Courses
EN.650.601. Introduction to Information Security. 3 Credits.
This course exposes students to the cross-disciplinary and broad information security field. It surveys a range of fundamental topics of information security principles, architecture, policy and standard, risk management, cryptography, physical, operation, system and network security mechanisms, and law and ethics, among others. This course includes lectures, case studies, and homework. Students will also complete independent study class projects. Recommended Course Background: Basic knowledge of computer system and information technology.
EN.650.614. Rights In Digital Age. 3 Credits.
This course will provide an overview of important aspects of intellectual property law, with an emphasis on the important legal and policy issues presented by the tremendous growth in computer technology over the past several decades, especially the Internet. The rights that various parties have with respect to intellectual property in the digital domain, such as creating, modifying, using, distributing, storing, and copying various types of digital data, will be explored. The concurrent responsibilities, and potential liabilities, of those parties will also be addressed. In particular, various topics in copyright, trademark, patent, and trade secret law will be presented. Copyright law will be presented in a historical context, with an emphasis on its applicability to emerging technology issues. The course will also address how trademark law has been affected by – and modified in response to – the growth of the Internet. Patent-law topics will include what constitutes protectable subject matter. The goal of the course is to provide those involved or interested in digital-rights management with an understanding of the impact of intellectual property law on digital technologies.
Distribution Area: Social and Behavioral Sciences
EN.650.621. Critical Infrastructure Protection. 3 Credits.
This course focuses on understanding the history, the vulnerability, and the need to protect our Critical Infrastructure and Key Resources (CIKR). We will start by briefly surveying the policies which define the issues surrounding CIKR and the strategies that have been identified to protect them. Most importantly, we will take a comprehensive approach to evaluating the technical vulnerabilities of the identified sectors, and we will discuss the tactics that are necessary to mitigate the risks associated with each sector. These vulnerabilities will be discussed from the perspective of ACM, IEEE or other technical journals/articles which detail recent and relevant network-level CIKR exploits. We will cover well known vulnerable systems such the Internet, SCADA or PLC and lesser known systems such as E911 and industrial robot. Also, a class project is required. Recommended Course Background: EN.650.424 or equivalent or permission by instructor.
Distribution Area: Engineering, Natural Sciences
EN.650.624. Network Security. 3 Credits.
This course focuses on communication security in computer systems and networks. The course is intended to provide students with an introduction to the field of network security. The course covers network security services such as authentication and access control, integrity and confidentiality of data, firewalls and related technologies, Web security and privacy. Course work involves implementing various security techniques. A course project is required.Required Course Background: intermediate programming (C/C++), data structures, computer networks.
Prerequisite(s): Students who are currently enrolled in, or have already completed EN.601.405, are not eligible to take EN.650.624.
Distribution Area: Engineering
EN.650.631. Ethical Hacking. 3 Credits.
Cyber security affects every facet of industry and our government, and thus is now a threat to National Security. This course is designed to introduce students to the skills needed to defend computer network infrastructure by exposing them to the hands-on identification and exploitation of vulnerabilities in servers (i.e., Windows and Linux), wireless networks, websites, and cryptologic systems. These skills will be tested by having teams of students develop and participate in instructor lead capture-the-flag competitions. Also included are advanced topics such as shell coding, IDA Pro analysis, fuzzing, and writing or exploiting network-based applications or techniques such as web servers, spoofing, and denial of service.
Distribution Area: Engineering
EN.650.640. Moral & Legal Foundations of Privacy. 3 Credits.
This course explores the ethical and legal underpinnings of the concept of privacy. It examines the nature and scope of the right to privacy by addressing fundamental questions such as: What is privacy? Why is privacy morally important? How is the right to privacy been articulated in constitutional law?
EN.650.654. Computer Intrusion Detection. 3 Credits.
