FIT1019 Introduction to security - Semester 2 , 2008

PDF unit guide

Download PDF version Download the unit guide in PDF

Unit leader :

Dr. Maria Indrawan

Lecturer(s) :

Caulfield

  • Maria Indrawan

Introduction

Welcome to FIT1019 Introduction to Security, semester 2, 2008. This 6 point unit is a core to Security Major of BITS degree. The unit has been designed to provide overview of the current issues and possible solutions in implementing security in an organisation.

Unit synopsis

This unit will provide students with a knowledge of information systems security issues, and their relevance to the management of information systems in contemporary organisations. The students will gain knowledge of the nature of information threats, risks and vulnerabilities and of the control technologies and techniques which can be applied to reduce risk. Students will be expected to demonstrate ethically sound viewpoints with respect to the protection of information resources while maintaining a secure IS framework related to a defence in depth strategy. Further students will have an understanding of the ethical, legal and criminal issues relating to the security of information systems. Additionally students will be required to analyse and assess recent developments and future trends in IS security technologies.

Learning outcomes

Knowledge and Understanding

At the completion of this subject you should have knowledge and understanding and be able to analyse:

1. The importance of information systems security issues to contemporary organisations

2. Information security concepts and philosophies.

3. Threats, vulnerabilities and risks to an organisations' information assets and the control technologies and techniques required to support this.

4. Understanding of the mathematical foundation of cryptoanalysis.

5. The ethical, legal and criminal issues relating to the security of information systems

6. Evalute current and future developments and trends in security control technologies and techniques

7. the relevance of human factors to information security planning and management

8. Apply the security concept in securing information systems by exploring the security mechanism available in an operating systems environment such as UNIX.


Workload

You will need to participate in the following activties:

  • two-hours lecture
  • two-hours laboratory
  • a minimum of 6-8 hours of personal study to prepare for the lecture, laboratory and completing assignments. 

Unit relationships

Prerequisites

No prerequisite knowledge is required. It is considered useful but not essential. However it is expected students will have an appreciation of information systems and information technology principles to draw upon.

Relationships

FIT1019 is a core unit in the secuirty major of the BITS.


 

Continuous improvement

Monash is committed to ‘Excellence in education' and strives for the highest possible quality in teaching and learning. To monitor how successful we are in providing quality teaching and learning Monash regularly seeks feedback from students, employers and staff. Two of the formal ways that you are invited to provide feedback are through Unit Evaluations and through Monquest Teaching Evaluations.

One of the key formal ways students have to provide feedback is through Unit Evaluation Surveys. It is Monash policy for every unit offered to be evaluated each year. Students are strongly encouraged to complete the surveys as they are an important avenue for students to "have their say". The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.

Student Evaluations

The Faculty of IT administers the Unit Evaluation surveys online through the my.monash portal, although for some smaller classes there may be alternative evaluations conducted in class.

If you wish to view how previous students rated this unit, please go to http://www.monash.edu.au/unit-evaluation-reports/

Over the past few years the Faculty of Information Technology has made a number of improvements to its courses as a result of unit evaluation feedback. Some of these include systematic analysis and planning of unit improvements, and consistent assignment return guidelines.

Monquest Teaching Evaluation surveys may be used by some of your academic staff this semester. They are administered by the Centre for Higher Education Quality (CHEQ) and may be completed in class with a facilitator or on-line through the my.monash portal. The data provided to lecturers is completely anonymous. Monquest surveys provide academic staff with evidence of the effectiveness of their teaching and identify areas for improvement. Individual Monquest reports are confidential, however, you can see the summary results of Monquest evaluations for 2006 at http://www.adm.monash.edu.au/cheq/evaluations/monquest/profiles/index.html

Improvements to this unit

A new textbook is introduced for this year offerring as the previous year textbook was considered to be difficult to follow and was aimed more for advanced security unit.

Unit staff - contact details

Unit leader

Dr. Maria Indrawan

Lecturer(s) :

Dr Maria Indrawan
Senior Lecturer
Phone +61 3 990 31916
Fax +61 3 990 31077

Teaching and learning method

The lectures will cover the theoretical concepts of security. The laboratory will be used to explore the current available security tools and operating system platforms. The exploration aim to demonstrate and illustrate the concepts  provided in the lectures.

Tutorial allocation

You should register for laboratory using Allocate+, http://allocate.cc.monash.edu.au/

Communication, participation and feedback

Monash aims to provide a learning environment in which students receive a range of ongoing feedback throughout their studies. You will receive feedback on your work and progress in this unit. This may take the form of group feedback, individual feedback, peer feedback, self-comparison, verbal and written feedback, discussions (on line and in class) as well as more formal feedback related to assignment marks and grades. You are encouraged to draw on a variety of feedback to enhance your learning.

