Upload
vonhi
View
218
Download
1
Embed Size (px)
Citation preview
Computer Security
Topic 1 Name: Introduction to Computer Security and Security Trends
Knowledge Category
Example/s of category Teaching methodology
FACT Security
Assets
Viruses
Terrorists
Malware
Use appropriate example of security (security guards in college gate)
Show any peripheral devices of Computer or Network( Hard disk)
Corrupted Files in pen drive
News, Videos of terrorist attack like 26/11 attack
Use any appropriate example-malicious code transfer through mobile while sharing the data (Bluetooth)among people
CONCEPT Confidentiality,Integrity, Availability, Accountability
Risk
Security Attacks
Use any appropriate PPT and example – email
Use any appropriate example – person having large amount of cash in travelling
Use example of Hacker trying to attack on any email account
PRINCIPLE CIA Model Use any appropriate PPT
PROCEDURE
Risk Analysis
Steps in Attack
Use any appropriate PPT or Video
Application Online application Online Shopping and Online Banking
Learning Resources:
Books:
1) “Cryptography and Network Security” by Atul Kahate Publisher – Tata McGraw Hill
2) “Computer Security” by Dieter Gollman Second Edition Publisher- Wiley India Education
3) “Principles of Computer Security + and Beyond” by Wm. Arthur Conklin Publisher – Tata McGraw Hill
4) “Principles of Information Security” by Michael E. Whitman, Herbert J. Mattord Publisher - Cengage India
Teaching Aids:
Black board, Chalk, Transparencies, Power point presentationslides(PPTs), Reference books, notes, LCD projector/OHPProjector.
Lecture No.
Topic/ Subtopic to be covered
1 Why focus on Security?–
“Principals of Computer Security CompTIASecurity+andBeyndo” by Wm. Arthur Conklinchapter 1 Page No 1
E.g The Secureness of precious materials being stolen like gold, money, Mark sheet of student etc.)
Definition of Computer Security“Computer Security” by Dieter Gollman Chapter 2, Page No 18
Why security is important (Need of security) “Cryptography and Network Security” by AtulKahate Chapter 1, Page no 1
Eg. Confidential information of defense save on computer of govt dept
Basics of computer security – C, I, A Model
Confidentiality - “Computer Security” by Dieter Gollman Chapter 2, Page No 20Integrity - “Computer Security” by Dieter Gollman Chapter 2, Page No 21Availability - “Computer Security” by Dieter Gollman Chapter 2, Page No 22Accountability - “Computer Security” by Dieter Gollman Chapter 2, Page No 23Non-repudiation - “Computer Security” by Dieter Gollman Chapter 2, Page No 23
* Draw pyramid model of CIA
Web Site - http://it.med.miami.edu/x904.xml
*Note- Conclude the lecture with Block keywords & definitions and suitable diagram
2 Examples of Application where security is important Eg: Bank where locker facility is provided
Challenges in security – which are different barriers in security Eg: person tries different ways to crack the password of Computer
Models of security
3 Define Risk
“Computer Security” by Dieter Gollman Chapter 1, Page No 13
What is Assets, Vulnerability and threats“Computer Security” by Dieter Gollman Chapter 1, Page No 10,11(Harddisk is assest ) Formula for calculation of Risk“Computer Security” by Dieter Gollman Chapter 1, Page No 10
PPTs - www.cs.uiuc.edu/class/sp07/cs498ia/slides/CS461-06.RiskAnalysis.ppt
4 What Quantitative & Qualitative Risk Analysis“Computer Security” by Dieter Gollman Chapter 1, Page No 13 Counter measures to mitigate the risk“Computer Security” by Dieter Gollman Chapter 1, Page No 14
Web Site – http://www.digitalthreat.net/2009/06/threat-vs-vulnerability-vs-risk/
5 What is Threat- Definition What is different categories of Threats
Definition of Virus and Worms – Differentiate between them “Principles of Computer Security: Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 7“Cryptography and Network Security” by AtulKahate Chapter 1 Page no 16, 18 Different types of Viruses – Life Cycle of Viruses (Draw Diagram)“Cryptography and Network Security” by AtulKahate Chapter 1 Page no 16 to 18 Define Intruders & Insiders – Differentiate between them (Give real life example or any movie example)“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 7,8
Web Sites – http://www.f-secure.com/en/web/labs_global/threat-types http://support.kaspersky.com/viruses/general/614 http://peterhgregory.wordpress.com/2009/03/14/security-basics-definitions-
of-threat-attack-and-vulnerability/
6 Who is Criminal Organization – what is their
purpose(any movie example)“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 9 Who is Terrorists – what is their aim/goals(any movie example)“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 9 Information Warfare Why there is need of Information Warfare“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 9 Avenues of Attacks (Example of any Criminal Activity)“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 11 Steps in Attack – How attack can happen in any organization like Bank robbery “Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 1 Page no 12
7 What is Attack – Definition of attack
Active and Passive Attack – Differentiate between them, Classification of passive and active attacks“Cryptography and Network Security” by Atul Kahate Chapter 1 Page no 12 to 15 Denial of Service Attack (DOS & DDOS)“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 400
Web Site - http://www.slideshare.net/chintanjpatel/unit-1-33882940
8 Backdoor, Trapdoors“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 403 Sniffing“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 404 Spoofing“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 405, 406 Encryption Attack“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 410
Web Site – https://www.parkbank.com/about/security/computer-security http://vickyvikramaditya1.blogspot.in/2011/08/sniffing-and-spoofing.html
PPT – https://www.google.co.in/url? sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&sqi=2&ved=0CD8QFjAD&url=http%3A%2F%2Fwww.pcs.cnu.edu%2F~dgame%2Fcs446Gen%2Ftopics%2FSniffing%2FSniffing.PPT&ei=5WKhU7a2E4OiugTag4CACQ&usg=AFQjCNE2f2hwh4vf1vWecSJh8I8D47Wy0g&bvm=bv.69137298,d.c2E
9 Man-in-middle attack“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 408 Replay Attack TCP/IP Hacking “Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 409
Web Site – http://careerride.com/Networking-replay-attacks.aspx
PPT – https://www.google.co.in/url? sa=t&rct=j&q=&esrc=s&source=web&cd=14&cad=rja&uact=8&ved=0CF0QFjAN&url=http%3A%2F%2Fcsc.columbusstate.edu%2Fsummers%2Fnotes%2Fcs557%2F3mf%2FReplay-Attacks.ppt&ei=S2OhU9T8GdGdugTCyoLQBw&usg=AFQjCNG0tQwkXUxg0-6LnH-_ZzDNqSHlzw&bvm=bv.69137298,d.c2E
10 Definition of Malware“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 415 Various categories of Malwares What is Virus and Logic Bombs“Principles of Computer Security:Comp TIA Security+ and Beyond” by Wm. Arthur Conklin Chapter 15 Page no 418
Web site – http://www.malwaretruth.com/the-list-of-malware-types/ http://www.kaspersky.co.in/internet-security-center/threats/malware-
classifications
Topic 2 Name: Authentication and Operational Security Objectives
Knowledge Category Example/s of category Teaching methodology
FACT People
Password
Biometrics
Use appropriate example of people- Internet Users
Show appropriate example- create password to authenticate user for PC or laptop or password for enrollment of admission Use appropriate example-(Iris) retina scan in Adhar Card Office
CONCEPT Managing Password
Role of People
Example-Login screen
Example-Cash withdrawal at ATM
PRINCIPLE Choosing a password
Individual User Responsibilities
Example-Changing PIN of ATMUse appropriate PPT's
APPLICATION Thumb Reader Use Appropriate example of Biometric like Attendance System using Thumb
Learning Resources:Books:
Title: 1) “Cryptography and Network Security” by Atul Kahate Publisher – Tata McGraw Hill 2) “Computer Security” by Dieter Gollman Publisher – Wiley India 3) “Principles of Computer Security + and Beyond” by Wm. Arthur Conkin Publisher - Tata McGraw HillTeaching Aids: Black Board, PPTS, Transparencies, Reference Book, Notes. PPTs: Preferably prepare PPTs containing-
https://depts.washington.edu/...security/your_role_information_secur.ppt http://www.slideshare.net/vidita123/biometrics-final-ppt
Lecture No.
Topic/ Subtopic to be covered
1 Introduction to operational Security Understand meaning - role of people What is password?“Principles of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 3 “Operational and Organizational Security
*Note- Conclude the lecture with Block keywords & definitions and suitable diagram
2 Introduction to terms -identification, Authentication & operational Security To understand role of people in securityCryptography & Network Security by AtulKahateChapter-7pg.nos 271-73
3 User Name & PasswordComputer Security by Dieter Gollman Chapter-3, Pg.Nos.36
How to choose & manage password?Computer Security by Dieter Gollman Chapter-3, Pg.Nos.37,38, 39
To understand what are threats while creating passwords.
