This course surveys the broad fields of enterprise security and privacy, concentrating on the nature of enterprise security requirements by identifying threats to enterprise information technology (IT) systems, access control and open systems, and system and product evaluation criteria. Risk management and policy considerations are examined with respect to the technical nature of enterprise security as represented by government guidance and regulations to support information confidentiality, integrity and availability. The course develops the student's ability to assess enterprise security risk and to formulate technical recommendations in the areas of hardware and software. Aspects of security-related topics to be discussed include network security, cryptography, IT technology issues, and database security. The course addresses evolving Internet, Intranet, and Extranet security issues that affect enterprise security. Additional topics include access control (hardware and software), communications security, and the proper use of system software (operating system and utilities). The course addresses the social and legal problems of individual privacy in an information processing environment, as well as the computer "crime" potential of such systems. The class examines several data encryption algorithms.
This course can be taken before or after 605.621 Foundations of Algorithms. It must be taken before other courses in the degree.