pchapin's CIS-4040 Computer Security, Fall 2017


Peter C. Chapin. Office: BLP-414 on the Williston campus. Office hours are by appointment. Phone: 802-879-2367 (voice mail active). Email: PChapin@vtc.vsc.edu. I will usually respond to email within 24 hours, not including weekends or holidays. Email is the best way to contact me. I am also sometimes on Skype under the ID pchapin, or on the FreeNode IRC network under the nickname pcc.

Course Description

The official course outline lists high level course objectives and content.

Computer security is a broad subject that can be treated on many levels. The topics covered in this course are intended to be useful to you in the long term by giving you the background you need to understand and evaluate security issues. We won't be covering the latest Windows vulnerability or Linux exploit. We won't be talking about how to change passwords or configure a secure web server. Instead we will cover the underlying principles of computer security that apply to a wide range of situations. After taking this course you will be better able to understand the reason why certain things are done and better able to evaluate new security threats and the technologies that protect against them.

As is typical for VTC courses, this course attempts to balance theory and practice. While we won't necessarily be looking at specific exploits, we will spend some time talking about how security issues are handled in the real world. We will look at how encryption technology is used, how some actual secure network protocols work, and how real life intrusion detection systems work (for example). However, it is important to understand that there is a body of knowledge about security theory as well. Although we will not delve into the theory to a great extent in this course, we will discuss some aspects of the theory so that you are at least aware of its existence.


This course will draw from a wide variety of background material. Your knowledge of networking and system administration will be important. This is not a programming course, but we will be referring to programming concepts in some cases. Also some concepts from your math courses, particularly discrete math, should be useful.


The text is Cryptography and Network Security by William Stallings (seventh edition). This book covers many of the topics I intend to discuss, however the balance of topics it uses is a bit different than what I will use. The book spends over half of its pages talking about cryptography and related technologies. Cryptography is an important tool in the computer security field, and we will spend a fair amount of time discussing it. However, I intend to spend only about 25–30% of the course (at the most) on the subject. Also there are some topics that I want to cover, notably in the area of writing secure software that the book does not cover at all.

I have created an email distribution list for the class. I will use this list to distribute announcements and other supplementary materials. Be sure to check your mail regularly (daily) or you might miss something important. If you send a question in email directly to me, I may reply to my distribution list if I think that others would benefit from my answer. If you would rather I did not reply to the list you should say so in your message.

My home page contains various documents of general interest.

Grading Policy

I grade on a point system. Each assignment is worth a certain number of points. At the end of the semester I total all the points you earned and compare that to the total number of possible points. In this course there are three components to your grade.

  1. Homework. 10 pts/each. There will be approximately twelve assignments during the semester for a total of 120 points. You will have approximately one week to do each assignment.

  2. Exam. 50 pts. There will be one exam. It will be a take home exam given during the final exam period.

When doing the exam you can use any resources available to you except that you can not consult with other students about exam questions nor post questions related to the exam on Internet forums or mailing lists (it is okay to read existing posts, however). If you have questions about the exam, please contact me.

For homework you can discuss the questions with other students and post questions related to the assignments in on-line forums. However, you should still do your own work. See the section on "Copying Policy" below for more information.

I will not formally take attendance, but I will notice people who seem "disengaged" in the class. Although attendance is not specifically part of my grading policy it will, like other intangible items such as "professionalism," play a role in how likely I am to round up borderline grades.

Late Policy

Roughly, late submissions are not accepted. If something comes up that prevents you from handing in an assignment on time, contact me, before the deadline if at all possible, to discuss your issue. As a practical matter I can accept a late submission if I have neither distributed a solution nor graded the assignment. Since either of those things can happen at any time after the due date, you should plan on submitting all materials on time.

Copying Policy

I encourage you to share ideas with your fellow students so I won't be shocked to learn that you've been talking with someone about an assignment. In fact if you worked closely with someone else you should make a note on your submission that mentions the names of your associates.

However, I do ask you to do your own work in your final submissions. If two submissions exhibit what I feel to be "excessive similarity" I will grade the submissions based on merit and then divide the grade by two, assigning half the grade to each submission. If I receive more than two excessively similar submissions I will divide the grade by the number of such submissions and distribute the result accordingly.

Since "excessive similarity" is a bit subjective, I may only give you a warning if the similarity is not too excessive—especially for a first offense. However, I do keep records on when I find excessive similarity and I will be much less inclined to be forgiving if I discover it again. If you are concerned about the possibility of submitting something that might be too similar to another student's work, don't hesitate to speak with me first.

If you find material on the Internet or in a book that seems to answer questions I ask in an assignment, you may include such material in your submission provided you properly reference it. If I discover that you have included unreferenced material from such sources, I may not give you any credit for the question(s) answered by such material. You do not need to provide a reference to our text book or to materials I specifically provide in class.

Other Matters

Students with disabilities may request accommodation as provided within federal law. All such requests should be made by first contacting Robin Goodall, Learning Specialist, in the Center for Academic Success on the Randolph campus. She can be reached by phone at (802) 728-1278 or by email at rgoodall@vtc.edu.

Last Revised: 2017-05-25
© Copyright 2017 by Peter C. Chapin <PChapin@vtc.vsc.edu>