4 Introduction to terms -identification, Authentication Principles of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 11 Pg.nos-262
Describe different areas where security comes into picture.Cryptography & Network Security by AtulKahateChapte1 Page No.1 to 3
5 Discuss role of people in security Password SelectionPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-72
PiggybackingPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-73
Shoulder SurfingPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-70
Dumpster DivingPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-74
Installing Unauthorized Software/HardwarePrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.Nos-74,75
Access By Non-employeePrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-75
Security AwarenessPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.No-76
Individual User ResponsibilitiesPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 4 Pg.Nos-77
6 Examples of role of people using suitable techniques.
http://www.slideshare.net/Clarice_Wilson/atm-frauds-and- solutions
7 Define Access Control Principles of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 11 Pg.no-268
Discuss their principles & policiesPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 11 Pg.no-269
8 " Types of Access controlsPrinciples of Computer Security Security + and Beyond” by Wm. Arthur Conklin Dwayne Chapter 11 Pg.nos-269,270
9 Introduction to Biometrics Types of Biometrics
10 Types of Biometrics & example Finger prints Hand print Retina Patterns Voice Patterns Signature &Writing Patterns Keystrokes
Computer Security Principles & Practices " by William Stalling, Lawrie Brown Chapter-3 " pg.nos.92 to 97
PPT:
http://www.slideshare.net/vidita123/biometrics-final-ppt
Topic 3 Name: Cryptography
Knowledge Category Example/s of category Teaching methodology
FACT Plaintext
Key
Cipher Text
Use example of Plaintext–Human language
(message:“welcometo third year diploma”)
Show any message is Codified by using. KEY
Alphabet A Codified by key “3” to Alphabet “C”
Show example of codified message like “ABC” is code to “CDE”
CONCEPT Cryptography,Cryptanalysis, Cryptology
Encryption
Decryption
Private Key
Public Key
Hashing
Use appropriate example to show the converting of plaintext to cipher text and vice-versa.
Show example of encoding plaintext to Cipher text:Eg.”Computer” to” retupmoc”
Show example of decoding Cipher text to PlaintextEg.“retupmoc” to “Computer”
Show example of key which need to be kept secret: Eg. door key of own house or password of own email account
Show example of key which is shared with everybody: Eg door key of own house shared among parents and child
Use any appropriate example and ppt to show mathematical function that perform one way encryption
PRINCIPLE Substitution Technique
Transposition Technique
Symmetric Cryptography
Asymmetric Cryptography
Use any appropriate example to show Character of plain text is replaced by other charactereg- MONITOR is replace by “NPOJUPS”
Use any appropriate example to show permutation and combination over plaintext to produce Cipher text
Same Key is use for encryption and decryption.
Use any appropriate examples –One key used to lock and same key is used to unlock the door of house
2 separate key are usedOne key for encryption and Second key for decryption
Use any appropriate PPT, examples –One key used to lock the door of house. Second key to unlock the door.
PROCEDURE Substitution Technique
Step use in Caesar Cipher
Step use in Monoalphabetic and Polyalphabetic
Transposition technique
Step use in Rail fence technique
Step use in Simple columnar
Step use in One time pad
Stenography
Use any appropriate example to show each character of plain text with 3 place down line eg “Amar ” replaced by Dqdv” .
Use any appropriate example to show one block replace another block ”HELLO ” is “LHPPS
Use any appropriate example to show plain text are written as sequence of diagonal and then read as sequence of row.
Use any appropriate example to show plain text written as row and read in the column form
Use any appropriate example to show random cipher text every timeEg: OTP in mobile
watermark
APPLICATION Symmetric cryptography:DES (Data Encryption Standard Algorithm
Asymmetric Key Cryptography:Digital Signature
Use appropriate PPT to show step execution of DES algorithm include all step in details
Use appropriate PPT orvideo
eg- E-mudrak use in stamping the document in Maharashtra government
2) Income tax return online ,digital signature are used by user to filled form
Learning Resources:Books: Title:1)“Cryptography and Network Security” by Atul Kahate Publisher - Tata McGraw Hill2)“Computer Security” by Dieter Gollman Publisher – Wiley India3)“Principles of Computer Security + and Beyond” by Wm. Arthur Conklin Publisher - Tata McGraw Hill4)“Principles of Information Security” by Michael E. Whitman, Herbert J. Mattord Publisher - Cengage indiaTeaching Aids:Black board, Chalk, Transparencies, Power point presentationslides(PPTs), Reference books, notes, LCD projector/OHPProjector.
Lecture No.
Topic/ Subtopic to be covered
1 Introduction to Cryptography“Computer Security” by Dieter Gollman Chapter 11, Page No 186
“Principles of Computer Security + and Beyond” by Wm. Arthur” chapter -5 ,Page No- 83
Definition of Cryptography, Cryptanalysis and Cryptology“Cryptography and Network Security” by AtulKahateChapter2, Page No 38-39
Identify and describe the types of cryptography“Principles of Computer Security + and Beyond” by Wm. Arthur” chapter -5 ,Page No- 84
What is Plain text and Cipher Text?Plain text and cipher Text - “Cryptography and Network Security” by AtulKahateChapter2, Page No 40-41”
Website- http://en.wikipedia.org/wiki/Cryptography http://www.apprendre-en-ligne.net/crypto/bibliotheque/PDF/Kwang.pdf http://cs.stanford.edu/people/eroberts/cs181/projects/dvd- css/cryptography.htm
PPT – http://www.sce.uhcl.edu/yang/teaching/csci5931netSecuritySpr05/nsech02a.ppt
2 What is Substitution Technique?Cryptography and Network Security” by AtulKahate Chapter 2, Page No 41
State different type of substitution techniqueCryptography and Network Security” by AtulKahate Chapter 2, Page No 42
Define Caesar’ciper? Explain with example ?Cryptography and Network Security” by AtulKahate Chapter 2, Page No 41-43
Working principle of mono alphabetic substitution techniqueCryptography and Network Security” by AtulKahate Chapter 2, Page No 44-46
How Poly alphabetic technique is different from mono alphabetic
Cryptography and Network Security” by AtulKahate Chapter 2, Page No 47
Drawback of Substitution techniqueCryptography and Network Security” by AtulKahate Chapter 2, Page No 48-54
Website- http://www.cimt.plymouth.ac.uk/resources/codes/codes_u1_text.pdf
PPTs- sce.uhcl.edu/yang/public/Modules/.../Substitution%20Ciphers.ppt
3 What is Transposition Technique?Cryptography and Network Security” by AtulKahate Chapter 2, Page No 54
Working principle of rail fence technique with exampleCryptography and Network Security” by AtulKahate Chapter 2, Page No 54-55
Working principle of Simple Columnar with exampleCryptography and Network Security” by AtulKahate Chapter 2, Page No 54-58
What is Stenography? State its advantage and disadvantages Cryptography and Network Security” by AtulKahate Chapter 2, Page No 73-74“Principles of Computer Security + and Beyond” by Wm. Arthur”
Chapter -5 Cryptography, page 101-103
Website-http://www.cs.man.ac.uk/~banach/COMP61411.Info/CourseSlides/Wk1.2.Classical.pdf
PPTs -www.eecis.udel.edu/~mills/teaching/eleg867b/crypto_slides/ch02.ppt4 Define Encryption? Show a block diagram of encryption
Cryptography and Network Security” by AtulKahate Chapter 2, Page No 59
Define Decryption? Show a block diagram of DecryptionCryptography and Network Security” by AtulKahate Chapter 2, Page No 59-62
State the sketch of Symmetric key cryptography and problem of Key DistributionCryptography and Network Security” by AtulKahate Chapter 2, Page No 62-71
Website: http://www4.ncsu.edu/~kksivara/sfwr4c03/lectures/lecture9.pdf
PPTs - cs.ecust.edu.cn/~yhq/course_files/security/topic2.ppt
5 Name the algorithm uses for Symmetric key cryptography
Cryptography and Network Security” by AtulKahate Chapter 2, Page No 100
“Principles of Computer Security + and Beyond” by Wm. Arthur” Chapter -5 Cryptography, page 91-94
Conceptual working of DES along with diagram
Cryptography and Network Security” by AtulKahate Chapter 2, Page No 101
Computer Security” by Dieter GollmanChapter -11,Page No-199-202”
Processing step in DES
Cryptography and Network Security” by AtulKahate Chapter 2, Page No 102-103
Website: http://cs.ucsb.edu/~koc/cs178/docx/w04x-des.pdf
PPTs - islab.csie.ncku.edu.tw/course/slide/ch_06.ppt
6 Details of each step in DES Algorithm along with block diagram
a) What is happening the Initial permutation (IP)
