Information Security

Code:

MCI0007

Acronym:

SEGINF

Keywords
Classification	Keyword
OFICIAL	Computer Science

Instance: 2010/2011 - 1S

Active?	Yes
E-learning page:	http://moodle.fe.up.pt/
Responsible unit:	Department of Informatics Engineering
Course/CS Responsible:	Master in Information Science

Cycles of Study/Courses

Acronym	No. of Students	Study Plan	Curricular Years	Credits UCN	Credits ECTS	Contact hours	Total Time
MCI	27	Plano de estudos oficial	1	-	6	60	162

Teaching language

Portuguese

Objectives

Provide to the students an overview of the various aspects of computer security that should be considered to protect, as much as possible, the information.

Program

1. Introduction to Information Security
- Vulnerabilities, attacks, risks and defenses
- Policies and security mechanisms
- Design of security systems
2. Encryption
- Components of a cryptographic system
- Types of cryptographic systems
- Most used cryptographic attacks
- Systems cipher algorithm
- Secret key systems
- Sequential cipher vs. block ciphers
- Symmetric keys and asymmetric keys
- Cryptographic transformations
3. Cryptographic keys
- Keys vs. Passwords
- Types of cryptographic keys
- Storage of keys
- Distributors of keys
- Digital Certificates
4. Identification, authentication, authorization and access control
- Methods of validation
- Types of evidence
- Authentication based on digital certificates
- Authentication with symmetric and asymmetric systems
- Problems with authentication keys
- Methods for authorization and access control
5. Social Engineering
- Some used techniques
- Protection
6. Malicious software and digital viruses
- Types of malicious software and viruses
- Grading of danger
7. Protection of communication channels
- Points to protect
- Types of protection for different levels
- Establishing secure channels
- Digital signatures
8. Security in computer networks
- Introduction
- Firewalls
- Intrusion detection system
- Virtual Private Networks
- From security to wireless networks
9. Information Security Audit

Mandatory literature

André Zúquete; Segurança em Redes Informáticas, Lidel, edições técnicas Lda., 2006. ISBN: 972-722-399-0
Silva, Pedro Tavares; Segurança dos sistemas de informação. ISBN: 972-8426-66-6
Bishop, Matt; Introduction to Computer Security. ISBN: 0-321-24744-2
Henrique São Mamede; Segurança informática nas OrganizaI, FCA, 2006. ISBN: 978-972-722-411-8

Complementary Bibliography

Alberto Carneiro; Auditoria e Controlo de Sistemas de Informação, FCA, 2009. ISBN: 978-972-722-407-4
Kaufman, Charlie; Network security. ISBN: 0-13-061466-1

Teaching methods and learning activities

Theoretical classes shall comprise the formal explanation of subject-matter, with the use of computer presentations and demonstrations with a video projector, followed by the presentation of examples and subsequent discussion. Practical classes include resolving exercises and preparing practical assignments.

Evaluation Type

Distributed evaluation with final exam

Assessment Components

Description	Type	Time (hours)	Weight (%)	End date
Attendance (estimated)	Participação presencial	44,00
	Exame	2,00
	Trabalho escrito	40,00
	Teste	30,00
	Total:	-	0,00

Amount of time allocated to each course unit

Description	Type	Time (hours)	End date
	Estudo autónomo	46
	Total:	46,00

Eligibility for exams

Requires at least 50% at group work.

Calculation formula of final grade

Final Mark = 40% Group Work + 60% Final Exam

It is necessary to obtain at least 40% in the Final Exam.

Examinations or Special Assignments

There are no special tests or assignments.

Special assessment (TE, DA, ...)

There are no special evaluation.

Classification improvement

Improvement may be attained in the exist exam periods, according to the academic calendar.