EECS 3482, Winter 2020

EECS 3482 M, Winter 2020

Introduction to Computer Security

     Lecture Schedule:   M, 10:00 - 11:30, CLH H
                                           W,   10:00 - 11:30, HNE 038
     Instructor:                Natalija Vlajic
     E-mail:                          vlajic @ cse.yorku.ca
     Office Hours:             Monday, 13:00 - 14:00, LAS 2047
     Head TA:                     Pooria Madani, madani @ cse.yorku.ca

FAQ Link containing compilation of answers to most common questions related to the course material starting March 16.
Zoom link for 'virtual office hours' on Wednesdays 13:00 - 14:00 (Mar 18, 25 and Apr 1). (Password: 3482)
TA for Lab Sessions 1 and 5: Jia Ou, caryou @ cse.yorku.ca .
TA for Lab Sessions 2 and 3: Pooria Madani, madani @ cse.yorku.ca .

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

May 11: Final Exam solutions can be found here.

April 13: IMPORTANT - final exam will be conducted through York Moodle! (You should have received an email with more specific instructions about the format of the final exam.)

April 13: Lab 4 grades are now available through ePost (grades are out of 50!).

Apr 07: Sample final exams: Final-1, Final1-solutions, Final-2, Final2-solutions.

Mar 30: Lab 3 grades are now available through ePost (use your Passort-York credentials to log in).

Mar 17: Lab 4 (take home version) is posted now! Due date: Wednesday, March 25. The written lab reports should be emailed to: cse3482yorku@gmail.com. Any questions related to the lab should be sent to the TAs. (TA emails are provided in the news header!)
Mar 15: *** IMPORTANT: An email entitled "EECS 3482: info on how the course will proceed from March 16" has been sent to the entire class. Please check your @my.yorku.ca accounts for this email! ***
Mar 09: Lab 2 grades are now available through ePost (use your Passort-York credentials to log in).
Mar 03: Midterm solutions can be found here.
Mar 03: Midterm grades are now available through ePost.
Mar 02: Lab 3 will take place this Wednesday and Thursday - Mar 4 and 5!
Feb 14: Reminder! Midterm exam will be held on Wednesday, Feb 26, at the beginning of lecture. PLEASE ARRIVE ON TIME! The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of Feb 12. The use of a simple calculator is allowed.
Feb 12: Lab 1 grades are now available through ePost (use your Passort-York credentials to log in).
Feb 10: Lab 2 will take place this Wednesday and Thursday - Feb 12 and 13!
Feb 10: Sample midterm exam: Midterm, Midterm_solutions.
Jan 22: Video and audio recording of the 3214 lectures is strictly prohibited.
Jan 22: Lab 1 will take place next week - Jan 29 and 30!
Jan 06: There are 5 labs in total and they will take place on the 4th, 6th, 8th, 10th and 12th week of classes (see the course schedule). For your exact lab slot and location check your course registration information.
Jan 06: Classes start. We are in CLH H on Mondays and HNE 038 on Wednesdays.

Course Information:
Prerequisite
Course Description
Grading Scheme
Textbook and Recommended Reading Material
Course Schedule (Week-by-week Topics Covered, Notes, Required Reading, Assignments)

Course Policies:
Late Assignments and Missed Midterm
Academic Honesty

Course Schedule

Week	Date	Topic / Notes	Required Reading	Labs / Important Dates
1	M, Jan 6	Data Breaches and Credit Card Fraud
	W, Jan 8	Introduction - Basic Concepts	Stallings, Ch. 1 and 6
2	M, Jan 13	Introduction - CIA	- \|\| -
	W, Jan 15	Introduction - Categories of Security Threats	- \|\| -
3	M, Jan 20	Introduction - Malware	- \|\| -
	W, Jan 22	Introduction - Malware (cont) & Software attacks	- \|\| -
4	M, Jan 27	Steganography - part 1
	W, Jan 29	Steganography - part 2 Cryptography - part 1	Stallings, Ch. 2	Lab 1
5	M, Feb 3	Cryptography - part 2	- \|\| -
	W, Feb 5	Cryptography - part 3	- \|\| -
6	M, Feb 10	Cryptography - part 4	- \|\| -
	W, Feb 12	Cryptography - part 5 Lab 2 slides	- \|\| -	Lab 2
Reading Week (Feb 15 - Feb 21)
7	M, Feb 24	Management of Information Security - part 1	Stallings, Ch. 15
	W, Feb 26	Midterm Exam
8	M, Mar 2	Management of Information Security - part 2	- \|\| -
	W, Mar 4	Access Control - part 1 Midterm Solutions	Stallings, Ch. 3 & 4	Lab 3
9	M, Mar 9	Access Control - part 2	- \|\| -
	W, Mar 11	Access Control - part 3	- \|\| -	Mar 13 - last day to drop courses
10	M, Mar 16	Password Cracking - part 1 lecture transcript	- \|\| -
	W, Mar 18	Password Cracking - part 2 lecture transcript Security Risk Management - part 1 lecture transcript	Stallings, Sections 14.3 & 14.4	Lab 4 (take home version)
11	M, Mar 23	Security Risk Management - part 2 lecture transcript	- \|\| -
	W, Mar 25	Security Risk Management - part 3 lecture transcript	- \|\| -
12	M, Mar 30	Security Risk Management - part 4 lecture transcript Security Risk Management / Cost Benefit Analysis - part 1 lecture transcript	- \|\| -
	W, Apr 1	Security Risk Management / Cost Benefit Analysis - part 2 lecture transcript	- \|\| -
Final Exam: Sat, April 18, 14:00

Textbook
"Computer Security: Principles and Practice", W. Stallings, L. Brown, Pearson Education, 2018, 4th Edition.

StallingsTextbook

Recommended Reading Material

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2019, 6th Edition.
"Elementary of Information Security", R. E. Smith, Jones & Bartlett Learning, 2021, 3rd Edition.
"Cryptography and Network Security", B. A. Forouzan, McGraw Hill, 2008.
"Information Security: The Complete Reference", M. Rhodes-Ousley, Mc Graw Hill, 2013, 2nd Edition.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2018, 6th Edition.
"Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, Jones & Bartlett Learning, 2018, 3rd Edition.
"Security Risk Management", E. Wheeler, Elsevier, 2011.
"Security Risk Management: Body of Knowledge", J. Talbot, M. Jakeman, Wiley, 2009.
"Guide to Network Defense and Countermeasures", R. Weaver, Nelson Education / CENGAGE Learning, 2014, 3rd Edition.
"Security+ Guide to Network Security Fundamentals", M. Ciampa, Nelson Education / CENGAGE Learning, 2017, 6th Edition.
"CISSP: Certified Information Systems Security Professional: Study Guide", J. M. Stewart, M. Chapple, C. Gibson, Wiley, 2018, 8th Edition.
"Corporate Computer Security", R. J. Boyle, R. R. Panko, Prantice Hall, 2015, 4th Edition.
"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2014, 2nd Edition.
"Laboratory Manual to Accompany Hacker Techniques, Tools and Incident Handling", Jones & Bartlett Learning, 2013.

Prerequisite

Prerequisites: Any 12 university credits at the 2000-level in any discipline.

Course Description

This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security. The lab sessions will include security case studies as well as exercises using modern security tools.

Grading Scheme

20%   5 Labs (4% each lab)
40%   Midterm Exam
40%   Final Exam

Late Assignments and Missed Midterm

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest."
For more see: Department of Computer Science Academic Honesty Guidelines