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -102-103
b) Details of one Round in DES
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -103
i. Step 1- Key transformation
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -104
ii. Step2- Expansion permutation
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -104-105
iii. Step3- S- Box Substitution
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -105-108
iv. Step 4-P- Box substitution
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -108-109
v. Step 5- XOR and swap
Cryptography and Network Security” by AtulKahate Chapter 3, Page No -109-110
c)Variation of DESCryptography and Network Security” by AtulKahate Chapter 3, Page No -111
Website- http://cs.ucsb.edu/~koc/cs178/docx/w04x-des.pdf https://www.google.co.in/search?q=des
%20algorithm&tbm=isch&ei=LGWmU8m1MtaD8gWpnYKwAQ#facrc=_&imgdii=_&imgrc=GRgKBo8qM0iufM%253A%3BXIxHOqkYyDZ7mM%3Bhttp%253A%252F%252Fi1.ytimg.com%252Fvi%252FiayDUAGu9Ec%252Fhqdefault.jpg%3Bhttp%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DiayDUAGu9Ec%3B480%3B360
PPTs -islab.csie.ncku.edu.tw/course/slide/ch_06.ppt
7 i. “What is Asymmetric key cryptography?“Cryptography and Network Security” by AtulKahate Chapter 4,Page No-154-156
Compare Symmetric key cryptography and Asymmetric key cryptography
“Cryptography and Network Security” by AtulKahate Chapter 4,Page No-161
Introduction to Digital Signature“ Cryptography and Network Security” by AtulKahate Chapter 4,Page No-165-166
“Principles of Computer Security + and Beyond” by Wm. Arthur” Chapter -5 Cryptography, page 106-107,126,130
“Computer Security” by Dieter GollmanChapter -11,Page No-194-195
Website- http://www.icg.isy.liu.se/courses/tsit03/forelasningar/cryptolecture08.pdf http://technet.microsoft.com/en-us/library/cc962021.aspx
PPTs -http://www.slideshare.net/rohitbhatta/introduction-to-digital-signatures
8 Basis of Digital signature
Cryptography and Network Security” by AtulKahate Chapter 4,Page No-166-167Computer Security” by Dieter GollmanChapter -11,Page No-194-195” Basis for Hashing Concept
Principles of Computer Security + and Beyond” by Wm. Arthur” Chapter -5 page 87-89Computer Security” by Dieter Gollman Chapter -11,Page No-192-194”http://technet.microsoft.com/en-us/library/cc962016.aspx Message digest
Principles of Computer Security + and Beyond” by Wm. Arthur” Chapter -5 page 90 Cryptography and Network Security” by AtulKahate Chapter 4,Page No-167-196
Web Site – http://www.cs.iit.edu/~cs549/lectures/CNS-5.pdf
http://www.cs.uiuc.edu/class/fa07/cs498mmp/slides/TFC-F07-Lect15.pdf
https://www.entrust.com/wp-content/uploads/2013/05/cryptointro.pdf
http://technet.microsoft.com/en-us/library/cc962033.aspx
Topic 4 Name: Computer Security Technology and Intrusion Detection
Knowledge Category Example/s of category Teaching methodology
FACT Attack
Intrusion
Standard Protocols
Use appropriate example to show how attacker attack on Computer security –Eg- attack on particular personal computer to obtained bank account number .
Show Attacker try to enter from weak entry point or bypass the security levelEg: illegal accessing particular bank account to transfer money
Eg-Theft try to enter through window or door
appropriate exampleEg- File transfer –FTP
CONCEPT Firewall
Virtual Private Network
Kerberos
Security topologies
Use appropriate example to show firewall mechanism- Eg Compound wall for Building, Barrier on Road sides. Restricted access to particular website in College
Use appropriate example to private communication over public network E.g.: Walky Talky in Army for communicating between soldiers.
Use appropriate ppt to showKerberos cycle.Eg: Student is allowed to enter in Library hall by checking College ID and entering name in Register and Verify by Librarian
Use Appropriate area to show Security zoneEg: Mobile is banned in exam hall of MSBTE., Hospital
PRINCIPLE Email Security :SMTP,PEM,PGP,S/MIME
IPSec Security
Use appropriate PPT and Video to show working of Email SecurityEg: To Send Email –SMTP
Use appropriate ppt
Eg: Secure Branch office Connectivity over the internet
PROCEDURE Intrusion Detection
Host Based-HIDSNetwork based HIDS
IPSec Configuration
Use appropriate ppt to show types of IDS
Eg: Burglar alarm to identify undesirable activity
Use appropriate ppt and video
APPLICATION DMZ
Internet and intranetVLAN
Honey pot
Show example of restricted area for student to enter in Server Room in College
Use Appropriate exampleEg. In college Campus network using intranet with help of LAN
Show example of trap place to catch the attackerEg: trap is made to catch the theft on websites
Learning Resources:
Books:
Title:
1)“Cryptography and Network Security” by Atul Kahate Publisher – Tata McGraw Hill
2)“Computer Security” by Dieter Gollman Chapter-12,13 Publisher – Wiley India
3)“Principles of Computer Security + and Beyond” by Wm. Arthur Conklin Publisher – Tata McGraw Hill
4)“Cryptography and Network Security ” by William Stalling Publisher - Pearson
Teaching Aids:Black board, Chalk, Transparencies, Power point presentationslides(PPTs), Reference books, notes, LCD projector/OHPProjector.
Lecture no
Topic/ Subtopic to be covered
1 Introduction to Firewall“Computer Security” by Dieter Gollman Chapter 13, Page No 247“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:435-436
Definition of Firewall“Computer Security” by Dieter Gollman Chapter 13, Page No 247
Need for Firewall in Computer security and network“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:436
Characteristics of Good Firewall “Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:437
Types of Firewall and Firewall polices “Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:437
“Computer Security” by Dieter Gollman Chapter 13, Page No 248, 249
Limitation and problem in Firewall
“Computer Security” by Dieter Gollman Chapter 13, Page No 250“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:452
Website- http://www.dis.uniroma1.it/~alberto/didattica/cns-slides/firewalls.pdf
http://www.cs.iit.edu/~cs549/slides/chapter-14.pdf
PPT - www.cs.kau.se/cs/education/courses/dvgc03/p4/Firewalls.ppt
2 Working of packet filtering in firewall
“Computer Security” by Dieter Gollman Chapter 13, Page No 248“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:438
Working of Application gateway
“Computer Security” by Dieter Gollman Chapter 13, Page No 249“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:441
Working of Circuit level gateways
“Computer Security” by Dieter Gollman Chapter 13, Page No 249“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:442
Implementation of Firewall and Firewall configuration
“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:448-451
Website: http://www.interpole.net/interpole/products/firewall/interwall/details
3 i. Introduction to VPN
“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:469
“Principles of ComputerCompTIA Security +and beyond” by WM.ArthurConklin,Page No 283
VPN Architecture
“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:470-472
Types of VPN
“Cryptography and Network Security” by AtulKahateChapter 13 ,Page No:472
Website- http://ptgmedia.pearsoncmg.com/images/1587051796/
samplechapter/1587051796content.pdf
PPT- www.csun.edu/~vcact00f/311/termProjects/.../VPNpresentation.ppt
4 Introduction to Kerberos
Computer Security” by Dieter Gollman Chapter 12, Page No 219-221
Relation of Kerberos with Authentication
“Principles of ComputerCompTIA Security +and beyond” by WM.Arthur Conklini.Chapter 11Page No- 263-264
5 How does Kerberos work
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 11 Page No -263-264
“Cryptography and Network Security” by AtulKahateChapter 7Page No-372-377
“Cryptography and Network Security” by William Stallings Chapter 14 Page No 412-413
Website: http://cs.brown.edu/cgc/net.secbook/se01/handouts/Ch09-Kerberos.pdf
http://www.cs.kent.edu/~farrell/grid06/lectures/KERBEROS.pdf
http://technet.microsoft.com/en-us/library/cc780469(v=ws.10).aspx
https://www.google.co.in/search? q=kerberos+authentication&espv=2&source=lnms&tbm=isch&sa=X&ei=BOimU6HJCNCQuASPr4C4BQ&ved=0CAYQ_AUoAQ&biw=1024&bih=634#facrc=_&imgdii=_&imgrc=IuJfsiiiaao9WM%253A%3BRh0gI3z74Tb68M%3Bhttp%253A%252F%252Fwww.zeroshell.org%252Fkerberos%252Fimage%252Fkrbmsg.gif%3Bhttp%253A%252F%252Fwww.zeroshell.org%252Fkerberos%252FKerberos-operation%252F%3B638%3B532
6 State different types of Security topology
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 9 Page No206-207 What are Security Zones
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 9 Page No218--221 How the DMZ work
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 9 Page No219“Cryptography and Network Security” by AtulKahate chapter13 Page no-451-452
Working of VLAN
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 9 Page No222
Website- https://www.google.co.in/search?
