1

.
DEPARTMENT OF
ARTIFICAL INTELLIGENCE AND DATA SCIENCE

COURSE PLAN-THEORY

Course Code CW3551

Course Name DATA AND INFORMATION SECURITY
Regulation R2021
Name of the Course Instructor(s) Dr. R. Deepalakshmi
Name of the Course Coordinator Dr. R. Deepalakshmi
Academic Year 2025-2026 (ODD)
Branch / Year / Semester AI&DS | III | V
Date of Commencement of Class 04.08.2025
Date of Completion of Class
Revision No 0

Prepared By, Verified By,

[Link] [Link]
Professor and Head, AI&DS Professor&Head-AI&DS

Approved By,
Dr. S. Durairaj,
Principal

SYLLABUS
DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE
Academic Year: 2025-2026 Odd Semester
 2

COURSE
COURSE NAME L T P C
CODE
CW3551 DATA AND INFORMATION SECURITY 3 0 0 3
COURSE OBJECTIVES :
● To understand the basics of Information Security
● To know the legal, ethical and professional issues in Information Security
● To equip the students’ knowledge on digital signature, email security and web security
UNIT I INTRODUCTION 9
History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security Model,
Components of an Information System, Securing the Components, Balancing Security and Access, The SDLC,
The Security SDLC
UNIT II SECURITY INVESTIGATION 9
Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues – An Overview of
Computer Security - Access Control Matrix, Policy-Security policies, Confidentiality policies, Integrity
policies and Hybrid policies
UNIT III DIGITAL SIGNATURE AND AUTHENTICATION 9
Digital Signature and Authentication Schemes: Digital signature-Digital Signature Schemes and their Variants-
Digital Signature Standards-Authentication: Overview- Requirements Protocols - Applications - Kerberos -
X.509 Directory Services
UNIT IV E-MAIL AND IP SECURITY 9
E-mail and IP Security: Electronic mail security: Email Architecture -PGP – Operational DescriptionsKey
management- Trust Model- S/[Link] Security: Overview- Architecture - ESP, AH Protocols IPSec Modes –
Security association - Key management.
UNIT V WEB SECURITY 9
Web Security: Requirements- Secure Sockets Layer- Objectives-Layers -SSL secure communication- Protocols
- Transport Level Security. Secure Electronic Transaction- Entities DS Verification-SET processing.
TOTAL: 45 Periods
CONTENT BEYOND SYLLABUS:
Unit II: Zero Trust Architecture: A New Paradigm in Enterprise Security, Unit III: Blockchain-based
Authentication and Decentralized Identity (DID)
COURSE OUTCOMES:
Upon successful completion of this course, students will be able to:
CO1: Understand the basics of data and information security
CO2:Understand the legal, ethical and professional issues in information security
CO3: Understand the various authentication schemes to simulate different applications.
CO4:Understand various security practices and system security standards
CO5:Understand the Web security protocols for E-Commerce applications
TEXT BOOKS:
T1. Michael E Whitman and Herbert J Mattord, “Principles of Information Security, Course Technology, 6th
Edition, 2017.
T2. Stallings William. Cryptography and Network Security: Principles and Practice, Seventh Edition, Pearson
Education, 2017.
REFERENCES:
R1. Harold F. Tipton, Micki Krause Nozaki, “Information Security Management Handbook, Volume 6, 6th
Edition, 2016.
R2. Stuart McClure, Joel Scrambray, George Kurtz, “Hacking Exposed”, McGraw- Hill, Seventh Edition,
2012.
R3. Matt Bishop, “Computer Security Art and Science, Addison Wesley Reprint Edition, 2015.
R4. Behrouz A Forouzan, Debdeep Mukhopadhyay, Cryptography And network security, 3 rd Edition, .
McGraw-Hill Education, 2015.

