UNIVERSITY OF GUJRAT

Course Outline

Course Code: CS-324 Course Description: Information Security

BOS Meeting Date: BOS Meeting Count:
Status: Active Is Lock: Un-Locked
Course Outline:

Sixteen Week Plan

Department of Computer Science
Faculty of Computing & Information Technology
Hafiz Hayat Campus, University of Gujrat
Title
Information Security
Code
CS-324
Credit hours
3.0
Prerequisite
Nil
Category
CS-Core
Course Description
--
Aims & Objectives
• The course will provide the student with an understanding of the principles of information security
management that are commonly used in business.
• It will introduce the student to commonly used frameworks and methods and explore critically the
suitability and appropriateness of these for addressing today's organizational security needs.
Learning Outcomes
• The successful participant will:
• have an understanding of the key themes and principles of information security management and be able to
apply these principles in designing solutions to managing security risks effectively;
• understand how to apply the principles of information security management in a variety of contexts;
• have an appreciation of the interrelationship between the various elements of information security
management and its role in protecting organizations.
Text Book A- M. Whitman and H. Mattord, “Principles of information security” Boston, Mass.: Thomson
Course Technology, 2003
Reference Books
&
Material
• Computer Security: Principles and Practice, 3rd edition by William Stallings
• Computer Security, 3rd edition by Dieter Gollmann
• Computer Security Fundamentals, 3rd edition by William Easttom
B- Official (ISC)2 Guide to the CISSP CBK, 3rd edition
Lecture Slides Provided by Instructor
Grading Breakup and Policy
Assignment/ Presentation (s): 10% Quizzes: 5%
Project: 10% Midterm Examination: 25% Final Examination: 50%
Week#
Lecture #
TOPICS
Source
(Book, Chapter No)
Recommendations
for Learning
Activities
(Mention Assignments, Test, Case Study, Projects, Lab Work or Reading Assignments)
1
1
CHAPTER 1
? Introduction to Information Security
? The History of Information security
? Key Information Security Concepts
? Critical Characteristics of Information
? CNSS Security Model
? Components of an Information System
? Balancing Information Security and Access
? Approaches to Information Security Implementation
CH-1 – Book A
2
? Security Professionals and the Organization
? Communities of Interest
? Information Security: Is it an Art or a Science?
? Case Exercises
CH-1 – Book A
2
3
CHAPTER 2
• The Need for Security
? Threats
? Compromises to Intellectual Property
? Deliberate Software Attacks
? Deviations in Quality of Service.
? Espionage or Trespass
? Forces of Nature
CH-2 – Book A
4
? Human Error or Failure
? Information Extortion.
? Missing, Inadequate, or Incomplete Organizational Policy or Planning
? Missing, Inadequate, or Incomplete Controls
? Sabotage or Vandalism
? Theft
? Technical Hardware Failures or Errors
? Technical Software Failures or Errors.
? Technological Obsolescence
CH-2 – Book A
3
5
? Attacks
? Malicious Code
? Hoaxes
? Back Doors
? Password crack
? Brute Force
? Dictionary
CH-2– Book A
Assignment 1
? Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
? Spoofing
? Man-in-the-Middle
? Spam.
? Mail Bombing
? Sniffers
? Social Engineering
? Pharming
? Timing Attack
6
CHAPTER 3
• Legal, Ethical, and Professional Issues in Information Security
• Law and Ethics in Information Security.
• International Laws and Legal Bodies
• Pakistan Cyber Crime Law
CH-3– Book A
Quiz 1
4
7
• Ethics and Information Security
• Codes of Ethics and Professional Organizations
CH-3– Book A
8
CHAPTER 4
• Risk Management
• An Overview of Risk Management
• Risk Identification
• Risk Assessment
CH-4– Book A
5
9
• Risk Control Strategies
• Risk Assessment
Ch-4 – Book A
10
? Risk Management discussion Points
? Quantitative Versus Qualitative Risk Control Practices
CH-4 Book A
6
11
? Security technology
? Intrusion Detection
? Prevention Systems
? Why Use an IDPS?
? Types of IDPS
? Strengths and Limitations of IDPSs
? Measuring the Effectiveness of IDPSs
CH-6-7 Book A
Assignment 2
12
? Honeypots, Honeynets, and Padded Cell Systems
? Scanning and Analysis Tools
? Operating System Detection Tools
?
Quiz 2
7
13
? Port Scanners
? Firewall Analysis Tools
? Packet Sniffers
? Wireless Security Tools
14
• Biometric Access Controls. .
• Acceptability of Biometrics
8
15
Revision
16
Midterm Exam
9
17
CHAPTER 8
? Cryptography
? Cipher Methods
? Substitution Cipher
? Transposition Cipher
? Exclusive OR.
? Vernam Cipher
? Book or Running Key Cipher
? Hash Functions
CH-8– Book A
18
? Cryptographic Algorithms.
? Symmetric Encryption
? Asymmetric Encryption
? Examples.
? Encryption Key Size
CH-8 – Book A
10
19
? Cryptographic Tools
? Public-Key Infrastructure (PKI)
? Digital Signatures
? Digital Certificates
? Hybrid Cryptography Systems.
? Steganography
CH-8- – Book A
20
• DES
Notes
11
21
? Protocols for Secure Communications
? Securing Internet Communication with S-HTTP and SSL.
? Securing E-mail with S/MIME, PEM, and PGP.
CH-8 – Book A
22
? Securing Web Transactions with SET, SSL, and S-HTTP.
? Securing Wireless Networks with WEP and WPA
? Securing TCP/IP with IPSec and PGP.
CH-8 – Book A
12
23
? IP Security
? Internetworking and Internet Protocol
? IP Security Overview
? IPSec Services
?
CH-8 – Book A
Quiz 3
24
? Attacks on Cryptosystems.
? Man-in-the-Middle Attack.
? Correlation Attacks
? Dictionary Attacks
? Timing Attacks
? Defending Against Attacks
CH-9 – Book A + Notes
Assignment 3
13
25
? Physical Access Controls
? Physical Security Controls
? Fire Security and Safety
? Fire Detection and Response
? Failure of Supporting Utilities and Structural Collapse
? Heating, Ventilation, and Air Conditioning
? Power Management and Conditioning
? Water Problems
? Structural Collapse
? Maintenance of Facility Systems
CH-9 – Book A + Notes
26
? Mobile and Portable Systems.
? Remote Computing Security.
? Special Considerations for Physical Security
? Inventory Management. .
? key physical security considerations
Notes
Quiz 4
14
27
? Firewalls
Notes
Assignment 4
28
? firewalls
Notes
15
29
? IDs
Notes
30
? Law, investigations and ethics
Notes
16
31
? Presentations
Final Presentation
32
? Discussion
? Critical Discussion and Review of Content Studied
Discussion
Final Exam