IICS/IICP/IU/IICKL

Revised: 13/08/2013

INTI INTERNATIONAL COLLEGE SUBANG

COURSE STRUCTURE
COURSE:

ICT2106 FUNDAMENTALS OF TRUSTWORTHY COMPUTING (4Cr)

PREREQUISITE(S):
None
COURSE DESCRIPTION:
This module will immerse the student into understanding on making online activities, software/ application,
and computer services safer. A trustworthy computer system is one which will not be compromised. Lab
lesson will include imparting knowledge and practical experience with the current essential security
solutions and lab work on how to scan, test, and hack, as well as securing their own systems. Students will
begin by understanding how perimeter defenses work and then be lead into scanning and attacking their
own networks, no real network is harmed. Students then learn how intruders escalate privileges and what
steps can be taken to secure a system. Students will learn about framework of TwC, Intrusion Detection,
Information security metrics, password management and issues, Social Engineering, malwares,
cryptography, configuring and design safer Web Servers and Web Applications.
LEARNING OBJECTIVES:
The aims of this course are to enable students to:
Define and explain computer security fundamentals and Trustworthy Computing (TwC) framework
Define and recognize various computer security threats
Recognize operating system vulnerabilities and security issues
Define and explain password management and its issues
Define how cryptography works
Learn threats for web servers and web applications and to safeguard them
Define and explain information security metrics
Learn the Saltzer and Schroeder secure design principles for software and/ or application development
Understand the concept of ethical hacking and hacking stages
Learn how to detect intrusion, threats, and attacks using Intrusion Detection System (IDS), firewalls
and honeypots
LEARNING OUTCOMES:
Upon completion, successful students should be able to:
Identify and explain the information security fundamentals
Explain that TwC is a multi-dimensional set of issues with four goals: Security, Privacy, Reliability,
and Business Integrity
Identify and take precaution on computer security threats such as unscrupulous individuals and their
activities, types of malwares, risks of software engineering
Explain operating system vulnerabilities and security issues
Practice good password management and make use of public key encryption
Explain how cryptography works
Configure web servers and design web applications to avoid and reduce web security threats and
issues, take corrective steps to perform after detection of intrusion, threats and/ or attack
Create and establish good information security metrics
Practice Saltzer and Schroeder secure design principles for software and/ or application development
Explain the concept of ethical hacking and recognizes the stages of hacking stages
Differentiate various types of IDS, firewalls, and honeypots.
COURSE FORMAT:
Lecture/Instructional Hours: 3 hrs per week, Laboratory Session: 2 hrs per week
[For short semester, Lecture Instructional Hours: 6 hrs per week, Laboratory Session: 4 hrs per week]
DICTN: ICT2106 FUNDAMENTALS OF TRUSTWORTHY COMPUTING

Page 1 of 3

IICS/IICP/IU/IICKL

Revised: 13/08/2013

Total Student Learning Time (SLT) (L = Lecture; T = Tutorial; P = Practical; O = Others) :

Face to Face
Guided & Independent
Total Student Learning
Learning (hr)
Time (hr)
L
T
P
O
36
0
24
10
90
160
STUDENT EVALUATION:
Test (2): 20%, Individual Assignment (1): 20%, Group Assignment: 20%, Final Examination: 40%.
FINAL EXAMINATION FORMAT:
Duration: 2 hours
SECTION A: 20 Multiple Choice Questions (40 marks). Students must answer ALL questions.
SECTION B: Essay Questions (60 marks). Answer THREE out of FOUR essay questions. All questions
carry equal marks.
GRADING SCALE:
A+(90-100), A(80-89), A-(75-79), B+(70-74), B(65-69), B-(60-64), C+(55-59), C(50-54), C-(45-49),
D(40-44), F(0-39).
BASIC TEXT:
1. Jason Andress (2011), The Basics of Information Security: Understanding the Fundamentals of
InfoSec in Theory and Practice, Syngress.
2. Caroline Wong (2011), Security Metrics: A Beginner's Guide, McGraw-Hill.
REFERENCES:
1. Steve Lipner & Michael Howard (2006), The Security Development Lifecycle, Microsoft Press.
2. EC-Council (2012), Ethical Hacking and Countermeasures: Official Course Material.
CLASS SYLLABUS
Lecture(s)
Topics
1-2
Information Security Fundamentals and TwC framework:
Current state of Information Security, Need for Information Security, Elements of
Information Security, What is TwC? TwC goals, Overview of Information Security
Laws and Regulations
3-5
Introduction to Information Security Threats:
Threat related terms (e.g. Vulnerability, Exploit, Zero-day Exploit), Four domains of
vulnerabilities, Internal Threat Vs. External Threat, Overt Vs. Covert Channels, Denial
of Service Attack and its types, Virus, Worms, Life Cycle of Virus, Indications of Virus
Attack, Software Engineering, Types of hackers, Hacktivism, Backdoor, Malware,
Trojan, Other drivers of information insecurity
6-8
Introduction to Operating System vulnerabilities and security issues:
O/S basics, Why is O/S hacked? Case study of some O/S Vulnerabilities and Security
Issues, upgrades and patches for O/S
9-10
Password management and issues:
Passwords: Dos and Donts, Password Policy, What is a password cracker? Overview of
Password Crackers, Sample Attacks
11-12
Cryptography:
Basics of Cryptography, Public-key Cryptography, Types of Computer Encryption,
Digital Signature, Role of Cryptography in Data Security
13-15
Web Security management and issues:
What is a Web Server? How Web Server Works? Web Servers and Web application
Threats, Case study on a Web Server (e.g. IIS)
16-18
Information Security Metrics:
What is Information Security metrics? Values of security metrics, Seven key steps to
establish a security metrics program, What makes a good information security metrics?
19-20
Secure System Design Principles:
DICTN: ICT2106 FUNDAMENTALS OF TRUSTWORTHY COMPUTING

Page 2 of 3

IICS/IICP/IU/IICKL

21-24

25-26

27-28

Revised: 13/08/2013

Saltzer and Schroeder secure design principles

Introduction to Ethical Hacking and Hacking stages:
What is Ethical Hacking and? Who is an Ethical Hacker? Difference between
Penetration Testing and Ethical Hacking, Five stages of hacking stages:
Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks
Intrusion Detection System:
IDS and Its Types, Ways to Detect an Intrusion, True/False, Positive/Negative, Steps to
Perform After IDS Detect an Intrusion/ Threat/ Attack
Firewalls and Honeypots:
What is a Firewall, Need for a Firewall, Different Types of Firewall, What is a
Honeypot? Different Types of Honeypots
Final Examination

LABORATORY WORK:
Lab
Practical Work
1
Security assessment
2
Threats: Vulnerabilities
3
Threats: Viruses
4
Threats: Malware
5
Threats: Vulnerabilities of Operating Systems
6
Password management and issues
7
Cryptography
8
Information Security Metrics
9-10
Web Security management and issues
11-12
Ethical Hacking

DICTN: ICT2106 FUNDAMENTALS OF TRUSTWORTHY COMPUTING

Page 3 of 3