PLAN OF DELIVERY

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 3

CW3551 DATA AND INFORMATION SECURITY

Sl. Topic Covered Ref. Page No Hours Cumu Teaching Innovative

No Book lative Aid Teaching
Code Hours Methodology (If
any)
UNIT-I INTRODUCTION
1. History of Information T1 1 – 15 1 1 PPT,
Security Timeline
2. What is Information Security? T1 16 – 30 1 2 Diagrams Real-life examples
discussion
3. Critical Characteristics of T1 31 – 50 1 3 Diagrams, Quiz on CIA triad
Information Videos concepts
4. NSTISSC Security Model T1 51 – 70 1 4 Diagrams
(McCumber Cube)
5. Components of an Information T1 71 – 90 1 5 Charts Group activity
System identifying
components
6. Securing the Components T1 91 – 110 1 6 Flowcharts Presentation on
securing
components
7. Balancing Security and Access R1 120 – 140 1 7 Case
studies
8. SDLC (System Development T1 141 – 160 1 8 Diagrams,
Life Cycle) Videos
9. Security SDLC (SecSDLC) T1 91 – 110 1 9 Flowcharts Security checklist
creation
UNIT-II SECURITY INVESTIGATION
10. Need for Security T1 31–40 1 10 PPT,
Newspaper
clips
11. Business Needs T1 41–50 1 11 Charts, Role
play
12. Threats (Part 1) R2 15–25 1 12 Mind maps Threat mapping
exercise
13. Threats (Part 2) T2 121–145 1 13 Videos, Malware simulation
Diagrams demo
14. Attacks T1 51–70 1 14 Flowcharts
15. Legal, Ethical & Professional R1 252–260 1 15 Case Law
Issues Handouts
16. Professional Issues R1 261–276 1 16 Posters, Debate: White hat vs
Scenarios Black hat ethics
17. Overview of Computer T1 81–95 1 17 Diagrams,
Security Quiz
18. Access Control Matrix & T1 111–125 1 18 Matrix table, Policy drafting
Policies Use case activity
UNIT-III DIGITAL SIGNATURE AND AUTHENTICATION
19. Introduction to Digital Signature T2 350–354 1 19 PPT,
Diagrams
20. Digital Signature Schemes T2 354–361 1 20 Flowcharts,
Board work
21. Variants of Digital Signature R3 420–428 1 21 Chart
22. Digital Signature Standards T2 362–368 1 22 Official
(DSS) PDFs,
Charts
23. Authentication Overview T1 145–160 1 23 Charts, Quiz 2FA demonstration

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 4

Sl. Topic Covered Ref. Page No Hours Cumu Teaching Innovative

No Book lative Aid Teaching
Code Hours Methodology (If
any)
24. Authentication Requirements T2 370–375 1 24 Whiteboard
discussion
25. Authentication Protocols T2 375–380 1 25 Protocol Protocol walkthrough
diagrams
26. Kerberos T2 381–390 1 26 Animation, Kerberos ticket
Flowchart generation role-play
27. X.509 Directory Services T2 391–400 1 27 Certificate X.509 format
examples analysis
UNIT-IV E-MAIL AND IP SECURITY
28. Email Security – Architecture T2 520–530 1 28 PPT, Email header analysis
Diagrams exercise
29. Pretty Good Privacy (PGP) T2 531–538 1 29 PGP PGP signing and
screenshots encryption demo
30. PGP – Operational Descriptions T2 538–543 1 30 Flowchart
31. Key Management in Email T2 544–550 1 31 Table
comparisons
32. Trust Model T2 550–552 1 32 Diagrams
33. S/MIME T2 553–558 1 33 Comparison Practical demo with
chart Outlook/Thunderbird
34. IP Security Overview T2 620–625 1 34 PPT, Video
35. ESP & AH Protocols, Modes T2 626–633 1 35 Packet
examples
36. Security Associations & Key T2 634–640 1 36 Flowcharts
Management
UNIT-V WEB SECURITY
37. Web Security Requirements T1 360–370 1 37 Diagrams,
Video Demo
38. SSL – Introduction T2 665–670 1 38 PPT, Live site inspection
HTTPS using browser tools
demonstratio
n
39. SSL Objectives T2 670–675 1 39 Layer Student-led case
diagrams reviews of HTTPS
failures
40. SSL Layers T2 675–680 1 40 Flowcharts
41. SSL Secure Communication T2 680–685 1 41 Certificate
examples
42. Transport Layer Security T2 686–690 1 42 Comparison
chart
43. Secure Electronic Transaction R3 450–455 1 43 Diagram,
(SET) Case study
44. SET Entities & DS Verification R3 456–460 1 44 Entity flow Group activity:
diagram roleplay as entities
45. SET Transaction Processing R3 460–465 1 45 Sequence
diagrams
Content Beyond Syllabus
46. Unit II: Zero Trust Architecture: Web Material 1 46 PPT slides
A New Paradigm in Enterprise
Security
47. Unit III: Blockchain-based 1 47 Short demo
Authentication and Decentralized
Identity (DID)
Content Beyond Syllabus