q=Security+zone&espv=2&source=lnms&tbm=isch&sa=X&ei=oeimU6vMMdeeugTzloJA&ved=0CAYQ_AUoAQ&biw=1024&bih=634#facrc=_&imgdii=_&imgrc=mJa95BMkxqnx_M%253A%3BI06ak8wt-CiM2M%3Bhttp%253A%252F%252Fi.msdn.microsoft.com%252Fdynimg%252FIC11169.gif%3Bhttp%253A%252F%252Fmsdn.microsoft.com%252Fen-us%252Flibrary%252Fcc507438(v%253Dvs.85).aspx%3B451%3B399
http://www.cse.wustl.edu/~jain/cis788-97/ftp/virtual_lans/
PPT-www.cc.gatech.edu/classes/AY2014/cs4270.../4270-vlan-tutorial.ppt
7 What Intruders? state its three types
“Cryptography and Network Security” by AtulKahatechapter 13 Page No 472-473
“Computer Security” by Dieter Gollman. Chapter 13 Page No-251
Basic of Intrusion detection System
“Cryptography and Network Security” by AtulKahatechapter 13 Page No 473-474
“Computer Security” by Dieter Gollman. Chapter 13 Page No-252
Types of IDS
“Cryptography and Network Security” by AtulKahatechapter 13 Page No 474-475
“Computer Security” by Dieter Gollman. Chapter 13 Page No-253
Three Logical Component of IDS“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter 13 Page No 321
Honey pots
“Cryptography and Network Security” by AtulKahatechapter 13 Page No 475
“Computer Security” by Dieter GollmanChapter 13 Page No 254
Websites- http://www.ee.tamu.edu/~reddy/ee689_04/pres_sumitha_james.pdf
PPT -www.cs.utexas.edu/users/ygz/395T-01F/reading/arun.ppt
8 What is Host based IDS ?Show its Components
“Computer Security” by Dieter GollmanChapter 13 Page No.253
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
.Chapter 13 Page No-323
Cryptography and Network Security” by AtulKahatechapter 13 Page No 474—475
What is Network Based IDS? Show its Components
Computer Security” by Dieter GollmanChapter 13 Page No.253
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
.Chapter 13Page No -323
Cryptography and Network Security” by AtulKahatechapter 13 Page No 475
State Advantage of NIDS and Disadvantage of NIDS
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
.Chapter 13Page No -32
PPT - www.cs.northwestern.edu/~ychen/classes/msit458-f11/ids.ppt
9 Why Email security standard is required ?Cryptography and Network Security” by AtulKahate chapter 6 Page No- 307-308
Working Principle of SMTP along its diagramCryptography and Network Security” by AtulKahate chapter 6 Page No- 308-310
What is PEM?Cryptography and Network Security” by AtulKahate chapter 6 Page No- 310-311
State Four Operation in PEM ?Cryptography and Network Security” by AtulKahate chapter 6 Page No- 311-312
Describe each Step in PEM Operation in detailCryptography and Network Security” by AtulKahate chapter 6 Page No- 311-314
Website: http://www.hydtechwriter.com/what-is-simple-mail-transfer-protocol-smtp/
PPT- www.cs.huji.ac.il/~sans/students_lectures/PEM.ppt
10 Describe PGPCryptography and Network Security” by AtulKahate chapter 6 Internet Security Protocol Page No- 314-315
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
. Chapter 16Page No 433
How PGP WorksCryptography and Network Security” by AtulKahate chapter 6 Internet Security Protocol Page No- 314-315
“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
. Chapter 16Page No 433
State step wise Operation in PGPCryptography and Network Security” by AtulKahate chapter 6 Internet Security Protocal Page No- 315-316
What is S/MIME ?Describe working principle of S/MIMECryptography and Network Security” by AtulKahate chapter 6 Internet Security Protocal Page No- 322-326
11 Introduction of IP SecurityCryptography and Network Security” by AtulKahate chapter9 Page No-452-453
“Computer Security” by Dieter Gollman Chapter 13 Page No -239
Overview of IPSecalong with its Application and advantageCryptography and Network Security” by AtulKahatechapter9 Page No-454-455
“Cryptography and Network Security “by William Stalling Chapter 16 PageNo-485-486
2 types IPsec ProtocolCryptography and Network Security” by AtulKahatechapter9 Page No-455-457
“Cryptography and Network Security “by William Stalling Chapter 16 PageNo-486-487
Draw the format of AH Header in IPSecCryptography and Network Security” by AtulKahatechapter9 Page No-459-463
“Computer Security” by Dieter Gollman Chapter 13 Page No -239
“Cryptography and Network Security “by William Stalling Chapter 16 PageNo-494-496
Draw the format of ESP in IPSecCryptography and Network Security” by AtulKahatechapter9 Page No-464-465
“Computer Security” by Dieter Gollman Chapter 13 Page No -239
“Cryptography and Network Security “by William Stalling Chapter 16 PageNo-498-500
Website: http://securityweekly.com/presentations/IPSEC.pdf http://technet.microsoft.com/en-us/library/cc776369(v=ws.10).aspx
https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm
http://www.isaserver.org/articles-tutorials/articles/IPSec_Passthrough.html
12 What is Security Association“Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter11 Page No:284-285
What is IPSec Configuration “Principles of Computer CompTIA Security +and beyond” by WM.Arthur Conklin
Chapter11 Page no-285-286
Describe the Tranport and Tunnel Modes of AH Header in IPSecCryptography and Network Security” by AtulKahatechapter9 Page No-463
Describe the Transport and Tunnel Modes of ESP in IPSecCryptography and Network Security” by AtulKahatechapter9 Page No-464-466
Website: http://www.isaserver.org/articles-tutorials/articles/IPSec_Passthrough.html http://www.deepsh.it/networking/IPSec.html https://techlib.barracuda.com/display/bngv52/
how+to+create+an+ipsec+vpn+tunnel+between+the+barracuda+ng+firewall+and+a+pfsense+firewall
http://flylib.com/books/en/3.190.1.135/1/ https://training.apnic.net/docs/eSEC03_IPSec_Basics.pdf
PPT-www.cs.northwestern.edu/~ychen/classes/mitp-458/ipsec.ppTopic 5 Name: IT Act and Cyber Law
Knowledge Category Example/s of category Teaching methodology
FACT File
Act
Crime
Law
Use appropriate example
of any Software File like
DOC, PPT or EXE file
Use appropriate example of any Government Ragging Act 2009 or any related IT Act or IPC Act, Copyright Act
Use appropriate example of Crime For example –Internet Fraud, any Criminal Activity or Hacking Computer System
Use appropriate example of Indian Government Law like Murder Law etc
CONCEPT Cyber Crime
Hacking & Cracking
Piracy
Investigation
IT Act
Use any appropriate PPT
Use any appropriate example of Hacking like Facebook hacking etc.
Use any appropriate example like Software Piracy, CD Piracy etc
Use any appropriate example of investigation bureau
Use any appropriate PPT or example like IT Act 1961 etc.
PRINCIPLE Cyber Law
IT Act 2000, 2008
Use any appropriate PPT
Use any appropriate PPT
PROCEDURE Data Recovery Tools
Formatting
Partitioning
Use any appropriate
Freely available tool like
-
Show Hard-Disk or Pen
Drive formatting
Show file partitioning of
computer like FAT or
NTFS
APPLICATION Data Recovery
Applications
Cyber Crime
Investigation
Give example of Stellar
Phoenix Windows Data
Recovery Software
Use example of Cyber
crime Investigation Cell
Mumbai or of any
Country like U.S.A etc
Learning Resources::Books: 1) “Principles of Computer Security: Comp TIA Security+ and Beyond” by Wm.
