Note: This unit version is currently under review and is subject to change!

INFO2315: Introduction to IT Security (2017 - Semester 2)

Download UoS Outline

Unit: INFO2315: Introduction to IT Security (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Intermediate
Faculty/School: School of Information Technologies
Unit Coordinator/s: Dr Stavrakakis, John
Session options: Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Brief Handbook Description: This unit provides a broad introduction to the field of IT security. We examine secure and insecure programs, secure and insecure information, secure and insecure computers, and secure and insecure network infrastructure. Key content includes the main threats to security; how to analyse risks; the role in reducing risk that can be played by technical tools (such as encryption, signatures, access control, firewalls, etc); the limitations of technical defences; and the simple process and behavioural changes that can reduce risk.
Assumed Knowledge: In order to enter this unit, students should have at least one semester of tertiary study of IT. In particular, we assume familiarity with the value of information, and with the varied uses of IT in business and personal activities. We also assume an introductory level of skill in using a computer (for example, creating and moving files and folders, downloading and installing files, etc). The assumed background would be achieved by completing INFO1003 Foundations of IT. We also assume previous instruction in verbal presentations and teamwork.
Lecturer/s: Dr Stavrakakis, John
Tutor/s: Alan Robertson

Eric Ferguson

William Wang

Deanna Arora

Mahsa Bayat

Lina Lau
Timetable: INFO2315 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Laboratory 1.00 1 12
3 Independent Study 9.00 1 13
T&L Activities: Independent Study: Reading, preparation, study, and completing assignments

Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.

Attribute Development Method Attribute Developed
A broad introduction to the field of IT security. Engineering/IT Specialisation (Level 2)
Understanding of the essential concepts of security, and of the fundamentals of computer system organisation (hardware and software components) that impact on security Maths/Science Methods and Tools (Level 2)
Gathering and evaluating information from the published literature Information Seeking (Level 2)
Producing verbal presentations Communication (Level 2)
Practice in teamwork, time management.

Awareness of ethical, legal & social issues associated with security.
Ability to carry out a risk analysis.
Professional Conduct (Level 2)

For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table.

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

Engineering/IT Specialisation (Level 2)
1. Ability to relate specific attack scenarios to general concepts such as authentication, integrity, secrecy, non-repudiation.
2. Experience of a range of common attacks, and experience with some defences against them
3. Awareness of the limitations of technical approaches to defending against attacks
4. Ability to estimate the cost of a brute-force attack on a system secured by keys of given length
5. Knowledge of, and experience in, process and behavioural defences (such as frequent changes to passwords; not downloading active content; running security monitors; not trusting emails/phone messages/visitors without reason)
Maths/Science Methods and Tools (Level 2)
6. Understanding of terminology as commonly used in security literature
7. Awareness of major issues for security of programs, information, computers and networks
Professional Conduct (Level 2)
8. Awareness of ethical, legal and social issues in security
9. Ability to carry out a risk analysis, including estimates of potential damage and cost of defences
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 CyberSec Challenges No 10.00 Multiple Weeks 1, 2, 3, 4, 5, 6, 7,
2 Quiz No 10.00 Week 9 1, 2, 3, 5, 6, 7, 9,
3 Group project Yes 15.00 Multiple Weeks 1, 2, 3, 5, 6, 7, 8, 9,
4 Laboratory participation No 5.00 Multiple Weeks 2, 5,
5 Final Exam No 50.00 Exam Period 1, 2, 3, 5, 6, 7, 8, 9,
6 Tutorial pre-work No 10.00 Multiple Weeks (During your timetabled class) 1, 2, 3, 4, 5, 6, 7, 8, 9,
Assessment Description: CyberSec challenges: A series of security problems to be completed online.

Quiz: Paper examination to test knowledge and skill of weeks 1 - 8.

Tutorial pre-work: Small exercise to be completed before all tutorials for the week.

Group assignment: Build and test a security software solution. Three deliverables.

Attendance: Laboratory participation. Based on weekly attendance and involvement in tutorial discussions.

Final Exam: Covers all aspects of the unit of study. It will test the candidates’ knowledge of security concepts, and of particular threats and controls as presented during the semester. Two hours.
Grading:
Grade Type Description
Standards Based Assessment Final grades in this unit are awarded at levels of HD for High Distinction, DI (previously D) for Distinction, CR for Credit, PS (previously P) for Pass and FA (previously F) for Fail as defined by University of Sydney Assessment Policy. Details of the Assessment Policy are available on the Policies website at http://sydney.edu.au/policies . Standards for grades in individual assessment tasks and the summative method for obtaining a final mark in the unit will be set out in a marking guide supplied by the unit coordinator.
Special Conditions to Pass UoS It is a policy of the School of Information Technologies that in order to pass this unit, a student must achieve at least 40% in the written examination as well as in the other components of assessment together. A student must also achieve an overall final mark of 50 or more. Any student not meeting these requirements can achieve a maximum mark of no more than 45.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of IT may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Prescribed Text/s: Note: Students are expected to have a personal copy of all books listed.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Introduction
Week 2 Identification
Week 3 System Security
Week 4 Software Security
Week 5 Introduction to Cryptography
Week 6 Networks
Week 7 Network Security
Week 8 Database Security
Week 9 Legal and Ethical issues
Assessment Due: Quiz
Week 10 Guest Lecture
Week 11 Privacy
Week 12 Security Management
Week 13 Unit of Study Review
Exam Period Assessment Due: Final Exam

