Section outline
-
Course Instructor:
Umme Habiba
Lecturer
Department of Computer Science and Engineering
Faculty of Science and Information Technology
Daffodil International University
Contact Number: +880 1985750715
E-mail: habiba.taf@diu.edu.bd
Basic Information:
Course Code: CSE423Course Title: Information SecurityProgram: BSc in Computer Science and EngineeringFaculty: Science and Information TechnologySemester: Spring; Year: 2023Credit: 3.0; Contact Hour: 3 Hours/ WeekCourse Category: Core EngineeringCourse Rationale:
Information security — or InfoSec — is the protection of information by people and organizations in order to keep information safe for themselves, their company, and their clients. Every organization needs protection against cyber attacks and security threats. Cybercrime and malware are constant threats to anyone with an Internet presence, and data breaches are time-consuming and expensive. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.Learning Objectives:
To provide a solid conceptual understanding of the fundamentals of Information Security. More specifically, In this course students will:
-Learn basics of information security, in both management aspect and technical aspect.
-Learn various types of security threats and attacks
-Learn basics of Security risks and Management process
-Learn ways to manage, detect and respond to incidents and attacks.
-Learn the benefits of AI and ML in the field of Information Security
-Learn basics of application of cryptography which are one of the key technologies to implement security functions.
-Learn the Legal and Ethical issues in information security
Course Learning Outcomes (CO's):
After successful completion of the course, students will be able to:
CO1: Interpret the components, tools and techniques of Information Security systems
CO2: Analyze various Information security threats, risks and propose controls for it.
CO3: Explain the Ethical issues and Laws in the field of Information Security
Assessment Strategies:
-
Students mustMark as done
Lets see How interested you are to Learn!!!
-
Students mustMark as done
- Cryptography and Network Security Principles and Practices-Fourth Edition Download
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
-
-
Introduction to Information Security
Discussion Points:
- Introduction of information security
- Principles of Security (CIA Triad)
- Five major Elements (Confidentiality,
Integrity, Availability, Authenticity
and Non-Repudiation)
- What is ‘Attack’ in information
security
- Classification of Attack (Active,
Passive, Close-in Attack, Insider
Attack and Distribution Attacks)
- Information Warfare
Expected Learning Outcomes:
- Recognize the networking models used for seamless communication among computer user.
- Find out how layered model communication functions can be organized and be very successful in communication.
- Differentiate between OSI and TCP/IP models.
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
- Introduction of information security
-
Ethical Hacking and Concept
Discussion Points:
- What and who is Hacker
- Hacker Classes (White, Black Gray)
- Cyber Attack
- Difference between Cyber security
and Information Security
- Art and philosophy of hackers
- Story of Hacking
Expected Learning Outcomes:
- Recognize the concept of analog and digital signals and their use in day to day communication.
- Identify which transmission impairments cause problems in communication and their remedies.
- Appreciate the importance of date rate limits in communication and performance measurement.
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
- What and who is Hacker
-
Security Risk Management
Discussion Points:
- Information Assurance
- What is Risk, Purpose, Risk Level
- Identification of Assets
- Identification of Key Risk Indicators
(KRIs)
- Identification of Risk-Scenarios
- Relationship between Vulnerabilities
and Risk Scenarios based on Assets
- Risk Frequency Evaluation
- Likelihood Scale
- Risk frequency based on Risk
Scenarios on assets if vulnerability
- Risk Analysis
- Impact Scale
- Risk Rating Table
- Risk Determination
- Risk Rating Matrix and calculation
- Classification of Risk Triggers
- Business Impact Analysis (BIA)
- Estimated Downtime
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Maximum Tolerable Downtime
(MTD)
- Critical Business Ratings with
RTOs/RPOs
Expected Learning Outcomes:
- Recognize the digital transmission technologies used for modern communication.
- Identify and differentiate among various digital to digital, analog to digital conversion techniques.
- Appreciate what important role transmission modes play in digital communication.
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
-
Students mustMark as done
- Information Assurance
-
Incident Management and Process
Discussion Points:
- What is Incident?
