Topic outline

• General
  

  General

  • Announcements Forum
• Welcome Announcement
  

  Welcome Announcement

  
  

  
  

  Dear Students

  Welcome to your Information Security class. We'll discuss our class, generate ideas and solve our problem through this platform. Hope you'll have a great Experience. 

  Good Luck!!! 

  
  

  Course Instructor:

  
  

  
  

  
  

  Md Mizanur Rahman

  Lecturer

  Office: Room #807(C), AB4 Building, Daffodil Smart City

  Cell Number# +880 1954597608

  Email: mizanurrahman.cse@diu.edu.bd

  Counselling Hour: Saturday-Wednesday (10:00AM -4:00 PM)

  
  

  
  

  
  

  
  
• Welcome to Information Security Course
  

  Welcome to Information Security Course

  
  

  
  

  Basic Information:
  

  Course Code: CSE 423

  Course Title: Information Security

  Program: B.Sc in Computer Science and Engineering

  Faculty: Science and Information Technology

  Semester: Spring; Year: 2023

  Credit: 3.0; Contact Hour: 2 Hours/ Week

  Course Category: Core Engineering

  Course Instructor:
  

  Md Mizanur Rahman

  Lecturer

  Office: Room #807(C), AB4 Building, Daffodil Smart City

  Cell Number# +880 1954597608

  Email: mizanurrahman.cse@diu.edu.bd

  Counselling Hour: Saturday-Wednesday (10:00AM -4:00 PM)

  
  

  
  

                          

   

  Course Rationale:

  Information security — or infosec — is the protection of information by people and organizations in order to keep information safe for themselves, their company, and their clients. Every organization needs protection against cyber-attacks and security threats. Cybercrime and malware are constant threats to anyone with an Internet presence, and data breaches are time-consuming and expensive. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.

  
  

   

  Course Objectives:

  To provide a solid conceptual understanding of the fundamentals of Information Security. More specifically,

  -To learn basics of information security, in both management aspect and technical aspect.

  -To learn various types of security threats and attacks

  -To learn basics of Security risks and Management process

  -To learn ways to manage, detect and response to incidents and attacks.

  -To learn the benefits of AI and ML in the field of Information Security

  -To learn basics of application of cryptography which are one of the key technology to implement security  functions.                                        

  -To learn the Legal and Ethical issues in information security

  Course Learning Outcomes (CLO's):

  CLO1	Interpret the components, tools and techniques of Information Security systems
  CLO2	Analyze various Information security threats, risks and propose controls for it.
  CLO3	Explain the Ethical issues and Laws in the field of Information Security

  Assessment Strategies:
  

  
  

  • Students Interest Survey!!! URL

    Mark as done

    Lets see How interested you are to Learn!!!

  • Course Outline File

    Mark as done
  • Text Book

    • Principles of Information Security -Michael E. Whitman, Herbert J. Mattord, Fourth Edition [Download]
    • Ethical Hacking and Countermeasures, Version11 -EC Council [Download]
      
  • PO's for Outcome Based Education(OBE) File

    Mark as done
• Week - 1: Information Security and It’s Elements
  

  Week - 1: Information Security and It’s Elements

  
  

  
  

  Discussion Points: 

  • Introduction of information security • Principles of Security (CIA Triad)
  • Five major Elements (Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation)
  •  What is 'Attack' in information security
  •  Classification of Attack (Active, Passive, Close-in Attack, Insider Attack and Distribution Attacks)
  • Information Warfare

  Expected Learning Outcomes:

  • Recognize the networking models used for seamless communication among computer user.
  • Find out how layered model communication functions can be organized and be very successful in communication.
  • Differentiate between OSI and TCP/IP models.

  Resources of Learning:

  • Lecture material Slide [ Download]
  • Book Chapter reference [Download]

  
  
  

  • Open Discussion Forum

    Mark as done
• Week - 2: Ethical Hacking and Concept
  

  Week - 2: Ethical Hacking and Concept

  
  

  Discussion Points: 

  • What and who is Hacker
    
  • Hacker Classes (White, Black Gray)
    
  • Cyber Attack
    
  • Difference between Cyber security and Information Security
    
  • Art and philosophy of hackers
    
  • Story of Hacking

  Expected Learning Outcomes:

  • Recognize the concept of analog and digital signals and their use in day to day communication.
  • Identify which transmission impairments cause problems in communication and their remedies.
    
  •  Appreciate the importance of date rate limits in communication and performance measurement.
    

  Resources of Learning:

  • Lecture Slide [Download]
  • Lecture Book reference [Download] 

  • Open Discussion (Week-2) Forum

    Mark as done
• Week - 3: Security Risk Management
  

  Week - 3: Security Risk Management

  
  

  Discussion Points: 

  • What is Risk, Purpose, Risk Level
    
  • Identification of Assets
    
  • Identification of Key Risk Indicators (KRIs)
    
  • Identification of Risk-Scenarios
    
  • Relationship between Vulnerabilities and Risk Scenarios bared on Assets
    
  • Risk Frequency Evaluation
    
  • Likelihood Scale
    
  • Risk frequency based on Risk Scenarios on assets if vulnerability

  Expected Learning Outcomes:

  • Recognize the digital transmission technologies used for modern communication.
    
  • Identify and differentiate among various digital to digital, analog to digital conversion techniques.
  • Appreciate what important role transmission modes play in digital communication.
    

  Resources of Learning:

  • Lecture Slide [Lesson-1] 
  • Book Reference [Download] 

  • Open Discussion (Week-3) Forum

    Mark as done
• Week - 4: Security Risk Management(Contd.)
  

  Week - 4: Security Risk Management(Contd.)

