Course Policy Introduction to Cybersecurity

Mukesh Patel School of Technology Management and Engineering

Information Technology Department

Course Policy

Program/Branch/Semester : B.Tech IT /MBA.Tech/IT/ Sem VII

Academic Year : 2023-24

Course Code & Name : Information Systems Security

Credit Details : L T P C
2 0 2 3

Course Coordinator : Prof. Rejo Mathew

Faculty

022-42334781
Contact No. & Email :
[email protected]

Office : MPSTME New Building

Office hours : 9 AM to 4 PM

Other Course Faculty : Course Faculty 2: Dr. Ritesh Dhanare

members teaching this Contact No. & Email: 9893851802,
course [email protected]
Office: Shirpur Campus
Office Hours: 10 AM to 5 PM

Course Faculty 1: Prof. Rejo Mathew
Contact No. & Email: 022-42334781,
[email protected]
Office: MPSTME building, Mumbai
Office Hours: 9AM to 4 PM
Course Faculty 2: Dr. Ritesh Dhanare
Contact No. & Email: 9893851802,
[email protected]
Office: Shirpur Campus, Shirpur
Office Hours: 10 AM to 5 PM

Course Faculty for Laboratory: Course Faculty for Tutorial:

Contact No. & Email: Contact No. & Email:
Office: Office:
Office Hours: Office Hours:
Queries by Emails are encouraged.
Course link : Portal Link
MS Teams Link

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

1 Introduction to the Course

1.1 Importance of the course

Information Systems Security is a contemporary, practical oriented, application based course.

As number of net users are increasing, the number of security breaches are rising. As an end-
user as well as a technical expert need to know the professional, ethical and legal aspects of
cybersecurity
1.2 Objective of the Course

The principal objective of this course is to introduce basic concepts and methodologies of
cybersecurity. Students will learn the vulnerabilities, threats, risks alongwith the
contemporary tools, technology and mechanisms to counter them.
1.3 Pre-requisite

 Basic Knowledge of Computer Network.

 Operating Systems
 Programming

2 Course Outcomes (CO) and mapping with Program Outcomes (PO)

2.1 Course Outcomes

After successful completion of the course, a student will be able to-

1. Analyze various cybersecurity threats and countermeasures

2. Explain various security technologies and mechanisms
3. Describe various ethical and legal issues related to cybersecurity
2.2 CO-PO Mapping

PSO
PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 2
CO1
CO2
CO3
Green- medium mapping Blue- high mapping

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

3 Syllabus, Pre-class activity and References

3.1 Teaching and evaluation scheme

Teaching Scheme Evaluation Scheme

Internal Continuous
Lecture
Practical Tutorial Assessment (ICA) Theory
Hours
Hours Hours Credit As per Institute Norms (3 Hrs,
per
per week per week (50 Marks) 100 Marks)
week
Marks Scaled to 50 Marks Scaled to
2 2 0 3
50

3.2 Syllabus

Unit Description Duration

1 Introduction: Basic Components of Cybersecurity, vulnerabilities, 04
threats , Attacks and controls ,goals of security, Security System
development life cycle, NIST Cybersecurity Framework, MITRE
ATT&CK® Matrix
2 Design Principles: Various security threats and attacks (non-malicious 04
program errors, malwares, APT, social engineering, etc.), threat actors,
method of defence, design principles, security policies, types of security
policies
3 Cryptography: Cryptography basics, transposition and substitution
ciphers, stream and block ciphers, cryptographic algorithms (AES and 05
RSA), Diffie-Hellman, key management and distribution, digital
signature, hash functions, Attacks on cryptosystems.
4 Identity and access management(IAM): Authentication basics,
Passwords, authentication tokens, certificate based and biometric 05
authentication, Kerberos, SSO approaches, Multi-Factor Authentication,
attacks on authentication schemes, Access control principles, DAC,
MAC, and Role based Access Control, Identify Federations, Access
control models, identity and access provisioning lifecycle.
5 Security Technologies: Firewalls, Kinds of Firewalls, Filtering
Services, DMZ, Implementing policies (Default allow, Default Deny) 05
on proxy, NAT, Intrusion Detection and Prevention Systems, types of
IDPS, Virtual Private Network, SSH
6 Risk and Incidents Management: Overview of risk management, risk
identification and assessment, risk control strategies, selecting risk 04
control strategy, continuity strategies (Business continuity planning,
Incident response planning, Disaster Recovery planning)
7 Legal and Ethical issues : Cybercrimes and criminals, IP, privacy, 03
legal and ethical issues.
Total hours 30