Arthur Conklin Publisher – Tata McGraw Hill2) “Information Security & Cyber Laws” by Saurabh Sharma Publisher – Vikas Publication Home3) “Que’s Guide to Data Recovery” by Scott Mueller 4) “Data Recovery – A Guide to recovering your vital data” by Ronald J. Leach
Teaching Aids: Black board, Chalk, Transparencies, Power point presentationslides(PPTs), Reference books, notes, LCD projector/OHPProjector
PPT with Sample: https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&sqi=2&ved=0CBsQFjAA&url=http%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Fmisc%2FData%2520Recovery.ppt&ei=acOiU7_eB9CQuASPr4C4BQ&usg=AFQjCNGDaFXjmIoRop2uFfEH1-bGhNQDWQ&bvm=bv.69411363,d.c2E
Websites: : http://cybercrimeindia.org/ http://www.powerdatarecovery.com/ http://catindia.gov.in/pdfFiles/IT_Act_2000_vs_2008.pdf http://cactusblog.files.wordpress.com/2010/01/it_act_2008.pdf http://police.pondicherry.gov.in/Information%20Technology%20Act
%202000%20-%202008%20(amendment).pdfLecture
No.Topic/ Subtopic to be covered
1 What is Data Recovery What is Computer File - Reasons of Data lost Procedure to recover Deleted file from FAT & NTFS Partition What is Partitioning in Computer System – Types of Partitions Reasons of Partition damage Formatted Partition Recovery Procedure (FAT / NFTS) Data Recovery Categories & different Tools available Procedure of Data Recovery & Ethics
PPTs - http://www.aboutpartition.com/types-of-hard-drive-partitions/ http://www.recuperationdedonneesperdues.com/data-recovery http://www.robertuniverse.com/introduction-to-data-recovery/ http://psonlinehelp.equallogic.com/V4.2/Content/AdminNewBook/
AdminNew_recover.htm http://transparen.com/data-protection-group/data-recovery-ethics
2 What is Cyber Crime “Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 181 Different Types of Cyber Crime“Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 182 What is Hacking & Cracking – Types of Hackers Virus & its attacks Define terms – Pornography, Software Piracy“Information Security and Cyber Laws” by Saurabh Sharma Chapter 7 Page no 174
PPTs – http://www.slideshare.net/aemankhan/cybercrimeppt-27376284 https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&sqi=2&ved=0CEIQFjAG&url=http%3A%2F%2Fwww.cyberseminar.cdit.org%2Fpdf%2F09_02_09%2Floknath.ppt&ei=kceiU_a-J9OHuATko4BA&usg=AFQjCNGmpx90JfvtJWuJde2U7XfLaVF7Zg&bvm=bv.69411363,d.c2E
3 Intellectual Property – Copyright & Industrial Property “Information Security and Cyber Laws” by Saurabh Sharma Chapter 7 Page no 166http://www.wipo.int/export/sites/www/freepublications/en/intproperty/450/wipo_pub_450.pd Which are different types of legal Systems & its laws Define term – Mail Bombs, Bug Exploits Cyber Crime Investigation – its procedure
PPTs – http://www.slideshare.net/mahmoodttc/intellectual-property-ppt-final http://www.slideshare.net/tabrezahmad/cybercrime-investigation http://www.scribd.com/doc/94789254/Ppt-on-Investigation-Method-of-
Cyber-Crime
4 Need of Cyber Law & What is Cyber Law“Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 184 & 187 IT Act 2000- Objectives, Scope, Provisions, Advantages & disadvantages “Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 185 IT Act 2008 – Modification in IT Act 2000, Characteristics
PPTs- http://www.slideshare.net/YogendraWagh/it-act-ppt-1111 http://www.powershow.com/view1/268863-ZDc1Z/
Information_Technology_Act_2000_v_s_2008_powerpoint_ppt_presentation
http://www.slideshare.net/Arnab_Roy_Chowdhury/cyber-law-15036761 Topic 6 Name: Application and Web Security
Knowledge Category Example/s of category Teaching methodology
FACT Standard Protocols
SSL,TLS
Web security threats
Demonstrate with
suitable Chart
CONCEPT Hotfix
Patch
Upgrades
Small section of code designed to fix problems Ex- Any work done on Windows 2000 is targeted at the next service pack and hotfixes are built against the existing available base.
PROCEDURE Application hardening Use suitable example.
Ex: Hardening application using remove the functions or components that you don't need, restrict access where you can, make sure that application is kept up-to-date with patches
APPLICATION Web server Use suitable example
Ex: Web server are used to deliver news, sell product, conduct auction
Learning Resources::Books: Title: 1) “Cryptography and Network Security” by Atul Kahate Publisher – Tata McGraw Hill 2) “Computer Security” by Dieter Gollman Publisher – Wiley India 3) “Principles of Computer Security + and Beyond” by Wm. Arthur Conkin Publisher – Tata McGraw Hill Teaching Aids: Black Board, PPTS, Transparencies, Reference Book, Notes.
PPT with Sample: (Keyword in Google search:- “ppt for SET” Select “1st & 2nd Link”)
euclid.barry.edu/~zuniga/courses/cs477/SET.ppt
Websites: www.smsvaranasi.com/KMC/kmc_ppt/islc/SET.ppt
www.cse.buffalo.edu/DBGROUP/nachi/ecopres/fengmei.ppt
Lecture No.
Topic/ Subtopic to be covered
1 What is application hardening ? What is Patches? What is Web security?
“Principles of Computer Security CompTIA Security +and beyond” by WM.Arthur Conklin Chapter-14 pg.nos-373 to 378
2 How web server works? What is active Directory? Web security threats Web security approaches
3 Working of SSL,TLSi. "Cryptography & Security" by C.K.ShyamalaN.HariniDr T R
Padmanabhan Chapter-11 Pg. nos358 to391ii. AtulKahate Cryptography & Network Security Chapter-6.
Pg.nos-218 to 231PPT-
www.smsvaranasi.com/KMC/kmc_ppt/islc/SET.ppt 4 Working of SET
i. "Cryptography & Security" by C.K.ShyamalaN.HariniDr T R Padmanabhan Chapter-11 Pg. nos391 to 415
ii. "Cryptography & Network Security "by AtulKahate Chapter-6. "Internet Security Protocols" Pg.nos 231 to 251
PPT - euclid.barry.edu/~zuniga/courses/cs477/SET.ppt
Information SecurityTopic 1 Name: Introduction security & Model
Knowledge Category Example/s of category Teaching methodology FACT Security
Data
Use appropriate example of security – security guards outside office Ex: Students data that is details through which you can easily find out any student.
CONCEPT Three pillars of information securityConfidentiality, Integrity, Availability
Use any appropriate PPT and example – email
PRINCIPLE Information security principles
CIA
Learning Resources:Books:
“Principles of Information Security” By Whitman Publisher - Cengage india
“Information System Security” by Godbole Nina Publisher - John Wiley “Information Security Principles and Practices” by Mark Merkov & Jim
Breithaupt Publisher – Pearson “Information Security & Cyber Laws” by Saurabh Sharma Publisher -
Vikas Publishing House Teaching Aids:
Black board, Chalk, Transparencies, Power point presentation slides(PPTs), Reference books, notes, LCD projector/OHP Projector
PPTs- PPT with Sample: Preferably prepare PPTs containing- (Keyword in Google search:- “ppt for event classification in information security” Select “ 2nd Link”)
www.oic-ci.gc.ca/eng/DownloadHandler.ashx?...security.ppt Websites-
https://www.cs.duke.edu/courses/summer04/cps001/.../Lecture15.ppt Lecture
No. Topic/ Subtopic to be covered
1 Define Security – Example of Security Guard Define Information – Example like Student / Employee Data What is the need of information? – Area where information is used Why information is important? – what are the advantages of Information in day to
day life“Principles of Information Security” By Nina Godbole Chapter -5
Note – Summarize the key points & definitions of Topic 2 Example of application where information is important
Example: Governments, commercial businesses, and individuals are all storing information electronically - compact, instantaneous transfer, easy access Ability to use information more efficiently has resulted in a rapid increase in the value of information
Define Information Security“Principles of Information Security” By Nina Godbole Chapter -1 Page No 1 to 5
PPT -iii. https://www.cs.duke.edu/courses/summer04/cps001/.../Lecture15.ppt
3 How information is classified? Which criteria is required for classification of Information – List various criteria
“Principles of Information Security” By Nina Godbole Chapter -5 Page No 76 to 80
4 What is the need of security Why information security is important?“Principles of Information Security” By Nina Godbole
Chapter -1 Page No 2,35 Basic principles of information security – Show Pyramidal Model of CIA
Confidentiality- Authorized user should able to access information Integrity- Authorized user should able to modify information Availability- whether authorized users or host should be available
6 Which are pillars of Information security?
Demonstrate with diagram“Principles of Information Security” By Nina Godbole
Chapter -5 Page No 73 to 757 What is data obfuscation? Example for data obfuscation
“Principles of Information Security” By Nina Godbole Chapter -5 Page No 81, 82
8 Event classification“Principles of Information Security” By Nina Godbole Chapter -5 Page No 83 to8 5
PPT -iv. www.oic-ci.gc.ca/eng/DownloadHandler.ashx?...security.ppt
Topic 2 Name: Information Security Architecture and Model
Knowledge Category Example/s of category Teaching methodology FACT Information
Security
Management
Use example like Data
Use appropriate example of security – security guards
Use appropriate example of Management – College management system etc.
CONCEPT Standards
Guidelines
Policy
Trust
User appropriate examples like ISO standard
User appropriate examples like Guidelines of writing paper, experiments etc.
