CS406: Information Security | Saylor Academy

Topic outline

Collapse all Expand all
Time: 46 hours

Free Certificate

The first network was invented in the late 1960s with the birth of ARPAnet, a project launched by the US Department of Defense. That network advanced into what is now known as the Internet and has grown into a global phenomenon to become an integral part of our daily lives. The Internet connects the world on a social, business, and governmental level. So much information is stored and transferred online that the Internet has become a target for criminals. Any devices connected to the Internet must be protected from unauthorized disclosure using tools prescribed by the discipline of information security.
This course covers information security principles, an area of study that engages in protecting the confidentiality, integrity, and availability of information. Information security continues to grow with advancements in technology – as technology advances, so do threats, attacks, and our efforts to mitigate them. In this course, we discuss the modes of threats and attacks on information systems. We also discuss an important area of threat mitigation that saw rapid development in the twentieth century: cryptography. Information security is concerned with user identification and authentication and access control based on individual or group privileges. The basic access control models and the fundamentals of identification and authentication methods are included in this course.
Without networks, our focus would primarily be on controlling unauthorized physical access. Instead, networks are the way we keep data in motion, making information security a more complex task. We discuss methods to design secure networks using firewalls, tunneling, and encryption, and we describe some tools to secure networks, such as honeypots, network sniffers, and packet capturing. Operating systems that connect to a network must be hardened to prevent unauthorized disclosure. Methods and tools such as patching, logging, antivirus, and antimalware tools are discussed.
The last topic in this course is global privacy laws. When unauthorized disclosure or a breach of information occurs, there are adverse effects and penalties placed on individuals or organizations depending on the area of jurisdiction. Laws are diverse and vary greatly throughout the world, and we are still trying to develop laws that will protect privacy globally.
In this course, you will learn the fundamentals of information security, security threats, modes of attack, and cryptographic models. Access control, identification, and authentication are also addressed. Network security and operating system hardening are explained, along with intrusion detection and prevention. The course concludes with global privacy laws.
- Select activity Enroll me in this course
  
  Enroll me in this course
- Select activity Course Syllabus
  
  Course Syllabus Page

General

Course Syllabus

Unit 1: Introduction to Information Security

1.1: The History and Evolution of Information Security

1.2: Confidentiality, Integrity, and Availability – The CIA Triad

1.3: Threats, Vulnerabilities, and Risks

1.4: The Risk Management Process

1.5: The Incident Response Process

1.6: Security Control

1.7: Defense-in-Depth

1.8: Human Behavioral Risks

1.9: Security Frameworks

Unit 1 Assessment

Unit 2: Threats and Attack Modes

2.1: Threat Terminology

2.2: Types of Attacks

2.3: Spoofing Attacks

2.4: Social Engineering

2.5: Application Attacks

2.6: Web Application Attacks

2.7: Malware attacks

2.8: Denial of Service (DoS) and Distributed Denail of Service (DDoS)

Unit 2 Assessment

Unit 3: Cryptographic Models

3.1: Cryptographic History

3.1.1: The Caesar Cipher

3.1.2: One-Time Pads

3.2: Goals of Cryptography

3.3.1: Symmetric Key Algorithms

3.3.2: Asymmetric Key Algorithms

3.3.3: Hashing Algorithms

3.4.1: Symmetric Key Algorithms

3.4.1.1: DES

3.4.1.2: 3DES

3.4.1.3: AES

3.4.1.4: Ciphers (RC4, RC5, RC6, Blowfish, Twofish)

3.4.2: Asymmetric Key Algorithms

3.4.2.1: RSA

3.4.2.2: DSA

3.4.2.3: Pretty Good Privacy (PGP)

3.4.2.4: GPG

3.4.2.5: Diffie-Hellman

3.4.2.6: Elliptic-Curve Cryptography

3.5: Hashing Algorithms

3.5.1: Digital Certificates

3.5.2: Message Digest 5 (MD5)

3.5.3: Secure Hash Algorithm (SHA-0, SHA-1, SHA-2, and SHA-3)

3.5.4: Hashed Message Authentication Code (HMAC)

Unit 3 Assessment

Unit 4: Access Control

4.1: Access Control

4.2: Access Control Terminology

4.3: Access Control Models

4.3.1: Mandatory Access Control (MAC) and Discretionary Access Control (DAC)

4.3.2: Role-Based Access Control (RBAC)

4.3.3: Rule-Based Access Control (RB-RBAC)

Unit 4 Assessment

Unit 5: Identification and Authentication

5.1: Identification

5.2: Authentication Types

5.3: Human Authentication Factors

5.4: Authentication Forms

5.5: Authentication Protocols: RADIUS, TACACS+, PAP, CHAP, MS-CHAP, and EAP

5.6: Single Sign-On (SSO)

5.7: Public-Key Infrastructure (PKI)

Unit 5 Assessment

Unit 6: Network Security

6.1: Network Security Design

6.2: Firewalls

6.3: Wireless Networks

6.4: Network Protection

6.5: Web Security

Unit 6 Assessment

Unit 7: Operating System (OS) Security

7.1: OS Hardening

7.2: OS Protection Methods

7.3: OS Firewalls

7.4: OS Security Tools

Unit 7 Assessment

Unit 8: Intrusion Detection and Prevention Systems