Page PAGE 5 of NUMPAGES 11

 Course Policy Introduction to Cybersecurity

3.2 Pre-class activity

Outline for preliminary study to be done for each unit will be provided prior to
commencement of each unit. Preliminary study material (presentation, video links etc) will
be made available on MS Teams. Students should to go through this material before attending
the upcoming session. Students should put in at least two hours of self-study for every one
hour of classroom teaching. During the lecture session, emphasis will be on in-depth topics,
practical applications and doubt solving.

3.3 References

Text Books:
1. M. Whitman and H. Mattford, Principles of Information Security with MindTap, 6th Edition,
Cengage, 2018.
Reference Books:
1. C. Pfleeger, S. L. Pfleeger and J. Margulies, Security in Computing, 5th Edition,
Pearson Education, 2018.
2. B. Forouzan, D. Mukhopadhya, “Cryptography and Network Security”, 4th Edition, McGraw
Hill, 2019.
3. W. Stallings and L. Brown, Computer Security: Principles and Practice, 4th Edition,
Pearson Education, 2019.
Note: The latest edition of books to be referred.

4 Laboratory details

Knowledge of basic high-level language programming skills, systems, network

communications and standards is essential. Students should recall the fundamental theory
concepts relevant to the exercise to be performed in the upcoming laboratory.
The following 05 hands on simulation, 03 programming based and 02 case study based
exercises will form the submission for laboratory coursework.

Sr. Week Mapped Submissi

List of Lab Exercises on Week
No. No.# CO
1 1. a. Write a program for Vigenere Cipher 1 and 2
i. Understand working of Vigenere Cipher
ii. Implement the Cipher
iii. Check results
b. Variations of Vigenere Cipher
i. Learn the types of Vigenere Cipher Week 2
ii. Classify and compare the autokey and keyword
methods of this Cipher
iii. Demonstrate how this 16th Century Cipher is still

Page PAGE 5 of NUMPAGES 11

 Course Policy Introduction to Cybersecurity

worthy
iv. Determine the attacks on Vigenere Cipher
a. Differentiate between symmetric and asymmetric key
cryptography.
b. Understand working of RSA algorithm.
2 2 c. Implement RSA – key generation, encryption and 1 and 2 Week 3
decryption
d. Understand application of RSA along with its advantage
and limitations.
a. Differentiate between symmetric and asymmetric key
cryptography.
b. Understand working of AES algorithm.
3 3 and 4 c. Explain various modes of AES algorithm 1 and 2 Week 5
d. Implement AES
e. Understand application of AES along with its advantage
and limitations.
a. Configure the network topology as provided
i. Understand working of DHCP
ii. Perform DoS Attack–steps of DHCP starvation
attack
iii. After MAC Spoofing check if the DHCP server
recognizes the machine
iv. List the countermeasure to detect and prevent
such attacks
4 5 1 and 2
b. Add Rogue router to the topology Week 6
i. Configure the new router with new network
details.
ii. Check the performance of the new network
iii. Identify the gaps and look what happens to the
network
iv. Confirm that the rogue router has taken over the
main real network.
a. Understand the need for Access Control Lists
b. Implement Access Control List using CISCO commands
c. Compare the various types of access control list and
5 6 1 and 2
where they are used Week 7
d. Describe the role of Lattice based Access Control Model
e. Justify the use of wild card mask in ACL
a. To secure and configure VPN Access with IPSEC
b. Configure based on provided configuration
c. Understand ISAKMP negotiation policy that involves an
authentication method, encryption method, Hashed
Message Authentication Codes (HMAC) method, Diffie- Week 9
6 7 and 8 Hellman group and time limit 1 and 2
d. Create a tunnel to protect ISAKMP negotiation messages
e. Create a tunnel that protects the data travelling across a
secure connection
f. Observe and justify the need of securing VPN for remote
connections
7 9 a. Access the need to secure router. 1 and 2

