InfoSec Lect1
InfoSec Lect1
Course Detail
Objectives:
Upon completion of this course, participants will have gained
knowledge of information security concepts, basic components
and applications.
Class hour:
■ 3 Hours per week
■ Total Credit Hours: 45
Course Credit
■ Total Credit : 3
■ Internal Assessment: 30 Marks
■ Final : 45 Marks
Course Outline- Units
1. Introduction to Information Security- 4
Hrs
2. Malicious code and application attacks - 8 Hrs
3. Cryptography and Key Management - 8 Hrs
4. Authentication and Access Control – 5
Hrs
5. Network Security- 5 Hrs
6. Auditing and Monitoring – 4 Hrs
7. Legal, Ethical and Professional issues in InfoSec – 6 Hrs
8. Disaster Recovery and Business Continuity – 5 hrs
References
Lecture notes and Papers provided in the class.
Additional references
■ International Information Systems Security Certification
Consortium (ISC)2 CISSP Certification Books
■ Information Systems Audit and Control Association (ISACA)
CISA Certification Books.
■ EC Council Certified Ethical Hacker (CEH) Resources
Detail Course Outline-1
Unit 1 4
■ The History of Information Security
■ What Is Information Security?
■ Critical Characteristics of Information
■ Information security concepts and practices ( CIA and other
practices)
■ Balancing Security and Access
Unit 2 8
■ Malicious code
■ Password attacks
■ DOS Attack
■ Application attacks
■ Web application security
■ Reconnaissance attack
■ Masquerading attack
Detail Course Outline-2
Unit 3
8
■ Basics of cryptography
■ Symmetric Cryptography (DES, Triple DES, AES, Key distribution)
■ Asymmetric cryptography
• Public and private keys
• RSA
• Elliptic curve
• Hash function
• Digital signatures
• PKI
■ Applied cryptography
Unit 4 5
■ Overview of access control
■ Authentication and Authorization
■ Identification and authentication techniques
■ Access control techniques
■ Access control methodologies, implementations and administration
Detail Course Outline-3
Unit 5 5
■ LAN security
■ Wireless security threats and mitigation
■ Internet threats and security
■ Remote access security management
■ Network attack and countermeasures
Unit 6
■ Auditing
■ Monitoring
■ Penetration-testing techniques
■ Inappropriate activities
■ Indistinct threats and countermeasures
Detail Course Outline-4
Unit 7 6
■ Types of Law
■ Relevant Laws ( Computer Crime, IP, Licensing, Privacy)
■ International Laws and Legal Bodies
■ Ethical Concepts in Information Security
■ Codes of Ethics, Certifications, and Professional Organizations
Unit 8
■ Business continuity planning
■ Business impact assessment
■ BCP documentation
■ Nature of disaster
■ Disaster recovery planning
Unit 1
Data, Information and
Knowledge
Data
recording of “something” measured
Raw material, just measured
Information
Information is the result of processing, manipulating and organizing
data in a way that adds to the knowledge of the receiver.
Processed data
Knowledge
Knowledge is normally processed by means of structuring, grouping,
filtering, organizing or pattern recognition.
Highly structured information
Information Systems is the collection of hardware, software,
data, people and procedures that are designed to generate
information that supports the day-to-day, operations.
What is Information Security?
Information security is the process of protecting information from
unauthorized access, use, disclosure, destruction, modification,
or disruption
The protection of computer systems and information from harm,
theft, and unauthorized use.
Protecting the confidentiality, integrity and availability of
information
Information security is an essential infrastructure technology to
achieve successful information-based society
Highly information-based company without information security
will lose competitiveness
13
Historical Aspects of InfoSec -2
In the 1980s the security focus was concentrated on
operating systems as they provided remote
connectivity
In the 1990s, the growth of the Internet and the
growth of the LANs contributed to new threats to
information stored in remote systems
IEEE, ISO, ITU-T, NIST, ISACA, (ISC)2 and other
organizations started developing many standards for
secure systems
Information security is the protection of information
and the systems and hardware that use, store, and
transmit information
14
CNSS Security Model
Technology
Education
Policy
Confidentiality
Integrity
Availability
Interruption/Denial of service
Interception: eavesdropping, wiretapping, theft …
Modification
Fabrication/Forgery
Unauthorized access
Denial of facts
Security Services
Security services
▶A service that enhances information security using one or
more security mechanisms
Confidentiality/Secrecy ↔ Interception
Authentication ↔ Forgery
Integrity ↔ Modification
Non-repudiation ↔ Denial of facts
Access control ↔ Unauthorized access
Availability ↔ Interruption
Security Needs for Communications
Confidentiality Authentication Availability
Not
SENT !