2nd semmsclis
DESCRIPTION
2nd semMSCLISTRANSCRIPT
Course on organizational Structure and Behaviour for MBA-IT
Syllabus (MSCLIS)
(Batch 2013 2015)2nd Semester
Indian Institute of Information Technology, Allahabad
Index
MSCLIS 2nd Semester
Sl.No.Topic Page No.
Core Paper
1. Data Information & Cryptography
2. Database Management & 4GLs
3. Network Security
4. Technical Risk Assessment
5. BCP & DRP
6. SOX
7. PCI & DSS
Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
Data Information & Cryptography
Total lectures: 30
Credit hours: 2 hrs
Program: MSCLIS (2nd Sem)
Course Objective:To understand the concepts of (Stream cipher & Block cipher) encryption and number theory.To understand public-key parameters and pseudorandom sequences.
To understand the hash functions, authentication and key management techniques.
Detailed Syllabus:
Lectures Required
Unit 1: Number Theory and Overview of Cryptography: Introduction, Information security and cryptography, Background on functions, Basic terminology and concepts, Symmetric-key encryption, Digital signatures Authentication and identification, Public-key cryptography, Hash functions, Protocols and mechanisms, Key establishment, management, and certification. (3 C Hrs)Unit 2: Public-Key Parameters: Introduction, Probabilistic primality tests, (True) Primality tests, Prime number generation, Irreducible polynomials over Zp, Generators and elements of high order. (5 C Hrs)Unit 3: Pseudorandom Bits and Sequences: Introduction, Random bit generation, pseudorandom bit generation, Statistical tests, and cryptographically secure pseudorandom bit generation. (5 C Hrs)Unit 4: Stream Ciphers: Introduction, Feedback shift registers, Stream ciphers based on LFSRs and Other stream ciphers. Block Ciphers: Introduction and overview, Background and general concepts, Classical ciphers and historical development, DES, IDEA, RC5 and other block ciphers (5 C Hrs)Unit 5: Hash Functions and Data Integrity: Introduction, Classification and framework, Basic constructions and general results, Unkeyed hash functions (MDCs), Keyed hash functions (MACs), Data integrity and message authentication, Advanced attacks on hash functions (5 C Hrs)Unit 6: Identification and Entity Authentication: Introduction, Passwords (weak authentication), Challenge-response identification (strong authentication), Customized and zero-knowledge identification protocols and Attacks on identification protocols. (3 C Hrs)Unit 7: Key Management Techniques: Introduction, Background and basic concepts, Techniques for distributing confidential keys, Techniques for distributing public keys, Techniques for controlling key usage, Key management involving multiple domains, Key life cycle issues and Advanced trusted third party services. Key Establishment Protocols: Key Transport and Agreement based on Symmetric and Asymmetric techniques. (4 C Hrs)Recommended Books
Text Books
Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996.
Reference Books
Modern Cryptography: Theory and Practice by Wenbo Mao Hewlett-Packard Company, Prentice Hall PTR 2003.
Cryptography and Network Security by William Stallings, Prentice Hall, Fourth Edition.
Lab Guidelines ( -2-credit hour)
Before Mid Semester Exam
All types of Primality Test
All types of Statistical Test
After Mid Semester
Stream Cipher
Block Cipher
Hash code Generation.Diffie Hellman Key Exchange
Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
Database Management & 4GLs
Total lectures: 45Credit hours: 3 hrs
Program: MSCLIS (2nd Sem)
Course Objective:This course is intended to prepare you to design, develop and use information systems using database management systems (DBMS). We will explore the practices, issues and theoretical foundations of organizing and analyzing information and information content for the purpose of designing effective and useful databases. This course will introduce you to the principles of database systems and database design. You will learn how to use DBMS to construct information systems for a wide range of applications.
These topics will be examined through readings, discussion, hands-on experience using various database management systems, and through exercises designed to help explore the capabilities and utility of different database systems.
Detailed Course:
Introduction to databases and database management systems, The conceptual data model, The Relational data model.