  
  

  Discussion Points: 

  • Risk Analysis
    
  • Impact Scale
    
  • Risk Rating Table
    
  • Risk Determination
    
  • Risk Rating Matrix and calculation
    
  • Classification of Risk Triggers
    
  • Business Impact Analysis (BIA)
    
  • Estimated Downtime
    
  • Recovery Point Objective

  Expected Learning Outcomes:

  • Recognize the analog transmission technologies used for modern communication.
  • Identify and differentiate among various digital to analog, analog to analog conversion techniques.
  • Appreciate what important role modulation techniques play in communication.

  Resources of Learning:

  • Lecture Slide [Lesson-1]
  • Book Reference [Download]

  • Open Discussion (Week-4) Forum

    Mark as done
• Week - 6: Review of Previous Weeks
  

  Week - 6: Review of Previous Weeks

  
  

  Discussion Points: 

  • Review the difficult topics of previous weeks specifically, CIA, Attack & RISk Management

  Expected Learning Outcomes:

  • Analyze ability increase and able to find type of attack
  • Risk Management 

  
  

  • Open Discussion Forum

    Do you think CIA, attack & risk management learning is important for cyber security? clarify your answer.
• Week - 7: Online CT & Assignment
  

  Week - 7: Online CT & Assignment

  Not available
• Week - 8 & 9 : Incident Management and AI and ML in Information Security
  

  Week - 8 & 9 : Incident Management and AI and ML in Information Security

  1. 

  Discussion Points: 

  • What is Incident?
    
  • Incident Handling
  • Incident Response
    
  • Steps of IH&R Process

  Expected Learning Outcomes:

  • Able to define Incident type and response

  Resources of Learning:

  • Lecture Slide [Incident ]
  • Lecture slide [ AI & ML]
  • Book Refence Incident Management [Download]
  • Book refence AI & ML [Download]
  
  
  

  • Open Discussion (Week 8) Forum
  • Open Discussion (Week 9) Forum
• Week -10: Malware
  

  Week -10: Malware

  Not available
• Week - 10: Malware Detection and Analysis
  

  Week - 10: Malware Detection and Analysis

  
  

  Discussion Points: 

  • Basic Discussion on Malware
  • Components & Example of Malware
  • APT Lifecycle

  Expected Learning Outcomes:

  • Identify, deployment and differentiate  various type of malware. 
  • Learning on APT Lifecycle.

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]

  • Open Discussion (CT and Week 11) Forum

    
    

• Week - 11: Antivirus & Firewall
  

  Week - 11: Antivirus & Firewall

  Discussion Points: 

  • Basic Discussion on Antivirus
  • Features of Antivirus & work methodology 
  • Discussion on Firewall
  • Difference & relation between antivirus & Firewall

  Expected Learning Outcomes:

  • Details about antivirus & Firewall
  • Work methodology 

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]

  
  
  

  • Antivirus Forum

    Mark as done

    How antivirus works and describe its feature.

  • Firewall Forum

    Mark as done

    Describe about Firewall 

• Personal Device Security-IDS_IPS_HoneyPot
  

  Personal Device Security-IDS_IPS_HoneyPot

  Discussion Points: 

  • Basic Discussion on IDS, IPS, Honeypot 
  • Types of IPS,IDS.
  • Working process of tools and concepts
  • Importance of response and mitigation

  Expected Learning Outcomes:

  • Details about Personal Device Security
  • Work , response , testing, tuning & mitigation of all

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]

  
  
  

  • IDS Forum

    Mark as done

    Intrusion detection system

  • IPS, Honeypot Forum

    Mark as done

    Intrusion Prevention system & Honeypot 

• Assignment
  

  Assignment

  
  

  
  

  • Information Security Assignment

    Opened: Sunday, 30 April 2023, 12:00 AM

    Due: Tuesday, 16 May 2023, 12:00 AM

    Mark as done
• System Hacking Concepts
  

  System Hacking Concepts

  Discussion Points: 

  • Discussion on System Hackling Concepts 
  • Zero Day lifecycle
  • Discussion on CVE & CVSS
  • Discussion VAPT 

  Expected Learning Outcomes:

  • Details about preliminary concept of System Hacking
  • Difference between CVE & CVSS
  • VAPT describe , strategy , context and formalization

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]

  
  
  
• Last Quiz
  

  Last Quiz

  3rd Quiz  - open book

  • Quiz-03 Assignment

    Opened: Saturday, 3 June 2023, 12:00 AM

    Due: Tuesday, 6 June 2023, 12:00 PM

    Mark as done

    Submit your answer script following the instruction

• System Hacking & Security
  

  System Hacking & Security

  Discussion Points: 

  • Foot Printing Concepts 
  • Types of foot printing
  • Network security
  • Port Scanning techniques

  Expected Learning Outcomes:

  • Details about Foot printing concepts and explanation
  • details on overview of Network security
  • Service & protocol system

  Resources of Learning:

  • Lecture/Book Slide [Download]

  
  
  
• Cryptography
  

  Cryptography

  Discussion Points: 

  • Discussion on Fundamental of Cryptography
  • Classification and types
  • Popular algorithms and technique
  • Use and necessity of cryptography

  Expected Learning Outcomes:

  • CIA Triad
  • Symmetric & Asymmetric Encryption 
  • DES,3DES,AES & RSA Concept
  • Popular field and future scope

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]

  
  
  
• Cyber Law
  

  Cyber Law

  Discussion Points: 

  • Fundamental concept of Cyber Law
  • History and present situation perspective on Bangladesh
  • Discussion on Some Section and sub section

  Expected Learning Outcomes:

  • Details about preliminary concept of Cyber law
  • Digital Security Act
  • Section 54,55,20,22,27

  Resources of Learning:

  • Lecture Slide [Download]
  • Book Reference [Download]