Fall: 12 units. 14-740 is a graduate-level, first-course in computer and telecommunication networks. There is no prerequisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required.
The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering and router internals. Besides learning about the nuts and bolts, you will gain an understanding in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course.
Fall: 12 units. The growing importance of information systems, and their use to support safety-critical applications, has made information security a central issue for modern systems. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective. Topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; digital rights management; policy and export control law; privacy; management and assurance; and special topics in information security. Prerequisites: The course assumes a basic working knowledge of computers, networks, C and UNIX programming, as well as an elementary mathematics background, but does not assume any prior exposure to topics in computer or communications security.
Spring: 12 units. This class focuses on practical applications of Information Security/Assurance policies and technologies in enterprise network environments. The course will include lecture and demonstrations, but is designed around a virtual lab environment that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous opportunities to apply information security practices and technologies to solve real world I.A. problems. This course requires students to have a Windows XP Professional computer and VMWare Workstation 4.5.
This course and its follow-on Information Security Risk Management II (14-784) examine information security as a risk management problem where the organization identifies information security risks, evaluates those risks, and makes risk mitigation and acceptance decisions given its resource constraints. In part one of this class students will learn foundational concepts in risk management and economic valuation and will be introduced standard risk management approaches for identifying, analyzing, and responding to risk, as well as the analytical tools for calculating the costs and benefits of investment security decisions.
This course approaches information security as a risk management problem where the organization has to identify information security risks, decide how to resolve these risks, and make trade-off, economic, and investment decisions about controls, practices, and solutions to mitigate risk. Students will learn a standard risk management process for identifying, analyzing, and responding to risk, as well as the analytical tools for calculating the costs and benefits of investment security decisions. Students will perform a case study using the OCTAVE risk assessment method developed by the CERT program at the Software Engineering Institute. Additional topics covered include an introduction of how to use classical financial analysis techniques to evaluate information security security investments.Please note: this course uses a Harvard Business School case study. Students will be charged a fee for the course materials. The fee for these materials will be charged to the student's account.
14-788 Information Security Policy and Management
Spring: 6 units. The goal of this course is to provide an overview of security marketplace, an understanding of decision making when multiple parties are involved and the role of policy making in the context of information security.
Policy is treated broadly and need not be necessarily government laws and regulations. Policy can be intra-organization. For example, it is an organization policy to disconnect an unpatched computer from its network. We will discuss the role of market and competition on security provision and then some of the key causes of market failure, namely externalities. We will then analyze how various policy tools can be applied to mitigate market failure. We will also discuss some key laws and regulation on product liability, and security standards.
The course also aims to provide an overview of security industry (that is key trends, technologies and various strategies by vendors and users) as well. By the end of the course, the students are expected to know key managerial and policy issues surrounding information security provision and when and how policy intervention is needed. Prerequisite: 95-710: Economic Analysis or equivalent coursework.
Summer or Fall: 6 units. Managers in general including information systems managers constantly make decisions, rarely with full information. This class teaches a range of quantitative methods for making practical decisions under uncertainty and in doing so gives an intense introduction into the art of mathematical modeling of business and social systems. The methods covered include optimization, forecasting, and Monte Carlo simulation. The emphasis will be on end user modeling that equips the students to use these methods for decisions in operations and management, but where appropriate may be extended to consider construction of decision support systems generally. The course learning objectives include: recognize opportunities to model difficult decision problems using linear optimization, network modeling, forecasting and simulation; learn how to apply these methodologies in a spreadsheet; discuss heuristics and biases in decision making.
Summer or Fall: 6 units. This introductory course in data analysis and statistical inference requires no background in statistics. Its objective is to provide individuals who aspire to enter IT management positions with the basic statistical tools for analyzing and interpreting data. The course is divided into three distinct modules: descriptive statistics, statistical inference, and regression analysis. The emphasis of the classes on descriptive statistics is the calculation and interpretation of summary statistical measures for describing raw data. The sessions on statistical inference are designed to provide you with the background for executing and interpreting hypothesis tests and confidence intervals. The final component of the course focuses on regression analysis, a widely used statistical methodology. Throughout the course you will regularly analyze data relevant to IT management using the statistical software package Minitab. The course learning objectives include: apply techniques for analyzing and interpreting data to real-world datasets relevant to IT management; perform and interpret elementary statistical inferences (such as confidence intervals and hypothesis tests) both by hand and using the statistical software package Minitab; analyze real data relating to online pricing and software cost estimation and describe the analysis results and conclusions.
Fall: 12 transferrable units. This course will help students understand the technical, business and industry fundamentals necessary for the effective management of organizations that develop, operate and/or use telecommunications. These issues will be explored in the context of the decisions they influence in areas of strategic telecommunications planning, developing and deploying business applications, procuring and delivering services, and managing technical personnel and processes. Topics will include the underlying technical fundamentals of voice and data networks, the protocols and services built from those fundamentals, industry and regulatory structures and practices, and practical questions that arise from these issues.
The goals are for students to understand the telecommunications technology and industry well enough to make intelligent short-term and long-term business and technical decisions and to manage technical people wisely and effectively.
Fall: 12 transferrable units. Modern cryptography is based on computational complexity theory. Further, the algorithms used in modern cryptographic techniques must be proved mathematically to be secure. This is essentially why modern cryptographic methods are superior. Modern cryptography applications cover a wide range of areas in addition to the traditional cipher to hide secret messages. Application areas include digital signatures, authentication, digital payments, and digital voting, among others. In this course, you learn the basic framework to investigate and design digital security based on complexity theory via tailored course materials. Advanced knowledge of mathematics is not a prerequisite. The course begins by introducing Shannon’s perfectly secret cipher in order to highlight the difference between the earlier information theoretic framework of cryptography and the modern framework based on complexity theory. After covering several pioneering algorithms of modern cryptography such as RSA we will focus on the heart of modern cryptography and cover some of the most important and fundamental methodologies including zero-knowledge proof, random oracle methodology and authentication theory. The course materials are designed so as to encourage intuitive understanding of issues rather than a mathematically rigorous approach, but assumes an elementary understanding of probability theory.
Fall: 6 transferrable units.