FIT4016 Information security - Semester 2 , 2007

Unit leader :

Nandita Bhattacharjee

Lecturer(s) :

Clayton

  • Bala Srinivasan
  • Nandita Bhattacharjee

Introduction

Welcome to FIT4016, Information Security, for semester 2, 2007. This 6 point unit is an elective unit to all honours and postgraduate degree programs in the Faculty of IT. The unit has been designed to provide you with an understanding of  principles and practice of  security in a computerised information system. It explores many techniques and tools utilised to counteract the risks and threat to information security and its practical application to some examples.

Unit synopsis

This unit looks at a range of security problems in information systems, namely system security, network security and software security. Within these areas, topics covered include properties of information security, principles of encryption, a variety of crypto techniques and analysis, and their application to practical examples like authentication algorithms, non repudiation by digital signatures among others.  It looks at various management issues, including disparate application examples, distributed systems authentication, contingency planning, audit and review, intrusion detection to name a few.

Learning outcomes

Upon completion students will

  • Have knowledge of risks, threats and goals of information security
  • Understand various controls and their effectiveness for information security in an organisation
  • be able to evaluate the effectiveness (both in terms of performance and limitations) of individual control techniques
  • match the risk against controls and evaluate their applicability

Workload

Student workload commitments per week are:
  • two-hour lecture and
  • two-hour tutorial (requiring advance preparation)
  • a minimum of 2-3 hours of personal study per one hour of contact time in order to satisfy the reading and assessment expectations.

Unit relationships

Prerequisites

There are no prerequisite units recommended for this unit. Prerequisite knowledge of basic data communications (similar to FIT1005 or equivalent) is assumed.

Relationships

This level 4 unit is an elective unit in all the undergraduate honours degree programs and the Bachelor of Software Engineering program of the Faculty of IT. It maybe taken as an elective in other programs where you have satisfied the prerequisite knowledge and course rules permit.You may not study this unit if you have completed CSE4892.

Continuous improvement

Monash is committed to ‘Excellence in education' and strives for the highest possible quality in teaching and learning. To monitor how successful we are in providing quality teaching and learning Monash regularly seeks feedback from students, employers and staff. Two of the formal ways that you are invited to provide feedback are through Unit Evaluations and through Monquest Teaching Evaluations.

One of the key formal ways students have to provide feedback is through Unit Evaluation Surveys. It is Monash policy for every unit offered to be evaluated each year. Students are strongly encouraged to complete the surveys as they are an important avenue for students to "have their say". The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.

Student Evaluations

The Faculty of IT administers the Unit Evaluation surveys online through the my.monash portal, although for some smaller classes there may be alternative evaluations conducted in class.

If you wish to view how previous students rated this unit, please go to http://www.monash.edu.au/unit-evaluation-reports/

Over the past few years the Faculty of Information Technology has made a number of improvements to its courses as a result of unit evaluation feedback. Some of these include systematic analysis and planning of unit improvements, and consistent assignment return guidelines.

Monquest Teaching Evaluation surveys may be used by some of your academic staff this semester. They are administered by the Centre for Higher Education Quality (CHEQ) and may be completed in class with a facilitator or on-line through the my.monash portal. The data provided to lecturers is completely anonymous. Monquest surveys provide academic staff with evidence of the effectiveness of their teaching and identify areas for improvement. Individual Monquest reports are confidential, however, you can see the summary results of Monquest evaluations for 2006 at http://www.adm.monash.edu.au/cheq/evaluations/monquest/profiles/index.html

Unit staff - contact details

Unit leader

Dr Nandita Bhattacharjee
Lecturer
Phone +61 3 990 53293
Fax +61 3 990 55146

Lecturer(s) :

Professor Balasubramaniam Srinivasan
Professor, and Head of School
Phone +61 3 990 31333 +61 3 990 55222
Fax +61 3 990 55157
Dr Nandita Bhattacharjee
Lecturer
Phone +61 3 990 53293
Fax +61 3 990 55146

Teaching and learning method

This unit will be delivered via a 2 hours lecture followed by a 2 hours tutorial session  consisting of discussion class each week.  Lecturers may go through specific examples, give demonstrations and present slides that contain theorectical concepts in the lectures.  In the discussion classes students will discuss in-depth fundmental and interesting problem solving exercises related to information security and present solutions in class. The discussion classes will complement the lectures and help  students consolidate concepts and practise problem solving skills.

Communication, participation and feedback

Monash aims to provide a learning environment in which students receive a range of ongoing feedback throughout their studies. You will receive feedback on your work and progress in this unit. This may take the form of group feedback, individual feedback, peer feedback, self-comparison, verbal and written feedback, discussions (on line and in class) as well as more formal feedback related to assignment marks and grades. You are encouraged to draw on a variety of feedback to enhance your learning.

