COMSATS University Islamabad

Department of Computer Science

Course Syllabus
Course Information
Course Code: CSC432 Course Title: Information Security
Credit Hours: 3(3,0) Lecture Hours/Week: 3
Lab Hours/Week: 3 Pre-Requisites: None
Catalogue Description:
This course introduces the concepts and applications of information security. Topics include: Information
Security Overview; Threats & Attacks; Legal & Professional Issues; Security Planning; Risk Analysis; Security
Technology; Cryptography; Confidentiality; Authentication Models; Operational Security; and Implementation
& Maintenance,
Text and Reference Books
Text Book:
1. Principles of Information Security, Michael E., Whitman & Mattord, H. J., Cengage Learning, 2017.

Reference Books:
1. Introduction to Computer Security, Goodrich, M., & Tamassia, R., Pearson, 2021
2. Security in Computing, Pfleeger, C.P., Pfleeger, S.L. & Margulies, J., Prentice Hall, 2015.

Week wise Plan:

CDF
Lectur Reading
Unit# Topics Covered
e# Material
1. 1 The History of Information Security; What Is Security? Key Whitman, Michael E
Information Security Concepts; Critical Characteristics of : Chapter1
Information; CNSS Security Model; Components of an Information Reference Books
System, Balancing Information Security and Access; Approaches to
Information Security Implementation.
Threats & Attacks, Threats: Compromises to Intellectual Property, Whitman, Michael E
1 Deliberate Software Attacks Deviations in Quality of Service. : Chapter 2
2.
Espionage or Trespass , Forces of Nature, Human Error or Failure,
Information Extortion, Missing, Inadequate, or Incomplete
Organizational Policy or Planning Missing, Inadequate, or Incomplete
Controls , Sabotage or Vandalism, Theft.
Threats & Attacks, Attacks: Malicious Code, Hoaxes, Back Doors, Whitman, Michael E
3. 1 Password Crack, Brute Force , Dictionary ,Denial-of-Service (DoS) and : Chapter2
Distributed Denial-of-Service (DDoS) ,Spoofing , Man-in-the-Middle,
Spam, Mail Bombing, Sniffers, Social Engineering ,Pharming, Timing
1 Law and Ethics in Information Security: Organizational Liability Whitman, Michael E
4.
and the Need for Counsel , Policy Versus Law, Types of Law; : Chapter3
Relevant U.S. Laws, General Computer Crime Laws, Privacy, Export
and Espionage Laws, U.S. Copyright Law, Financial Reporting,
Freedom of Information Act of 1966 (FOIA), State and Local
Regulations, International Laws and Legal Bodies, Agreement on
1
 Trade-Related Aspects of Intellectual Property Rights Digital
Millennium Copyright Act (DMCA) ; Ethics and Information
Security Codes of Ethics and Professional Organizations.
5. 2 Definitions, Enterprise Information Security Policy (EISP), Issue- Whitman, Michael
Specific Security Policy (ISSP), Systems-Specific Policy (SysSP), E: Chapter4
Policy Management.
3 Security Planning: The Information Security Blueprint: The ISO 27000, Whitman, Michael
6.
NIST Security Models, IETF Security Architecture, Design of Security E: Chapter4
Architecture.
3 Risk Management: An Overview of Risk Management; Risk Whitman, Michael
7.
Identification, Asset Identification and Inventory , Classifying and E: Chapter5
Prioritizing Information Assets, Information Asset Valuation,
Identifying and Prioritizing Threats, Vulnerability Identification,
Risk Assessment.
Risk Management: Risk Control Strategies. Feasibility Studies, Whitman, Michael
8. 3 Cost Benefit Analysis (CBA), Evaluation, Assessment, and E: Chapter5
Maintenance of Risk Controls.
Access Control: Identification, Authentication, Authorization, Whitman, Michael
4 Accountability , Access Control Lists (ACLs) and Access Control E: Chapter6
9.
Entries (ACEs), Access Control Models:Discretionary Access Control Reference Books
(DAC), Nondiscretionary Access Control ,Operating Systems–Based
DAC, Mandatory Access Control (MAC) , Role-Based Access Control
(RBAC) Attribute-Based Access Control (ABAC), Content-Dependent
Access Control, Rule-Based Access Control (RuBAC) , Network
access control; centralized vs decentralized access control.
Firewalls: Firewall Processing Modes, Firewalls Categorized by Whitman, Michael
10. 4 Generation, Firewalls Categorized by Structure, Firewall Architectures. E: Chapter6
Reference Books
Firewalls: Selecting the Right Firewall, Configuring and Managing Whitman, Michael
11. 4 Firewalls, Content Filters. E: Chapter6
Protecting Remote Connections: Remote Access, Virtual Private Whitman, Michael
12. 4 Networks (V E: Chapter6
PNs).
13. Intrusion Detection and Prevention Systems: IDPS Terminology, Whitman, Michael
Why Use an IDPS? Types of IDPS, IDPS Detection Methods, IDPS E: Chapter6
4 Response Behavior, Selecting IDPS Approaches and Products, Reference Books
Strengths and Limitations of IDPSs, Deployment and
Implementation of an IDPS, Measuring the Effectiveness of IDPSs.
Honeypots, Honey nets, and Padded Cell Systems, Trap-and-Trace Whitman, Michael
4 Systems , Active Intrusion Prevention; Scanning and Analysis Tools:E: Chapter6
14. Port Scanners, Firewall Analysis Tools Operating System Detection
Tools, Vulnerability Scanners, Packet Sniffers, Wireless Security
Tools.
Biometric Access Controls: Effectiveness of Biometrics Acceptability Whitman, Michael
15. 4 of Biometrics. E: Chapter6
Review and revision of previous Information Security concepts by -
16. 4 considering students queries.
17.
Mid Term Exam
18.
Foundations of Cryptology an overview, Cipher Methods:Whitman,
19. 5
Substitution Cipher, Transposition Cipher, Exclusive OR, Vernam Michael E:
Cipher, Book or Running Key Cipher, Hash Functions. Chapter8
2
 Reference Books

