Topic outline

• Welcome to Information Security
  

  Welcome to Information Security

  
  

    

  Course Instructor:

  
  

  Umme Habiba
  Lecturer
  Department of Computer Science and Engineering
  Faculty of Science and Information Technology
  Daffodil International University
  Contact Number: +880 1985750715
  E-mail:  habiba.taf@diu.edu.bd
  

  
  

  Basic Information:
  

  Course Code: CSE423

  Course Title: Information Security

  Program: BSc in Computer Science and Engineering

  Faculty: Science and Information Technology

  Semester: Spring; Year: 2023

  Credit: 3.0; Contact Hour: 3 Hours/ Week

  Course Category: Core Engineering

  
  

  Course Rationale:

  Information security — or InfoSec —  is the protection of information by people and organizations in order to keep information safe for themselves, their company, and their clients. Every organization needs protection against cyber attacks and security threats. Cybercrime and malware are constant threats to anyone with an Internet presence, and data breaches are time-consuming and expensive. The goal of IT security is to protect these assets, devices and services from being disrupted, stolen or exploited by unauthorized users, otherwise known as threat actors.
  

  
  

  Learning Objectives:

  To provide a solid conceptual understanding of the fundamentals of Information Security. More specifically, In this course students will:

  -Learn basics of information security, in both management aspect and technical aspect. 

  -Learn various types of security threats and attacks

  -Learn basics of Security risks and Management process

  -Learn ways to manage, detect and respond to incidents and attacks. 

  -Learn the benefits of AI and ML in the field of Information Security

  -Learn basics of application of cryptography which are one of the key technologies to implement security functions.                                         

  -Learn the Legal and Ethical issues in information security

  
  

  Course Learning Outcomes (CO's):

  After successful completion of the course, students will be able to:

  CO1: Interpret the components, tools and techniques of Information Security systems     

  CO2: Analyze various Information security threats, risks and propose controls for it.

  CO3: Explain the Ethical issues and Laws in the field of Information Security

  
  

  Assessment Strategies:

  
  

  
  

  • Announcements Forum
  • Students Interest Survey!!! URL

    Mark as done

    Lets see How interested you are to Learn!!!
    

  • Text Book

    Mark as done

    • Cryptography and Network Security Principles and Practices-Fourth Edition Download

    
    

  • Reference Books

    Mark as done
  • Ethical Hacking and Countermeasures, Version11 -EC Council URL

    Mark as done
  • PO's for OBE File

    Mark as done
  • Course Outline_CSE 423 File

    Mark as done
• Course Resources
  

  Course Resources

  • Lecture_1(Information Security and It’s Elements) File

    Mark as done
  • Lecture_2(Ethical Hacking and Concept) File

    Mark as done
  • Lecture_3_4(Security Risk Management) File

    Mark as done
  • Lecture_5(Incident Management) File

    Mark as done
  • Lecture_6(AI and ML in Information Security) File

    Mark as done
  • Lecture_7_8(Malware) File

    Mark as done
• Introduction to Information Security
  

  Introduction to Information Security

  Introduction to Information Security

  Discussion Points: 
  

  • Introduction of information security
    
  • Principles of Security (CIA Triad)
    
  • Five major Elements (Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation)
    
  • What is ‘Attack’ in information security
    
  • Classification of Attack (Active, Passive, Close-in Attack, Insider Attack and Distribution Attacks)
    
  • Information Warfare
    

  
  

  Expected Learning Outcomes:

  • Recognize the networking models used for seamless communication among computer user.
  • Find out how layered model communication functions can be organized and be very successful in communication.
  • Differentiate between OSI and TCP/IP models.