User appropriate examples like Password Selection Policy
User appropriate examples like belief in relationship
PRINCIPLE Confidentiality Model
Integrity Model
User appropriate PPTs &
examples
PROCEDURE Evaluation Criteria –
TCSEC
User appropriate PPTs &
examples Department of
Defense (India/U.S.)
Learning Resources::Books:
“Information System Security” by Godbole Nina Publisher - John Wiley “Information Security Principles and Practices” by Mark Merkow & Jim
Breithaupt Publisher – Pearson
Teaching Aids:
Black board, Chalk, Transparencies, Power point presentation slides(PPTs), Reference books, notes, LCD projector/OHP Projector
Lecture No.
Topic/ Subtopic to be covered
1 What is Information Security, Why Information Security (Revision) Definition of Risk Management o Use suitable example like organization, College etc.
Components of Risk Managemento Diagram of Components & explain each component
Web Site – http://demop.com/articles/what-is-information-security.pdf http://www.investopedia.com/terms/r/riskmanagement.asp http://www.whatisriskmanagement.net/ https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CBsQFjAA&url=http%3A%2F%2Fwww.specialolympics.bc.ca%2Fsites%2Fdefault%2Ffiles%2FSanctioning%2520-%2520Risk%2520Management.doc&ei=MFOlU4WRO9CVuATUtoDoCw&usg=AFQjCNF6CfirRE9Si7HfgGcz0KoL2HLzuA&bvm=bv.69411363,d.c2E
PPts – https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=8&cad=rja&uact=8&sqi=2&ved=0CDoQFjAH&url=http%3A%2F%2Fwww.just.edu.jo%2F~tawalbeh%2Faabfs%2Fiss6753%2Fpresentations%2FRMP.ppt&ei=ZlOlU8SkE9CKuATpzYDoCg&usg=AFQjCNHFQFBF90DQB0kiin7eEJr1zoDvHA&bvm=bv.69411363,d.c2E
2 How to Identify Risk Calculation of Risk – Show formula for calculation of Risk Quantitative & Qualitative Risk Analysis – Give comparison with example “Information System Security” by Nina Godbole Chapter No 6, Page no -92,93
“Computer Security” by Dieter Gollman Chapter 2, Page No 26
3 “Information System Security” By Nina Godbole What is Security Policy – Types of Policies“Information System Security” by Nina Godbole Chapter No 4, Page no -57, 58 What is Guidelines & Standards –o Give example like Guidelines for Online exam etc.o Give example like ISO etc.
“Information System Security” by Nina Godbole Chapter No 4, Page no -61Web Site –
http://www.pearsonitcertification.com/articles/article.aspx? p=418007&seqNum=5
4 Trusted Computing Base (TCB)- Definition, Features & Elements“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -118 What is Ring of Trust – Use diagram“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -119 Ring of Trust for Stand-alone systems & for Network environment
o Use diagram “Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -120, 121
Web Site – http://searchsecurity.techtarget.com/definition/trusted-computing-base http://link.springer.com/chapter/10.1007/978-3-642-04831-9_10#page-1
PPTs – https://wiki.engr.illinois.edu/download/attachments/183272958/trust-
elements-and-examples.pdf?version=1&modificationDate=1318426648000
5 What is Protection mechanisms o Use example like Antivirus, CCTV cameras etc.
Different Protection Mechanisms in TCB– Prepare Chart“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -121 to 123
Process Isolation - Principles of least privilege Hardware Segmentation Layering Abstraction Data Hiding
6 Information Storage – Prepare the Chart & display Primary & Secondary Storage Real & Virtual Memory Random Memory Sequential Storage Volatile Memory
Closed & Open System Multitasking, Multiprogramming & Multiprocessing System Finite State Machine
Web Site – http://www.cl.cam.ac.uk/~rja14/policy11/
node22.html#SECTION00049000000000000000
PPTs - https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&ved=0CEAQFjAG&url=http%3A%2F%2Fwww.aast.edu%2Fpheed%2Fstaffadminview%2Fpdf_retreive.php%3Furl%3D373_23865_CR415_2011_1__1_1_merkow_ppt_05.ppt%26stafftype%3Dstaffcourses&ei=gFilU6PwJtiXuAT99oLQCQ&usg=AFQjCNGWq3il-HnruRPVVKLYpuqxTUWGRA&bvm=bv.69411363,d.c2E
7 System Security Assurance Concepts ii. Functional & Assurance Requirement iii. Goals of Security Testingiv. Formal Security Testing Models
“Principles of Information Security” By Nina Godbole Chapter -5 Page No 83 to8 58
What is Trusted Computer Security Evaluation Criteria (TCSEC)“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -125
Purpose of TCSEC Classes of Divisions of TCSEC
Prepare Chart for use of Divisions and Classes“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -126, 127
c) Division Dd) Division C –
Class C1 & Class C2
9 e) Division B – Class B1,Class B2, Class B3
f) Division A – Class A1
“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt Chapter No 5 Page No -127, 128, 129
Web Site – http://www.cse.psu.edu/~tjaeger/cse443-s12/docs/ch12.pdf http://www.boran.com/security/tcsec.html
10 What is Information Technology Security Evaluation Criteria (ITSEC)
“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -129
Comparison of ITSEC & TCSEC“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -130
ITSEC Purposes & Assurance Classes – E0 to E6 o Prepare chart for description of E0 to E6
Web Site – http://www.iwar.org.uk/comsec/resources/standards/itsec.htm http://www.newstaff.com/criteria/itsec/levels/index.html http://www.cse.dcu.ie/essiscope/sm2/beyond/itsec.html
11 What is Confidentiality & Integrity Model – Different Models
“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -141, 142
Bell-LaPadula Model Biba Integrity Model
“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt Chapter No 5
Web Sites – http://www.digitalthreat.net/2010/05/information-security-models-for-
confidentiality-and-integrity/PPTs -
https://www.google.co.in/url? sa=t&rct=j&q=&esrc=s&source=web&cd=8&cad=rja&uact=8&ved=0CEUQFjAH&url=http%3A%2F%2Fwww.cs.gsu.edu%2F~cscyqz%2Fcourses%2Faos%2Fslides09%2Fch8.3-Fall09-XiaoChen.ppt&ei=01ylU80n1J66BM6TgLgD&usg=AFQjCNF75f57UF6r4dCxBVAEZVSPZEJHzw&bvm=bv.69411363,d.c2E
https://www.google.co.in/url? sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=0CFEQFjAJ&url=http%3A%2F%2Fwww.etcs.ipfw.edu%2F~steffen%2FITT%2FOld-PP%2FChapter%25205-Network%2520Security-ITT.ppt&ei=01ylU80n1J66BM6TgLgD&usg=AFQjCNFsMY6g2X8tr2dPvomZbaIldMrVvg&bvm=bv.69411363,d.c2E
12 Advanced Models- Definition and Use“Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt” Chapter No 5, Page No -142
vi. Clark &Wilson Modelvii. Noninterference Modelviii. State Machine Modelix. Access Matrix Modelx. Information Flow Model
Web Sites – http://www.commondork.com/2010/05/16/bell-la-padula-biba-and- clark-wilson-security-models/ http://crypto.stanford.edu/~ninghui/courses/Fall03/papers/ landwehr_survey.pdf
Topic 3 Name: Cryptography
Knowledge Category Example/s of category Teaching methodology
FACT Plaintext
Key
Cipher Text
Use example of Plaintext–Human language understandable bySender and receiver.
(message:“welcome to third year diploma”)
Show any message is Codified by replacing or reposting. KEY is “3” Alphabet A Codified by key “3” to Alphabet “C”
Show example of codified message like MOUSE is code to “UEMOS”
CONCEPT Cryptography,Cryptanalysis
Encryption
Decryption
Private Key
Public Key
Use appropriate example to show the converting of plaintext to cipher text and vice-versa – “In war times message is cryptograph and sent in order to protect from enemy.”
Show example of encoding plaintext to Cipher text:Eg.”Computer” to” retupmoc”
Show example of decoding Cipher text to PlaintextEg.“retupmoc” to “Computer”
Show example of key which need to be kept secret: Eg. door key of own house or password of own email accountShow example of key which is shared with everybody: Eg door key of own house shared among parents and child
PROCEDURE Classical EncryptionSymmetric Cryptography
Asymmetric Cryptography
Same Key is use for encryption and decryption Use any appropriate examples –One key used to lock and same key is used to unlock the door of house
Substitution Technique
Transposition Technique
Stenography
Digital Signature
Digital Signature
2 separate key are usedOne key for encryption andSecond key for decryption
Use any appropriate PPT, examples –One key used to lock the door of house. Second key to unlock the door.
Use any appropriate example to show Character of plain text is replaced by other character eg- MONITOR is replace by “NPOJUPS”
Use any appropriate example to show permutation and combination over plaintext to produce Cipher text
Show image behind which the message is hidden in practical approach
Use appropriate PPT orvideo to show step execution of DES algorithm include all step in detailseg- E-mudrak use in stamping the document in Maharashtra government.