Intrusion detection supports the on-line monitoring of computer system activities and the detection of attempts to compromise normal services. This course starts with an overview of intrusion detection tasks and activities. Detailed discussion introduces a traditional classification of intrusion detection models, applications in host-centered and distributed environments, and various intrusion detection techniques ranging from statistical analysis to biological computing. This course serves as a comprehensive introduction of recent research efforts in intrusion detection and the challenges facing modern intrusion detection systems. Students will also be able to pursue in-depth study of special topics of interest in course projects.
Distribution Area: Engineering, Natural Sciences
EN.650.656. Computer Forensics. 3 Credits.
This course introduces the student to the field of applied Computer Forensics as practiced by corporate security and law enforcement personnel. The emphasis is on "dead box" (powered off) data extraction and analysis with open-source tools. Topics covered include legal and regulatory issues, forensic imaging and data acquisition from a "dead" system, computer file systems (FAT/NTFS) and data recovery, Windows Registry and configuration records, Windows log analysis and operating system artifacts, memory dump analysis (RAM), software artifacts, computer network forensics, introductory mobile device forensics, case reporting and documentation, end-to-end computer forensic examinations, peer review, and testifying in court.
Distribution Area: Engineering
EN.650.658. Introduction to Cryptography. 3 Credits.
Cryptography has a rich history as one of the foundations of information security. This course serves as the introduction to the working primitives, development and various techniques in this field. It emphasizes reasoning about the constraint and construction of cryptographic protocols that use shared secret key or public key. Students will also be exposed to some current open problems. Permission of instructor only.
Distribution Area: Engineering
EN.650.660. Software Vulnerability Analysis. 3 Credits.
Competent execution of security assessments on modern software systems requires extensive knowledge in numerous technical domains and comprehensive understanding of security risks. This course provides necessary background knowledge and examines relevant theories for software vulnerabilities and exploits in detail. Key topics include historical vulnerabilities, their corresponding exploits, and associated risk mitigations. Fundamental tools and techniques for performing security assessments (e.g., software reverse engineering, static analysis, and dynamic analysis) are covered extensively. The format of this course includes lectures and assignments where students learn how to develop exploits to well-known historical vulnerabilities in a controlled environment. Students will complete and demonstrate a project as part of the course.
Distribution Area: Engineering
EN.650.663. Cloud Computing Security. 3 Credits.
Cloud computing promises significant cost savings via economies of scale that typically are not achievable by a single organization. This course examines cloud computing in detail and introduces the security concerns associated with cloud computing. Key topics include service models for cloud computing, virtualization, storage, management, and data processing. Fundamental security principles are introduced and applied to cloud computing environments. The format of this course includes lectures and hands-on assignments. Students will complete a project and present it as part of the course.
Distribution Area: Engineering, Natural Sciences
EN.650.667. Mobile Device Forensics. 3 Credits.
This course introduces the student to the field of applied Mobile Device Forensics as practiced by corporate security and law enforcement personnel. The emphasis is on "live" (powered-on) data extraction and analysis of Linux-based Android mobile devices/cell phones with open-source tools. Topics covered include data extraction from a "live" system; cell phone file systems (EXT/YAFFS) and data recovery; cell phone configuration records; Android/Linux log analysis and operating system artifacts; memory dump analysis (NAND); Android Operating System application artifacts to include SMS/MMS messaging apps, contacts list, calendar, Gmail, browser bookmarks/searches, call logs, picture/video, and GPS/maps; installed application artifacts such as Facebook, Twitter, and TikTok; cell phone network forensics; Subscriber Identity Module (SIM) card analysis; and Secure Digital (SD) card analysis.
Distribution Area: Engineering
EN.650.672. Security Analytics. 3 Credits.
Security analytics refers to information technology solutions that gather and analyze security events to bring situational awareness and enable IT staff to understand and analyze events that pose the greatest risk. Increasingly, detecting and preventing cyber attacks require sophisticated use of data analytics and machine learning tools. This course will cover fundamental theories and methods in data science, modern security analytical tools, and practical use cases of security analytics. Students of this course learn concepts, tasks, and methods of data science; and how to apply data science to cyber security problems. Students also learn how to use modern software in security analytics. Recommend Course Background: Basic knowledge of statistics; Either python or R programming skill (do not require both).
