Skip to main content

Course Outlines

COMP 3704 Applied IT Security Fundamentals

School School of Computing and Academic Studies
Program Computing Part-time Studies
Course Credits 3
Minimum Passing Grade 60%
Start Date January 07, 2021
End Date March 25, 2021
Total Hours 36
Total Weeks 12
Hours/Weeks 3
Delivery Type Lecture/Lab
Pre-requisites COMP 1002 or equivalent knowledge.
CRN 85281

Acknowledgement of Territories

The British Columbia Institute of Technology acknowledges that our campuses are located on the unceded traditional territories of the Coast Salish Nations of Sḵwx̱wú7mesh (Squamish), səl̓ilwətaɁɬ (Tsleil-Waututh), and xwməθkwəy̓əm (Musqueam).

Instructor Details

Name Karim Lalji
E-mail Instructor to provide
Location N/A
Office Hours Instructor to provide

Course Description

IT security is growing area with several domains including both information security and network security. This course replaces COMP 3705 which covered both information security and network security. COMP 3704 will provide a more in depth overview of key topics in information security only and is one of the prerequisites for COMP 4704 Applied Network Security. IT professionals across multiple sectors from software development, database, web, mobile and networks will benefit from the material covered.  This hands-on course is led by local industry experts who will share their knowledge and best practices for securing computer systems. Students will complete labs and exercises to experience applied IT security and gain a practical knowledge. Topics will include: security awareness, risk mitigation and control administration, data and application security, cryptography, attack techniques, penetration testing, vulnerability assessment, incident response, disaster recovery, and forensic analysis. In addition, information handling best practices, privacy and regulatory issues are discussed. Upon completion of this course, successful participants will be aware of best practices in IT security and how to implement secure information systems. Network related aspects of IT security are covered in the follow-on course, COMP 4704 “Applied Network Security".

Course Learning Outcomes/Competencies

Upon successful completion of this course, the student will be able to:

  • Describe IT Security risks.
  • Discuss security mitigation strategies and implementations.
  • Assess risk involved with integration of systems and networks with 3rd parties and apply required controls.
  • Develop corporate IT security awareness plans and training.
  • Secure data throughout its life-cycle in various environments.
  • Apply host hardening best practices.
  • Recognize common application IT security issues and apply appropriate controls.
  • Describe key cryptography concepts and know when to apply them.
  • Apply public key cryptography and related infrastructure to achieve security goals.
  • Recognize common attack vectors such as social engineering.
  • Secure an IT system using authentication, authorization and access control technologies.
  • Plan and implement physical and environmental security.
  • Conduct penetration testing and vulnerability assessments.
  • Implement a disaster recovery plan, incident response and forensic procedures.
  • Apply security controls to desktop, server, mobile, and embedded systems.

Learning Resources

Lecture slides and required readings are available online once the course commences.

Course Goals

  • Understand the properties of a secure IT system, and the common methods and mechanisms used achieve them.
  • Identify and describe common IT security threats.
  • Implement appropriate controls to mitigate IT security risks.

Evaluation Criteria

Criteria % Comments
Quizzes156 Quizzes in Total
Labs104 Labs in Total, you must complete and submit all labs in order to pass this course.
Term Project15You must complete and submit the term project to pass the course
Midterm Exam25You must average 50% between the midterm and final exams in order to pass the course.
Final Exam35You must average 50% between the midterm and final exams in order to pass the course.

Passing Grade: 60%

Late assignments will not be accepted for marking unless the student makes arrangements with the instructor before the assignment is due.

By attending this course students agree to read this entire outline and understand that they have been made aware of the following:

  • Plagiarism and other forms of cheating will not be tolerated:

Students are encouraged to work in groups to develop peer to peer communication and support. However each student must complete and submit their own individual work (not copies of the same assignment) and not material found online or recycled from other courses.

Assignments and labs are to be completed by each student on an individual basis unless stated otherwise.

  • Academic misconduct also includes providing solutions to other students:

Students who cheat or enable other students to cheat will be documented and kept on file. Any subsequent instances of academic misconduct will meet with harsher penalties.

Penalties include being dropped with no refund and failing the course and/or being indefinitely removed from the program

  • Academic Integrity:

Violation of academic integrity, including plagiarism, dishonesty in assignments, examinations, or other academic performances are prohibited and will be handled in accordance with Policy 5104 - Academic Integrity and Appeals, and accompanying procedures.

Attendance Requirements

Attendance requirements

Please watch this short video prior to the second lesson; Welcome to Computing PTS Video

Note: By attending this course you agree to read the Computing PTS Student Guide and you are aware of our department policies, deadlines and who to contact.

Computing PTS Attendance Policy

Attendance in lectures and labs is mandatory and recorded for all lessons in this course.

  • In case of illness or other unavoidable cause of absence, the PTS student must communicate as soon as possible with his/her Instructor indicating the reason for the absence.
  • Prolonged illness which causes the PTS student to miss 20% or more of the lessons will require a BCIT-approved medical certificate submitted to the department, substantiating the reason for the absence.

Excessive absence of 20% or more may result in failure or forced withdrawal from this course.

Course Specific Requirements

  • All students must provide their own current model PC desktop or laptop with a web cam, a microphone and have high speed internet access. BCIT does not provide technical support for student’s devices.
  • Courses will be delivered in real time and may use two-way audio and video as well as group work.
  • All students must be computer literate and be able to log in during regular scheduled class hours in order to participate and complete this course.

