2nd semmsclis

Course on organizational Structure and Behaviour for MBA-IT

Syllabus (MSCLIS)

(Batch 2013 2015)2nd Semester

Indian Institute of Information Technology, Allahabad

Index

MSCLIS 2nd Semester

Sl.No.Topic Page No.

Core Paper

1. Data Information & Cryptography

2. Database Management & 4GLs

3. Network Security

4. Technical Risk Assessment

5. BCP & DRP

6. SOX

7. PCI & DSS

Indian Institute of Information and Technology, Allahabad

(Deemed University)Lecture List

Data Information & Cryptography

Total lectures: 30

Credit hours: 2 hrs

Program: MSCLIS (2nd Sem)

Course Objective:To understand the concepts of (Stream cipher & Block cipher) encryption and number theory.To understand public-key parameters and pseudorandom sequences.

To understand the hash functions, authentication and key management techniques.

Detailed Syllabus:

Lectures Required

Unit 1: Number Theory and Overview of Cryptography: Introduction, Information security and cryptography, Background on functions, Basic terminology and concepts, Symmetric-key encryption, Digital signatures Authentication and identification, Public-key cryptography, Hash functions, Protocols and mechanisms, Key establishment, management, and certification. (3 C Hrs)Unit 2: Public-Key Parameters: Introduction, Probabilistic primality tests, (True) Primality tests, Prime number generation, Irreducible polynomials over Zp, Generators and elements of high order. (5 C Hrs)Unit 3: Pseudorandom Bits and Sequences: Introduction, Random bit generation, pseudorandom bit generation, Statistical tests, and cryptographically secure pseudorandom bit generation. (5 C Hrs)Unit 4: Stream Ciphers: Introduction, Feedback shift registers, Stream ciphers based on LFSRs and Other stream ciphers. Block Ciphers: Introduction and overview, Background and general concepts, Classical ciphers and historical development, DES, IDEA, RC5 and other block ciphers (5 C Hrs)Unit 5: Hash Functions and Data Integrity: Introduction, Classification and framework, Basic constructions and general results, Unkeyed hash functions (MDCs), Keyed hash functions (MACs), Data integrity and message authentication, Advanced attacks on hash functions (5 C Hrs)Unit 6: Identification and Entity Authentication: Introduction, Passwords (weak authentication), Challenge-response identification (strong authentication), Customized and zero-knowledge identification protocols and Attacks on identification protocols. (3 C Hrs)Unit 7: Key Management Techniques: Introduction, Background and basic concepts, Techniques for distributing confidential keys, Techniques for distributing public keys, Techniques for controlling key usage, Key management involving multiple domains, Key life cycle issues and Advanced trusted third party services. Key Establishment Protocols: Key Transport and Agreement based on Symmetric and Asymmetric techniques. (4 C Hrs)Recommended Books

Text Books

Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996.

Reference Books

Modern Cryptography: Theory and Practice by Wenbo Mao Hewlett-Packard Company, Prentice Hall PTR 2003.

Cryptography and Network Security by William Stallings, Prentice Hall, Fourth Edition.

Lab Guidelines ( -2-credit hour)

Before Mid Semester Exam

All types of Primality Test

All types of Statistical Test

After Mid Semester

Stream Cipher

Block Cipher

Hash code Generation.Diffie Hellman Key Exchange



Database Management & 4GLs

Total lectures: 45Credit hours: 3 hrs


Course Objective:This course is intended to prepare you to design, develop and use information systems using database management systems (DBMS). We will explore the practices, issues and theoretical foundations of organizing and analyzing information and information content for the purpose of designing effective and useful databases. This course will introduce you to the principles of database systems and database design. You will learn how to use DBMS to construct information systems for a wide range of applications.

These topics will be examined through readings, discussion, hands-on experience using various database management systems, and through exercises designed to help explore the capabilities and utility of different database systems.

Detailed Course:

Introduction to databases and database management systems, The conceptual data model, The Relational data model.