It is essential that you take action immediately if you realise that you have a problem that is affecting your study. Semesters are short, so we can help you best if you let us know as soon as problems arise. Regardless of whether the problem is related directly to your progress in the unit, if it is likely to interfere with your progress you should discuss it with your lecturer or a Community Service counsellor as soon as possible.

Unit Schedule

Week Topic Key dates
1 Introduction  
2 Building Blocks of IT Security  
3 Access Control  
4 Identity Management  
5 Authentication UNIX Test 1, tutorials
6 Math for Cryptography I  
7 Math for Cryptography II Unit Test 2, lecture
8 Introduction to Cryptography  
9 Public Key Encription  
10 Digital Signature  
11 Overview of Network Security Assignment1 Due, Presentation
Mid semester break
12 Ethics and Privacy Presentation
13 Revision  

Unit Resources

Prescribed text(s) and readings

Jill Slay and Andy Koronios, "Information Technology Security & Risk Managamenr", 3rd edition, Wiley.

Recommended text(s) and readings

Pfleeger, C.P and Pfleeger, S.L, Security in Computing, 3rd edition, Prentice Hall

Anderson, R. (2001). Security Engineering. London: John Wiley & Sons. Bosworth, S. & Kabay, M.E. (Eds.).(2002).

Gollmann, D. (2006), Computer Security, Wiley, UK

Required software and/or hardware

No special software is required.

Equipment and consumables required or provided

N/A

Study resources

Study resources we will provide for your study are:

Study resources can be found in the unit website that can be accessed through MUSO.

Library access

The Monash University Library site contains details about borrowing rights and catalogue searching. To learn more about the library and the various resources available, please go to http://www.lib.monash.edu.au.  Be sure to obtain a copy of the Library Guide, and if necessary, the instructions for remote access from the library website.

Monash University Studies Online (MUSO)

All unit and lecture materials are available through MUSO (Monash University Studies Online). Blackboard is the primary application used to deliver your unit resources. Some units will be piloted in Moodle. If your unit is piloted in Moodle, you will see a link from your Blackboard unit to Moodle (http://moodle.monash.edu.au) and can bookmark this link to access directly. In Moodle, from the Faculty of Information Technology category, click on the link for your unit.

You can access MUSO and Blackboard via the portal: http://my.monash.edu.au

Click on the Study and enrolment tab, then Blackboard under the MUSO learning systems.

In order for your Blackboard unit(s) to function correctly, your computer needs to be correctly configured.

For example:

  • Blackboard supported browser
  • Supported Java runtime environment

For more information, please visit: http://www.monash.edu.au/muso/support/students/downloadables-student.html

You can contact the MUSO Support by: Phone: (+61 3) 9903 1268

For further contact information including operational hours, please visit: http://www.monash.edu.au/muso/support/students/contact.html

Further information can be obtained from the MUSO support site: http://www.monash.edu.au/muso/support/index.html

Assessment

Unit assessment policy

attain:

  • 50% overall and
  • at least 40% of the available marks in during-semester assessments and end-of-semester assessment (exam).

In the situation whereby you fail to meet the 40% rule, the final mark that will be published is the mark of the assessment that failed to meet the 40% rule.

For example, a final mark of 38 will be awarded to a student who receives an average of 70% from all assignments and 38% on the exam.

Assignment tasks

  • Assignment Task

    Title : Unit Test 1: UNIX and Access Control

    Description :

    Practical test on UNIX commands

    Weighting : 10%

    Criteria for assessment :

    • ability to use UNIX commands to manage file creation, modification and deletion.
    • ability to use UNIX commands to provide systematic access control to an entity. 

    Due date : Tutorial classes in week 4

  • Assignment Task

    Title : Unit Test 2

    Description :

    Mid-semester test. Multiple choice questions on the materials covered up to week 6.

    Weighting : 10%

    Criteria for assessment :

    • demonstrate the mastery of the topics covered up to week 6 by choosing the write answer to multiple choice questions.

    Due date : Lecture in week 7

  • Assignment Task

    Title : Assignment 1: Security Topic

    Description :

    3000 words essay/report on security topics. The topics with associated reading lists will be provided in week 3. The assignment will be conducted in a group of 2 students.

    Weighting : 20%

    Criteria for assessment :

    • demonstrate the understanding of a particular topic in security, eg cryptography, identity management, by conducting small research in the topic and presenting it as a research paper.
    • demonstrate the ability to follow a certain style of referencing and research paper writing.
    • demonstrate the ability to summarise and synthesis ideas collected from a number of research papers.

    Due date : Week 11

  • Assignment Task

    Title : Presentation

    Description :

    Presentation on assignment 1 submission

    Weighting : 10%

    Criteria for assessment :

    • demonstrate the ability to create a structured presentation in a given topic.
    • demonstrate the ability to arcticulate and convey a technical topic in front of an audience.
    • demonstrate the abilityt o use visual aids, eg power point software, to enhance presentation.