Other information

Computer Use Guidelines

BCIT Computing students are expected to use BCIT resources in both a professional and ethical manner. When using BCIT computer resources, some specific expectations include:

  • Respect others. Do not download, view, or distribute inappropriate or offensive material.
  • Respect copyright. Do not download or share any unauthorized materials (e.g. music, movies, games and software).
  • Respect our vendor software agreements. Do not download products which are not used in your specific courses. It is each student's responsibility to remove vendor provided software when the course ends.
  • Respect confidentiality. Do not attempt to gain unauthorized access to any account, system, or data. Do not attempt to bypass any protective mechanism or attempt unauthorized access or alteration of BCIT data.
  • Respect availability. Do not engage in any denial of service activity or take actions that will degrade the use of BCIT or other resources. Only use BCIT resources for your BCIT course work.

For more information read BCIT policies 3501 Acceptable Use of Information Technology and 3502 Information Security.

Consequences of policy violation could result in loss of access to BCIT resources and / or removal from classes.

Course Schedule and Assignments

ClassMaterial CoveredReadingsAssignment

1

January 07, 2021

  • Introductions
  • Course Overview
  • Information Security Introduction
  • Information Security History
  • Information Security Properties and Principles
Refer to Slides

2

January 14, 2021

  • Risk Terminology
  • Information Security Controls
  • Policies and Standards
  • Information Classification
  • Vulnerability and Penetration Testing
  • Incident Management
  • Business Continuity and Disaster Recovery
Refer to Slides
  • Quiz 1

3

January 21, 2021

  • Confidentiality Controls
  • Integrity Controls
  • Static Environment Security
  • Mobile Device Security
Refer to Slides
  • Quiz 2
  • Lab 1 Threat Modeling

4

January 28, 2021

  • Data Life Cycle
  • Storage Security
  • Third Party Security
  • Information Security Attacks
  • Physical Security
Refer to Slides
  • Quiz 3

5

February 04, 2021

  • Social Engineering
  • Host and Service Security
Refer to Slides
  • Quiz 4
  • Lab 2 - Application Security Hacking

6

February 11, 2021

  • Application Security
  • Virtual Computer Security
Refer to Slides

7

February 18, 2021

MIDTERM EXAM

NOTE: Course Withdrawal Deadline
Please inform your instructor that you are dropping this course. You must also fill out and submit the 'REQUEST TO WITHDRAW FROM A PART-TIME STUDIES COURSE' before Week 8 or else you will receive a failing grade on your academic record.

8

February 25, 2021

  • Cryptography Terminology and Overview
Refer to Slides
  • Term Project Assigned
  • Lab 3 - Hashing and Symmetric Crypto

9

March 04, 2021

  • Cryptographic Hashes
  • Symmetric Cryptography
  • Asymmetric Cryptography
Refer to Slides
  • Quiz 5
  • Lab 4 - Asymmetric Crypto

10

March 11, 2021

  • TPM and HSM Security Devices
  • Cryptographic Algorithms and Protocols
  • SSL/TLS/IPSec Protocols
  • Certificates
  • Public Key Infrastructure (PKI)
Refer to Slides
  • Quiz 6

Course Evaluation: To be conducted online during the lesson in Week 11 prior to the class break.

Students will have previously received a link to the survey via their preferred email. Those who do not have the link in their preferred email cannot complete this online evaluation.

If you did not receive the link please email: BCIT_Feedback@bcit.ca at least 48 hours before the lesson in Week 11.

Your instructor will leave the room for 15 minutes while each student logs in and completes this anonymous course evaluation.

11

March 18, 2021

  • Cryptographic Message Authentication Code (MAC)
  • Access Control Models
  • Authentication
  • Access Control Federation
  • Single Sign On
Refer to Slides
  • Term Project Due

12

March 25, 2021

FINAL EXAMRefer to Slides

BCIT Policy

Any student who needs special assistance in the event of a medical emergency or building evacuation (either because of a disability or for any other reason) should promptly inform their course instructor(s) and Accessibility Services of their personal circumstances.

Human Rights, Harassment and Discrimination:
The BCIT community is made up of individuals from every ability, background, experience and identity, each contributing uniquely to the richness and diversity of the BCIT community as a whole. In recognition of this, and the intrinsic value of our diversity, BCIT seeks to foster a climate of collaboration, understanding and mutual respect between all members of the community and ensure an inclusive accessible working and learning environment where everyone can succeed.

Respect, Diversity, and Inclusion is a supportive resource for both students and employees of BCIT, to foster a respectful learning and working environment. Any student who feels that they are experiencing discrimination or harassment (personal or human rights-related) can confidentially access this resource for advice and support. Please see Policy 7507 – Harassment and Discrimination and accompanying procedure.

Students should make themselves aware of additional Education, Administration, Safety and other BCIT policies listed at https://www.bcit.ca/about/administration/policies.shtml

Guidelines for School of Computing and Academic Studies

Attempts:
Students must successfully complete a course within a maximum of three (3) attempts at the course. Students with two attempts in a single course will be allowed to repeat the course only upon special written permission from the Associate Dean. Students who have not successfully completed a course within three attempts will not be eligible to graduate from their respective program.

Approved

I verify that the content of this course outline is current.
Karim Lalji, Instructor
December 29, 2020

I verify that this course outline has been reviewed.
Kevin Cudihee, Program Head
January 05, 2021

I verify that this course outline has been reviewed and complies with BCIT policy.
Aaron Hunter, Acting Associate Dean
January 05, 2021

Note: Should changes be required to the content of this course outline, students will be given reasonable notice.