  
  

  Resources of Learning:

  • Lecture_1 Slide File

    Mark as done
  • Open Discussion Forum

    Mark as done
  • Daily Assessment URL

    Mark as done
• Ethical Hacking and Concept
  

  Ethical Hacking and Concept

  Ethical Hacking and Concept

  Discussion Points: 

  • What and who is Hacker
    
  • Hacker Classes (White, Black Gray)
    
  • Cyber Attack
    
  • Difference between Cyber security and Information Security
    
  • Art and philosophy of hackers
    
  • Story of Hacking
    

  Expected Learning Outcomes:

  • Recognize the concept of analog and digital signals and their use in day to day communication.
  • Identify which transmission impairments cause problems in communication and their remedies.
  • Appreciate the importance of date rate limits in communication and performance measurement.

  Resources of Learning:

  • Lecture_2 Slide File

    Mark as done
  • Open Discussion Forum

    Mark as done
• Security Risk Management
  

  Security Risk Management

  Security Risk Management

  Discussion Points: 

  • Information Assurance
    
  • What is Risk, Purpose, Risk Level
    
  • Identification of Assets
    
  • Identification of Key Risk Indicators (KRIs)
    
  • Identification of Risk-Scenarios
    
  • Relationship between Vulnerabilities and Risk Scenarios based on Assets
    
  • Risk Frequency Evaluation
    
  • Likelihood Scale
    
  • Risk frequency based on Risk Scenarios on assets if vulnerability
    
  • Risk Analysis
    
  • Impact Scale
    
  • Risk Rating Table
    
  • Risk Determination
    
  • Risk Rating Matrix and calculation
    
  • Classification of Risk Triggers
    
  • Business Impact Analysis (BIA)
    
  • Estimated Downtime
    
  • Recovery Point Objective (RPO)
    
  • Recovery Time Objective (RTO)
    
  • Maximum Tolerable Downtime (MTD)
    
  • Critical Business Ratings with RTOs/RPOs
    

  Expected Learning Outcomes:

  • Recognize the digital transmission technologies used for modern communication.
  • Identify and differentiate among various digital to digital, analog to digital conversion techniques.
  • Appreciate what important role transmission modes play in digital communication.

  Resources of Learning:

  • Lecture 3 Slide (updated) File

    Mark as done
  • Lecture 4 Slide File

    Mark as done
  • Update Risk Management Slide File

    Mark as done
• Incident Management and Process
  

  Incident Management and Process

  Incident Management and Process

  Discussion Points: 

  • What is Incident?
    
  • Incident Handling
    
  • Incident Response
    
  • Steps of IH&R Process

  Expected Learning Outcomes:

  • Able to define Incident type and response

  Resources of Learning:

  • Lecture 5 slide File

    Mark as done
• AI and ML in Information Security
  

  AI and ML in Information Security

  AI and ML in Information Security

  Discussion Points: 

  • What is AI and ML?
  • Different between AL and ML
    
  • AI and ML in Information Security
    
  • Role of AI and ML in Information Security
    
  • Role of AI and ML in Information Security
    
  • How Your Organization’s Security Can Benefit from AI and ML

  Expected Learning Outcomes:

  • Differentiate between AI and ML
  • Importance of ML in Information Security

  Resources of Learning:

  • Lecture 6 Slide File

    Mark as done
• Assignment
  

  Assignment

  • Assignment Submission

    Opened: Wednesday, 22 February 2023, 12:00 AM

    Due: Sunday, 5 March 2023, 3:59 PM

    Mark as done
• Malware
  

  Malware

  Malware

  Discussion Points: 

  • What is Malware
    
  • Types of Malwares
    
  • Ways for Malware to Enter
    
  • Malware Component
    
  • APT
    
  • APT Characteristics
    
  • APT Lifecycle
    

  Expected Learning Outcomes:

  • Able to generate Malware
  • Able to secure from Malware

  Resources of Learning:

  • Lecture 7 Slide File

    Mark as done
  • Open Discussion Forum

    Mark as done
• Malware Detection and Analysis
  

  Malware Detection and Analysis

  Malware Detection and Analysis

  Discussion Points: 

  • Representation of CRC as Polynomials
    
  • Introduction of Checksum (Traditiona5l and Complementary)
    
  • Brief discussion about Error Corrections

  Expected Learning Outcomes:

  • Identify, deployment and differentiate between CRC (Polynomials) and Checksum and their real-time applications.
  • Appreciate the role of error correction in communication.
    

