UNIVERSITY OF GUJRAT

A WORLD CLASS UNIVERSITY

Department of Information Technology

COURSE DESCRIPTION
Course Code IT-513
Course Title Information Security and Assurance (MS/MPhil)
Credit Hours 3
Category Core Course
Prerequisite Concept of Network security
Amis and  The interconnection of the world’s information systems
Objectives  The smooth operation of communication and computing solutions becomes vital. However, recurring events
such as virus and worm attacks and the success of criminal attackers illustrate the weaknesses in current
information technologies and the need to provide heightened security for these systems.
 When attempting to secure their existing systems and networks, organizations must draw on the current pool of
information security practitioners.
 But to develop more secure computing environments in the future, these same organizations are counting on
the next generation of professionals to have the correct mix of skills and experience to anticipate and manage
the complex information security issues that are sure to arise.
 To recognize the threats and vulnerabilities in existing systems and to learn to design and develop the secure
systems needed in the near future.
Learning  The students will have a clear view of information security and its applications.
Outcomes  The students will be able to understand different attacks, services and mechanisms.
 Information security in the modern organization is a problem for management to solve, and not one that
technology alone can address. In other words, the information security of an organization has important
economic consequences, for which management will be held accountable.
 To recognize the threats and vulnerabilities in existing systems and to learn to design and develop the secure
systems needed in the near future.
Text Book Principles of Information Security, Fourth Edition, Michael E. Whitman, Herbert J. Mattord,
Reference 1. Corporate Computer and Network Security by Raymond Panko United States Edition, Prentice Hall, 2004
Materials 2. Corporate Computer and Network Security by Raymond Panko United States Edition, Prentice Hall, 2003
1
 3. Cryptography and Network Security: Principles and Practice Third Edition, Prentice Hall, 2002
4. Security in Computing by Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall; 4th Edition (2006).
ISBN-10: 0132390779
5. Network Security Fundamentals by Gert DeLaet and Gert Schauwers, Cisco Press; 1st Edition (September 18,
2004). ISBN-10: 1587051672
6. Network Security Bible by Eric Cole, Wiley; 2nd Edition (September 8,2009). ISBN-10: 0470502495
Assessment
Criteria
Recommendations for
Learning Activities
Source (Mention Assignments,
Week Lecture Topic (Book-Chapter Test, Quizzes,
No. Section No.) Practical, Case Study,
Projects, Lab Work
or Reading Assignments)
1 1 Introduction to Information Security, Introduction, The History of
Information, What Is Security, CNSS Security Model, Components of an
Information System
2  Balancing Information Security and Access, Approaches to
Information Security Implementation, The Systems Development Life
Cycle, The Security Systems Development Life Cycle, Security
Professionals and the Organization, Communities of Interest
2 3  The Need for Security, Business Needs First, Threats, Assignment # 1
4  Attacks, Secure Software Development, Term Projects
3 5  Legal, Ethical, and Professional Issues in Information Security , Law
and Ethics in Information Security , Relevant U.S. Laws
6  International Laws and Legal Bodies, Ethics and Information Security,
Codes of Ethics and Professional Organizations
4 7  Risk Management, Risk Identification, Risk Assessment, Risk Control
Strategies
8  Selecting a Risk Control Strategy, Quantitative Versus Qualitative Risk
Control Practices, Risk Management Discussion Points
5 9  Quiz # 1
2
 10  Planning for Security, Information Security Planning and Governance, Assignment # 2
Information Security Policy, Standards, and Practices
6 11  The Information Security Blueprint, Security Education, Training, and
Awareness Program, Continuity Strategies.
12  Security Technology: Firewalls and VPNs, Access Control
7 13  Firewalls, Protecting Remote Connections
14  Quiz # 2
8 15  Security Technology: Intrusion Detection and Prevention Systems,
and Other Security Tools, Intrusion Detection and Prevention
Systems, Honeypots, Honeynets, and Padded Cell Systems
16  Scanning and Analysis Tools, Biometric Access Controls Mid Term Week
9 17  Cryptography, Foundations of Cryptology, Cipher Methods,
Cryptographic Algorithms
18  Cryptographic Tools, Protocols for Secure Communications, Attacks
on Cryptosystems
10 19  Physical Security, Physical Access Controls, Fire Security and Safety
20 Failure of Supporting Utilities and Structural Collapse, Interception of
Data, Mobile and Portable Systems, Special Considerations for Assignment # 3
Physical Security
11 21  Quiz # 3
22  Implementing Information Security, Information Security Project
Management, Technical Aspects of Implementation
12 23  Nontechnical Aspects of Implementation, Information Systems
Security Certification and Accreditation
24  Security and Personnel, Positioning and Staffing the Security Function,
Credentials of Information Security Professionals
13 25  Employment Policies and Practices, Security Considerations for
Nonemployees, Internal Control Strategies, Privacy and the Security
of Personnel Data.
26  Information Security Maintenance, Security Management
Maintenance Models
14 27  Digital Forensics.,

3
 Assignment # 4
28  Quiz # 4
15 29  The Need for Firewalls
 Firewall Characteristics
 Types of Firewalls
30  Firewall Basing
 Firewall Location and Configurations
16 31  Presentations
32  Final Term