School of Computer Sciences

Course Code CST233

Course Title Information Security and Assurance
Course Lecturer Assoc. Prof. Dr Aman Jantan, GIAC, GISC, CTFL
- Room 730 / Lab 502
- +604-6532157 / +604-6534356
- aman@usm.my
Dr. Mohd Najwadi Yusoff
- Room 629 / Lab 502
- +604-6534641 / +604-6534356
- najwadi@usm.my
Course Units 3

Breakdown of Units Contact Hours

Lectures 2 2 hours x 14 weeks
Monday
3.00 pm - 4.50 pm, AVR
Tutorials 1 1 hour x 14 weeks
Thursday
2.00 pm - 2.50 pm, AVR
Labs 0 Without Supervision

Breakdown of Examinations 50% - 2 hours

Assessments
Coursework 50%
Coursework Evaluation Assignments / Group Project 15% - 1 Group Project
Basis 10% - 2 Individual Assignments
5% - 5 Quizzes
Tests 20% - 2 x 1 hour
Type of Course Core (Specialization)

Course Synopsis - To introduce students to information security and assurance that include
security in a globally connected economy, sources of digital liabilities,
threats, vulnerabilities, and risk exposure, affirmative model of defence,
models for estimating and optimizing the return on security.
- To discuss acceptable-use policies, secure-use practices, auditing
technology and systems, security tools and techniques, and secure-system
development and management.
Learning Outcomes At the end of this course students will be:
- Able to understand the current principle and practice of modern information
security, and
- Able to apply the modern practice of information security in future and/or
related profession.
Main References 1. Michael E. Whitman, Herbert J. Mattord: Principles of Information
Security, 6th Edition, CENGAGE Learning, 2017
2. Michael E. Whitman, Herbert J. Mattord: Management of Information
Security, 6th Edition, CENGAGE Learning, 2018
3. Vincent J. Nestler, Gregory B. White, Wm. Arthur Conklin, Matthew P.
Hirsch, Corey Schou: Principles of Computer Security: CompTIA
Security+ and Beyond, 3rd Edition, The McGraw-Hill Inc, 2011
4. Volonino L., Robinson S.: Principles and Practice of Information
Security, Pearson 2004.
Additional References Will be given during class session several related materials.
No Topics Ref. Week Lectures Tutorial Tutorial Topics Coursework
and References
INTRODUCTION
1 Introduction to Information Security B1-C1 1 2 1 Project Discussion
The role of people in Security B3-C4 B2-C1
(Introduction to
Management of
Information Security)
2 The need for security B1-C2 2 2 1 B2-C3 Quiz 1 (1%)
Attacks and Malware B3-C15 (Contingencies)
3 Legal, Ethical, and Professional B1-C3 3 1 B2-C11 Project Proposal
Issues in Information Security (Law and Ethics) (1%)
Security and Law B3-C24 Monday, 26
February 2018
4 Computer Forensics B3-C23 3 1 1
5 Physical Security B1-C9 4 2 1 Quiz 2 (1%)
Infrastructure Security B3-C10
6 Risk Management B1-C4 5 2 1 B2-C4 Assignment 1 (5%)
(Policy) Thursday, 15
March 2018
B2-C2
(Planning)

B3-C20
(Risk Management)
7 Planning for Security B1-C5 6 2 1 B2-C7 Group Project
(Identifying and Report 1 (3%)
Accessing Risks) Thursday, 22
March 2018
Disaster Recovery, Business B3-C19 B2-C8
Continuity, and Organizational (Controlling Risks) Quiz 3 (1%)
Policies
SECURITY PRACTICES / TOOLS & TECHNOLOGY
8 Firewalls and VPNs B1-C6 7 2 1 Access Control Test 1 (10%)
Thursday, 29
March 2018
MID SEMESTER BREAK
9 Intrusion Detection, Access Control, B1-C7 9 2 1 B3-C13
and Other Security Tools (Intrusion Detection
Systems)
10 Cryptography B1-C8 10 2 1 Cryptography Quiz 4 (1%)
B3-C5
DEVELOPMENT
11 Implementing Information Security B1-C10 11 2 1
Software Development B3-C18
12 Information Security Maintenance B1-C12 12 2 1 Quiz 5 (1%)
13 Developing the Security Program B2-C5 13 2 1 Assignment 2 (5%)
Thursday, 10 May
2018
MANAGEMENT
14 Security Management Models and B2-C6 14 2 1 Group Project
Practices Report 2 (3%)
Thursday, 17 May
2018
15 Information Security Project B2-C12 15 2 1 Test 2 (10%)
Management Monday, 21 May
2018

System Demo/Viva
(8%)
Total Contact Hours 28 14
Total Contact Hours/No. of Weeks 28/14 14/14
Total Units 2 1
Course Policy

 History has proven a high positive correlation relating class attendance and good note taking to student
performance. As such, attendance will be taken during randomly chosen class periods and on all tutorials
and compulsory lab periods. A low performance in attendance (missing more than 3) will cause you to
be barred from taking the final examinations.

 All assignments given MUST be submitted before/on the specified date. Late submissions without prior
approval from the lecturer will not be accepted. Late submissions with such approvals will be given a
penalty. A grade will be deducted one grade for each late day.

 If a student is found to misuse the amenities given, the permission will be taken away from the student.

 Tests MUST be taken at the specified date and time. No replacement test will be given without an MC or
other authorized approval letter.

 Plagiarism is a serious academical offence. Students found plagiarizing/or copying will get an F for the
assignment/report or the whole course grade and will be barred from taking the final examinations.

 Please make sure your handphone is muted or turned off during classes, tutorials and labs times.