    Due date : Week 11 and 12 tutorials

Examinations

  • Examination

    Weighting : 50%

    Length : 2 hours

    Type ( open/closed book ) : Closed book

Assignment submission

Assignments will be submitted by electronic submission to Damocles plagiarism detection system at http://viper.infotech.monash.edu.au/damocles/submit. The cut off time for submission is the midnight on the due date.

University and Faculty policy on assessment

Due dates and extensions

The due dates for the submission of assignments are given in the previous section. Please make every effort to submit work by the due dates. It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are seldom regarded as appropriate reasons for granting extensions. Students are advised to NOT assume that granting of an extension is a matter of course.

Requests for extensions must be made to the unit lecturer at your campus at least two days before the due date. You will be asked to forward original medical certificates in cases of illness, and may be asked to provide other forms of documentation where necessary. A copy of the email or other written communication of an extension must be attached to the assignment submission.

Late assignment

Assignments received after the due date will be subject to a penalty of 10% per-day (including weekend). Assignment will not be accepted after the cut off date that usually set one week after the due date.

Return dates

Students can expect assignments to be returned within two weeks of the submission date or after receipt, whichever is later.

Assessment for the unit as a whole is in accordance with the provisions of the Monash University Education Policy at http://www.policy.monash.edu/policy-bank/academic/education/assessment/

We will aim to have assignment results made available to you within two weeks after assignment receipt.

Plagiarism, cheating and collusion

Plagiarism and cheating are regarded as very serious offences. In cases where cheating  has been confirmed, students have been severely penalised, from losing all marks for an assignment, to facing disciplinary action at the Faculty level. While we would wish that all our students adhere to sound ethical conduct and honesty, I will ask you to acquaint yourself with Student Rights and Responsibilities (http://www.infotech.monash.edu.au/about/committees-groups/facboard/policies/studrights.html) and the Faculty regulations that apply to students detected cheating as these will be applied in all detected cases.

In this University, cheating means seeking to obtain an unfair advantage in any examination or any other written or practical work to be submitted or completed by a student for assessment. It includes the use, or attempted use, of any means to gain an unfair advantage for any assessable work in the unit, where the means is contrary to the instructions for such work. 

When you submit an individual assessment item, such as a program, a report, an essay, assignment or other piece of work, under your name you are understood to be stating that this is your own work. If a submission is identical with, or similar to, someone else's work, an assumption of cheating may arise. If you are planning on working with another student, it is acceptable to undertake research together, and discuss problems, but it is not acceptable to jointly develop or share solutions unless this is specified by your lecturer. 

Intentionally providing students with your solutions to assignments is classified as "assisting to cheat" and students who do this may be subject to disciplinary action. You should take reasonable care that your solution is not accidentally or deliberately obtained by other students. For example, do not leave copies of your work in progress on the hard drives of shared computers, and do not show your work to other students. If you believe this may have happened, please be sure to contact your lecturer as soon as possible.

Cheating also includes taking into an examination any material contrary to the regulations, including any bilingual dictionary, whether or not with the intention of using it to obtain an advantage.

Plagiarism involves the false representation of another person's ideas, or findings, as your own by either copying material or paraphrasing without citing sources. It is both professional and ethical to reference clearly the ideas and information that you have used from another writer. If the source is not identified, then you have plagiarised work of the other author. Plagiarism is a form of dishonesty that is insulting to the reader and grossly unfair to your student colleagues.

Register of counselling about plagiarism

The university requires faculties to keep a simple and confidential register to record counselling to students about plagiarism (e.g. warnings). The register is accessible to Associate Deans Teaching (or nominees) and, where requested, students concerned have access to their own details in the register. The register is to serve as a record of counselling about the nature of plagiarism, not as a record of allegations; and no provision of appeals in relation to the register is necessary or applicable.

Non-discriminatory language

The Faculty of Information Technology is committed to the use of non-discriminatory language in all forms of communication. Discriminatory language is that which refers in abusive terms to gender, race, age, sexual orientation, citizenship or nationality, ethnic or language background, physical or mental ability, or political or religious views, or which stereotypes groups in an adverse manner. This is not meant to preclude or inhibit legitimate academic debate on any issue; however, the language used in such debate should be non-discriminatory and sensitive to these matters. It is important to avoid the use of discriminatory language in your communications and written work. The most common form of discriminatory language in academic work tends to be in the area of gender inclusiveness. You are, therefore, requested to check for this and to ensure your work and communications are non-discriminatory in all respects.

Students with disabilities

Students with disabilities that may disadvantage them in assessment should seek advice from one of the following before completing assessment tasks and examinations:

Deferred assessment and special consideration

Deferred assessment (not to be confused with an extension for submission of an assignment) may be granted in cases of extenuating personal circumstances such as serious personal illness or bereavement. Information and forms for Special Consideration and deferred assessment applications are available at http://www.monash.edu.au/exams/special-consideration.html. Contact the Faculty's Student Services staff at your campus for further information and advice.