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 5

Sl. Topic Covered Ref. Page No Hours Cumu Teaching Innovative

No Book lative Aid Teaching
Code Hours Methodology (If
any)
Title 1 (Related to Unit II: Security Investigation)
Title: "Zero Trust Architecture: A New Paradigm in Enterprise Security"
 Relation to Syllabus: Extends the topic of Access Control Matrix and Security Policies.
 Why Beyond: The Zero Trust model challenges the traditional perimeter-based security model taught in the syllabus by
assuming breach and verifying each request as if it originates from an open network.
 Learning Outcome:
o Understand Zero Trust principles.
o Compare with traditional models like DAC, MAC, and RBAC.
o Explore implementation in real-world IT infrastructures (Google BeyondCorp).
 Suggested Activity: Group presentation or roleplay simulating a Zero Trust-based enterprise security workflow.
Title 2 (Related to Unit III: Digital Signature and Authentication)
Title: "Blockchain-based Authentication and Decentralized Identity (DID)"
 Relation to Syllabus: Advances the understanding of Digital Signatures and X.509 Certificates.
 Why Beyond: Introduces cutting-edge use of cryptographic primitives in decentralized systems, surpassing the
centralized CA model.
 Learning Outcome:
o Understand how blockchain ensures tamper-proof authentication.
o Learn about Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
o Evaluate security, scalability, and privacy in decentralized identity systems.
 Suggested Activity: Hands-on demo using tools like uPort or Sovrin, or case study on Aadhaar vs. DID.

ASSESSMENT PLAN

ASSESSMENT SCHEDULE-TEST

TEST PORTION FOR DATE

TEST
NO. TEST PLANNED CONDUCTED
Internal I UNIT I and UNIT II
Assessment
II UNIT III and UNIT IV
Test
I UNIT I
Class Test
II UNIT III

ASSESSMENT SCHEDULE-ASSIGNMENT

Assignment No Mode Group Date of

/Common/Individual Submission
I Written Individual
II Seminar Individual

ASSESSMENT PATTERN

ITEM WEIGHTAGE
Continuous Assessment-I 40 40
Internal Assessment Test – I 60
Continuous Assessment-II 40
Internal Assessment Test – II 60
End Semester Examination 60
Total 100

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 6

.
DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE
ACADEMIC YEAR 2025-2026 (ODD SEMSTER)

ASSIGNMENT I
(MODE: WRITTEN | SEMINAR)

Branch | Year | Semester : AI&DS |III|V

Course Code | Name : CW3551 DATA AND INFORMATION SECURITY
Maximum Marks : 20
Rubrics 1. Presentation & Neatness 10 marks
2. References 5 marks
3. Timely Submission 5marks
General Instructions Group Size: 5 students per group (Total: 11 groups).
Topic: Topics are strictly based on Unit I and Unit II of the
syllabus.
Length: Minimum: 8 full A4-sized pages Maximum: 10
[Link] below 8 pages will face mark deductions.

[Link] Group No. Assignment Topic Mapped Unit

1. Analyze the Critical Characteristics of Information and How
Group 1 Unit I
They Impact Modern Cybersecurity
2. Examine the NSTISSC Security Model and Its Application in
Group 2 Unit I
Current Information Systems
3. Discuss the Security SDLC Phases and Their Role in
Group 3 Unit I
Designing Secure Systems
4. Evaluate the Balance Between Security and Access in
Group 4 Unit I
Enterprise Information Systems
5. Explain the Need for Information Security in Today’s Digital
Group 5 Unit II
Business Environment
6. Classify and Analyze Different Types of Threats and Attacks
Group 6 Unit II
in Information Systems
7. Explore the Legal, Ethical, and Professional Issues in
Group 7 Unit II
Information Security
8. Explain the Role of Security Policies: Confidentiality,
Group 8 Unit II
Integrity, and Hybrid Policies with Examples
9. Design and Justify a Basic Access Control Policy Using
Group 9 Unit II
Access Control Matrix Model
10. Explain the Components of an Information System and How
Group 10 Unit I
to Secure Each Component
11. Develop a Comparative Study on Security Policy Types and
Group 11 Unit II
Their Implementation in Real-World Scenarios

