course-details-portlet

IIKG3000

Introduction to security and privacy in contemporary systems

New from the academic year 2020/2021

Credits 7.5
Level Second degree level
Course start Autumn 2020
Duration 1 semester
Language of instruction English
Location Gjøvik and Trondheim
Examination arrangement Portfolio assessment

About

About the course

Course content

The way that systems are developed and operated has been changing. Professionals who, in the past, might have been regarded as conventional end-users, now play a role in the development and operation of information systems. Contemporary engineers and scientists are now expected to possess a range of information technology skills. For example, they are expected to use these skills to build a web-based front end for their application, to interact with and control IoT devices, to integrate with third-party services and infrastructure, or to leverage data as a commodity. With these everyday skills comes a responsibility to ensure that security and privacy concerns are adequately considered in the systems that they build and work with. However, we see many public examples of where this does not happen: security and privacy breaches are reported for information systems, medical devices, industrial control systems, and more.

 

The objective of this introductory course is to provide a basic competence in a selection of contemporary information security and privacy topics. It is intended for students who expect to play a role in the development and operation of information systems.

Learning outcome

Knowledge:
- Basic knowledge of security issues in network and web technologies;
- Basic knowledge of the principles and mechanisms for identification and authentication;
- Knowledge of select vulnerabilities and attack mechanisms and methods against information systems;
- Knowledge of information system vulnerability and exposure management;
- Basic knowledge of human-centered security design, and
- Basic knowledge of the concept of data privacy.

Skills:
- Use security APIs and services in order to provide confidentiality, integrety and authentication across networked application systems;
- Use tools to identify security vulnerabilities in selected applications/systems;
- Develop systems that avoid some basic security vulnerabilities, and
- Configure basic network application infrastructure to avoid common security vulnerabilities.

General Competence:
- Discuss and appreciate the dangers of inventing one's own security mechanisms;
- Explain the concept of authentication, authorization, access control, and data integrity;
- Explain the various possible attacks on passwords;
- Describe the concept of privacy including personally identifiable information;
- Describe the concepts of personal tracking and digital footprint, while understanding the invasiveness of such tools in the context of privacy;
- Identify common attack vectors;
- Discuss the need to update software to fix security vulnerabilities;
- Explain how the security of a system's components might impact the security of the system;
- Describe information security policy and its role in a successful information security program, and
- Appreciate the need for adequate security and the limitations of one's own understanding.

Learning methods and activities

The course is based on a combination of lectures and self-defined project work. The projects can be executed individually or in grous. The students are encouraged to work on topics related to their primary interest field with a focus on technological and organizatorical challenges related to information security and privacy. In addition the students are challenged to create digital presentation and execute peer review of the work of other students.

 

A multi campus course, lectures and activity partly in campus Trondheim and campus Gjøvik, partly online.

Compulsory assignments

  • Delivery of two digital presentations (only valid autumn 2020)
  • Exercises (not valid autumn 2020)

Further on evaluation

The portfolio consists of

* Three written works (individual or group wors)

Portefolio assesment failure implies a course retake

 

Credit reduction by 2.5 credits for TDT4237

Specific conditions

Admission to a programme of study is required:
Information Security (MIS)

Required previous knowledge

Students are required to have elementary information technology skills, with a basic understanding of computer systems, programming, web, database and networking.

Course materials

M. Whitman og H. Mattord: Principles of Information Security, CENGAGE, 6. Utgave, 2019

 

 

A use-case driven study of security vulnerabilities in selected systems and networked application systems. Attacks include injection, spoofing, scripting, fixation, hijacking, poisoning, parameter tampering, key/password cracking, flooding and overflows. Techniques and tools for identifying, preventing and/or managing the exploitation of these vulnerabilities. The role that human-factors play in security. Introduction to data privacy.

Credit reductions

Course code Reduction From
TDT4237 2.5 sp
IMT4113 2.5 sp
DCSG1002 5 sp
DCST1002 5 sp
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Portfolio assessment
Grade: Letters

Ordinary examination - Autumn 2020

Portfolio assessment (1)
Weighting 100/100 Date Submission 2020-12-18 Time Submission 08:00
  • Other comments
  • 1) Eksamensform er endret som et smittevernstiltak i den pågående koronasituasjonen. The exam form has changed as a preventive measure in the ongoing corona situation.

All about examinations at NTNU