CSC 474/574 Information Systems Security


1.    Instructor:

Dr. Peng Ning,

Office: Room 250 Venture III (in Suite 243), Centennial Campus

Phone: (919) 513-4457

Email: ning (at)


Office hours: Tuesdays and Thursdays, 3:00 pm – 4:00 pm

2.    Course Objectives:

Students will be able to :

1.     State the basic concepts in information security, including security policies, security models, and various security mechanisms.

2.     Explain the basic number theory required for cryptographic applications as well as various cryptographic systems.

3.     Manually compute using Fermat's theorem, Euler's theorem, Euclid's algorithm, extended Euclid's algorithm.

4.     Manually encrypt/decrypt and sign/verify signatures for small messages using RSA, Diffie-Hellman, and DSA algorithms.

5.     State the requirements and mechanisms for identification and authentication.

6.     Explain and compare the various access control policies and models as well as the assurance of these models.

7.     State the characteristics of typical security architectures, including multi-level security systems.

8.     State the criteria of evaluating secure information systems, including evaluation of secure operating systems and secure network systems.

9.     List the database security issues and solutions, including models, architectures, and mechanisms for database security.

10.  List network and distributed systems security issues and solutions, including authentication, key distribution, firewalls, and network security protocols.

11.  State program security issues, including virus, worm, and logical bombs.

12.  State the basic concepts and general techniques in security auditing and intrusion detection.

13.  State the issues related to administration security, physical security, and program security.

14.  Determine appropriate mechanisms for protecting information systems ranging from operating systems, to database management systems, and to applications.

3.    Textbooks:

4.    Course Organization and Scope:

(Assume each lecture takes 75 minutes. The following topics need 30 lectures (or 15 weeks).)

  1. Basic Security Concepts (1 lectures)
  1. Cryptography and Its Applications (5 lectures)
  1. Identification and Authentication (2 lectures)
  1. Access Control (5 lectures)
  1. Assurance and Evaluation of Secure Information Systems (2 lectures)
  1. Introduction to Database Security (1 lectures)
  1. Network and Distributed Systems Security (5 lectures)
  1. Program Security (Virus and other malicious software) (2 lectures)
  2. Auditing and Intrusion Detection (3 lecture)
  3. Administrating Security (2 lectures)
  1. Physical Security and Beyond (1 lecture)

5.    Schedule of Reading Assignments:

If not specifically identified, the following chapters refer to those in the first textbook. We refer to the second textbook as Abrams et al.


Š       Topic 1: Chapter 1.

Š       Topic 2: Chapters 2.4.1 – 2.4.4 in handout 8; Chapters 9, 10 and 11.

Š       Topic 3: Chapter 12; Chapters 2.2.2 and 2.2.5 in handout 7.

Š       Topic 4: Chapters 2 – 7; handouts 1 – 3.

Š       Topic 5: Chapters 18, 19, and 21.

Š       Topic 6: Handouts 4 and 5.

Š       Topic 7: Chapters 11.4, 26, and 27.

Š       Topic 8: Chapters 22 and 29.

Š       Topic 9: Chapters 24 and 25; Handout 6.

Š       Topic 10: Chapters 23.

Š       Topic 11: TBD.

6.    Schedule of homework due dates, quizzes and exams:

There are 5 homework assignments and 2 exams. Quizzes are given in the form of pop quizzes. Pop quizzes are adopted to encourage the students to study during the non-exam weeks. The results of pop quizzes are not counted in the final grade.

7.    Grading:

o               A+: >= 95%

o               A: >= 90% and < 95%

o               A-: >= 85% and < 90%

o               B+: >= 80% and < 85%

o               B: >= 75% and < 80%

o               B-: >= 70% and < 75%

o               C+: >= 66% and < 70%

o               C: >= 63% and < 66%

o               C-: >= 60% and < 63%

o               D+: >= 56% and < 60%

o               D: >= 53% and < 56%

o               D-: >= 50% and < 53%

o               F: < 50%.

8.    Policies on late assignments:

Homework and project deadlines will be hard. Late homework will be accepted with a 10% reduction in grade for each class period they are late by. However, once a homework assignment is discussed in class, submissions will no longer be accepted. All assignments must be turned in before the start of class on the due date.

9.    Policies on absences (excused and unexcused) and scheduling makeup work:

The university policy on absences will be enforced. See the university policy at the following URL.

10.         Course prerequisites:

CSC 401, CSC 440.

11.         Academic integrity:

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct, or from the following URL.

12.         NC State policy on working with students with disabilities:

“Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Service for Students at 1900 Student Health Center, Campus Box 7509, 515-7653.

For more information on NC State’s policy on working with students with disabilities, please see

13.         Laboratory Safety or Risk Assumption: Not Applicable.

14.         “Pass-through” Charges: Not applicable.