Structured Query language (SQL), Fourth Generation Environments, The future of the relational model: extensions and replacements, Transaction processing, Triggers, Indexes, Security, PL/SQL, Functions, Procedures, Cursors. Oracle Developer/2000, Forms, Reports, Graphics Designer/2000 Applications. Reference Books:

1. Database System Concepts by Abraham Silberschatz et el, 5th Edition, TMH Publishing Co.

2. Database Management System by Raghu Ramakrishnan et el, 3rd Edition, TMH Publishing Co.

3. Oracle 10g Programming : A Primer Rajshekhar Sunderraman 2nd Edition, Addition Wesley Publishing Co. Indian Institute of Information and Technology, Allahabad


Network Security



Course Objective This course provides an essential study of computer security issues and methods in networking systems. Topics to be covered include review of networking, advanced cryptography, access control, distributed authentication, TCP/IP security, firewalls, IPSec, Virtual Private Networks, and intrusion detection systems.

Detailed Syllabus:

Lectures Required

Unit 1: Introduction to Network security, Model for Network security, Model for Network access security. (2 C Hrs)Unit 2: Real-time Communication Security: Introduction to TCP/IP protocol stack, Implementation layers for security protocols and implications, IPsec: AH and ESP, IPsec: IKE. (7 C Hrs)Unit 3: Media- Based-Vulnerabilities, Network Device Vulnerabilities, Back Doors, Denial of Service (DoS), Spoofing, Man-in-the-Middle, and replay, Protocol-Based Attacks, DNS Attack, DNS Spoofing, DNS Poisoning, ARP Poisoning, TCP/IP Hijacking . (10 C Hrs)Unit 4: Virtual LAN (VLAN) , Demilitarization Zone (DMZ) , Network Access Control (NAC), Proxy Server , Honey Pot , Network Intrusion Detection Systems (NIDS) and Host Network Intrusion Prevention Systems Protocol Analyzers, Internet Content Filters, Integrated Network Security Hardware . (10 C Hrs)Unit 5: Authentication: Kerberos, X.509 Authentication Service, Scanning: Port Scanning, Port Knocking- Advantages, Disadvantages. Peer to Peer security.(4 C Hrs)Unit 6: Electronic Mail Security: Distribution lists, Establishing keys, Privacy, source authentication, message integrity, non-repudiation, proof of submission, proof of delivery, message flow confidentiality, anonymity, Pretty Good Privacy (PGP) (6 C Hrs)Unit 7: Firewalls and Web Security: Packet filters, Application level gateways, Encrypted tunnels, Cookies. Assignments on latest network security techniques (6 C Hrs)

Recommended Books

Text Books

Mark Ciampa Security + Guide to Network Security Fundamentals/Edition 3 Cengage Learning publisher, ISBN-10: 1428340661 ISBN-13: 978-1428340664 William Stallings, Cryptography and Network Security Principles and Practices, Prentice Hall of India, Third Edition, 2003.Reference Books

Cisco: Fundamentals of Network Security Companion Guide (Cisco Networking Academy Program).

Saadat Malik, Saadat Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education. 2002. (ISBN: 1587050250)



NS-2 Fundamentals learning

DoS attack generation

After Mid Semester

Kerberos Implementation

VPN generation

PGP implementation



Technical Risk Assessment



Course Objective:To orient the students about the different types of methodology existing for risk assessment, to expose the students to evaluate with I.T infrastructure component and business process evaluation, to educate the student to conduct Vulnerability Assessment and Penetration Testing.

Detailed Syllabus:

Lectures Required

1. Introduction to Assessing I.T Infrastructure Vulnerabilities

2. Introduction to I.T Infrastructure Component.

3. Risk Assessment Methodologies

4. Performing the Assessment.

5. Post-Assessment Activities.

6. Security Assessment Templates

7. Preparing the final report

Lab:

1. Tools used for assessment and evaluations



BCP & DRP



Course Objective:Detailed Syllabus:

Lectures Required

Business Continuity Planning

1. Introduction

2. Analysis

a. Impact analysis

b. Threat analysis

c. Definition of impact scenarios

d. Recovery requirement documentation

3. Solution design

4. Implementation

5. Testing and organizational acceptance

6. Maintenance

a. Information update and testing

b. Testing and verification of technical solutions

c. Testing and verification of organization recovery procedures

d. Treatment of test failures

Disaster Recovery Planning1. Business data protection

2. Preventions against data loss

a. No off-site data Possibly no recovery

b. Data backup with no hot site

c. Data backup with a hot site

d. Electronic vaulting

e. Point-in-time copies

f. Transaction integrity

g. Zero or near-Zero data loss

h. Highly automated, business integrated solution



SOX



Course Objective:Recent corporate failures around the world owing to accounting frauds mandated the conception and framing of a sound legislation system which ensures the security of data maintained by corporate and the Sarbanes-Oxley Act, 2002 was enacted. This course therefore exposes the students to the importance of this act in providing IT security to every kind of records, including financial records.Detailed Syllabus:

Lectures Required

Unit 1: Meaning of SOX, its legislative history, McKesson Scandal, Enron Scandal, scope of the act, relevance, costs and benefits, implications for Indian companies, implications for US subsidiaries in India

Lectures Required: 04Unit 2: Outline of the act, role of auditors, lawyers, CEOs and CFOs, stakeholders protection, white-collar crimes, whistle-blower protection, The Dodd-Frank Whistle Blower Program, Documentation: Form 10-K, 10-Q, 8-K, Public Company Accounting Oversight Board (PCAOB), role & responsibilities of audit committee

Lectures Required: 06Unit 3: Records Management Implications - Records Management as a key component of internal controls, provisions regarding records retention and destruction, IT issues in record management

Lectures Required: 07Unit 4: Implementation of key provisions Section 302, Section 401, Section 404, Section 409, Section 802, Information Security Governance,

Lectures Required: 08Unit 5: SOX and IT security, IT general controls and application controls, real time disclosures, spreadsheet controls

Lectures Required: 05

Recommended Books

Text Books

1. Sarbanes Oxley ( A Practice Manual) by Mohan R Lavi, Snowhite Publications

2. Essentials Of Sarbanes-Oxley by Sanjay Anand, John Wiley

3. Understanding SOX (Sarbanes Oxley Act) by Abhishek Sharma Bharat Law House.Indian Institute of Information and Technology, Allahabad


PCI & DSS



Course Objective To understand the necessity of Payment Card Industry (PCI) Data Security Standards (DSS).

To understand how to protect the credit card industry from financial loss or eroded consumer confidence in credit cards as a means of transacting money.

To know the PCI DSS guidelines.

To understand how the PCI DSS requirements fit into an organizations network security framework.

To know how to effectively implement network security controls so that you can be both compliant and secure.Detailed Syllabus:

Lectures Required

Unit 1: Introduction to fraud, ID theft and regulatory mandates, PCI Introduction, Risk and Consequences, Benefits of Compliance. (3 C Hrs)Unit 2: PCI data security standard, PCI DSS Application Information, Scope of Assessment for compliance with PCI DSS requirements, Instructions and content for report on Compliance (5 C Hrs)Unit 3: Building & Maintaining a Secure Network: Introduction, Maintaining Firewall configuration, PCI DSS requirements, Intrusion Detection Systems, Antivirus Solutions, System defaults and other Security requirements. (5 C Hrs)Unit 4: Card holder Data protection mechanism, Vulnerability Management, Logging Access and Event and Access Control Measures (5 C Hrs)Unit 5: Monitoring & Testing: Introduction, Monitoring PCI environment, Auditing network and data access, Testing monitoring system and processes. (4 C Hrs)Unit 6: PCI DSS in wireless: Operation guide for complying with PCI DSS, Applicable requirements pertaining to wireless for all networks and in-scope wireless networks. (4 C Hrs)Unit 7: Information Security Policy for DSS, Case study: How to plan a project to meet compliance, Responsibilities and Auditing. (4 C Hrs)Recommended Books & White Paper

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance by Tony Bradley (Technical Editor), James D. Burton, Anton Chuvakin,Anatoly Elberg,Brian Freedman,David King,Scott Paladino, Paul Shcooping, Elsevier.2007.Information Supplement: PCI DSS Wireless Guideline Prepared by the PCI SSC Wireless Special Interest Group (SIG) Implementation Team, White Paper, July 2009.Reference Books

Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 2.0, Prepared by the PCI SSC Special Interest Group (SIG) Implementation Team, October 2010.Payment Card Industry Data Security Standard Handbook by Timothy M. Virtue , John wiley and sons, 2009.



Analysis of the card information flow through packet sniffer

Analysis of Metasploit tool

After Mid Semester

Analysis of Nexpose tool

1

2nd semmsclis

Documents