SI110 Course Learning Objectives

  1. Describe computers, operating systems, networks, the Internet and the Web with respect to: digital representations of information, their basic operation and associated tools, and the underlying architectures and protocols and how they are vulnerable to attack.

  2. Perform simple debugging and diagnosis: analyze and explain the output of programs and the results of shell commands and infer why certain actions are permitted or not in an information system.

  3. Identify and describe the desired properties of secure information systems and the tools that are used to provide them. Explain representative attacks and select appropriate prevention and mitigation measures.

  4. Explain, differentiate, and perform basic actions related to reconnaissance, attack, defense, and forensics of information systems.

  5. Describe cyber scenarios in which user decisions affect security, identifying the user's vs. the technology's responsibilities, and explain the consequences of potential user actions in terms of risk and the tradeoff between services and security.

SI110 Course Themes

  1. Input, processing, and output of data at various levels of abstraction.

  2. The occurrence of and difficulty dealing with unexpected or improperly handled input to programs.

  3. The tension between offering services and providing security.

  4. Defense in depth; exploiting the access you have to gain the access you want (e.g., privilege escalation).

  5. Attack and Defense viewed in terms of violating/protecting the Pillars of IA.

  6. The user's role in security; technological limitations that attackers exploit to "trick" the user.