It is essential that you take action immediately if you realise that you have a problem that is affecting your study. Semesters are short, so we can help you best if you let us know as soon as problems arise. Regardless of whether the problem is related directly to your progress in the unit, if it is likely to interfere with your progress you should discuss it with your lecturer or a Community Service counsellor as soon as possible.

Unit Schedule

Week Topic Key dates
1 Introduction to information security  
2 Principles of encryption Quiz 01
3 Cryptography I  
4 Cryptography II Quiz 02
5 Key exchange protocol  
6 Public key cyptography Quiz 03
7 Key Escrow  
8 Authentication I - Example 1 Quiz 04
9 Biometric authentication- Example 2 Class Test
10 Non-repudiation using digital signatures- Example 3 Quiz 05, Assignment (21-09-07)
Mid semester break
11 Distributed Authentication- Kerberos- Example 4  
12 Audit-logging, intrusion detection and software security- Management Issues Quiz 06
13 Revision  

Unit Resources

Prescribed text(s) and readings

No book is prescribed as a text book for this unit. However three books are suggested as recommended texts. It is advisable to have at least one of those books. A number of copies of the recommeded books are available at various Monash University libraries.

Recommended text(s) and readings

The list references:
  • Cryptography and Network Security : Principles and Practice – William Stallings, Fourth Edition, 2006, Prentice Hall.
  •  Security Engineering: A Guide to Building Dependable Distributed Systems – Ross J Anderson, 2001, John Wiley & Sons, Inc.
  • Practical Unix  and Internet Security – Simon Garfinkel and Gene Spafford, O’Reilly & Associates.

Study resources

Study resources we will provide for your study are:

  • Weekly lecture notes
  • Weekly discussion tasks to be undertaken during the tutorial sessions
  • Fortnightly quiz and its suggested solutions discussed in the tutorial class
  • Practise exam questions and solutions discussed in last tutorial class
  • This Unit Guide outlining the administrative information for the unit;
  • The unit web site on MUSO, where resources outlined above will be made available.

Library access

The Monash University Library site contains details about borrowing rights and catalogue searching. To learn more about the library and the various resources available, please go to http://www.lib.monash.edu.au.  Be sure to obtain a copy of the Library Guide, and if necessary, the instructions for remote access from the library website.

Monash University Studies Online (MUSO)

All unit and lecture materials are available through the MUSO (Monash University Studies Online) site. You can access this site by going to:

  1. a) https://muso.monash.edu.au or
  2. b) via the portal (http://my.monash.edu.au).

Click on the Study and enrolment tab, then the MUSO hyperlink.

In order for your MUSO unit(s) to function correctly, your computer needs to be correctly configured.

For example :

  • MUSO supported browser
  • Supported Java runtime environment

For more information, please visit

http://www.monash.edu.au/muso/support/students/downloadables-student.html

You can contact the MUSO Support by: Phone: (+61 3) 9903 1268

For further contact information including operational hours, please visit

http://www.monash.edu.au/muso/support/students/contact.html

Further information can be obtained from the MUSO support site:

http://www.monash.edu.au/muso/support/index.html

Assessment

Unit assessment policy

The unit is assessed with one assignment, a unit test and a final exam. To pass the unit you must:

  • attempt all the three assessment components and
  • achieve no less that 40% in each of the three assessment components;  and
  • an overall mark of at least 50% .

Assignment tasks

  • Assignment Task
    Title :
    Information Security Assignment
    Description :
    This assignment description will be made available via the FIT4016 muso website under the assignment icon.
    Weighting :
    20%
    Criteria for assessment :
    The assessment criteria will be provided with the assignment specifications.
    Due date :
    21 September 2007, 12 noon
  • Assignment Task
    Title :
    Class test
    Description :
    • Quizzes will be conducted each fortnight during the tutorial sessions, starting in week 2, on the topics covered in lectures.
    • A class test with a weighting of 20% on 13-9-07.
    • Best of 4 out of 6 quizzes or the class test, whichever is the best, will account for the class test assessment.
    Weighting :
    20%
    Criteria for assessment :
    Refer to description for details.
    Due date :
    26/7, 9/8, 23/8, 6/9, 13/9, 20/9, 11/10

Examinations

  • Examination
    Weighting :
    60%
    Length :
    2 hours
    Type ( open/closed book ) :
    Closed book

Assignment submission

Submit the printed copy of the assignemnt to the lecturer during the week 9 lecture and also submit a softcopy through the MUSO website by that due date. The MUSO will not accept your submission after the due date.

Assignment coversheets

Download from the MUSO site, if required.

University and Faculty policy on assessment

Due dates and extensions

The due dates for the submission of assignments are given in the previous section. Please make every effort to submit work by the due dates. It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are seldom regarded as appropriate reasons for granting extensions. Students are advised to NOT assume that granting of an extension is a matter of course.

