ECS 153A: Computer & Information Security & Privacy I

Summary of Course Content:

1. What are security and privacy; why they are important; what happens when they fail
2. Security policies, privacy policies; basics of policy modeling
3. Encryption: symmetric (e.g., AES), asymmetric (e.g. RSA); how they are used; current issues
4. Authentication: methods; passwords and attacking them; biometrics; multifactor authentication
5. Access control: access control matrix, access control lists and capability lists; file protection; privileges and how they work
6. Networks and security: organizing networks for security; Internet protocols; firewalls; wireless networks and their protections
7. Malware: Trojan horses, computer viruses and worms; ransomware, adware, spyware
8. Laws and such: overview of GDPR and CCPA; Computer Fraud and Abuse Act; Intellectual property
9. Environment: business models; computer use in government,; financial institutions

Illustrative Reading
NIST Special Publication 800-12: An Introduction to Comp[uter Security: the NIST Handbook, 1995
M. Bishop, Computer Security: Art and Science, Second Edition, Addison-Wesley Professional, 2018
R. Anderson, Security Engineering, John Wiley & Sons. 2020
C. Pfleeger, S. L. Pfleeger, L. Coles-Kemp, Security in Computing, Sixth Edition, 2023
Selected readings from the research literature

Potential Course Overlap
The content of this course overlaps ECS 113, but is intended for majors. This course has more technical depth, and focuses more on principles and technology. This course focuses on the big picture: what are security, privacy, and assurance; how do they fit into cyberspace and the "real world"; how do laws and social policies and customs affect all this; privacy and security policies in the "real world" and why they are that way, and applying that to networks in general and the Internet in particular. This is aimed at *all* CS students, not just folks interested in working in cybersecurity.