Clark Atlanta University

 

Information Assurance Design

CIS 121: Introduction to Computer Systems

 

Overview:

  • Description
  • Objective
  • Goals/Outcome
  • Outline
  • Suggested Assignments
  • References

 

Suggested Time: 3 class periods

 
 
                                                                                                                                                           

 

 

 

 

 

 

 

 

 

 

Course Length: 3 Hours

Pre-Requisite  : CIS 105

 

                                                                                                                                                                                                                                                                                                                                                                                                                                   

 

 

 

 

 

 

 

 
 
 

 

 

 

 


    Target Audience

                                                   Levels

Disciplines

CS

 

CIS

Undergraduate

x

 

x

Graduate

 

 

 

 

Description:

      The information assurance module for this course focuses on concepts of information assurance related to computer architecture design, vulnerabilities commonly associated with computing environments, possible attacks, and methods of defense.  It introduces students to survivability in the context of computer security, vulnerabilities and attacks associated with computer architecture, IA concerns involving hardware and data sharing and the role of security in operating systems, hardware, and software.

 

 

 

 

 
 
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Objective(s):

The primary purpose of this course is to:

·        Provide an understanding of information design principles related to computer organization.

·        Describe basic information assurance concepts related to different components of a computer system such as memory, the operating system, hardware, and software.

·        Identify vulnerabilities associated to data sharing, hardware sharing, and the complexity of computer systems.

·        Describe different types  of attacks that occur from vulnerabilities related to computer architecture. 

·        Identify methods of defense for computer systems.
 

Goals/Outcome:

The students will be able to:

  • Identify the Principles of Survivability and Information Assurance and relate these principles to good design practices for computer systems.
  • Identify several security vulnerabilities and the types of attacks that they expose systems to.
  • Identify the cause of common vulnerabilities related to computer organization.
  • Identify the basic architectural elements and discuss security implications of each element.

 

 

 

 
 

Outline:

o       Principle 1: Survivability is an enterprise-wide concern.

o       Principle 2: Everything is data.

o       Principle 3: Not all data is of equal value to the enterprise – risk must be managed.

o       Principle 4: Information assurance policy governs actions.

o       Principle 5: Identification of users, computer systems, and network infrastructure components is critical.

o       Principle 6: Survivable Functional Units (SFUs) are a helpful way to think about an enterprise’s networks.

o       Principle 7: Security Knowledge in Practice (SKiP) provides a structured approach.

o       Principle 8: The road map guides implementation choices (all technology is not equal).

o       Principle 9: Challenge assumptions to understand risk.

o       Principle 10: Communication skill is critical to reach all constituencies.

  • Vulnerabilities commonly encountered in computing environments
    • Contamination and Interference
    • Changes Between Time of Check and Time of Use
    • Unenforced Restrictions
    • Covert Channels
  • Possible Attacks as it relates to Computer Architecture:
    • Browsing
    • Trojan Horse
    • Virus
  • Methods of Defense- Hardware and Software Security and Firmware
    • Application Controls and Security
    • Intrusion Detection Systems
  • Legal and Ethical Implications
    • Introduction to Information Warfare
    • role of ethics in decision making and professional practice

 
 

Suggested Assignments:

  • Students will be organized into four groups. Each group will give a presentation about one of the four vulnerabilities discussed in class. The presentation will include causes for the vulnerability, possible attacks, and methods of defense.  The presentation will also include information about modern incidents involving this vulnerability or one or more of the attacks discussed in their presentation.

 

  • Students will research security issues related to hardware, computer system design, or operating systems and present findings to the class.
 

References:

·        Krause, Micki & Tipton, Harold .  “Handbook of Security Management: Computer Architecture.” March, 2005. <http://www.cccure.org/Documents/HISM/404-407.html>

·        Pfleeger, Charles P. and Shari Lawrence. Security in Computing. Upper Saddle River, NJ: Prentice-Hall, 2003.

·        Principles of Survivability and Information Assurance.” CERT Coordination Center. March, 2005 <http://www.cert.org/info_assurance/principles.html#p1>