Topic outline

  • Welcome to Information Security


      

    Course Instructor:


    Umme Habiba
    Lecturer
    Department of Computer Science and Engineering
    Faculty of Science and Information Technology
    Daffodil International University
    Contact Number: +880 1985750715
    E-mail:  habiba.taf@diu.edu.bd

    Basic Information:

    Course Code: CSE423
    Course Title: Information Security
    Program: BSc in Computer Science and Engineering
    Faculty: Science and Information Technology
    Semester: Spring; Year: 2023
    Credit: 3.0; Contact Hour: 3 Hours/ Week
    Course Category: Core Engineering


    Course Rationale:

    Information security — or InfoSec —  is the protection of information by people and organizations in order to keep information safe for themselves, their company, and their clients. Every organization needs protection against cyber attacks and security threats. Cybercrime and malware are constant threats to anyone with an Internet presence, and data breaches are time-consuming and expensive. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.

    Learning Objectives:

    To provide a solid conceptual understanding of the fundamentals of Information Security. More specifically, In this course students will:

      -Learn basics of information security, in both management aspect and technical aspect. 

      -Learn various types of security threats and attacks

      -Learn basics of Security risks and Management process

      -Learn ways to manage, detect and respond to incidents and attacks. 

      -Learn the benefits of AI and ML in the field of Information Security

      -Learn basics of application of cryptography which are one of the key technologies to implement security functions.                                         

      -Learn the Legal and Ethical issues in information security


    Course Learning Outcomes (CO's):

    After successful completion of the course, students will be able to:

    CO1: Interpret the components, tools and techniques of Information Security systems     

    CO2: Analyze various Information security threats, risks and propose controls for it.

    CO3: Explain the Ethical issues and Laws in the field of Information Security


    Assessment Strategies:



  • Introduction to Information Security

    Introduction to Information Security

    Discussion Points: 

          • Introduction of information security
          • Principles of Security (CIA Triad)
          • Five major Elements (Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation)
          • What is ‘Attack’ in information security
          • Classification of Attack (Active, Passive, Close-in Attack, Insider Attack and Distribution Attacks)
          • Information Warfare


    Expected Learning Outcomes:

          • Recognize the networking models used for seamless communication among computer user.
          • Find out how layered model communication functions can be organized and be very successful in communication.
          • Differentiate between OSI and TCP/IP models.


    Resources of Learning:

  • Ethical Hacking and Concept

    Ethical Hacking and Concept

    Discussion Points: 

          • What and who is Hacker
          • Hacker Classes (White, Black Gray)
          • Cyber Attack
          • Difference between Cyber security and Information Security
          • Art and philosophy of hackers
          • Story of Hacking

    Expected Learning Outcomes:

          • Recognize the concept of analog and digital signals and their use in day to day communication.
          • Identify which transmission impairments cause problems in communication and their remedies.
          • Appreciate the importance of date rate limits in communication and performance measurement.

    Resources of Learning:

  • Security Risk Management

    Security Risk Management

    Discussion Points: 

          • Information Assurance
          • What is Risk, Purpose, Risk Level
          • Identification of Assets
          • Identification of Key Risk Indicators (KRIs)
          • Identification of Risk-Scenarios
          • Relationship between Vulnerabilities and Risk Scenarios based on Assets
          • Risk Frequency Evaluation
          • Likelihood Scale
          • Risk frequency based on Risk Scenarios on assets if vulnerability
          • Risk Analysis
          • Impact Scale
          • Risk Rating Table
          • Risk Determination
          • Risk Rating Matrix and calculation
          • Classification of Risk Triggers
          • Business Impact Analysis (BIA)
          • Estimated Downtime
          • Recovery Point Objective (RPO)
          • Recovery Time Objective (RTO)
          • Maximum Tolerable Downtime (MTD)
          • Critical Business Ratings with RTOs/RPOs

    Expected Learning Outcomes:

          • Recognize the digital transmission technologies used for modern communication.
          • Identify and differentiate among various digital to digital, analog to digital conversion techniques.
          • Appreciate what important role transmission modes play in digital communication.

