A10.3-R5-Information Security Management

 A10.3-R5-Information Security Management

Introduction

This module is designed to focus on information security skills and techniques to protect and secure organization's information assets and business systems. Students understand of various types of security incidents, threats and attacks, and learn methods to prevent, detect and react to incidents and attacks.

Objective

This module is designed to focused on information security skills and techniques to protect and secure organization's information assets and business systems. Students understand various types of security incidents, threats and attacks, and learn methods to, detect react and mitigate attacks. After completing the module, the incumbent will be able to:

• Identify different components of network, topology, protocol stacks and devices,
•  Able to acquaint with various Information security threats and mitigate such threats /incidents
• Explain the usage of secret key cryptography and public key cryptography, algorithms  used  in cryptography, and applications
• Understand and identify the common types of attacks against networks and countermeasures
• Identify vulnerabilities in web applications and mitigation strategies
• Identifies the phases of IT audit, performing risk assessment in Windows and Linux environment
• Acquaint with cyber law, incident handling and performing digital forensic analysis Learning Objectives 

(Learnerwill learn after completion ofunit)

1. Network Fundamentals

1. Identify different components of network devices.
2. Identify the different types of network, topologies and the most common network technologies
3. Understand the properties and functions of network protocols and network protocol stacks

2. Introduction to cyber security and Attacks

1. Able to acquaint with various Information security threat and controls for it.
2. To fully understand the Principle of Least Privilege and Confidentiality, Integrity, Availability (CIA),
3. Conversant in the fundamentals of risk management, security policy, and authentication/authorization/accountability.

3.Cryptography

1. After completion of this unit, candidate will able to
2. Explain the concepts used in early substitution and translation ciphers
3. Understand Mathematical concepts underpinning cryptography
4. Demonstrate the use of hashing in maintaining data integrity
5. Use encryption methods that ensure both confidentiality and integrity
6. Understand modern cryptosystem RSA, AES etc.
7. Understand algorithms used to protect users online and to understand some of the design choices behind these algorithms

4.Network Security and countermeasures

1. Understand and know the different types of topologies and the inherent security risks they create
2. Understand and identify the common types of attacks against networks
3. Understand the properties and functions of network protocols and the network protocol stacks
4. Understand the aspect of deploying and utilizing wireless networks and technologies
5. Configure firewalls, IDS, HIDS, NIDS,NIPS on all platforms for all types of attack scenarios.

5.Web Server and Application Security

1. After completion of this unit, candidate will able to
2. Identify vulnerabilities in web applications, find a way in which the problems could be fixed or avoided.
3. Learn Mitigation strategies from an infrastructure, architecture, and coding perspective
4. Learn application coding errors like SQL injection and cross-site scripting
5. Learn OWASP top 10 vulnerabilities and mitigation techniques.

6.Security Auditing

1. Identifies the phases of IT audit, and how to ensure that an audit provides value to the organization.
2. Learn risk management models exist for implementing a deeper risk management program in their organization.
3. Learn the elements of risk assessment and the data necessary for performing an effective risk assessment using Microsoft Security Assessment Tool
4. Learn Linux systems auditing
5. Perform Risk Assessment based on ISO27001 using ISO27001 security toolkit
6. Prepare Audit Questionnaire and Performing Audit for ISO27001 Standard

7. Cyber Law and IT Act 2000

1. Know Legal Aspects, Cyber Law – Indian and Internationals perspective
2. Able to identify types of cybercrimes and penalties associated with the crimes

8. Cyber Forensics 

1. Identify source of digital evidence
2. Know cyber forensics procedure identification, preserving, analysis, authentication presentation
3. Perform collection, imaging and analysis of the digital evidence
4. Perform volatile data collection and analysis
5. Understand the importance of report, maintaining chain of custody

Detailed Syllabus

(i) Network Fundamentals

Introduction to Ethernet, OSI layers, TCP/IP models, Functions/ protocols & devices at each layer, Protocol headers for frame, TCP, UDP, IP ,ICMP, applications layers like http, snmpetc, Network Topology, Working of Hub bridge, switch, router, UTM, remote administration of and managed network devices, Types of Networks, VLAN, Subnetting, NAT Working with Number systems, Fixed Length subnet masking, Variable Length subnet, masking, Classless Inter Domain Routing, Inter VLAN routing, Static Routing, RIP, RIPv2, OSPF, EIGRP, IGRP using IPv4, Routing in Ipv6.

