EFFECT FROM THE ACADEMIC YEAR 2013 - 2014
CS 403
INFORMATION SECURITY
(Elective – I)
Instruction 4 Periods per week
Duration of University Examination 3 Hours
University Examination 75 Marks
Sessional 25 Marks
UNIT- I
Introduction: History, critical characteristics of information, NSTISSC security model, Components of an information system, Securing the components, balancing security and access, The SDLC, The security SDLC
Need for Security: Business needs, Threats, Attacks-secure software development
UNIT-II
Legal, Ethical and Professional Issues: Law and ethics in information security, relevant U.S laws-international laws and legal bodies, Ethics and information security Risk Management: Overview, Risk Identification, risk assessment, Risk Control strategies, selecting a risk control strategy, Quantitative versus qualitative risk control practices, Risk management discussion points, recommended risk control practices
UNIT-III
Planning for Security: Security policy, Standards and practices, Security blue print, Security education, Continuity strategies.
Security Technology: Firewalls and VPNs: Physical design, firewalls, protecting remote connections.
UNIT-IV
Security Technology: Intrusion detection, Access control and other security tools: Intrusion detection and prevention systems, Scanning and analysis tools, Access control devices.
Cryptography: Foundations of cryptology, cipher methods, Crypryptographic Algorithms, Cryptographic tools, Protocols for secure communications, Attacks on cryptosystems
UNIT-V
Implementing Information Security: information security project management, technical topics of implementation, Non- technical aspects of implementation, Security certification and accreditation Security and Personnel: Positioning and staffing security function, Employment policies and practices, internal control strategies. Information security Maintenance: Security management models. The maintenance model, Digital forensics
Suggesting Reading:
1. Michael E. Whitman and Hebert J Mattord, Principles of Information Security, 4th edition Ed. Cengage Learning 2011.
2. Thomas R Peltier, Justing Peltier, John Blackley, Information Security. Fundamentals, Auerbacj Publications 2010 .
3. Detmar W Straub, Seymor Goodman, Richard L Baskerville,
Information Security. Policy proceses and practices PHI 2008
4. Marks Merkow and Jim Breithaupt, Information Security. Principle and Practices, Pearson Education, 2007.
25 26