    Resources of Learning:

  • Incident Management and Process

    Incident Management and Process

    Discussion Points: 

          • What is Incident?
          • Incident Handling
          • Incident Response
          • Steps of IH&R Process

    Expected Learning Outcomes:

          • Able to define Incident type and response

    Resources of Learning:

  • AI and ML in Information Security

    AI and ML in Information Security

    Discussion Points: 

          • What is AI and ML?
          • Different between AL and ML
          • AI and ML in Information Security
          • Role of AI and ML in Information Security
          • Role of AI and ML in Information Security
          • How Your Organization’s Security Can Benefit from AI and ML

    Expected Learning Outcomes:

          • Differentiate between AI and ML
          • Importance of ML in Information Security

    Resources of Learning:

  • Assignment

    • Opened: Wednesday, 22 February 2023, 12:00 AM
      Due: Sunday, 5 March 2023, 3:59 PM
  • Malware

    Malware

    Discussion Points: 

          • What is Malware
          • Types of Malwares
          • Ways for Malware to Enter
          • Malware Component
          • APT
          • APT Characteristics
          • APT Lifecycle

    Expected Learning Outcomes:

          • Able to generate Malware
          • Able to secure from Malware

    Resources of Learning:

  • Malware Detection and Analysis

    Malware Detection and Analysis

    Discussion Points: 

          • Representation of CRC as Polynomials
          • Introduction of Checksum (Traditiona5l and Complementary)
          • Brief discussion about Error Corrections

    Expected Learning Outcomes:

          • Identify, deployment and differentiate between CRC (Polynomials) and Checksum and their real-time applications.
          • Appreciate the role of error correction in communication.

    Resources of Learning:

    • Topic 10



      Contents for Exam:

              • Information Security and It’s Elements
              • Ethical Hacking and Concept
              • Security Risk Management
              • Incident Management and AI and ML in Information Security
              • Malware

      • Personal Device Security

        Personal Device Security

        Discussion Points: 

              • How Antivirus Works
              • Features of Antivirus Software
              • How traditional antivirus works?
              • How 3rd gen Antivirus works
              • What is Firewall
              • How Does a Firewall Work
              • Types of Firewalls
              • Difference between Firewall and Antivirus
              • IDS, IPS,Honey pot, VPN, Proxy
              • Cloud & Mobile Security(MCC)

        Expected Learning Outcomes:

              • Able to explain how antivirus and firewall works.
              • Able to explain IDS, IPS,Honey pot, VPN, Proxy Cloud & Mobile Security(MCC)
              • Able to differentiate antivirus and firewall

        Resources of Learning:

      • Vulnerability Assessment and Penetration Testing - VAPT

        Vulnerability Assessment and Penetration Testing - VAPT

        Discussion Points: 

              • What is Exploit
              • What is Zero day
              • Exploit vs Zero day
              • Typical properties of a zero exploit
              • What is the difference between a zero- vulnerability, a zero- exploit and a zeroattack?
              • What is a CVE?
              • What is a CVSS?
              • Vulnerability Assessment and Penetration Testing (VAPT)
              • Vulnerability Assessment Report
              • Components of a Vulnerability Assessment Report

        Expected Learning Outcomes:

              • Able to explain exploit and zero day
              • Able to explain VAPT
              • Able to make Vulnerability Assessment Report

        Resources of Learning:

      • System Hacking and Security

        System Hacking and Security

        Discussion Points: 

              • Footprinting Concept
              • Footprinting Types
              • What is Network Scanning Network Scanning Concept
              • What is computer Port? Port Scanning Concept

        Expected Learning Outcomes:

              • Able to explain footprinting
              • Able to explain Network scanning
              • Able to describe port and portal concept

        Resources of Learning:

      • Cryptography and Cyber Law

        Cryptography and Cyber Law

        Discussion Points: 

              • Symmetric Encryption
              • Asymmetric Encryption
              • Message Digest
              • Cyber crime
              • Types of cyber law in Bangladesh

        Expected Learning Outcomes:

        Resources of Learning:

      • Quiz 2

        • Opened: Sunday, 16 April 2023, 10:30 PM
          Closed: Sunday, 16 April 2023, 11:05 PM
          View Receive a grade
      • Topic 16

        • Topic 17

          • Topic 18

            • Topic 19

              • Topic 20