A Level - Syllabus of Module: A10.3-R5-Information Security Management
Introduction :
This module is designed to focus on information security skills and techniques to
protect and secure organization's information assets and business systems. Students
understand of various types of security incidents, threats and attacks, and learn
methods to prevent, detect and react to incidents and attacks.
 |
| A Level - Syllabus of Module: A10.3-R5-Information Security Management |
Detailed Syllabus :
(i) Network Fundamentals :
Introduction to Ethernet, OSI layers, TCP/IP models, Functions/ protocols & devices
at each layer, Protocol headers for frame, TCP, UDP, IP ,ICMP, applications layers
like http, snmpetc, Network Topology, Working of Hub bridge, switch, router,
UTM, remote administration of and managed network devices, Types of Networks,
VLAN, Subnetting, NAT Working with Number systems, Fixed Length subnet
masking, Variable Length subnet, masking, Classless Inter Domain Routing, Inter
VLAN routing, Static Routing, RIP, RIPv2, OSPF, EIGRP, IGRP using IPv4,
Routing in Ipv6.
(ii) Introduction to cyber security and Attacks :
Fundamentals of information security - CIA Triad, Cyber Security Controls, Logical
Controls, Physical Controls, Tools & Techniques, understanding threats, attacks
categories, hacking process, Vulnerability, Threat & Risk (with examples), Types of Attacks (DDOS, Phishing, Malware etc. with examples), Threats at Client
systems (malware, social engineering, open ports, etc.) Threats to Network, Web,
Storage & Devices, Understanding the network security, Mitigation Techniques,
fundamental of web/mobile application security, Web Application Attacks (SQL
Injection, Cross site scripting etc.), Mobile Application Attacks, data center security,
cloud computing and data security.
(iii) Cryptography :
Data Transmission and Organization, error detecting and correcting codes, need of
cryptography. Cryptology fundamentals, Symmetric-Asymmetric cryptography &
cryptographic algorithms, Private key encryption, Public key encryption, Protocols,
Key management, including key generation, key storage, Key exchange, Encryption
folders(Graphical/ using cipher), Data recovery agent, Symmetric key encryption
algorithm, DES/3DES, IDEA,RC5, AES, Public key algorithm, RSA & ECC,
Diffie-Hellman key exchange, Hash functions, MD5-message digest algorithm,
SHA-1 Secure Hash algorithm, HMAC, Applications of cryptography- Secure
Email PGP, SSL TLS S/MIME, File Encryption IPsec, IOT Attacks against
encryption, Public Key Infrastructure Understanding digital certificates and
signatures.PKI Standards and Management, X.500, X.509, ETF, IRTF.
(iv) Network Security and countermeasures : Securing Networks, Network security devices– Router, ACL, firewalls, types of
firewalls, configuration and deployment, overview of IDS, Network-based IDS
(NIDS), Host-based IDS, Overview of IPS, Host-based IPS, (HIPS), Network-based
IPS(NIPS), UTMTMG threat management gateway, network security tools
(scanners, sniffers etc) and Countermeasures. wireless security, securing wireless
networks: wireless overview, Bluetooth, 820.11
(v) Web Server and Application Security :
Client-Server Relationship, Vulnerabilities in web server and applications, Attack
methods, Buffer overflow, SQL injection, cross site scripting, session hijack etc.,
Secure Coding Practices, OWASP top 10 vulnerabilities and mitigation techniques,
Web Application vulnerability scanning, tools (Nessus), Web application security
challenges
(vi) Security Auditing :
Audit planning (scope, pre-audit planning, data gathering, audit risk), Risk
management, Overall Audit Risk, Risk based approach, Evidence, Evidence
gathering techniques, Sampling, Control Self-Assessment, Risk analysis, Purpose of
risk analysis, Risk based auditing, Types of Control, Risk Assessment using Simple
Risk or Eramba (Open source Tools), 3 phase approach – Risk assessment IT/IS
Audit, Log analysis, Using Microsoft Security Assessment Tool, Using Microsoft
Security Baseline Analyzer, Configuring Windows File system auditing. Event ID
Log Analysis, OS and Application specific auditing, Performing Risk Assessment based on ISO27001 using ISO27001 security toolkit, Preparing Audit Questionnaire
and Performing Audit for ISO27001 Standard.
(vii) Cyber Law and IT Act 2000 :
Information Technology Act 2000 (as amended in 2008), Rules under Information
Technology Act 2000. The Rule of Cyberspace. Cyber Law – Policy Issues and
Emerging Trends Online Contract. Digital Signature Cyber Crime, Data Protection,
Liability of Intermediary, Copyright and Internet. Domain Name Dispute, Harmful
content in Internet, Case Studies.
(viii) Cyber Forensics : Digital Evidence, identification of digital evidence, Cyber forensics Processes
Identification, Preservation, seizure and acquisitions, Analysis, authentication and
presentations, fundamental of Incident response and handling, Reporting,
mitigation, Volatile evidence collection and analysis, disk imaging and analysis,
Investigating Information-hiding, analysis of e-mail, Tracing Internet access,
Understanding importance of report, writing of reports, generating report finding
with forensics tools, Chain of custody forms, Laboratory documents and procedures.
Click Here for PDF - A Level - Syllabus of Module: A10.3-R5-Information Security Management
कोई टिप्पणी नहीं:
एक टिप्पणी भेजें