Page PAGE 5 of NUMPAGES 11

 Course Policy Introduction to Cybersecurity

b. Apply advanced level encryption to secure the passwords Week 10

on the router
c. Demonstrate the need to have a login warning banner to
alert active users from intruders by configuring and
testing it
d. Justify the need for enhanced username password
security and implement it
e. Configure an SSH Server and check all conditions to
make sure it is as per compliance
a. Assess the need and role of NAT at the edge router
b. Discuss the commands for configuring NAT
c. Understand the different types of NAT – Static NAT,
Dynamic NAT and PAT
8 10 d. Implement each type of NAT and summarize your 3 Week 11
observations
e. Comment on each result and list them
f. Judge whether NAT acts as a security feature or is just an
effective technology
a. To design business continuity plan and disaster recovery
plan for a given scenario
i. Access and highlight the need for business continuity
planning
ii. List the steps of business continuity planning Plan
iii. Identify the critical business functions.
iv. Distinguish between Business Continuity Planning
11 and and Disaster recovery Planning Week 13
9 3
12 b. To document and verify the correctness of the BCP-DR
document
i. Prepare the document based on five component plans
(BRP, OEP, COOP, IRP)
ii. Justify the correctness of the document highlighting
need for all the components
iii. Summarize the effectiveness and challenges in risk
management and risk modelling
a. Classify different types of Malware Week 14
b. Understand malware that need host and independent
10 13 1,2,4
c. Compare and analyse the Malware using open source
tools

5 Assessment Policy
5.1 Component wise Continuous Evaluation Internal Continuous Assessment (ICA) and
Term End Examination (TEE)

Assessment ICA (100 Marks) TEE (100

Component (Marks scaled to 50) marks)
(Marks
scaled to

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

50)

Lab Lab Presentation on Class Class

Performan Exam advanced topics Test1 and Partic
ce and beyond syllabus Class ipatio
Viva (Group activity) Test 2 n

Weightage 10% 10% 5% 20% 5% 50%

Marks 20 20 10 20+20 10 100

Week of Weekly Week 14 Submission Test 1: Week 2 November

activity and 15 Week 10 August 21- to 21 to
Presentation 26, 2023 Week December
Week 12 , 13 Test 2: 14 5, 2023
October 9-
14, 2023

5.2 Assessment Policy for Internal Continuous Assessment (ICA)

Assessment of ICA comprises of the following components.

1. Class test 1 and 2

a. Two class tests will be conducted as per the academic calendar.

b. It may be conducted online/ offline for 20 marks each

2. Lab performance evaluation (20 marks)

a. Lab experiments (10 marks)

i. Continuous assessment for laboratory experiments will be conducted.
There are 10 practicals, each carrying weightage of 10 marks. At the
end of the course, average of total marks will be taken to obtain marks
out of 10.
ii. Discussion of your work with your peers is allowed. However each
student is expected to submit his/her original work. Submissions which
are very similar will be marked zero. Assessment of the lab work will
be carried out based on parameters like timely completion of lab work
file, understanding of the experiment performed, originality in the
work, involvement of the student, regularity, discipline etc. during the
session. There is a 30% penalty on late submission.

3. Lab test and viva (20 marks) - Lab test will be conducted based on the
concepts learnt. Viva will be based on the lab conducted.

4. Presentation on advanced topics beyond syllabus (10 marks)

a. Faculty will make group of 2-3 students
b. Each group will be given a topic based on Software Project Management
c. Prepare a document based on references from online reputed sources with
proper citations and references

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

d. Submit the document for approval by the faculty

e. Submission dates are final and binding for all. Submissions received after the
deadline will not be considered for ICA evaluation.
f. After approval, each group has to present the content from the document
submitted.
g. Assessment will be based on the understanding of topic, literature survey,
recent trends, references and citations used and way of presentation.
h. Presentation dates are final and binding for all. Those students who fail to
present on the given date will be marked Absent.
Document – Content/Document 7 marks + Timely submission 3 marks
Presentation – Content/Slides 7 marks + Presentation skills 3 marks

5. Class Participation (10 marks)- The faculty will ask questions or may
circulate forms in each class based on the content being taught to assess the
students. Marks will be allotted based on the correctness of the answer. The idea
is to encourage students to pay attention in class and actively participate. These
marks will be added in ICA class participation component.

5.3 Assessment Policy for Term End Examination (TEE)

A written examination of 100 marks for 3hours duration will be conducted for the course as
per the academic calendar.

