Information System Security Syllabus - BCIS (PU)

View and download full syllabus of Information System Security

Course Description

Course Objectives:

The objective of the course is to make student familiar with the basic concepts of information security including different aspects of information security from related technologies, tools to concepts of information security governance to make them able to deal with information security practically.

Course Description:

This course is a combination of information security governance and technologies for building uo information security. This course introduces students to fundamental concepts of information and information security, different types of threats and attacks, concept of encryption and key management and common tools and technologies for information security. Similarly, this course also includes information security policy, standards and best practices along with issues of managing risk, system and business continuity assurance, digital forensic and legal and regulatory issues.

Course Outcomes:

  • Clear understanding of information security basic
  • Know basic terminologies and issues of information security
  • Able to know and use common technologies and tools required to maintain information security.
  • Able to tackle multiple dimensions of managing information security.

Unit Contents

Course Contents

Unit I: Introduction to Information Security                                                           6 hour

  • Definition of Information Security
  • The History of Information Security
  • Components of Information System
  • Critical Characteristics of Information
  • Information security concepts and practices ( CIA and other practices)
  • Balancing Security and Access
  • Need for Information Security

Unit II: Threats and Attacks                                                                                        7 hour

  • Concepts of threats
  • Different Types of threats: Compromise of Intellectual Property, Deliberate software attacks, Deviations in QoS, Trespass, Forces of Nature, Information Extortion, Theft, Human error, Vandalism, Technological Obsolesce etc.
  • Concept of Attack
  • Different types of attacks: Malicious code, Password attacks, DOS and DDOS attack, Application attacks, Mail Bombing, Spoofing, Spams, Man-in-the-middle, sniffing, phishing, social Engineering etc.
  • Internet Threats and Securities

Unite III: Cryptography and Key Management                                                        8 hour

  • Basics of cryptography
  • Symmetric Cryptography (DES, Triple DES, AES)
  • Asymmetric cryptography: Public and private keys, RSA
  • Hash function
  • Digital signatures
  • PKI

Unit IV: Security Technologies and Tools                                                                   8 hour

  • Firewall
  • Intrusion Detection and Prevention System
  • Honeypots
  • Scanning and analysis tools (Port scanner, Vulnerability scanner, Packet sniffers etc.)
  • Penetration Testing
  • Secure Communication (VPN, SSL, IPsec, WEP, WPA, SET)
  • Concept of access control, Authentication and Authorization
  • Identification and authentication techniques
  • Access control technique

Unite V: Information Security Policy, Standards and Practices                               4 hour

  • Basic concept and Definitions
  • Categories of policies: Enterprise Information Security Policy, Issue-Specific Information security Policy, System specific Information security Policies
  • ISO 27000 series
  • NIST Security Model
  • IETF Security Architecture

Unite VI: Risk Management                                                                                            4 hour

  • Overview of risk management
  • Risk Identification
  • Risk Assessment
  • Risk Control Strategies
  • Best practices

Unit VII: Continuity Planning                                                                                          4 hour

  • Incidence Response Planning
  • Business continuity planning
  • Disaster recovery planning

Unit VIII: Introduction to Auditing and Digital Forensic                                         3 hour

  • Auditing
  • Monitoring
  • Digital Forensic :Team , methodology and procedure

Unite IX: Legal, Ethical and Professional issues in Information Security               4 hour

  • Relevant Laws
  • International Laws and Legal Bodies
  • Related laws in Nepal, their provisions and limitations.
  • Ethical Concepts in Information Security
  • Codes of Ethics, Certifications, and Professional Organizations

Text and Reference Books

Text Book

  1. Michael E. Whitman and Herbert J Mattord: Principals of Information Security, Course Technology, Cengage Learning

Reference Books:

  1. Official (ISC)²® Guide to the CISSP® CBK®, Third Edition, (ISC)²Press
  2. William Stallings, Cryptography and Net
Download Syllabus
  • Short Name ISS
  • Course code CMP 461
  • Semester Seventh Semester
  • Full Marks 100
  • Pass Marks 45
  • Credit 3 hrs
  • Elective/Compulsary Compulsary