Management and Information Technology


CMPT 42263

Information Assurance and Security

Status : Core Pre-requisite : None Co-requisite : None

On completion of this course, the student should be able to:

  • Explain the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and remediation.
  • Determine the aspects of a business that maybe impacted by a security breach or interruption of operation.
  • Explain how the components interrelate to categorize threats, vulnerabilities and attacks based on the Minimum Security Requirements (MSR) model.
  • Explain key factors involved in authentication and how they are used to verify identity and grant access to a system.
  • Describe legal and ethical considerations related to the handling and management of enterprise information assets.
  • Determine risks associated with disasters or disruptions and specify key mitigation strategies.
  • Explain the role of policy and procedure in information assurance and security.
  • Explain the importance of digital forensics for information assurance and security.

Fundamental Aspects of Information Assurance and Security, Information Assurance Planning and Deployment, Threat Analysis Model, Vulnerabilities and Protection,  Security Mechanisms (Countermeasures), Identity and Trust Technologies, Operational Issues, qualitative &quantitative risk analysis, Information assurance and security Policies and procedures, Digital forensics, Human Factors relating to Information assurance and security, Legal, Ethical, and Social Implications.

Lectures, in-class discussion of cases, self-study.
End-of-course exam, in-class assignments, mini-project, Quizzes.

  1. William, S and Lawrence, B (2014), Computer Security: Principles and Practice, Prentice Hall.
  2. Andrew, B and Gerald, L K (2010), Information Assurance: Security in the Information Environment, Springer.
  3. Additional reading material available in Virtual Learning Environment.