Course Instructor Principal

Dr. R. Deepalakshmi Dr. S. Durairaj
HoD-AIDS

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 7

.
DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE
ACADEMIC YEAR 2025-2026 (ODD SEMSTER)

ASSIGNMENT II
(MODE: WRITTEN | SEMINAR)

Branch | Year | Semester : AI&DS |III|V

Course Code | Name : CW3551 DATA AND INFORMATION SECURITY
Maximum Marks : 20
Rubrics Content Quality 10
Presentation Skills 5
References & Timeliness 5
General Instructions Content: Cover the assigned topic thoroughly, including
introduction, main content, and conclusion. Use clear and
precise language.
References: Cite at least 3 credible sources (textbooks, journals,
or official websites

S.N
Seminar Title Unit
o
1 Digital Signatures: Definition and Importance Unit III
2 Types of Digital Signature Schemes Unit III
3 DSS vs RSA: A Comparative Study Unit III
4 Role of Hash Functions in Digital Signatures Unit III
5 Vulnerabilities in Digital Signature Systems Unit III
6 Digital Signature Process: Signing and Verification Unit III
7 Fundamentals of Authentication in Security Unit III
8 Authentication Protocols in Network Security Unit III
9 Nonce and Timestamp in Authentication Unit III
10 Mutual Authentication and Its Use Cases Unit III
11 Kerberos Authentication System Unit III
12 Advantages and Disadvantages of Kerberos Unit III
13 Comparison of Ticket-Based Authentication Systems Unit III
14 X.509 Directory Services: Features and Architecture Unit III
15 Certificate Revocation and Trust in X.509 Unit III
16 Challenges in Managing Digital Certificates Unit III
17 Integrity and Non-repudiation via Digital Signatures Unit III
18 One-Way vs Two-Way Authentication Unit III
19 Architecture of Email Systems Unit IV
20 Working of PGP (Pretty Good Privacy) Unit IV
21 PGP: Confidentiality and Authentication Mechanisms Unit IV
22 Key Management in PGP Unit IV
23 Limitations of PGP in Enterprises Unit IV
24 Overview of S/MIME and Comparison with PGP Unit IV
25 Trust Models in S/MIME Unit IV
26 Operational Workflow of S/MIME vs PGP Unit IV
27 Introduction to IP Security (IPSec) Unit IV
28 IPSec Architecture Overview Unit IV

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester
 8

29 AH vs ESP in IPSec Unit IV

30 Transport vs Tunnel Mode in IPSec Unit IV
31 Security Association (SA) in IPSec Unit IV
32 Key Management Techniques in IPSec Unit IV
33 Deployment Challenges of IPSec Unit IV
34 Application-Layer vs Network-Layer Security Unit IV
35 End-to-End Protection Using IPSec Unit IV
36 IPSec and VPN Implementation Unit IV
37 Requirements for Web Security Unit V
38 Secure Socket Layer (SSL): Objectives and Functionality Unit V
39 SSL Handshake Protocol Unit V
40 SSL vs TLS: Security Comparison Unit V
41 SSL Communication Layers Unit V
42 Client-Server Communication Security Using SSL Unit V
43 Role of Digital Certificates in SSL Unit V
44 TLS and Its Improvements Over SSL Unit V
45 Preventing MITM Attacks with TLS Unit V
46 Secure Electronic Transaction (SET): Introduction Unit V
47 SET Protocol Entities Unit V
48 SET Transaction Flow Unit V
49 SET vs SSL for E-Commerce Security Unit V
50 Limitations of SET in Modern Systems Unit V
51 Digital Signature Verification in SET Unit V
52 SET in Mobile Payment Systems Unit V
53 Session Hijacking and SSL/TLS Defense Unit V
54 Web Security Vulnerabilities Despite SSL/TLS Unit V
55 Multi-Layered Web Security Strategies Unit V

Course Instructor Principal

Dr. R. Deepalakshmi Dr. S. Durairaj
HoD-AIDS

DEPARTMENT OF ARTIFICAL INTELLIGENCE AND DATA SCIENCE

Academic Year: 2025-2026 Odd Semester