 Requests for extensions must be made to the unit lecturer at least two days before the due date. You will be asked to forward original medical certificates in cases of illness, and may beasked to provide other forms of documentation where necessary. A copyof the email or other written communication of an extension must be attached to the assignment submission.

Late assignment

Late assigment will not be accepted unless otherwise supported with VALID evidence which is acceptable to the lecturer to show why it could not completed during the week of its due date. It is required that if you are planning or need to submit the assignment late, you need to inform the lecturer by email at least  a week before the due date giving reasons for the late submission and expected date and mode of submission.

A maximum of one  week's extension is possible under the above conditions.

Any assignement submitted after one week of due date will result in 0% for that assignment as it is expected that possible solutions to the assignment probelm will be dicussed in the following tutorial class.

Return dates

Students can expect assignments to be returned within two weeks of the submission date or after receipt, whichever is later.

Assessment for the unit as a whole is in accordance with the provisions of the Monash University Education Policy at:

http://www.policy.monash.edu/policy-bank/academic/education/assessment/

Plagiarism, cheating and collusion

Plagiarism and cheating are regarded as very serious offences. In cases where cheating  has been confirmed, students have been severely penalised, from losing all marks for an assignment, to facing disciplinary action at the Faculty level. While we would wish that all our students adhere to sound ethical conduct and honesty, I will ask you to acquaint yourself with Student Rights and Responsibilities (http://www.infotech.monash.edu.au/about/committees-groups/facboard/policies/studrights.html) and the Faculty regulations that apply to students detected cheating as these will be applied in all detected cases.

In this University, cheating means seeking to obtain an unfair advantage in any examination or any other written or practical work to be submitted or completed by a student for assessment. It includes the use, or attempted use, of any means to gain an unfair advantage for any assessable work in the unit, where the means is contrary to the instructions for such work. 

When you submit an individual assessment item, such as a program, a report, an essay, assignment or other piece of work, under your name you are understood to be stating that this is your own work. If a submission is identical with, or similar to, someone else's work, an assumption of cheating may arise. If you are planning on working with another student, it is acceptable to undertake research together, and discuss problems, but it is not acceptable to jointly develop or share solutions unless this is specified by your lecturer. 

Intentionally providing students with your solutions to assignments is classified as "assisting to cheat" and students who do this may be subject to disciplinary action. You should take reasonable care that your solution is not accidentally or deliberately obtained by other students. For example, do not leave copies of your work in progress on the hard drives of shared computers, and do not show your work to other students. If you believe this may have happened, please be sure to contact your lecturer as soon as possible.

Cheating also includes taking into an examination any material contrary to the regulations, including any bilingual dictionary, whether or not with the intention of using it to obtain an advantage.

Plagiarism involves the false representation of another person's ideas, or findings, as your own by either copying material or paraphrasing without citing sources. It is both professional and ethical to reference clearly the ideas and information that you have used from another writer. If the source is not identified, then you have plagiarised work of the other author. Plagiarism is a form of dishonesty that is insulting to the reader and grossly unfair to your student colleagues.

Register of counselling about plagiarism

The university requires faculties to keep a simple and confidential register to record counselling to students about plagiarism (e.g. warnings). The register is accessible to Associate Deans Teaching (or nominees) and, where requested, students concerned have access to their own details in the register. The register is to serve as a record of counselling about the nature of plagiarism, not as a record of allegations; and no provision of appeals in relation to the register is necessary or applicable.

Non-discriminatory language

The Faculty of Information Technology is committed to the use of non-discriminatory language in all forms of communication. Discriminatory language is that which refers in abusive terms to gender, race, age, sexual orientation, citizenship or nationality, ethnic or language background, physical or mental ability, or political or religious views, or which stereotypes groups in an adverse manner. This is not meant to preclude or inhibit legitimate academic debate on any issue; however, the language used in such debate should be non-discriminatory and sensitive to these matters. It is important to avoid the use of discriminatory language in your communications and written work. The most common form of discriminatory language in academic work tends to be in the area of gender inclusiveness. You are, therefore, requested to check for this and to ensure your work and communications are non-discriminatory in all respects.

Students with disabilities

Students with disabilities that may disadvantage them in assessment should seek advice from one of the following before completing assessment tasks and examinations:

Deferred assessment and special consideration

Deferred assessment (not to be confused with an extension for submission of an assignment) may be granted in cases of extenuating personal circumstances such as serious personal illness or bereavement. Special consideration in the awarding of grades is also possible in some circumstances. Information and forms for Special Consideration and deferred assessment applications are available at http://www.monash.edu.au/exams/special-consideration.html. Contact the Faculty's Student Services staff at your campus for further information and advice.