Structured Query language (SQL), Fourth Generation Environments, The future of the relational model: extensions and replacements, Transaction processing, Triggers, Indexes, Security, PL/SQL, Functions, Procedures, Cursors. Oracle Developer/2000, Forms, Reports, Graphics Designer/2000 Applications. Reference Books:
1. Database System Concepts by Abraham Silberschatz et el, 5th Edition, TMH Publishing Co.
2. Database Management System by Raghu Ramakrishnan et el, 3rd Edition, TMH Publishing Co.
3. Oracle 10g Programming : A Primer Rajshekhar Sunderraman 2nd Edition, Addition Wesley Publishing Co. Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
Network Security
Total lectures: 45Credit hours: 3 hrs
Program: MSCLIS (2nd Sem)
Course Objective This course provides an essential study of computer security issues and methods in networking systems. Topics to be covered include review of networking, advanced cryptography, access control, distributed authentication, TCP/IP security, firewalls, IPSec, Virtual Private Networks, and intrusion detection systems.
Detailed Syllabus:
Lectures Required
Unit 1: Introduction to Network security, Model for Network security, Model for Network access security. (2 C Hrs)Unit 2: Real-time Communication Security: Introduction to TCP/IP protocol stack, Implementation layers for security protocols and implications, IPsec: AH and ESP, IPsec: IKE. (7 C Hrs)Unit 3: Media- Based-Vulnerabilities, Network Device Vulnerabilities, Back Doors, Denial of Service (DoS), Spoofing, Man-in-the-Middle, and replay, Protocol-Based Attacks, DNS Attack, DNS Spoofing, DNS Poisoning, ARP Poisoning, TCP/IP Hijacking . (10 C Hrs)Unit 4: Virtual LAN (VLAN) , Demilitarization Zone (DMZ) , Network Access Control (NAC), Proxy Server , Honey Pot , Network Intrusion Detection Systems (NIDS) and Host Network Intrusion Prevention Systems Protocol Analyzers, Internet Content Filters, Integrated Network Security Hardware . (10 C Hrs)Unit 5: Authentication: Kerberos, X.509 Authentication Service, Scanning: Port Scanning, Port Knocking- Advantages, Disadvantages. Peer to Peer security.(4 C Hrs)Unit 6: Electronic Mail Security: Distribution lists, Establishing keys, Privacy, source authentication, message integrity, non-repudiation, proof of submission, proof of delivery, message flow confidentiality, anonymity, Pretty Good Privacy (PGP) (6 C Hrs)Unit 7: Firewalls and Web Security: Packet filters, Application level gateways, Encrypted tunnels, Cookies. Assignments on latest network security techniques (6 C Hrs)
Recommended Books
Text Books
Mark Ciampa Security + Guide to Network Security Fundamentals/Edition 3 Cengage Learning publisher, ISBN-10: 1428340661 ISBN-13: 978-1428340664 William Stallings, Cryptography and Network Security Principles and Practices, Prentice Hall of India, Third Edition, 2003.Reference Books
Cisco: Fundamentals of Network Security Companion Guide (Cisco Networking Academy Program).
Saadat Malik, Saadat Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education. 2002. (ISBN: 1587050250)
Lab Guidelines ( -2-credit hour)
Before Mid Semester Exam
NS-2 Fundamentals learning
DoS attack generation
After Mid Semester
Kerberos Implementation
VPN generation
PGP implementation
Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
Technical Risk Assessment
Total lectures: 30Credit hours: 2 hrs
Program: MSCLIS (2nd Sem)
Course Objective:To orient the students about the different types of methodology existing for risk assessment, to expose the students to evaluate with I.T infrastructure component and business process evaluation, to educate the student to conduct Vulnerability Assessment and Penetration Testing.
Detailed Syllabus:
Lectures Required
1. Introduction to Assessing I.T Infrastructure Vulnerabilities
2. Introduction to I.T Infrastructure Component.
3. Risk Assessment Methodologies
4. Performing the Assessment.
5. Post-Assessment Activities.
6. Security Assessment Templates
7. Preparing the final report
Lab:
1. Tools used for assessment and evaluations
Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
BCP & DRP
Total lectures: 30Credit hours: 2 hrs
Program: MSCLIS (2nd Sem)
Course Objective:Detailed Syllabus:
Lectures Required
Business Continuity Planning
1. Introduction
2. Analysis
a. Impact analysis
b. Threat analysis
c. Definition of impact scenarios
d. Recovery requirement documentation
3. Solution design
4. Implementation
5. Testing and organizational acceptance
6. Maintenance
a. Information update and testing
b. Testing and verification of technical solutions
c. Testing and verification of organization recovery procedures
d. Treatment of test failures
Disaster Recovery Planning1. Business data protection
2. Preventions against data loss
a. No off-site data Possibly no recovery
b. Data backup with no hot site
c. Data backup with a hot site
d. Electronic vaulting
e. Point-in-time copies
f. Transaction integrity
g. Zero or near-Zero data loss
h. Highly automated, business integrated solution
Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
SOX
Total lectures: 30Credit hours: 2 hrs
Program: MSCLIS (2nd Sem)
Course Objective:Recent corporate failures around the world owing to accounting frauds mandated the conception and framing of a sound legislation system which ensures the security of data maintained by corporate and the Sarbanes-Oxley Act, 2002 was enacted. This course therefore exposes the students to the importance of this act in providing IT security to every kind of records, including financial records.Detailed Syllabus:
Lectures Required
Unit 1: Meaning of SOX, its legislative history, McKesson Scandal, Enron Scandal, scope of the act, relevance, costs and benefits, implications for Indian companies, implications for US subsidiaries in India
Lectures Required: 04Unit 2: Outline of the act, role of auditors, lawyers, CEOs and CFOs, stakeholders protection, white-collar crimes, whistle-blower protection, The Dodd-Frank Whistle Blower Program, Documentation: Form 10-K, 10-Q, 8-K, Public Company Accounting Oversight Board (PCAOB), role & responsibilities of audit committee
Lectures Required: 06Unit 3: Records Management Implications - Records Management as a key component of internal controls, provisions regarding records retention and destruction, IT issues in record management
Lectures Required: 07Unit 4: Implementation of key provisions Section 302, Section 401, Section 404, Section 409, Section 802, Information Security Governance,
Lectures Required: 08Unit 5: SOX and IT security, IT general controls and application controls, real time disclosures, spreadsheet controls
Lectures Required: 05
Recommended Books
Text Books
1. Sarbanes Oxley ( A Practice Manual) by Mohan R Lavi, Snowhite Publications
2. Essentials Of Sarbanes-Oxley by Sanjay Anand, John Wiley
3. Understanding SOX (Sarbanes Oxley Act) by Abhishek Sharma Bharat Law House.Indian Institute of Information and Technology, Allahabad
(Deemed University)Lecture List
PCI & DSS
Total lectures: 30Credit hours: 2 hrs
Program: MSCLIS (2nd Sem)
Course Objective To understand the necessity of Payment Card Industry (PCI) Data Security Standards (DSS).
To understand how to protect the credit card industry from financial loss or eroded consumer confidence in credit cards as a means of transacting money.
To know the PCI DSS guidelines.
To understand how the PCI DSS requirements fit into an organizations network security framework.
To know how to effectively implement network security controls so that you can be both compliant and secure.Detailed Syllabus:
Lectures Required
Unit 1: Introduction to fraud, ID theft and regulatory mandates, PCI Introduction, Risk and Consequences, Benefits of Compliance. (3 C Hrs)Unit 2: PCI data security standard, PCI DSS Application Information, Scope of Assessment for compliance with PCI DSS requirements, Instructions and content for report on Compliance (5 C Hrs)Unit 3: Building & Maintaining a Secure Network: Introduction, Maintaining Firewall configuration, PCI DSS requirements, Intrusion Detection Systems, Antivirus Solutions, System defaults and other Security requirements. (5 C Hrs)Unit 4: Card holder Data protection mechanism, Vulnerability Management, Logging Access and Event and Access Control Measures (5 C Hrs)Unit 5: Monitoring & Testing: Introduction, Monitoring PCI environment, Auditing network and data access, Testing monitoring system and processes. (4 C Hrs)Unit 6: PCI DSS in wireless: Operation guide for complying with PCI DSS, Applicable requirements pertaining to wireless for all networks and in-scope wireless networks. (4 C Hrs)Unit 7: Information Security Policy for DSS, Case study: How to plan a project to meet compliance, Responsibilities and Auditing. (4 C Hrs)Recommended Books & White Paper
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance by Tony Bradley (Technical Editor), James D. Burton, Anton Chuvakin,Anatoly Elberg,Brian Freedman,David King,Scott Paladino, Paul Shcooping, Elsevier.2007.Information Supplement: PCI DSS Wireless Guideline Prepared by the PCI SSC Wireless Special Interest Group (SIG) Implementation Team, White Paper, July 2009.Reference Books
Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 2.0, Prepared by the PCI SSC Special Interest Group (SIG) Implementation Team, October 2010.Payment Card Industry Data Security Standard Handbook by Timothy M. Virtue , John wiley and sons, 2009.
Lab Guidelines ( -1-credit hour)
Before Mid Semester Exam
Analysis of the card information flow through packet sniffer
Analysis of Metasploit tool
After Mid Semester
Analysis of Nexpose tool
1