EN.650.673. Mobile and Wireless Security. 3 Credits.
The past few decades have seen a rapid evolution of wireless LAN and cellular technologies. In addition to wireless access technologies, various types of network layer and application layer mobility protocols have been developed to provide seamless connectivity to mobile users. Maintaining end-to-end security for these mobile users needs to take into account authentication, authorization, integrity and confidentiality as mobile devices change their point-of-attachment. This course will provide an overview of various wireless access technologies, mobility protocol taxonomy and will describe end-to-end security including mobile end point, radio access network, network core, and application services. In addition, this will include hands-on lab experiments to examine security over wireless and mobile networks and a research group project. Overall objective of this course is to impart both theoretical and practical knowledge to the students, and at the same time make them ready for any future research to solve complex problems. Recommended Course Background: Knowledge of TCP/IP, Linux, Fundamentals of Networking
Distribution Area: Engineering, Natural Sciences
EN.650.683. Cybersecurity Risk Management. 3 Credits.
Data breaches, cyber attacks, cybercrime, and information operations in social media continue to increase in frequency and severity, causing businesses and governments to focus more resources on cybersecurity risk management and compliance. Utilizing real-world data breaches and attacks as motivation, this course will provide students knowledge of risk management concepts, frameworks, compliance regimes and best industry practices used to ensure sound cybersecurity practices in government, commercial, and academic organizations. Lab exercises will provide opportunities for students to experience key aspects of the risk management process and help prepare them for post-graduation assignments as cybersecurity professionals. Recommended Course Background: EN.650.601.
Distribution Area: Engineering
EN.650.685. Cybersecurity Compliance: Regulation, Behavior, and Best Practices. 3 Credits.
This course provides a comprehensive exploration of cybersecurity compliance through the lens of regulatory frameworks and behavioral models. Students will examine key cybersecurity laws and regulations and learn how human behavior influences organizational compliance practices. By understanding both the technical and psychological aspects of compliance, students will be equipped to develop effective programs that ensure adherence to regulations while promoting a culture of compliance.
Distribution Area: Engineering, Natural Sciences
EN.650.836. Information Security Projects. 1 Credit.
All MSSI programs must include a project involving a research and development oriented investigation focused on an approved topic addressing the field of information security and assurance from the perspective of relevant applications and/or theory. There must be project supervision and approval involving a JHUISI affiliated faculty member. A project can be conducted individually or within a team-structured environment comprised of MSSI students and an advisor. A successful project must result in an associated report suitable for on-line distribution. When appropriate, a project can also lead to the development of a so-called "deliverable" such as software or a prototype system. Projects can be sponsored by government/industry partners and affiliates of the Information Security Institute, and can also be related to faculty research programs supported by grants and Contracts. Required course for any full-time MSSI student. Open to MSSI students. Permission required for non-MSSI students.
EN.650.837. Information Security Projects. 1 Credit.
Open to MSSI students Permission Required for non-MSSI students All MSSI programs must include a project involving a research and development oriented investigation focused on an approved topic addressing the field of information security and assurance from the perspective of relevant applications and/or theory. There must be project supervision and approval involving a JHUISI affiliated faculty member. A project can be conducted individually or within a team-structured environment comprised of MSSI students and an advisor. A successful project must result in an associated report suitable for on-line distribution. When appropriate, a project can also lead to the development of a so-called "deliverable" such as software or a prototype system. Projects can be sponsored by government/industry partners and affiliates of the Information Security Institute, and can also be related to faculty research programs supported by grants and Contracts. Required for MSSI students on full-time status. No Audits.
EN.650.840. Information Security Independent Study. 3 Credits.
Individual study in an area of mutual interest to a graduate student and a faculty member in the Institute.