Information security management.doc
Download as DOC, PDF0 likes35 views
This document outlines an information security management course. The objective is to introduce students to system security incidents, defenses, and auditing tools. Students will learn to install, configure, and troubleshoot security devices. They will also familiarize themselves with security auditing processes and analyzing compromised systems. The expected outcomes are for students to contribute to managing security, coordinating incident responses, supporting audits, and maintaining a safe work environment. The course involves 15 hours of lectures covering topics like security devices, configuration, data management, and self-development. It also includes 15 hours of hands-on labs for activities such as device installation, penetration testing, and using commercial/open source tools.
Information security management.doc
- 1. Course Code Information Security Management L T P C CSE3502 Job Role: SSC/Q0901 1 0 2 2 Pre-requisite Syllabus version v.1.0 Objective of the course 1. To introduce system security related incidents and insight on potential defenses, counter measures against common threat/vulnerabilities. 2. To provide the knowledge of installation, configuration and troubleshooting of information security devices. 3. To make students familiarize on the tools and common processes in information security audits and analysis of compromised systems. Expected Outcome After successfully completing the course the student should be able to 1. Contribute to managing information security 2. Co-ordinate responses to information security incidents 3. Contribute to information security audits 4. Support teams to prepare for and undergo information security audits 5. Maintain a healthy, safe and secure working environment 6. Provide data/information in standard formats 7. Develop knowledge, skills and competence in information security Student Learning Outcomes (SLO) 1, 2, 17 1. Having an ability to apply mathematics and science in engineering applications 2. Having a clear understanding of the subject related concepts and of contemporary issues 17. Having an ability to use techniques, skills and modern engineering tools necessary for engineering practice 1 Information Security Devices 2 hours Identify and Access Management (IdAM), Networks (Wired And Wireless) Devices, Endpoints/Edge Devices, Storage Devices, Servers, Infrastructure Devices (e.g. Routers, Firewall Services), Computer Assets, Servers And Storage Networks, Content management. 2 Security Device Management 2 hours Different types of information security devices and their functions, Technical and configuration specifications, architecture concepts and design patterns and how these contribute to the security of design and devices. 3 Device Configuration 2 hours Common issues in installing or configuring information security devices, Methods to resolve these issues, Methods of testing installed/configured information security devices. 4 Team Work and Communication 2 hours Communicate with colleagues clearly, concisely and accurately, Work with colleagues to integrate their work effectively, Pass on essential information to colleagues in line with organizational requirements. 5 Managing Health and Safety 2 hours
- 2. Comply with organization’s current health, safety and security policies and procedures, Report any identified breaches in health, safety, and Security policies and procedures, Identify, report and correct any hazards, Organization’s emergency procedures, Identify and recommend opportunities for improving health, safety, and security. 6 Data and Information Management 2 hours Fetching the data/information from reliable sources, checking that the data/information is accurate, complete and up-to-date, Rule-based analysis of the data/information, Insert the data/information into the agreed formats, Reporting unresolved anomalies in the data/information. 7 Learning and Self Development 2 hours Identify accurately the knowledge and skills needed, Current level of knowledge, skills and competence and any learning and development needs, Plan of learning and development activities to address learning needs. 8 Contemporary Issues 1 hour Total Lecture hours: 15 hours Text Book(s) 1. 2. 3. Information Systems Security: Security Management, Metrics, Frameworks and Best Practices, Nina Godbole, Wiley, 2017 Rhodes-Ousley, Mark. Information Security: The Complete Reference, Second Edition, . Information Security Management: Concepts and Practice. New York, McGraw-Hill, 2013. Christopher J. Alberts, Audrey J. Dorofee , Managing Information Security Risks, Addison- Wesley Professional, 2004 Reference Books 1. 2. 3. 4. 5. Andrew Vladimirov Michajlowski, Konstantin, Andrew A. Vladimirov, Konstantin V. Gavrilenko, Assessing Information Security: Strategies, Tactics, Logic and Framework, IT Governance Ltd, O’Reilly 2010 Christopher J. Alberts, Audrey J. Dorofee , Managing Information Security Risks, Addison- Wesley Professional, 2004 Chuck Easttom , System Forensics Investigation and Response, Second Edition, Jones & Bartlett Learning, 2014 David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni, Metasploit The Penetration Tester’s Guide, No Starch Press, 2014 Ref Links: https://www.iso.org/isoiec-27001-information-security.html https://www.sans.org/reading-room/whitepapers/threats/paper/34180 https://csrc.nist.gov/publications/detail/sp/800-40/version-20/archive/2005-11-16 https://www.sscnasscom.com/qualification-pack/SSC/Q0901/ List of Experiments (Indicative) SLO: 1,2,17 1. Install and configure information security devices Penetration Testing MySQL SQL Injection Intrusion Detection/Prevention Port Redirection and Tunneling Working with Commercial Tools like HP Web Inspect and IBM
- 3. AppScan etc., Explore Open Source tools like sqlmap, Nessus, Nmap etc Total Laboratory Hours 15 hours Recommended by Board of Studies Approved by Academic Council Date