Use example of SHA-1 Algorithm
APPLICATIONE-commerce
Financial Institutes
Use example like Credit Card Payment
Use example like Online payment from bank
Learning Resources:Books: Title:1)“Cryptography and Information Security” by V.K.Pachghare Publisher - Prentice Hall India2) “Cryptography and Network Security” by Atul Kahate Publisher – Tata McGraw Hill
Teaching Aids:Black board, Chalk, Transparencies, Power point presentation slides(PPTs), Reference books, notes, LCD projector/OHP Projector.
Lecture No.
Topic/ Subtopic to be covered
1 Introduction to Data Encryption Technique
“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 11
What is Cryptography? – Draw diagram“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No13-14
What is Cryptanalysis?“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 14-15
Application of Cryptography “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 14-15
Website - http://en.wikipedia.org/wiki/Cryptography http://www.apprendre-en-ligne.net/crypto/bibliotheque/PDF/Kwang.pdf http://cs.stanford.edu/people/eroberts/cs181/projects/dvd- css/cryptography.htm
2 Classical Encryption Technique used by Sender and Recipient
“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 11
State 2 types of Encryption Methods?“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 12
iii. Give various components of Symmetric Encryption And Decryption Process – Use Diagram“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 12-13
Website: http://www.apprendre-en-ligne.net/crypto/bibliotheque/PDF/Kwang.pdf
PPT –1. https://www.cs.purdue.edu/homes/ninghui/.../526_Fall12_topic02.ppt
3iv. Define Substitution Cipher
“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 15
v. Working principle of Caesar cipher “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 15-16
Ex: message “MOUSE”
CODED MSG: UEMOS
vi. State advantage and disadvantages of Caesar Cipher “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 16
vii. Working principle of Monoalphabetic cipher “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 16-17
Website http://www.math.uic.edu/CryptoClubProject/CCpacket.pdf
PPT – https://www.cs.usfca.edu/~brooks/S03classes/cs486/lectures/lecture-3.ppt
41. Working principal of Playfair cipher – Show example
“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 17-19
2. Hill cipher – Show example“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 19-21
Website- http://www.ling.ohio-state.edu/~cbrew/2008/spring/playfair.pdf
PPT- https://www.uop.edu.jo/material/1843212812010.ppt
5a) Define Transposition cipher. State its 2 types
“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 26-27
b)How Row transposition cipher works – Use example“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 26-27
Website -http://courses.cs.tamu.edu/pooch/665_spring2008/Australian-sec-
2006/less05.html6 a)Working principle of One Time Pad – Give example &
Solve it“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 24
PPT- https://www.cs.usfca.edu/~brooks/S03classes/cs486/lectures/lecture-3.ppt
7 b) What is Stegnography? – Flow diagram “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 28
Uses of Stegnography“Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 28
Stegnography and security “Cryptography and Information Security” by V.K.Pachghare , Chapter-2, Page No 28
Website- http://arxiv.org/ftp/arxiv/papers/0912/0912.2319.pdf
8 Introduction to Digital Signatures,
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -204 Implementation of Digital Signature
o Use Flow diagram for explanation “Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -206 Association of Digital signature and Encryption“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -206
Website- http://www.youdzone.com/signature.html http://www.infosec.gov.hk/english/itpro/public_main.html
9 What are Digital Signature Algorithm
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -208
Working Principle of Various Digital Signature Algorithm
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -209-212
Website-a) http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/online/fips_186-3.pdf
10 Authentication Protocols – List different Protocols
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -214
11 What is Digital Signature Standards
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -213
Website- http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/online/fips_186-3.pdf http://courses.cs.tamu.edu/pooch/665_spring2008/Australian-sec-2006/less19.html
12 Give Application Digital Signature Standards
“Cryptography and Information Security” by V.K.Pachghare Chapter 10 page no -213-214
Website- http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/online/fips_186-3.pdf
Topic 4 Name: Data Recovery and Cyber Security
Knowledge Category Example/s of category Teaching methodology
FACT File
Act
Crime
Law
Use appropriate example
of any Software File like
DOC, PPT or EXE file
Use appropriate example of any Government Ragging Act 2009 or any related IT Act or IPC Act, Copyright Act
Use appropriate example of Crime For example –Internet Fraud, any Criminal Activity or Hacking Computer System
Use appropriate example of Indian Government Law like Murder Law etc
CONCEPT Cyber Crime
Hacking & Cracking
Piracy
Investigation
IT Act
Use any appropriate PPT
Use any appropriate example of Hacking like Facebook hacking etc.
Use any appropriate example like Software Piracy, CD Piracy etc
Use any appropriate example of investigation bureau
Use any appropriate PPT or example like IT Act 1961 etc.
PRINCIPLE Cyber Law
IT Act 2000, 2008
Use any appropriate PPT
Use any appropriate PPT
PROCEDURE Data Recovery Tools
Formatting
Partitioning
Use any appropriate
Freely available tool like
-
Show Hard-Disk or Pen
Drive formatting
Show file partitioning of
computer like FAT or
NTFS
APPLICATION Data Recovery
Applications
Cyber Crime
Investigation
Give example of Stellar
Phoenix Windows Data
Recovery Software
Use example of Cyber
crime Investigation Cell
Mumbai or of any
Country like U.S.A etc
Learning Resources::
Books: 5) “Principles of Computer Security: Comp TIA Security+ and
Beyond” by Wm. Arthur Conklin Publisher – Tata McGrawHill6) “Information Security & Cyber Laws” by Saurabh Sharma Publisher- Vikas Publication House7) “Que’s Guide to Data Recovery” by Scott Mueller 8) “Data Recovery – A Guide to recovering your vital data” by Ronald J. Leach
Teaching Aids: Black board, Chalk, Transparencies, Power point presentation slides(PPTs), Reference books, notes, LCD projector/OHP ProjectorPPT -
https://www.google.co.in/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&sqi=2&ved=0CBsQFjAA&url=http%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Fmisc%2FData%2520Recovery.ppt&ei=acOiU7_eB9CQuASPr4C4BQ&usg=AFQjCNGDaFXjmIoRop2uFfEH1-bGhNQDWQ&bvm=bv.69411363,d.c2E
Websites- http://cybercrimeindia.org/ http://www.powerdatarecovery.com/ http://catindia.gov.in/pdfFiles/IT_Act_2000_vs_2008.pdf http://cactusblog.files.wordpress.com/2010/01/it_act_2008.pdf http://police.pondicherry.gov.in/Information%20Technology%20Act
%202000%20-%202008%20(amendment).pdfLecture
No.Topic/ Subtopic to be covered
1 What is Data Recovery What is Computer File - Reasons of Data lost Procedure to recover Deleted file from FAT & NTFS Partition What is Partitioning in Computer System – Types of Partitions Reasons of Partition damage
o List out the reasons Formatted Partition Recovery Procedure (FAT / NFTS)
PPTs - http://www.aboutpartition.com/types-of-hard-drive-partitions/ http://www.recuperationdedonneesperdues.com/data-recovery http://www.robertuniverse.com/introduction-to-data-recovery/ http://psonlinehelp.equallogic.com/V4.2/Content/AdminNewBook/