- Incident Handling
- Incident Response
- Steps of IH&R Process
Expected Learning Outcomes:
- Able to define Incident type and response
Resources of Learning:
-
Students mustMark as done
- What is Incident?
-
AI and ML in Information Security
Discussion Points:
- What is AI and ML?
- Different between AL and ML
- AI and ML in Information Security
- Role of AI and ML in Information Security
- Role of AI and ML in Information Security
- How Your Organization’s Security Can Benefit from AI and ML
Expected Learning Outcomes:
- Differentiate between AI and ML
- Importance of ML in Information Security
Resources of Learning:
-
Students mustMark as done
-
-
Opened: Wednesday, 22 February 2023, 12:00 AMDue: Sunday, 5 March 2023, 3:59 PMStudents mustMark as done
-
-
Malware
Discussion Points:
- What is Malware
- Types of Malwares
- Ways for Malware to Enter
- Malware Component
- APT
- APT Characteristics
- APT Lifecycle
Expected Learning Outcomes:
- Able to generate Malware
- Able to secure from Malware
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
- What is Malware
-
Malware Detection and Analysis
Discussion Points:
- Representation of CRC as Polynomials
- Introduction of Checksum (Traditiona5l and Complementary)
- Brief discussion about Error Corrections
Expected Learning Outcomes:
- Identify, deployment and differentiate between CRC (Polynomials) and Checksum and their real-time applications.
- Appreciate the role of error correction in communication.
Resources of Learning:
- Representation of CRC as Polynomials
-
Contents for Exam:
- Information Security and It’s Elements
- Ethical Hacking and Concept
- Security Risk Management
- Incident Management and AI and ML in Information Security
- Malware
-
Personal Device Security
Discussion Points:
- How Antivirus Works
- Features of Antivirus Software
- How traditional antivirus works?
- How 3rd gen Antivirus works
- What is Firewall
- How Does a Firewall Work
- Types of Firewalls
- Difference between Firewall and Antivirus
- IDS, IPS,Honey pot, VPN, Proxy
- Cloud & Mobile Security(MCC)
Expected Learning Outcomes:
- Able to explain how antivirus and firewall works.
- Able to explain IDS, IPS,Honey pot, VPN, Proxy Cloud & Mobile Security(MCC)
- Able to differentiate antivirus and firewall
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
- How Antivirus Works
-
Vulnerability Assessment and Penetration Testing - VAPT
Discussion Points:
- What is Exploit
- What is Zero day
- Exploit vs Zero day
- Typical properties of a zero exploit
- What is the difference
between a zero- vulnerability,
a zero- exploit and a zeroattack?
- What is a CVE?
- What is a CVSS?
- Vulnerability Assessment and
Penetration Testing (VAPT)
- Vulnerability Assessment
Report
- Components of a Vulnerability Assessment Report
Expected Learning Outcomes:
- Able to explain exploit and zero day
- Able to explain VAPT
- Able to make Vulnerability Assessment
Report
Resources of Learning:
-
Students mustMark as done
- What is Exploit
-
System Hacking and Security
Discussion Points:
- Footprinting Concept
- Footprinting Types
- What is Network Scanning Network Scanning Concept
- What is computer Port? Port Scanning Concept
Expected Learning Outcomes:
- Able to explain footprinting
- Able to explain Network scanning
- Able to describe port and portal concept
Resources of Learning:
-
Students mustMark as done
- Footprinting Concept
-
Cryptography and Cyber Law
Discussion Points:
- Symmetric Encryption
- Asymmetric Encryption
- Message Digest
- Cyber crime
- Types of cyber law in Bangladesh
Expected Learning Outcomes:
- Able to explain cryptography
- Able to cyber crime
- Able to describe types of cyber law
Resources of Learning:
-
Students mustMark as done
-
Students mustMark as done
- Symmetric Encryption
-
-
Opened: Sunday, 16 April 2023, 10:30 PMClosed: Sunday, 16 April 2023, 11:05 PMStudents mustViewReceive a grade
Date: 16 April 2023
Time: 10:30 PM - 10:42 PM
You will get 12minutes during the mentioned time to finish this attempt.
If you disconnect, you will get 1 more chance to start your new attempt.
-