Kobe MSIT-IS Course Descriptions

Core Courses | Electives

Core Courses

14-741: Intro to Information Security
The growing importance of information systems, and their use to support safety-critical applications, has made information security a central issue for modern systems. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective. Topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; digital rights management; policy and export control law; privacy; management and assurance; and special topics in information security. Prerequisites: The course assumes a basic working knowledge of computers, networks, C and UNIX programming, as well as an elementary mathematics background, but does not assume any prior exposure to topics in computer or communications security.

14-740: Fundamentals of Telecommuncation Networks
14-740 is a graduate-level, first-course in computer and telecommunication networks. There is no pre-requisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required.
The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering, and router internals. Besides learning about the nuts and bolts, you will gain an understanding as well in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course.

95-760: Decision Making Under Uncertainty
During the past years, business people discovered that one of the most effective ways to evaluate decision alternatives involves using electronic spreadsheets to build a computer model of a given decision problem. A computer model is a set of mathematical relationships and logical assumptions implemented in a computer as a representation of some real-world decision problem. As a potential business decision maker, you will learn how to analyze decision alternatives before having to choose a specific plan for implementation. This course introduces you a set of techniques from the field of management science that can be applied to assist in decision making process. It is an advanced course which requires sufficient statistics background. Prerequisites: 95-796 Statistics for IT Managers.

95-750: Security Architecture and Analysis
Growing societal dependence on large-scale, highly distributed network systems amplifies the consequences of intrusion and compromise. Such systems face security threats that continue to grow in sophistication and scope. System architectures must incorporate security capabilities to deal with these threats. These capabilities include such techniques as boundary control, security protocols, encryption, authentication, intrusion detection, multi-level security and network partitioning.

This course provides you with analytical methods to assess and improve system security and survivability. Topics covered include architecture fundamentals, security and survivability methods, and development of secure and survivable systems. Architecture analysis and trade-offs can assess the relative merits of security strategies for particular environments of system use. In addition, systems must be analyzed and designed for survivability of critical mission functions. The Survivable Network Analysis method is used to evaluate and improve survivability.

Development of secure and survivable architectures likewise requires rigorous software engineering methods to ensure reliable implementation of security strategies. Relevant topics include fundamentals of system architecture representation, definition, and analysis, system survivability analysis, security threats and architecture strategies, and security architecture implementation and lifecycle management. An additional major component of the course is a team project that may require programming. Prerequisites: 14-741: Intro to Information Security

95-756: Information Security Risk Analysis
This course assumes a basic grounding in statistics and elementary economics. This course approaches information security as a management problem, where the organization has to decide on how much to spend on information security and how, and trade off information security risks with other risks. Students will learn analytical tools for calculating the costs and benefits of investment security decisions, and how to calculate the return on investments in a hands-on setting. Additional topics covered include a brief introduction to commercially available tools for risk management, an introduction to vulnerability management, risk aversion and insurance. Learning objectives: Upon completion of this course students will understand:
• Basic understanding of information security risks and the need to manage them.
• Key economic concepts in uncertainty, decision making, insurance and risk management framework.
• How to calculate ROI on a security investment.

95-757: Information Security Risk Policy and Management
The goal of this course is to provide an overview of the security marketplace, an understanding of decision making when multiple parties are involved and the role of policy making in the context of information security. Policy is treated broadly and need not be necessarily government laws and regulations. Policy can be intra-organization. For example, it is an organization policy to disconnect an unpatched computer from its network. We will discuss the role of market and competition on security provision and then some of the key causes of market failure, namely externalities. We will then analyze how various policy tools can be applied to mitigate market failure. We will also discuss some key laws and regulation on product liability, and security standards. The course also aims to provide an overview of security industry (that is key trends, technologies and various strategies by vendors and users) as well. By the end of the course, the students are expected to know key managerial and policy issues surrounding information security provision and when and how policy intervention is needed.

95-796: Statistics for IT Managers
This introductory course in data analysis and statistical inference requires no background in statistics. Its objective is to provide individuals who aspire to enter management positions in firms that use the Internet to market and serve its clients with the basic statistical tools for analyzing and interpreting internet data. The course is divided into three distinct components: descriptive statistics, fundamentals of statistical inference, and regression analysis. The emphasis of the classes on descriptive statistics is the calculation and interpretation of summary statistical measures for describing raw data. The sessions on fundamentals of statistical inferences are designed to provide you with the background for executing and interpreting hypothesis tests and confidence intervals. The latter half of the course focuses on regression analysis, a widely used statistical methodology. Throughout the course you will regularly analyze internet data using the statistical software package Minitab. Prerequisites: none.

