Você está na página 1de 4

L T P/ SW/F TOTAL

Course Title: INFORMATION SECURITY &RISK MANAGEMENT


S W CREDIT
Course Code: CSIT726
UNITS
Credit Units: 3
Level: 3 0 0 0 3

Course Objectives:

This course focuses on the fundamentals of information security that are used in protecting both the information present in computer
storage as well as information traveling over computer networks. Interest in information security has been spurred by the pervasive
use of computer-based applications such as information systems, databases, and the Internet. Information security has also emerged as
a national goal in the United States and in other countries with national defense and homeland security implications. Information
security is enabled through securing data, computers, and networks. In this course, we will look into such topics as fundamentals of
information security, computer security technology and principles, access control mechanisms, cryptography algorithms, software
security, physical security, and security management and risk assessment. By the end of this course, you will be able to describe major
information security issues and trends, and advise an individual seeking to protect his or her data.

Learning Outcomes

Upon successful completion of this course, the student will be able to

 explain the challenges and scope of information security;


 explain such basic security concepts as confidentiality, integrity, and availability, which are used frequently in the field of
information security;
 explain the importance of cryptographic algorithms used in information security in the context of the overall information
technology (IT) industry;
 identify and explain symmetric algorithms for encryption-based security of information;
 identify and explain public-key based asymmetric algorithms for encryption-based security of information;
 describe the access control mechanism used for user authentication and authorization;
 describe Secure Sockets Layer (SSL) as a common solution enabling security of many applications, including all Internet-
based commerce;
 describe securing Internet Protocol (IP) communications by using Internet Protocol Security (IPSec);
 explain the importance of physical security and discuss ways to improve physical security of an enterprise;
 explain the use of such security tools as firewalls and intrusion prevention systems;
 explain malicious software issues such as those introduced by software-based viruses and worms;
 explain common software security issues such as buffer overflow; and
 describe the basic process of risk assessment in the context of overall IT security management

Prerequisites:
 Students must have a strong knowledge of fundamentals of Information techniques and tools used in industry

Student Learning Outcomes: At the end of the course, the students will be better positioned to realise the challenges involved in online trade while doing
business using IT Techniques. The students should be able to
 Explain the components and roles of the Information security.
 Explain how businesses sell products and services on the Web while remaining secure.
 Describe the technical failure and success factors keeping all security concerns intact

Course Contents / Syllabus:


Module I: Introduction of Information Security 20
Goals of Computer Security . CIA triangle, Identifying the Assets, Threats, Impact,
vulnerabilities, User Authentication, System Access Control, Password Management,
Privileged User Management, User Account Management , Data Resource Protection ,
Sensitive System Protection, Cryptography, Intrusion detection , Computer-Security
Classifications
Module II: Computer Security 20
Hardening (Operating System and Application Code, File System Security, Local Security
Policies, Services, Default Accounts), Network Activity, Malicious Code, Firewall , Fault
Tolerant System , BACKUP and UPS
Module III: Network Security 20
Network security issues, threats & solutions, cryptography, algorithms (encryption,
substitution, sequential and random, transposition), crypto-analysis, methods of breaking
these algorithms.
Module IV: Disaster Management 20
Types of Disaster, Challenge in Global operations, Understanding disaster recovery &
business continuity, Business Continuity Management, Preparing BCP – a 10 step process,
case (eg WTC)
Module V: Management of Security taking Windows OS as example (Practical) 20
Security Management , Users and Groups Management , Managing Local and Global
Groups, Managing User Accounts , Windows NT Domain Management,, Registry
Management , Logical Structure , Physical Structure , DNS Management , Managing Group
Policy, User Authentication Management, Creating Domain User Accounts, Files and Folder
Management, Files and Folder Permission Shared Resources Management, Encrypting File
System (EFS) ,

Pedagogy for Course Delivery:


The class will be taught using theory and case based method.

Assessment/ Examination Scheme:

Theory L/T (%) Lab/Practical/Studio (%) End Term Examination

100% NA 70
Theory Assessment (L&T):
Continuous Assessment/Internal Assessment End Term
Examination
Components
(Drop down)
Mid-Term Project Assignment Attendance
Exam

Weightage (%)
10% 10% 5% 5% 70%

Text:
 D.P. Sharma, E-retailing Principles and Practice, Himalaya Publications
 Caroll & Broadhead, Selling Online: How to Become a Successful E-Commerce Merchant, Dearborn publishers
 Janice Reynolds, The Complete E-Commerce Book: Design, Build, and Maintain a Successful Web-Based Business, CMP
Media.
 Dennis, Fenech & Merrilees, E-retailing, Routledge Press
 Levy & Weitz, Retailing Management, Tata McGraw Hill

Você também pode gostar