7. Lesson Plan

Session Mapped
Topics
No. CO
Basic Components of Cybersecurity, Characteristics
1 1
of Information Security
Vulnerabilities, Threats , Attacks and controls, 1
2
Security System development life cycle
Goals of security,Security System development life 1
3
cycle
NIST Cybersecurity Framework, MITRE ATT&CK® 1
4
Matrix
Various security threats and Attacks (non-malicious 1
5
program errors)
Various security threats and attacks (Malwares, APT, 1
6
social engineering, etc.), Threat actors
7 Method of defence , Design Principles 1
Security policies, types of security policies, Case 1
8
Study
Cryptography basics , Transposition Cipher and 1
9
Substitution Ciphers

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

10 Cryptographic Algorithms – AES and RSA 1

11 Diffie-Hellman, Key Management and distribution 1
12 Digital Signature and Hash Functions 1
13 Attacks on cryptosystems and cryptanalysis 1
Authentication Basics, Passwords, certificate based 1
14 and biometric authentication, Kerberos, Single Sign
On
Multifactor Authentication, Attack on Authentication 1
15
schemes
Access Control Principles, DAC, MAC, and Role 1
16
based Access Control
17 Identify Federations 1
Access control models, identity and access 1
18
provisioning lifecycle
19 Firewalls, Kinds of Firewalls, Filtering Services 1

DMZ, Implementing policies (Default allow, Default 2

20
Deny) on proxy
21 Network Address Translation – NAT 2

22 Intrusion Detection and Prevention Systems 2

Virtual Private Network, types and Secure Shell – 2

23
SSH
Overview of risk management, Risk identification and 3
24
assessment
25 Risk control strategies, selecting risk control strategy 3

Continuity strategies (Business continuity planning, 3

26 Incident response planning, Disaster Recovery
planning)
27 Cybercrimes and criminals 3

29 IP, privacy 3

30 Legal and Ethical issues 3

6 Teaching-learning methodology
Faculty will make a group of 2-3 students for any group based activity such as class
participation, project, presentation etc. Lecture and laboratory session will be conducted as
follows-
1. Lectures:
o Outline for preliminary study to be done for each unit will be provided prior to
commencement of each unit.

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

o Deeper concepts and applications will be explained through Presentation and

Video Lectures.
o Numerical problems based on concept will be solved during the session on
smart board or MS OneNote.

2. Laboratory:
o Lab manual consisting of steps and reading material to support the lab
experiment will be uploaded on student portal.
o Regular lab assessment and grading will be done. Students will be marked
based on parameters like completion of lab assignment, originality, logic
developed (for programming based labs), interaction during the lab, on time
submission, punctuality and discipline

10. Active learning techniques

Active learning is a method of learning in which students are actively or
experientially involved in the learning process. Following active learning techniques
will be adopted for the course.
1. The "One Minute Paper": The faculty will ask students to take out a blank sheet of
paper, pose a question (either specific or open-ended), and give them one (or perhaps two
- but not many) minute(s) to respond.
2. Blended Learning: Students will be introduced to the topic at home while the in-depth
topics, applications and numerical problems will be discussed by the faculty in the lecture
session. Outline for preliminary study to be done for each unit will be provided prior to
commencement of each unit. Preliminary study material (video links, presentation, notes
etc) will be made available on the student portal.
3. Brainstorming: Students will be asked to generate ideas on a certain topic, category or
question while the faculty will facilitate and record the answers on the
blackboard/whiteboard.
4. Problem Based learning: Students will be asked to provide solutions to certain topic
involving real life problems with help of case studies. Case study discussion and
appropriate path selection will be done to elicit students thinking.

11. Course Material

Following course material is uploaded on the student portal: (give student portal link)
 Course Policy
 Lecture Notes
 Lecture Presentations
 Books / Reference Books / NPTEL video lectures link
 Assignments
 Lab Manual
 List of Course and Program Outcomes

Page PAGE 5 of NUMPAGES 11

Course Policy Introduction to Cybersecurity

12. Course Outcome Attainment

Following means will be used to assess attainment of course learning outcomes.

 Use of formal evaluation components of continuous evaluation, presentations,
laboratory work, semester end examination
 Informal feedback during course conduction

13. Academic Integrity Statement

Students are expected to carry out assigned work under Internal Continuous
Assessment (ICA) independently. Copying in any form is not acceptable and will
invite strict disciplinary action. Evaluation of corresponding component will be
affected proportionately in such cases. Plagiarism detection software will be used to
check plagiarism wherever applicable. Academic integrity is expected from students
in all components of course assessment.

Page PAGE 5 of NUMPAGES 11