AdminNew_recover.htm
2 Data Recovery Categories Different Tools available for Windows etc.
– List of various freely available tools on Internet Procedure of Data Recovery
– Give step wise example Data Recovery Ethics
Website -a) http://pcsupport.about.com/od/filerecovery/tp/free-file-recovery- programs.htmb) http://transparen.com/data-protection-group/data-recovery-ethics
3 What is Cyber Crime “Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 181 Different Types of Cyber Crime
o Use tree diagram for Types of Cyber Crime“Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 182
PPTs – http://www.slideshare.net/aemankhan/cybercrimeppt-27376284 https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&sqi=2&ved=0CEIQFjAG&url=http%3A%2F%2Fwww.cyberseminar.cdit.org%2Fpdf%2F09_02_09%2Floknath.ppt&ei=kceiU_a-J9OHuATko4BA&usg=AFQjCNGmpx90JfvtJWuJde2U7XfLaVF7Zg&bvm=bv.69411363,d.c2E
4 What is Hacking & Cracking – Types of Hackers Virus & its attacks – List types of attacks like Dos, DDos… Define terms – Pornography, Software Piracy
o Use example like CD Piracy etc.“Information Security and Cyber Laws” by Saurabh Sharma Chapter 7 Page no 174
Website –a) http://www.legalservicesindia.com/articles/cyhac.htm b) http://evestigate.com/cyber-crime-hacker-terms-to-know/
5 What is Intellectual Property Copyright, Patents Industrial Design Rights Trademark – Use example like logo of MSBTE etc. What is Industrial Property “Information Security and Cyber Laws” by Saurabh Sharma Chapter 7 Page no 166 Define term – Mail Bombs, Bug Exploits
Website –a) http://www.wipo.int/export/sites/www/freepublications/en/intproperty/ 450/wipo_pub_450.pdf
PPTs – http://www.slideshare.net/mahmoodttc/intellectual-property-ppt-final
6 Which are different types of legal Systems & its laws Cyber Crime Investigation – its procedure
Website - http://www.slideshare.net/tabrezahmad/cybercrime-investigation http://www.scribd.com/doc/94789254/Ppt-on-Investigation-Method-of-
Cyber-Crime7 Need of Cyber Law
“Cyber Crimes and related Laws” by Saurabh Sharma Chapter 8 Page no 184 & 187 What is Cyber Laws – Definition of Cyber Law“Cyber Crimes and related Laws” by Saurabh Sharma Chapter 8 Page no 184
PPTs- http://www.slideshare.net/Arnab_Roy_Chowdhury/cyber-law-15036761
8 IT Act 2000- Objectives, Scope, Provisions, Advantages & disadvantages “Information Security and Cyber Laws” by Saurabh Sharma Chapter 8 Page no 185
o List out the Chapters IT Act 2008 – Modification in IT Act 2000, Characteristics
o List out the ChaptersPPT –
http://www.slideshare.net/YogendraWagh/it-act-ppt-1111 http://www.powershow.com/view1/268863-ZDc1Z/
Information_Technology_Act_2000_v_s_2008_powerpoint_ppt_presentation
Topic 5 Name: Access, Physical Control and Compliance Standards
Knowledge Category Example/s of category Teaching methodology
FACT Identification
Biometrics
Physical access control
Use any physical mark of identification example like Green color eyes .Use appropriate example of Biometrics – Thumb impression used in attendance system of college.Use example of Door Security system or Digital Locker –Thumb impression is used to open lock etc.
CONCEPT Compliance Standards
Authorization
Authentication
Framework
Acting according to certain accepted standard .Eg like ISO standard
Specifying access rights to particular resources Eg: human resources staff is normally authorized to access employee records. It includes formalized as access control rules in a computer system.
Accepting proof of identity given by a credible person examples like College ID card or Employee ID, Passport
Structure of Computer System Use example of Software frameworks include support programs, compilers, code libraries, tool sets, and API
PRINCIPLE Kerberos Model
ISO 27001,ISO 20000BS 25999,PCI,DSS
User appropriate PPTs & examples: Student is allowed to enter in Library hall by checking College ID and entering name in Register and Verify by Librarian
It help IT company to
establish and maintain
ISMS. User appropriate
PPTs
examples: In college
Library ,Book are place
by alphabetical order
and Branch wise
PROCEDURE providingphysical security
Implementing and
Information Security
Management System
(ISMS)
User appropriate PPTs &
examples: CCTV in
college, Home
Company.
User appropriate PPTs &
examples: IT Company
approach towards
sensitive information
used various process by
employee
Application ITIL framework
COBIT framework
User appropriate PPTs
eg: processes,
procedures, tasks used
by IT organization's to
maintaining a minimum
level of competency.
Use appropriate PPT
Eg: IT Company in
order Bridge the gap
between control
requirements, technical
issues and business
risks.
Learning Resources::Books:
a) “Information System Security” by Godbole Nina Publisher - John Wiley
b) “Information Security Principles and Practices” by Mark Merkow & Jim Breithaupt Publisher -Pearson
c) “Principles of Information Security” by By Michael E. Whitman , Herbert J. Mattord Publisher - Cengage india
Teaching Aids: Black board, Chalk, Transparencies, Power point presentation slides(PPTs), Reference books, notes, LCD projector/OHP Projector
Lecture No.
Topic/ Subtopic to be covered
1 What is Identification? – Use example like Photo ID card“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 234
Define Authorization? State its features“Principles of Information Security” by By Michael E. Whitman , Herbert J. Mattord Chapter 6 Page no 249
What is Authentication?“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 234
State features of Biometrics? – Use example like Thumb Reader etc.“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 241
Give various element involved in Biometrics System – Show diagram “Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 241
How Single Sign- on works? – Use diagram “Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 242
Website – http://www.cyberciti.biz/faq/authentication-vs-authorization/ http://www.cse.iitk.ac.in/users/biometrics/pages/what_is_biom_more.h http://www.biometrics.gov/
PPT – www.cse.fau.edu/~security/public/BiometricsPresentation.ppt https://www.owasp.org/.../
OWASPSanAntonio_2006_08_SingleSignOn.
2 Describe Kerberos Model?o Use various servers used in Kerberoso Draw diagram
“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 243
Show relation of Kerberos with AuthenticationEx: Student is allowed to enter in Library hall by checking College ID and entering name in Register and Verify by Librarian or any other suitable examples
“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 243
How Remote Access works?“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 247
Remote user access and Authentication “Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 10 Page No 247
Website:a) http://technet.microsoft.com/en-us/library/cc780469(v=ws.10).aspx b) http://www.google.co.in/imgres?imgurl=&imgrefurl=http%3A%2F
%2Fwww.codeproject.com%2FArticles%2F27554%2FAuthentication-in-web-services-using-C-and-Kerbero&h=0&w=0&tbnid=qv2CJmNFmv7QYM&zoom=1&tbnh=186&tbnw=270&docid=IGaJwLDTXe1FmM&tbm=isch&ei=G-eoU_3TCZKgugS8r4LwCQ&ved=0CAIQsCUoAA
c) https://software.intel.com/sites/manageability/ AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fintroductiontokerberosauthentication.htm
PPT:a) www.obscure.org/~jafitz/250_p1/Kerberos.ppt b) www.isi.edu/~annc/classes/grid/lectures/sivaLecture.ppt
3 What is Physical access control?
Ex: Use example of Door Security system or Digital Locker –Thumb impression is used to open lock etc“Principles of Information Security” by By Michael E. Whitman , Herbert J. Mattord Chapter 9 Page no 400
a) What are threat invoked in Physical access “Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 8 Page No 195.
a) Need for Physical Security “Information System Security” by Nina Godbole Chapter 7 Page No 101
Website – http://www.cdn.com/securitysystemPhysical.aspx
4 b) What is Physical Security – example like wall, security dogs, safety doors etc. “Information System Security” by Nina Godbole Chapter 7 Page No 102
c) How to provide physical security“Information Security Principles and Practices” by Mark Merkov & Jim Breithaupt Chapter 8 Page No 197, 198
Website – http://www.cdn.com/securitysystemPhysical.aspx
5 Define Compliance in general term What is Compliance Standard Implementing and Information Security Management System (ISMS) “Information System Security” by Nina Godbole Chapter 4 Page No 64 and Chapter 23Page No 424
Website: www.oxforddictionaries.com/definition/english/compliance
http://www.immusec.com/en/implementation-information-security- management-system https://www.aiche.org/ccps/topics/elements-process-safety/commitment- process-safety/compliance-standards/introduction
6 ISO 27001-
“Information System Security” by Nina Godbole Chapter 22 Page No 400
ISO 20000
“Information System Security” by Nina Godbole Chapter26 Page No 470
BS25999
PCI DSS“Information System Security” by Nina Godbole
Website- www.iso.org/iso/home/standards/management-standards/iso27001.htm www.iso27001security.com http://www.standards.org/standards/listing/iso_20000 https://www.pcisecuritystandards.org/security_standards/ http://www.security-assessment.com/files/presentations/
PCI_DSS_Presentation_0107.pdf https://www.set.or.th/.../BCM%20with%20PWC%2027%20April%20v3.
PPT- www.ermantaskin.com/bcm/BS25999_ERMAN_TASKIN.ppt
7 How ITIL frameworks help the IT organization?“Information System Security” by Nina Godbole Chapter26 Page No 470
Website- http://www.itil-officialsite.com/AboutITIL/WhatisITIL.aspx http://www.best-management-practice.com/gempdf/
itil_the_basics.pdfPPT -
a) https://www.ok.gov/OSF/documents/ITILOverview.ppt b) www.chakarov.com/powerpoints/itilv3overview.ppt
8 How COBIT framework works in IT organization “Information System Security” by Nina Godbole Chapter 22 Page No 400 and Chapter 25 Page No 449
Website:a) http://www.isaca.org/cobit/documents/cobit-5-introduction.pdf b) http://www.counterpoint.co.za/pages/cobit.htm c) http://www.isaca.org/COBIT/Documents/COBIT5-Ver2-FrameWork.pdf
ppt:a) www.isaca.org/cobit/documents/cobit5-introduction.ppt b) https://www.vpit.ualberta.ca/frameworks/ppt/cobit_introduction.pp