Cryptographic Algorithms: Symmetric Encryption, Data Encryption Whitman,

20. 5
Standard (DES), Advanced Encryption Standard (AES); Asymmetric Michael E:
Encryption, Rivest-Shamir-Adleman RSA algorithm, Encryption Chapter8
Key Size, Examples. Reference Books
Advanced Cryptographic Algorithms: Introduction and Discussion.
21. 5 -
22. 5 Cryptographic Tools: Public-Key Infrastructure (PKI), Digital Whitman,
Signatures, Michael E:
Chapter8
Reference Books
23. 5 Digital Certificates; Hybrid Cryptography Systems; Steganography. Whitman,
Michael E:
Chapter8
24. 5 Protocols for Secure Communications: Securing Internet Whitman,
Communication with S-HTTP and SSL, Securing E-mail with Michael E:
S/MIME, PEM, and PGP; Securing Web Transactions with SET; SSL, Chapter8
and S-HTTP; Securing Wireless Networks with WEP and WPA;
Securing TCP/IP with IPSec and PGP.
5 Attacks on Cryptosystems: Man-in-the-Middle Attack, Correlation Whitman,
25. Attacks, Dictionary Attacks, Timing Attacks, Defending Against Michael E:
Attacks. Chapter8
Discussion on Cryptographic Algorithms:
26. 5 -
Concept and complexities.
Technical Aspects of Implementation: Conversion Strategies; The Whitman,
27. 5
Bull’s-Eye Model; To Outsource or Not; Technology Governance and Michael E:
Change Control. Chapter10
Information Systems Security Certification and Accreditation:Whitman,
28. 6
Certification versus Accreditation, NIST SP 800-37, Rev. 1: Guide Michael E:
for Applying the Risk Management Framework to Federal Chapter10
Information Systems: A Security Life Cycle Approach, NSTISS
Instruction-1000: National Information Assurance, Certification
and Accreditation Process (NIACAP), ISO 27001/27002 Systems
Certification and Accreditation.
Security Management Maintenance Models: NIST SP 800-100 Whitman,
29. 7
Information Security: A Guide for Managers; The Security Michael E:
Maintenance Model; Monitoring the External Environment, Chapter12
Monitoring the Internal Environment, Planning and Risk
Assessment; Vulnerability Assessment and Remediation.
Digital Forensics: The Digital Forensics Team, Affidavits and Search Whitman,
7
30. Warrants, Digital Forensics Methodology, Evidentiary Procedures. Michael E:
Chapter12
31. -
Revision of Information Security concepts.
32 -

Final Term Exam

3
Mapping of CLOs and SOs
Blooms
Sr.# Unit # Course Learning Outcomes Taxonomy SO
Learning Level

CLO-1 1-2 Discuss the fundamental concepts, policies, standards Understanding 1-8,9
and ethical issues of information security.
CLO-2 3 Investigate various counter measures and security Applying 2
controls to minimize risk and exposure.
CLO-3 4-5 Analyze various information security technologies. Analyzing 7-8

CLO-4 6-7 Describe the policies and procedures to information Applying 1

security implementation and maintenance.
CLO Assessment Mechanism
Assessment
CLO-1 CLO-2 CLO-3 CLO-4
Tools
Quizzes(15) Quiz 1 Quiz 2 Quiz 3 Quiz 4
Assignments(10) Assignment 1 Assignment 2 Assignment 3 Assignment 4

Mid Term
Mid Term Exam
Exam(25)
Final Term
Final Term Exam
Exam(50)
• Attendance Policy: Every student must attend 80% of the lectures as well as laboratory in this course.
The students falling short of required percentage of attendance of lectures/laboratory work, is not allowed
to appear in the terminal examination.
• Course Assessment:

Theory (T) Mid Term Terminal

Quizzes Assignments Total
Exam Exam
Final 15 10 25 50 100
Marks(100)

• Grading Policy: The minimum passing marks for each course is 50% (In case of LAB; in addition to
theory, student is also required to obtain 50% marks in the lab to pass the course). The correspondence
between letter grades, credit points, and percentage marks at CUI is as follows:
Grade A A- B+ B B- C+ C C- D+ D F
Marks >= 85 80 - 84 75 - 79 71 - 74 68 - 70 64 - 67 61 - 63 58 - 60 54 - 57 50-53 < 50
Cr. 3.67- 3.34- 3.01- 2.67- 2.34- 2.01- 1.67- 1.31- 1.01- 0.10- 0.00
Point
4.00 3.66 3.33 3.00 2.66 2.33 2.00 1.66 1.30 1.00
• Missing Exam: No makeup exam will be given for final exam under any circumstance. When a student
misses the mid-term exam for a legitimate reason (such as medical emergencies), his grade for this exam
will be determined based on the Department policy. Further, the student must provide an official excuse
within one week of the missed exam.
• Academic Integrity: All CUI policies regarding ethics apply to this course. The students are advised to
discuss their grievances/problems with their counsellors or course instructor in a respectful manner.
• Plagiarism Policy: Plagiarism, copying and any other dishonest behaviour is prohibited by the rules
and regulations of CUI. Violators will face serious consequences.