Bachelor of Science in Information Technology

Electrical Engineering and Computer Science

School of Engineering

IT340: Computer and Information Security

Rassul Saeedipour Professor of Practice


Office Hours:

Monday 12:00 pm - 06:00 pm
Tuesday 12:00 pm - 03:00 pm
Wednesday  12:00 pm - 03:00 pm
Thursday 12:00 pm - 06:00 pm
Friday 12:00 pm - 02:00 pm

You are encouraged to make an appointment to make
sure I am not in a meeting or with another student.

(913) 897-8624,, Website

Spring 2017, Thursdays 7:10-10:00 pm, BEST 220

Course Catalog Description

Fundamentals of computer security, security mechanisms, information states, security attacks, threat analysis models, vulnerability analysis models, introduction to cryptography, authentication, intrusion detection, intrusion prevention (firewalls), operating systems security, database security, software security, host hardening, incident and disaster response. Prerequisite: Completion of all courses on the transfer list.


Completion of all courses on the transfer list

Course Objectives/Goals

  • Explain key security concepts related to networking and information systems so that a lay person in this field could easily understand.
  • Use the jargon and acronyms correctly and be able to translate technical articles into plain old English.
  • Keep current on security related issues by selecting and understanding relevant articles in selected current periodicals.
  • Make intelligent, reasonable, thoughtful, and accurate decisions about IT security, vulnerabilities, and legal issues.

Course Outcomes

Students should be capable of:

  1. Explaining key security concepts such as integrity, confidentiality, availability, non-repudiation, and authentication.
  2. Discussing the relationship between threats, vulnerabilities, countermeasures, attacks, compromises, and remediation.
  3. Discussing protection systems (firewalls), intrusion detection systems.
  4. Explaining the key factors involved in authentication and how they are used to verify identity and grant access to a system; explaining the characteristics of strong passwords.

Course Topics

  1. Security: history and terminology
  2. Security services: availability, integrity, confidentiality, authentication, non-repudiation
  3. Security vulnerabilities: inside attacks, external attacks, black hat, white hat, carelessness, ignorance, hardware software, network, physical access
  4. Security lifecycle and de sign principles
  5. Information states
  6. Threat and vulnerability analysis models
  7. Security mechanisms: authentication, biometrics, cryptography, intrusion detection
  8. Security attacks: social engineering, denial of service, protocol attacks, active and passive attacks, buffer overflow attacks
  9. Intrusion detection and intrusion prevention systems
  10. Malware (viruses, Trojan horses, worms)
  11. Information states: storage, transmission, processing
  12. Operating systems, database, and software security
  13. Host hardening, Incident and disaster response

Course Resources

Randall J. Boyle and Raymond R. Panko, Corporate Computer Security, 4th Ed. Pearson, Copyright 2015, ISBN: 978-0-13-354519-7

PDF slides Due to copyright, the user id and password for the resources will be provided at the beginning of the semester.


A = 90% - 100%
B = 80% - 89%
C = 70% - 79%
D = 60% - 69%
F = 0% - 59%

Grade Distribution

Exams: 50%
Quizzes: 20%
Home assignments: 30%

Students are evaluated on their exams, quizzes, and home assignments

  • There will be three exams (including final exam).

    There will be 4-8 unannounced (i.e. "POP") quizzes. Quizzes will be taken at the first 10-15 minutes of class. The quizzes will consist of combination of multiple choice, true/false, and short answer questions that are designed to assess your knowledge of the material related to the previous few lectures. The scores for each quiz range between 10 and 25 points.

    Makeup quizzes will only be offered in situations of legitimate extenuating circumstances (i.e. serious illness, accidents, etc.). In those cases, you will be required to provide proof of the extenuating circumstance prior to making up the quiz. If you know that you will be missing a class period due to other conflicts, let me know prior to that class period. In situations where there is no proof of extenuating circumstances or you did not let me know prior to missing the class, you will not be permitted a makeup quiz.

    If you were granted for a makeup quiz, it must be taken prior to the next class session.