  Resources of Learning:
• Topic 10
  

  Topic 10

  
  

  
  

  Contents for Exam:

  • Information Security and It’s Elements
  • Ethical Hacking and Concept
  • Security Risk Management
  • Incident Management and AI and ML in Information Security
  • Malware
• Personal Device Security
  

  Personal Device Security

  Personal Device Security

  Discussion Points: 

  • How Antivirus Works
    
  • Features of Antivirus Software
    
  • How traditional antivirus works?
    
  • How 3rd gen Antivirus works
    
  • What is Firewall
    
  • How Does a Firewall Work
    
  • Types of Firewalls
    
  • Difference between Firewall and Antivirus
    
  • IDS, IPS,Honey pot, VPN, Proxy
    
  • Cloud & Mobile Security(MCC)

  Expected Learning Outcomes:

  • Able to explain how antivirus and firewall works.
  • Able to explain IDS, IPS,Honey pot, VPN, Proxy Cloud & Mobile Security(MCC)
  • Able to differentiate antivirus and firewall
    

  Resources of Learning:

  • Lecture-8 File

    Mark as done
  • Lecture-9 File

    Mark as done
• Vulnerability Assessment and Penetration Testing - VAPT
  

  Vulnerability Assessment and Penetration Testing - VAPT

  Vulnerability Assessment and Penetration Testing - VAPT

  Discussion Points: 

  • What is Exploit
    
  • What is Zero day
    
  • Exploit vs Zero day
    
  • Typical properties of a zero exploit
    
  • What is the difference between a zero- vulnerability, a zero- exploit and a zeroattack?
    
  • What is a CVE?
    
  • What is a CVSS?
    
  • Vulnerability Assessment and Penetration Testing (VAPT)
    
  • Vulnerability Assessment Report
    
  • Components of a Vulnerability Assessment Report

  Expected Learning Outcomes:

  • Able to explain exploit and zero day
  • Able to explain VAPT
  • Able to make Vulnerability Assessment Report
    

  Resources of Learning:

  • Lecture-10_Vulnerability Assessment and Penetration Testing File

    Mark as done
• System Hacking and Security
  

  System Hacking and Security

  System Hacking and Security

  Discussion Points: 

  • Footprinting Concept
    
  • Footprinting Types
    
  • What is Network Scanning Network Scanning Concept
    
  • What is computer Port? Port Scanning Concept

  Expected Learning Outcomes:

  • Able to explain footprinting
  • Able to explain Network scanning
  • Able to describe port and portal concept
    

  Resources of Learning:

  • Lecture-11_System Hacking and Security File

    Mark as done
• Cryptography and Cyber Law
  

  Cryptography and Cyber Law

  Cryptography and Cyber Law

  Discussion Points: 

  • Symmetric Encryption
    
  • Asymmetric Encryption
    
  • Message Digest
    
  • Cyber crime
    
  • Types of cyber law in Bangladesh

  Expected Learning Outcomes:

  • Able to explain cryptography
  • Able to cyber crime
  • Able to describe types of cyber law
    

  Resources of Learning:

  • Cryptography File

    Mark as done
  • Cyber Law File

    Mark as done
• Quiz 2
  

  Quiz 2

  • Quiz 2

    Opened: Sunday, 16 April 2023, 10:30 PM

    Closed: Sunday, 16 April 2023, 11:05 PM

    View Receive a grade

    Date: 16 April 2023

    Time: 10:30 PM - 10:42 PM

    You will get 12minutes during the mentioned time to finish this attempt.

    If you disconnect, you will get 1 more chance to start your new attempt.

• Topic 16
  

  Topic 16
• Topic 17
  

  Topic 17
• Topic 18
  

  Topic 18
• Topic 19
  

  Topic 19
• Topic 20
  

  Topic 20