Information Assurance Courses at the University of Pittsburgh

School of Information Science

Capstone in SecurityINFSCI 2629
Integrative class for masters students in their final semester of the SAIS track. Combination of business and technical case studies and group projects. Case studies focus on business/economics aspects of providing information assurance and how this service impacts technology. Group projects involve design and development of a prototype secure and survivable information system including application development, system deployment, system optimization and system economics. (Prerequisites: INFSCI 2150/TELCOM 2810, TELCOM 2821)
CryptographyINFSCI 2170TELCOM 2820
Principles of number theory, cryptographic algorithms and cryptanalysis. Steganography, block and stream ciphers, secret key encryption (DES, RES, RE-N), primes, random numbers, factoring, and discrete logarithms. Public key encryption (RSA, Diffie-Helman, elliptical curve cryptography, N'TRU); key management, hash functions (MD5, SHA-1, RIPEMD-160, HMAC), digital signatures, certificates and authentication protocols. Cryptanalytic methods (known, chosen plaintext etc.) for secret and public key schemes (linear and differential cryptanalysis, Pollard's rho method, number field sieve, etc.).
Advanced CryptographyTELCOM 2829
Algorithm complexity, advanced number theory (Galois fields, quadratic residues, zero knowledge schemes, one-time signatures), efficient implementation of encryption schemes in hardware and software and other advanced topics in cryptography. (Prerequisites: TELCOM 2820)
Developing Secure SystemsINFSCI 2620
Design and implementation of secure systems. Principles and practice of trustworthy computing, secure and high-assurance software development process and lifecycle models. Secure software design using UMLsec, secure design of operating systems and network services, database and applications. Secure Webs services, COTS-based and service-oriented systems. Software assurance tools and techniques such as code analysis and testing, evaluation and certification of software. Secure programming techniques. (Prerequisite: INFSCI 2150)
Information Security and PrivacyINFSCI 2150TELCOM 2810
Fundamental issues and first principles of security and information assurance. Security policies, models, and mechanisms related to confidentiality, integrity, authentication, identification, and availability issues related to information and information systems. Basics of cryptography such as key management and digital signatures, etc. and network security such as PKI, IPSec, intrusion detection and prevention. Risk management, security assurance, and secure design principles. Issues such as organizational security policy, legal and ethical issues in security, standards and methodologies for security evaluation and certification. (Pre-requisite: TELCOM 2000 or permission of instructor)
Information Systems & Network Infrastructure ProtectionTELCOM 2825
Techniques for the protection and survivability of information systems and networks. Critical infrastructure definition, risk management, vulnerability and risk analysis, fault and attack trees, availability analysis, traffic restoration schemes and survivable network design and management techniques; critical infrastructure simulation, CIP policy and legal issues, SCADA systems. (Prerequisites: TELCOM 2000/2100/2810)
Network SecurityTELCOM 2821
Principles of network security and management. Review of network vulnerabilities, security at the link, network and transport layers; dial-up security (PAP, CHAP, Radius, Diameter), IPSEC, SSL, and VPNS. Email security (PGP, S/MIME); Kerberos; X.509 certificates; AAA and mobile IP; SNMP security; firewalls; filters and gateways; policies and implementation of firewall policies; stateful firewalls; firewall appliances. (Prerequisites: TELCOM 2810/2820, TELCOM 2000/2100)
Security in E-CommerceINFSCI 2731
Covers the technology, concepts, issues and principles that are important in the design and implementation of secure e-commerce systems. Examines technology for protecting electronic commerce. It will include discussion of basic security principles, as well as the issues, policy and standards particular to e-commerce applications. (Prerequisites: INFSCI 2560, 2150 (co-requisite), 2730 and 2550n
Security ManagementINFSCI 2621TELCOM 2813
Administration and management of security of enterprise information systems and networks. Principles and tools related to intrusion detection systems, vulnerability analysis, anomaly detection, computer forensics, application logging, auditing and data management, risk management, contingency planning and incident handling, digital immune systems, and alarms and responses. Security standards, evaluation and certification process; security planning, ethical and legal issues in information; privacy, traceability and cyber-evidence. (Prerequisites: INFSCI 2150, TELCOM 2821)

Courses outside the iSchool will be added soon...