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Bachelor of Computer Science and Technology (Computer Science) 2014 and earlier 2009, 2010, 2011, 2012, 2013, 2014
Bachelor of Computer Science and Technology (Information Systems) 2014 and earlier 2010, 2011, 2012, 2013, 2014
Software Mid-Year 2016, 2017
Software 2015, 2016, 2017
Software / Arts 2015, 2016, 2017
Software / Commerce 2015, 2016, 2017
Software / Medical Science 2015, 2016, 2017
Software / Music Studies 2016, 2017
Software / Project Management 2015, 2016, 2017
Software / Science 2015, 2016, 2017
Software / Law 2015, 2016, 2017
Software Engineering (till 2014) 2010, 2011, 2012, 2013, 2014
Software Engineering / Arts 2011, 2012, 2013, 2014
Software Engineering / Commerce 2010, 2011, 2012, 2013, 2014
Software Engineering / Medical Science 2011, 2012, 2013, 2014
Software Engineering / Project Management 2012, 2013, 2014
Software Engineering / Science 2011, 2012, 2013, 2014
Software Engineering / Law 2010, 2011, 2012, 2013, 2014
Bachelor of Information Technology (Computer Science) 2014 and earlier 2009, 2010, 2011, 2012, 2013, 2014
Bachelor of Information Technology (Information Systems) 2014 and earlier 2010, 2011, 2012, 2013, 2014
Information Technology (Information Systems)/Arts 2012, 2013, 2014
Information Technology (Information Systems) / Commerce 2012
Information Technology (Information Systems) / Medical Science 2012
Information Technology (Information Systems) / Science 2012
Information Technology (Information Systems) / Law 2012
Bachelor of Computer Science and Technology 2015, 2016, 2017
Bachelor of Computer Science and Technology (Advanced) 2015, 2016, 2017
Bachelor of Computer Science and Technology (Computer Science)(Advanced) 2014 and earlier 2013, 2014
Bachelor of Computer Science and Technology (Information Systems)(Advanced) 2014 and earlier 2013, 2014
Bachelor of Computer Science & Tech. Mid-Year 2016, 2017
Aeronautical Engineering / Science 2011, 2012, 2013, 2014
Aeronautical Engineering (Space) / Science 2011, 2012, 2013, 2014
Biomedical Engineering / Science 2013, 2014
Chemical & Biomolecular Engineering / Science 2011, 2012, 2013, 2014
Civil Engineering / Science 2011, 2012, 2013, 2014
Electrical Engineering (Bioelectronics) / Science 2011, 2012
Electrical Engineering / Science 2011, 2012, 2013, 2014
Electrical Engineering (Computer) / Science 2014
Electrical Engineering (Power) / Science 2011, 2012, 2013, 2014
Electrical Engineering (Telecommunications) / Science 2011, 2012, 2013, 2014
Aeronautical / Science 2015, 2016, 2017
Aeronautical (Space) / Science 2015
Biomedical Mid-Year 2016, 2017
Biomedical 2016, 2017
Biomedical /Science 2015, 2016, 2017
Chemical & Biomolecular / Science 2015
Civil / Science 2015
Electrical / Science 2015
Electrical (Computer) / Science 2015
Electrical (Power) / Science 2015
Electrical (Telecommunications) / Science 2015
Mechanical / Science 2015, 2016, 2017
Mechanical (Space) / Science 2015
Mechatronic / Science 2015, 2016, 2017
Mechatronic (Space) / Science 2015
Mechanical Engineering (Biomedical) / Science 2011, 2012
Mechanical Engineering / Science 2011, 2012, 2013, 2014
Mechanical Engineering (Space) / Science 2011, 2012, 2013, 2014
Mechatronic Engineering / Science 2011, 2012, 2013, 2014
Mechatronic Engineering (Space) / Science 2011, 2012, 2013, 2014
Project Engineering and Management (Civil) / Science 2011
Bachelor of Information Technology 2015, 2016, 2017
Information Technology / Arts 2015, 2016, 2017
Information Technology / Commerce 2015, 2016, 2017
Information Technology / Medical Science 2015, 2016, 2017
Information Technology / Science 2015, 2016, 2017
Information Technology (Computer Science)/Arts 2012
Information Technology (Computer Science) / Science 2012
Information Technology / Law 2015, 2016, 2017
Bachelor of Project Management (Built Environment) 2016, 2017
Bachelor of Project Management (Built Environment) Mid-Year 2016, 2017
Bachelor of Project Management (Civil Engineering Science) 2016, 2017
Bachelor of Project Management (Civil Engineering Science) Mid-Year 2016, 2017
Bachelor of Project Management (Software) Mid-Year 2016, 2017
Bachelor of Project Management (Software) 2016, 2017
Flexible First Year (Stream A) / Science 2012

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
Project and Team Skills (Level 2) No 0%
Design (Level 2) No 0%
Engineering/IT Specialisation (Level 2) Yes 50.96%
Maths/Science Methods and Tools (Level 2) Yes 31.67%
Information Seeking (Level 2) Yes 0%
Communication (Level 2) Yes 0%
Professional Conduct (Level 2) Yes 17.38%

These goals are selected from Engineering & IT Graduate Outcomes Table which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.