Technology has penetrated almost every aspect of our personal and business interactions. Surprisingly, most people still fail to understand the potentially catastrophic consequences of security breaches in digital systems. That failure of understanding makes humans the weakest link in the chain of information security (IS). Although IS is a relatively new field of computer science, it has already had a profound impact on business, a direct result of the interconnected nature of the World Wide Web. With each passing day, from bank accounts to refrigerators, we are becoming increasingly electronically interlaced. The field of information security covers all activity in this fast-growing and quickly changing aspect of modern electronic life, including cryptography and its study of ancient ciphers and modern public-key (asymmetric) cryptosystems, secure software development, Web application security, and denial of service (DoS) attacks. Needless to say, information security is an exciting field to be involved with at this point in time.
A typical information security course may involve any combination of the following topics:
- Cryptography, Cryptanalysis and their Quantum Equivalents
- Operating Systems Security
- Network Security
- Secure Software Development
- Web Application Security
- Access Control (AAA - Authentication, Authorization, Availability)
- Social Engineering
- Penetration Testing and Ethical Hacking
- Security Policies
- Computer Forensics
- Vulnerability Assessment
- Disaster Recovery Planning and Business Continuity
- Security Economics
Schneier's Applied Cryptography offers a great introduction to cryptography from a developer's perspective while Ferguson's Practical Cryptography achieves the same goal without focusing on code. Anderson's Security Engineering is often quoted as the bible of information security, offering an extremely wide coverage of diverse topics in sufficient depth, while presenting numerous real world incidents. You can always stay up to date with the field by visiting Security Focus and SearchSecurity, or Schneier's blog for some insightful essays. For academic resources you should look into conference proceedings and journals published by ACM, IEEE, Springer, Elsevier, and Google Scholar, or some of the top computer science departments offering security courses such as Stanford, MIT, and CMU.
To fulfill our mission of helping students learn, our online tutoring centers are standing by 24/7, ready to assist students who need help with homework, concepts, skills, or preparing for an exam in information security.