Electives

14-761: Applied Information Assurance
This class focuses on practical applications of Information Security/Assurance policies and technologies in enterprise network environments. The course will include lecture and demonstrations, but is designed around a virtual lab environment that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous opportunities to apply information security practices and technologies to solve real world I.A. problems. This course requires students to have a Windows XP Professional computer and VMWare Workstation 4.5.

14-742: Security in Networked Systems
Some of today's most damaging attacks on computer systems involve exploitation of network infrastructure, either as the target of attack or as a vehicle to advance attacks on end systems. This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include network- and transport-layer attacks and defenses; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) detection and reaction; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; content poisoning attacks; and advanced techniques for reacting to network attacks. Prerequisites: Students must have passed Introduction to Information Security (14-741) and Fundamentals of Telecommunication Networks (14-740), or an equivalent set of courses offered at Carnegie Mellon (e.g., 18-730 and 15-441). In addition, solid background in C and UNIX programming will prove helpful for the several assignments this course involves. Please check with the instructor directly if you are concerned about the requirements.

14-810: Applied Cryptography
This course covers materials of modern applied cryptography that are appropriate for information assurance specialists. Applications and their current status of security are primarily focused. Topics include (but are not limited to) provable security, symmetric encryption, asymmetric encryption, one-way functions (aka hashing), digital signature, Public Key Infrastructure, and cryptographic applications for the Internet. As a result of completing this course, students are able to specifically identify cryptographic technologies and their current status concerning security (i.e. how secure or vulnerable they are), and they are able to present the concepts to various types of audiences. Besides the lectures, students engage in "hands-on" assignments that require some programming, discussions concerning the current status of security for selected cryptographic technologies, and practical small lectures on selected cryptographic applications for the Internet. Prerequisites: Introduction to Information Security (14-741).

18-732: Secure Software Systems
Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace -- particularly in the context of web technologies and digital rights management -- system designers are increasingly faced with protecting hosts from foreign software and protecting software from foreign hosts running it. This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Topics covered include the software design process; choices of programming languages, operating systems, databases and distributed object platforms for building secure systems; common software vulnerabilities, such as buffer overflows and race conditions; auditing software; proving properties of software; software and data watermarking; code obfuscation; tamper resistant software; and the benefits of open and closed source development. Prerequisites: Introduction to Information Security (14-741).

90-758: Ethics and Public Policy
This course will introduce students to the basic concepts, principles and theories of ethics and demonstrate the role that these might play in the formation of public policy. The course will also survey various social issues, explore current policies that deal with them and subject these policies to an ethics analysis. Among such issues that will be so addressed are: reproductive rights matters, end-of-life decisions, the death penalty, questions about free speech, information technology, pornography, social and economic justice and policy considerations dealing with environmental issues. The overall aim of the course is to assist students in developing their critical thinking skills and to persuasively argue their position on the ethics of individual public policy programs.

Introduction to Electronic Commerce
Course description to come.

95-705: Telecommunications Management
This course will help students to understand the technical, business, and industry fundamentals necessary for the effective management of organizations that develop, operate, and/or use telecommunications. These issues will be explored in the context of the decisions they influence in areas of strategic telecommunications planning, developing and deploying business applications, procuring and delivering services, and managing technical personnel and processes. Topics will include the underlying technical fundamentals of voice and data networks, the protocols and services built from those fundamentals, industry and regulatory structures and practices, and practical questions that arise from these issues.

The goals are for students to understand the telecommunications technology and industry well enough to make intelligent short-term and long-term business and technical decisions, and to manage technical people wisely and effectively.

95-703: Database Management
Database systems are ubiquitous in today's society, and are an essential productivity tool. The ability to store, access, and manage data in such systems is becoming more and more critical for any organization. Therefore, databases are central to most organizations information system strategies. At any organizational level, users can expect to have frequent contact with database systems. Therefore, skill in using such systems' understanding their capabilities and limitations, knowing how to access data directly or through technical specialists, knowing how to effectively use the information that such systems can provide, and ability in designing new systems and related applications is a distinct advantage and necessity today. The Relational Database Management System (RDBMS) is the predominant type of database systems these days, and is the primary focus of this course.

95-710: Economic Analysis
Economic analysis is critical to successful management of technology, including information technology. Whether you are interested in managing the information resources and technology inside an organization or in formulating a strategy for electronic commerce, the set of tools and analytical perspectives that economics provides play a vital role. The key unifying theme is the analysis of trade-offs in allocating scarce resources, how markets affect these trade-offs and allocate resources and rewards, and the implications of externalities.

After a quick review of the theory of consumer choice and the theory of production, where we will develop the analytical tools, we shall proceed to apply them. We shall study a variety of topics including the pricing of information goods and price discrimination, investment decision making, competition and competitive strategy, markets for information goods and the structure of such markets.