Information Security | MIT Syllabus | TU

Information Security

Course Title: Information Security                                                               Full Marks: 45+30

Course No: MIT504                                                                                      Pass Marks: 22.5+15

Nature of the Course: Theory + Lab                                                            Credit Hrs: 3

Semester: I

Course Description:

This course introduces the concepts of information security. The topics covered include information security, cryptosystem, message authentication, digital signature, database and data center security, denial of service attack, intrusion detection, security administration, and digital forensics.

Course Objectives:

The main objective of this course is to make students familiar with the concepts of information security so that upon completion of the course students will be able to understand and use the best practices for securing information and computer systems.

Course Contents:

Unit 1: Information Systems Security (4 Hrs.)

Information Systems Security, Tenets of Information Systems Security, Domains of IT Infrastructures, IT Security Policy Framework, Data Classification Standards

Unit 2: Private and Public Cryptosystem (8 Hrs.)

Block Ciphers, AES, IDEA, Stream Ciphers, RC4, Stream Cipher using Feedback Shift Registers, ElGamal, Elliptic Curve Cryptography, Format Preserving Encryption, Overview of Homomorphic Encryption, Lightweight Cryptography and Post Quantum Cryptography

Unit 3: Message Authentication Codes and Digital Signature (8 Hrs.)

Message Authentication Code, HMAC, Data Authentication Algorithm, Cipher Based MAC, Digital Signature, ElGamal Digital Signature Scheme, Schnorr Digital Signature Scheme, Digital Signarture Algorithm, Elliptic Curve Digital Signature Algorithm, RSA-PSS Digital Signature Algorithm

Unit 4: Database and Data Center Security (4 Hrs.)

Database Security, SQL Injection Attacks, Database Access Control, Inference, Database Encryption, Data Center Security

Unit 5: Denial of Service Attacks (6 Hrs.)

Denial Service Attacks, Flooding Attacks, Distributed Denial Service Attacks, Application Based Bandwidth Attacks, Reflector and Amplifier Attacks, Defensing Against Denial Service Attacks, Responding to Denial Service Attacks

Unit 6: Intrusion Detection and Prevention (6 Hrs.)

Intruders, Intrusion Detection, Intrusion Detection Analysis Approaches, Host-Based Intrusion Detection, Network-Based Intrusion Detection, Hybrid Intrusion Detection, Intrusion Detection Exchange Format, Honeypots, Intrusion Prevention System

Unit 7: Security Operations and Administrations (5 Hrs.)

Security Administration, Compliance, Professional Ethics, Infrastructure for IT Security Policy, Data Classification Standards, Configuration Management, Change Management Process, Application Software Security, Software Development and Security

Unit 8: Digital Forensics (4 Hrs.)

Digital Forensics, Computer Crime, Forensic Methods and Lab, Collecting, Seizing and Protecting Evidence, Recovering Data, Operating System Forensics, Mobile Forensics

Laboratory Works:

Laboratory works include implementing and simulating the concepts in above mentioned chapters using appropriate platforms and tools

References:

1. David Kim, Michael G. Solomon, Fundamentals of Information Systems Security, 4th Edition, Jones & Bartlett Learning
   1. William Stallings, Cryptography and Network Security: Principles and Practice, 8^th Edition, Pearson
   1. William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 4^th Edition, Pearson