Section outline
-
Dear Students
Welcome to your Information Security class. We'll discuss our class, generate ideas and solve our problem through this platform. Hope you'll have a great Experience.
Good Luck!!!
Course Instructor:
Md Mizanur RahmanLecturerOffice: Room #807(C), AB4 Building, Daffodil Smart CityCell Number# +880 1954597608Email: mizanurrahman.cse@diu.edu.bd
Counselling Hour: Saturday-Wednesday (10:00AM -4:00 PM)
-
Basic Information:
Course Code: CSE 423Course Title: Information SecurityProgram: B.Sc in Computer Science and EngineeringFaculty: Science and Information TechnologySemester: Spring; Year: 2023Credit: 3.0; Contact Hour: 2 Hours/ WeekCourse Category: Core EngineeringCourse Instructor:
Md Mizanur RahmanLecturerOffice: Room #807(C), AB4 Building, Daffodil Smart CityCell Number# +880 1954597608Email: mizanurrahman.cse@diu.edu.bd
Counselling Hour: Saturday-Wednesday (10:00AM -4:00 PM)
Course Rationale:
Information security — or infosec — is the protection of information by people and organizations in order to keep information safe for themselves, their company, and their clients. Every organization needs protection against cyber-attacks and security threats. Cybercrime and malware are constant threats to anyone with an Internet presence, and data breaches are time-consuming and expensive. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.
Course Objectives:
To provide a solid conceptual understanding of the fundamentals of Information Security. More specifically,
-To learn basics of information security, in both management aspect and technical aspect.
-To learn various types of security threats and attacks
-To learn basics of Security risks and Management process
-To learn ways to manage, detect and response to incidents and attacks.
-To learn the benefits of AI and ML in the field of Information Security
-To learn basics of application of cryptography which are one of the key technology to implement security functions.
-To learn the Legal and Ethical issues in information security
Course Learning Outcomes (CLO's):
CLO1
Interpret the components, tools and techniques of Information Security systems
CLO2
Analyze various Information security threats, risks and propose controls for it.
CLO3
Explain the Ethical issues and Laws in the field of Information Security
Assessment Strategies:
-
Students mustMark as done
Lets see How interested you are to Learn!!!
-
Students mustMark as done
-
- Principles of Information Security -Michael E. Whitman, Herbert J. Mattord, Fourth Edition [Download]
- Ethical Hacking and Countermeasures, Version11
-EC Council [Download]
-
Students mustMark as done
-
-
Discussion Points:
- Introduction of information security • Principles of Security (CIA Triad)
- Five major Elements (Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation)
- What is 'Attack' in information security
- Classification of Attack (Active, Passive, Close-in Attack, Insider Attack and Distribution Attacks)
- Information Warfare
Expected Learning Outcomes:
- Recognize the networking models used for seamless communication among computer user.
- Find out how layered model communication functions can be organized and be very successful in communication.
- Differentiate between OSI and TCP/IP models.
Resources of Learning:
-
Students mustMark as done
-
Discussion Points:
- What and who is Hacker
- Hacker Classes (White, Black Gray)
- Cyber Attack
- Difference between Cyber security and Information Security
- Art and philosophy of hackers
- Story of Hacking
Expected Learning Outcomes:
- Recognize the concept of analog and digital signals and their use in day to day communication.
- Identify which transmission impairments cause problems in communication and their remedies.
- Appreciate the importance of date rate limits in communication and performance measurement.
Resources of Learning:
-
Students mustMark as done
- What and who is Hacker
-
Discussion Points:
- What is Risk, Purpose, Risk Level
- Identification of Assets
- Identification of Key Risk Indicators (KRIs)
- Identification of Risk-Scenarios
- Relationship between Vulnerabilities and Risk Scenarios bared on Assets
- Risk Frequency Evaluation
- Likelihood Scale
- Risk frequency based on Risk Scenarios on assets if vulnerability
Expected Learning Outcomes:
- Recognize the digital transmission technologies used for modern communication.
- Identify and differentiate among various digital to digital, analog to digital conversion techniques.
- Appreciate what important role transmission modes play in digital communication.
Resources of Learning:
-
Students mustMark as done
- What is Risk, Purpose, Risk Level
-
Discussion Points:
- Risk Analysis
- Impact Scale
- Risk Rating Table
- Risk Determination
- Risk Rating Matrix and calculation
- Classification of Risk Triggers
- Business Impact Analysis (BIA)
- Estimated Downtime
- Recovery Point Objective
Expected Learning Outcomes:
- Recognize the analog transmission technologies used for modern communication.
- Identify and differentiate among various digital to analog, analog to analog conversion techniques.
- Appreciate what important role modulation techniques play in communication.
Resources of Learning:
-
Students mustMark as done
- Risk Analysis
-
Discussion Points:
- Review the difficult topics of previous weeks specifically, CIA, Attack & RISk Management
Expected Learning Outcomes:
- Analyze ability increase and able to find type of attack
- Risk Management
-
Do you think CIA, attack & risk management learning is important for cyber security? clarify your answer.
-
Discussion Points:
- What is Incident?
- Incident Handling
- Incident Response
- Steps of IH&R Process
Expected Learning Outcomes:
- Able to define Incident type and response
Resources of Learning:
-
-
Discussion Points:
Expected Learning Outcomes:
Resources of Learning:
-
-
Discussion Points:
- Basic Discussion on IDS, IPS, Honeypot
- Types of IPS,IDS.
- Working process of tools and concepts
- Importance of response and mitigation
Expected Learning Outcomes:
- Details about Personal Device Security
- Work , response , testing, tuning & mitigation of all
Resources of Learning:
-
-
Opened: Sunday, 30 April 2023, 12:00 AMDue: Tuesday, 16 May 2023, 12:00 AMStudents mustMark as done
-
-
Discussion Points:
- Discussion on System Hackling Concepts
- Zero Day lifecycle
- Discussion on CVE & CVSS
- Discussion VAPT
Expected Learning Outcomes:
- Details about preliminary concept of System Hacking
- Difference between CVE & CVSS
- VAPT describe , strategy , context and formalization
Resources of Learning:
-
3rd Quiz - open book
-
Opened: Saturday, 3 June 2023, 12:00 AMDue: Tuesday, 6 June 2023, 12:00 PMStudents mustMark as done
Submit your answer script following the instruction
-
-
Discussion Points:
- Foot Printing Concepts
- Types of foot printing
- Network security
- Port Scanning techniques
Expected Learning Outcomes:
- Details about Foot printing concepts and explanation
- details on overview of Network security
- Service & protocol system
Resources of Learning:
- Lecture/Book Slide [Download]
-
Discussion Points:
- Discussion on Fundamental of Cryptography
- Classification and types
- Popular algorithms and technique
- Use and necessity of cryptography
Expected Learning Outcomes:
- CIA Triad
- Symmetric & Asymmetric Encryption
- DES,3DES,AES & RSA Concept
- Popular field and future scope
Resources of Learning:
-
Discussion Points:
- Fundamental concept of Cyber Law
- History and present situation perspective on Bangladesh
- Discussion on Some Section and sub section
Expected Learning Outcomes:
- Details about preliminary concept of Cyber law
- Digital Security Act
- Section 54,55,20,22,27
Resources of Learning:
