Best Practices Managing Security and Privacy for Cloud Computing (AIT 670)

Dr. Massimiliano Albanese, Department of Applied Information Technology

Fall 2013. Fridays, 4:30 pm - 07:10 pm, Nguyen Engineering Building 1110, Fairfax Campus

Office hours. By appointment

George Mason University

Catalog Description

This course offers a survey of security and privacy issues in Cloud Computing systems, along with an overview of current best practices and available technologies. In this course, we examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure Cloud Computing.

Course Goals

Upon successful completion of this course, students will:


Registration in MS, Applied IT program or permission of Instructor.

Course Format

The course will employ lectures, a mid-term exam to assess progress, and a final exam. Students will be required to write a technical paper on a topic which must be approved in advance by the instructor, and give a presentation at the end of the course.

Textbooks and Reading Materials

Required Textbook

Securing the Cloud

Securing the Cloud
Vic (J.R.) Winkler
ISBN: 978-1-59749-592-9
Syngress, 2011

The required textbook is available electronically through the Safari Tech Books Online collection. You can access this book by following these steps:

Recommended Readings

Recommended readings include publications from standardization bodies such as NIST, government agencies, and the research community. Below is a tentative list of recommended readings.

Additional readings and lecture slides will be made available by the instructor before class.

Course Outline

Below is an outline of the 15 weekly class meetings.

  1. [08-30-2013] - Introduction to the course - Lecture 1: Introduction to cloud computing (Chapter 1)
  2. [09-06-2013] - Lecture 2: Overview of networking concepts
  3. [09-13-2013] - Lecture 3: Overview of security concepts
  4. [09-20-2013] - Lecture 4: Cloud computing architecture (Chapter 2)
  5. [09-27-2013] - Lecture 5: Security Concerns and legal aspects (Chapter 3)
  6. [10-04-2013] - Lecture 6: Securing the cloud: architecture (Chapter 4) - Review session
  7. [10-11-2013] - Data center tour [tentative] - Mid-term exam
  8. [10-18-2013] - Lecture 7: Securing the cloud: data (Chapter 5)
  9. [10-25-2013] - Lecture 8: Securing the cloud: key strategies and best practices (Chapter 6)
  10. [11-01-2013] - Lecture 9: Security criteria: building an internal cloud (Chapter 7)
  11. [11-08-2013] - Lecture 10: Security criteria: selecting an external cloud provider (Chapter 8)
  12. [11-15-2013] - Lecture 11: Evaluating cloud security: an information security framework (Chapter 9)
  13. [11-22-2013] - Lecture 12: Operating a cloud (Chapter 10) - Review session
  14. [12-06-2013] - Student presentations
  15. [12-13-2013] - Final exam

Course Tools

The following tools will be used in this course.

Additional Resources & Information

Below is a list of additional and useful resources.

Grading Policy

Grading will be based on class participation, assignments, and exams. Points for course activities will accrue as follow:

Activity Points
Class participation (≠ class attendance) 150
Mid-term exam 150
Presentation 100
Term paper 150
Final exam 150
Total 700

Final letter grades are assigned as follows. Breakpoints may be adjusted depending on overall class performance.

Point % range Letter grade
97% - 100% A+
93% - 96.9% A  
90% - 92.9% A- 
87% - 89.9% B+
83% - 86.9% B  
80% - 82.9% B- 
77% - 79.9% C+
73% - 76.9% C  
70% - 72.9% C- 
67% - 69.9% D+
63% - 66.9% D  
60% - 62.9% D- 
  0% - 59.9% F  

Students who wish to recover credits lost in other course activities can volunteer to give short presentations (4-5 content slides, 8-10 minutes) on a topic of their choice. Each short presentation will earn up to 30 points, for a maximum of two presentations per student during the entire course. Students must notify the instructor in advance of their intention to give a short presentation. Time and topic of the presentation must be approved by the instructor.

Regular attendance is strongly recommended. Students will be held responsible for all material covered in class. Exams are given on the dates specified on the course schedule. Absence from taking any exam will result in a score of zero, unless cleared in advance with the instructor and arranged for a makeup session. Excusable absences are normally related to unavoidable and documented emergency situations.

Valid XHTML 1.0 Transitional Valid CSS!