IT Security
Syllabus, Bachelor's level, 2IS229
- Code
- 2IS229
- Education cycle
- First cycle
- Main field(s) of study and in-depth level
- Information Systems G1F
- Grading system
- Fail (U), Pass (G), Pass with distinction (VG)
- Finalised by
- The Department Board, 25 October 2018
- Responsible department
- Department of Informatics and Media
General provisions
The course is included in the following degree programme:
* Bachelor's programme in Information Systems, specialisation software engineering, 180 credits.
Is also given as a freestanding course
Entry requirements
30 credits in information systems or equivalent
Learning outcomes
Regarding knowledge and understanding the student is expected to be able to on completion of the course:
* Describe standards and policy for information security
* Describe models and guidelines for development of secure web applications
Regarding competence and skills the student is expected to be able to on completion of the course:
* Carry out risk analysis and threat modeling
* Apply models and guidelines for development of secure web applications
* Use tools to identify and characterise security weaknesses of applications
* Identify and use APIs for encryption and authentication for web applications
Regarding judgement and approach the student is expected to be able to on completion of the course:
* Analyse and evaluate security solutions based on conflicting requirements such as productivity versus security
Content
Information and IT security is a central part in modern software engineering. Many threats can injure companies and private persons today. The course covers how security issues can be handled in business development and software engineering. The course includes human factors in security work, threat modeling, encryption, and security aspects in software development.
Component 1: Information security, 3 credits
The component covers information security around material and immaterial assets, ethics and regulations and standards around information security.
Component 2: Secure programming, 3 credits
The component covers basic rules for development of secure software, threat modeling and encryption of web applications.
Component 3: Security testing, 1.5 credits
The component covers code review, analysis and various types of tests to find vulnerabilities in web applications.
Instruction
Teaching is given as lectures and exercises.
Assessment
The components are examined through written assignments and oral presentations.
For the grade Pass in the whole course, it is required that all components are passed. For the grade Pass with distinction it is furthermore required that at least two components are passed with distinction.
If there are special reasons for doing so, an examiner may make an exception from the method of assessment indicated and allow a student to be assessed by another method. An example of special reasons might be a certificate regarding special pedagogical support from the University's disability coordinator or a decision by the department's working group for study matters.
Other directives
The course is given on Campus Gotland and as a distance course.