TTM4185 - Security and robustness in ICT systems
Examination arrangement: Portfolio assessment
|Evaluation form||Weighting||Duration||Examination aids||Grade deviation|
|Written examination||70/100||4 hours||D|
The course will focus on information and communication networks as critical infrastructure, where the central functions (basics, operations, maintenance of quality of service), and the properties of autonomy and heterogeneity are described.
The course demonstrates how communication networks are integrated with other systems, such as Content Delivery Networks, P2P, Virtual Networks, Clouds, Emergency (wireless) networks, sensor networks, business critical systems, Smart Grids, and discusses what can happened when attacked or prune to outages. A descriptive taxonomy is introduced, which includes Information security, privacy, safety, dependability, survivability, performances portability, and a classification of threats. Threats include both human-made (both intentional, incompetence, ignorance, accident) and random failure (environments / nature, weather, wear-out).
Several countermeasures exists, and this course covers technological (security mechanisms, fault avoidance and fault tolerant design, measurement / monitoring, standards), organizational (contingency, preparedness, importance of role specification, communication between operational units), and political, including laws and regulations (e-Governance). The course focus on the qualitative aspects, and will provide brief introduction to methods such as risk management and the application of graph theory.
To gain basic understanding of:
- How information and communication networks support and interact with others socially critical system
- the criticality, complexity and diversity (technological, organizational, interacting actors) of information systems and communications networks
- approaches to represent information and communication networks for the evaluation of the best possible design
- Different taxonomy for describing security and robustness properties, threats, and countermeasures
- The broad set of threat through presentations of various risks (ranging from human to random, malicious people unfortunate combination of random events)
- Various countermeasures for securing information systems and communication networks against such threats (including technological, organizational, regulations and laws, economic, political)
- That it is a compromise between the demands for quality and safety (security, reliability, performance), cost (OPEX / CAPEX), environment (energy efficiency),
- The use of contracts and agreements (e.g., Terms of Service, Service Level Agreements, privacy policies, etc.) to describe this
- To learn methodical approach to analysis of risks / threats
- To be able to carry out basic risk assessments
- To be able to use graphs to represent the complexity and qualitative analysis of the impact of threats
- To be able to identify and prioritize appropriate countermeasures to mitigate threats
Learning methods and activities
Learning through lectures and practical exercises.
Further on evaluation
Portfolio assessment is the basis for the grade in the course. The portfolio includes four exercises (two pieces of 10 % work and two pieces of 5 % work), and a written final exam which counts 70%. The results for the parts are given in %-scores. The entire portfolio is assigned a letter grade.
If there is a re-sit examination, the examination form may be changed from written to oral.
If a student also after the re-sit exam has the final grade F/failed, the student must repeat the entire course. Works that count in the final grade must be repeated.
Recommended previous knowledge
TTM4175 - Communication Technology, introduction and/or TDT4105/10 - Information Technology, Introduction.
To be decided at the beginning of the semester.
Examination arrangement: Portfolio assessment
|Term||Statuskode||Evaluation form||Weighting||Examination aids||Date||Time||Room *|
|Autumn||ORD||Written examination**||70/100||D||2017-12-08||09:00||JB41 , JD2 , JC1 , R D1-102 Datasal , JB369 , JB368 , JB22|
- * The location (room) for a written examination is published 3 days before examination date.
- ** Dette er en digital eksamen: Ta med egen PC. Merk: Hvis du skal ha tilrettelegging med PC og er plassert på datasal, trenger du ikke å ta med deg egen PC, men merk at du fortsatt skal levere eksamen i Inspera. Gjennomfør en demoeksamen uten SEB på ntnu.inspera.no Please note that this is a digital exam: Please bring your own computer. https://innsida.ntnu.no/wiki/-/wiki/Norsk/Digital+skoleeksamen+-+for+studenter