Foundations of Information Security and Assurance (3 Credits, INFA 610)
(Must be taken as the first course in the program.) An overview of techniques for ensuring and managing information security. Topics include administrative and technical security controls to prevent, detect, respond to, and recover from cyber attacks; risk and vulnerability analysis to select security controls; security planning; security architecture; security evaluation and assessment; and legal, ethical, and privacy aspects of information assurance. Discussion also covers information security fundamentals, such as cryptography, authentication, and access control techniques, and their use in network, operating system, database, and application layers. Security issues of current importance are stressed.
Network and Internet Security (3 Credits, INFA 620)
An introduction to the security concepts needed for the design, use, and implementation of secure voice and data communications networks, including the Internet. A brief review of networking technology and standards (including an introduction to Internet communication protocols) is provided. Security subjects addressed include defense models, security policy development, authentication and authorization controls, firewalls, packet filtering, virtual private networks (VPNs), and wireless network security. A project on network security in a hypothetical scenario based on inputs from government agencies and commercial organizations is assessed by a team of experts who are working in the field.
Intrusion Detection and Intrusion Prevention (3 Credits, INFA 630)
An exploration of the theory and implementation of intrusion detection and intrusion prevention. Topics include network-based, host-based, and hybrid intrusion detection; intrusion prevention; attack pattern identification; deployment; response; surveillance; damage assessment; data forensics; data mining; attack tracing; system recovery; and continuity of operation. A specific project on intrusion detection and intrusion prevention in a hypothetical scenario based on the inputs from government agencies and commercial organizations is assessed by a team of experts who are working in the field.
Cryptology and Data Protection (3 Credits, INFA 640)
An overview of the theory of encryption using symmetric and asymmetric keys, current protocols for exchanging secure data (including the Data Encryption Standard and the Advanced Encryption Standard), and secure communication techniques. A review of the historical development of cryptographic methods and cryptanalysis tools is provided. Public Key Infrastructure and the use of digital signatures and certificates for protecting and validating data are examined. Strategies for the physical protection of information assets are explored.
Computer Forensics (3 Credits, INFA 650)
An introduction to the collection and analysis of the digital evidence left behind in a digital crime scene. Topics include the identification, preservation, collection, examination, analysis, and presentation of evidence for prosecution purposes. Discussion also covers the laws and ethics related to computer forensics and challenges in computer forensics. Network forensics is briefly explored. A specific project on computer forensics or network forensics in a hypothetical scenario based on inputs from government agencies and commercial organizations is assessed by a team of experts who are working in the field.
The Law, Regulation, and Ethics of Information Assurance (3 Credits, INFA 660)
An overview of the legal, regulatory, and ethical issues related to cyberspace. Emphasis is on developing skills in spotting ethical and legal issues and navigating through the complex and changing legal and regulatory environment as it applies to behavior in cyberspace. Various resources and materials about the ethical and legal operation of modern computer systems, applications, and networks are presented.
Information Assurance Capstone (3 Credits, INFA 670)
Prerequisites: INFA 610, 620, 630, 640, 650, and 660 (3 credits may be taken concurrently). A study of information assurance that integrates and applies concepts previously studied. Best practices and appropriate technologies to design, implement, manage, evaluate, and further improve information security are explored. Emerging trends are analyzed to understand their potential effect on information security and assurance.