  • All assignments must be submitted in the form of soft or hard copy (depending on the type of assignment) prior or at the beginning of the class. 10% will be deducted from a late home assignment (a late home assignment must be submitted before the next class session, otherwise it will not be accepted and you will earn zero for it).


Attendance is important and required. If a student misses a class session, he/she will be responsible for learning the materials on his/her own. In addition, the student will be responsible for getting the class notes, assignments, etc. from a classmate.

Academic Dishonesty

Academic dishonesty refers to cheating: a serious ethical issue. You are encouraged to work cooperatively with other students in the class. However, each student is expected to do his/her own assignments. Copying assignments or quiz/test cheating will result for zero credit. For further information please refer to:
Section 6. Academic Misconduct

Commercial Note-Taking

Pursuant to the University of Kansas' Policy on Commercial Note-Taking Ventures, commercial note-taking is not permitted in IT340. Lecture notes and course materials may be taken for personal use, for the purpose of mastering the course material, and may not be sold to any person or entity in any form. Any student engaged in or contributing to the commercial exchange of notes or course materials will be subject to discipline, including academic misconduct charges, in accordance with University policy. Please note: note-taking provided by a student volunteer for a student with a disability, as a reasonable accommodation under the ADA, is not the same as commercial note-taking and is not covered under this policy.

Services for Students with Disabilities

Any student with special needs or circumstances shout feel free to meet with me, or go to: KU Disability or for KU Edwards campus.

Other Policies/Requirements

  • During class, all phones must be turned off or set on silent/vibration mode
  • No computer of any kind (laptop, tablet, etc.) unless otherwise is needed specifically for the class
  • No lecture recording is allowed in the classroom
  • No wearing headphones in the classroom
  • No using the Internet for non-class related purposes
  • No food or beverages in the classroom


Make sure that you check your campus e-mail regularly. The university uses only your campus e-mail for any official notifications. Your outside classroom communication is via KU e-mail. Your e-mail subject must start with your course number then followed by any optional notes, i.e. IT340, project one.

A tentative course schedule/calendar (subject to change)
Dates Topics Assignments*
Jan 19 Module A, Introduction to Networking
Jan 26 Chapter 1-The Threat Environment Thought Questions: #1, 5, 6
Hands-on Projects: #1, NMAP
Project Thought Questions: #1, 2
Feb 02 Chapter 2: Planning and Policy Thought Questions: #2
Hands-on Projects: #1, SANS
Project Thought Questions: #1, 3
Feb 09 Chapter 3: Cryptography Thought Questions: #2
Hands-on Projects: #1, AxCrypt
Project Thought Questions: #1, 2
Feb 16 Chapter 3: Cryptography (continued) Thought Questions: #4, 5, 7, 10
Hands-on Projects: Public/Private key, PGP
PGP download
PGP installation
Feb 23 Test 1(Chapters 1-3), Security related videos Read chapter 4
Mar 02 Chapter 4: Secure Networks Thought Questions: #1, 4
Hands-on Projects: #2, Secure HTTP
Project Thought Questions: #5, 6, 7, 8
Mar 09 Chapter 5: Access Control Thought Questions: #1, 5, 6
Hands-on Projects: #1, John the Ripper
Project Thought Questions: #1, 2, 3
Mar 16 Chapter 6: Firewalls Thought Questions: #4, 5
Hands-on Projects: #1, Wireshark
Project Thought Questions: #1, 2, 3, 6
Mar 30 Chapter 7: Host Hardening Thought Questions: #1, 4
Hands-on Projects: #1, FileVerifier++
Project Thought Questions: #6, 7
Apr 06 Test 2 (Chapters 4-7), Security related videos Read chapter 8
Apr 13 Chapter 8: Application Security Thought Questions: #1, 2
Hands-on Projects: #2, OWASP's WebGoat
Project Thought Questions: #5, 7, 8
Apr 20 Chapter 9: Data Protection Hands-on Project: #2, File Shredders
Project Thought Questions: #5, 6
Apr 27 Chapter 9: Data Protection (continued) Thought Questions: #1, 5, 6
May 04 Chapter 10: Incident and Disaster Response
May 11 Comprehensive Final

*All assignments are due the next class session unless otherwise different dates are announced.