(ii) Introduction to cyber security and Attacks

Fundamentals of information security - CIA Triad, Cyber Security Controls, Logical Controls, Physical Controls, Tools & Techniques, understanding threats, attacks categories, hacking process, Vulnerability, Threat & Risk (with examples), Types of Attacks (DDOS, Phishing, Malware etc. with examples), Threats at Client systems (malware, social engineering, open ports, etc.) Threats to Network, Web, Storage & Devices, Understanding the network security, Mitigation Techniques, fundamental of web/mobile application security, Web Application Attacks (SQL Injection, Cross site scripting etc.), Mobile Application Attacks, data center security, cloud computing and data security.

(iii) Cryptography

Data Transmission and Organization, error detecting and correcting codes, need of cryptography. Cryptology fundamentals, Symmetric-Asymmetric cryptography & cryptographic algorithms, Private key encryption, Public key encryption, Protocols, Key management, including key generation, key storage, Key exchange, Encryption folders(Graphical/ using cipher), Data recovery agent, Symmetric key encryption algorithm, DES/3DES, IDEA,RC5, AES, Public key algorithm, RSA & ECC, Diffie-Hellman key exchange, Hash functions, MD5-message digest algorithm, SHA-1 Secure Hash algorithm, HMAC, Applications of cryptography- Secure Email PGP, SSL TLS S/MIME, File Encryption IPsec, IOT Attacks against encryption, Public Key Infrastructure Understanding digital certificates and signatures.PKI Standards and Management, X.500, X.509, ETF, IRTF.

(iv) Network Security and countermeasures

Securing Networks, Network security devices– Router, ACL, firewalls, types of firewalls, configuration and deployment, overview of IDS, Network-based IDS (NIDS), Host-based IDS, Overview of IPS, Host-based IPS, (HIPS), Network-based IPS(NIPS), UTMTMG threat management gateway, network security tools (scanners, sniffers etc) and Countermeasures. wireless security, securing wireless networks: wireless overview, Bluetooth, 820.11

(v) Web Server and Application Security

Client-Server Relationship, Vulnerabilities in web server and applications, Attack methods, Buffer overflow, SQL injection, cross site scripting, session hijack etc., Secure Coding Practices, OWASP top 10 vulnerabilities and mitigation techniques, Web Application vulnerability scanning, tools (Nessus), Web application security challenges

(vi) Security Auditing

Audit planning (scope, pre-audit planning, data gathering, audit risk), Risk management, Overall Audit Risk, Risk based approach, Evidence, Evidence gathering techniques, Sampling, Control Self-Assessment, Risk analysis, Purpose of risk analysis, Risk based auditing, Types of Control, Risk Assessment using Simple Risk or Eramba (Open source Tools), 3 phase approach – Risk assessment IT/IS Audit, Log analysis, Using Microsoft Security Assessment Tool, Using Microsoft Security Baseline Analyzer, Configuring Windows File system auditing. Event ID Log Analysis, OS and Application specific auditing, Performing Risk Assessment based on ISO27001 using ISO27001 security toolkit, Preparing Audit Questionnaire and Performing Audit for ISO27001 Standard.

(vii) Cyber Law and IT Act 2000

Information Technology Act 2000 (as amended in 2008), Rules under Information Technology Act 2000. The Rule of Cyberspace. Cyber Law – Policy Issues and Emerging Trends Online Contract. Digital Signature Cyber Crime, Data Protection, Liability of Intermediary, Copyright and Internet. Domain Name Dispute, Harmful content in Internet, Case Studies.

(viii) Cyber Forensics

Digital Evidence, identification of digital evidence, Cyber forensics Processes Identification, Preservation, seizure and acquisitions, Analysis, authentication and presentations, fundamental of Incident response and handling, Reporting, mitigation, Volatile evidence collection and analysis, disk imaging and analysis, Investigating Information-hiding, analysis of e-mail, Tracing Internet access, Understanding importance of report, writing of reports, generating report finding with forensics tools, Chain of custody forms, Laboratory documents and procedures. 

Reference Books/Study Material

1. Cryptography and Network Security Principles and Practices, William Stallings, Seventh Edition, Pearson

2. Network Security Essentials: Applications and Standards Paperback, William Stallings

3. Cryptography and Network Security Paperback, Atul Kahate

4. Computer Networks, 5e (5th Edition) Paperback, Tanenbaum

5. Principles of Computer Security: CompTIA Security+ and Beyond, W.A. Coklin,

G.White, Fifth Edition.

6. Cyber Law-Law of Information Technology And Internet Paperback, Anirudh Rastogi

7. Hands-on Incident Response and Digital Forensics, Jason Wayne