security, including policies, procedures, business continuity planning, and awareness of threats like phishing and social engineering.

Course Objectives:

1. Understand the fundamental principles of information security (the CIA Triad) and risk management.
2. Explain the core concepts of modern cryptography, including symmetric, asymmetric, and hashing.
3. Identify common network and application-level vulnerabilities (e.g., SQLi, XSS).
4. Describe the mechanisms for access control, authentication, and authorization.
5. Appreciate the importance of security policies and the human element in cybersecurity.

CS507 provides the essential, broad foundation for any student interested in a cybersecurity career. It prepares you for advanced, specialized topics in network security, ethical hacking, digital forensics, and security management.