Professional Documents
Culture Documents
COURSE
COURSE NAME L T P C
CODE
CORE COURSES: I AND II SEMESTER
IS2001 Introduction to Cryptography 3 0 2 4
IS2006 Security Scripting and Analysis 3 0 2 4
IS_R2002 Operating Systems Administration and Security 3 0 2 4
IS2003 Network Security 3 0 2 4
IS2004 TCP/IP 3 0 2 4
IS2005 Forensics and Incident Response 3 0 2 4
CAC2001 Career Advancement Course for Engineers - I 1 0 1 1
CAC2002 Career Advancement Course for Engineers - II 1 0 1 1
Total 20 0 14 26
Total Contact hours:34
CORE COURSES: III SEMESTER
IS2047 Seminar (Pass/Fail Course) 0 0 1 1
IS2049 Project Phase-I 0 0 12 6
CAC2003 Career Advancement Course for Engineers - III 1 0 1 1
Total 1 0 14 8
CORE COURSES: IV SEMESTER
IS2050 Project Phase-II 0 0 32 16
SUPPORTIVE COURSE:
MA2019 Number Theory 3 0 0 3
Inter Disciplinary Elective
One course to be taken in Semester I or II or III 3 0 0 3
PROGRAM ELECTIVES
6 courses of 3 credits each to be taken in 0 0 0 18
Semesters I -III
Total Credits 74
CREDITS
SL.
CATEGORY I II III IV CATEGOR
NO.
SEMESTER SEMESTER SEMESTER SEMESTER Y TOTAL
1 Core courses 12 12 --- --- 24
(3 courses) (3 courses)
2 Program Elective
18 (in I to III semesters) --- 18
courses
Interdisciplinary
elective courses
(any one
3 (in I to III semesters) --- 3
program elective
from other
programs)
3 Supportive
courses – 3 (in I to III semesters) --- 3
mandatory
4 Seminar --- --- 1 --- 1
5 Career
Advancement 1 1 1 -- 3
Cources
6 Project work --- --- 06 16 22
Total 74
COURSE
COURSE TITLE L T P C
CODE
INTRODUCTION TO CRYPTOLOGY 3 0 2 4
Total Contact Hours – 75
IS2001
Prerequisite
Nil
PURPOSE
The course provides a comprehensive view of symmetric and asymmetric
cryptographic Schemes and key management issues.
INSTRUCTIONAL OBJECTIVES
1. Understand OSI security architecture and classic encryption techniques
2. Acquire fundamental knowledge on the concepts of finite fields and number
theory
3. Understand various block cipher and stream cipher models
4. Describe the principles of public key cryptosystems, hash functions and digital
signature
PURPOSE Prerequisite
NIL
This course will help the students to gain mastery over scripting and its
application to problems in computer and network security. This course is
ideal for penetration testers, security enthusiasts, Packet analyzers and
network administrators who want to learn to automate tasks or go beyond just
using readymade tools.
INSTRUCTIONAL OBJECTIVES
REFERENCES
Practical
1. Shell programming and administrative commands
2. Buffer Overflow attack
3. Race Condition Attack
4. Shell Shock Attack
5. Implementing access control policy
6. Logging, Auditing and log monitoring
7. Enforcing password policies
8. Adding a new system call
9. VM Security
10. Configuring and installing OS
11. Intrusion Detection System
12. Writing your own shell interpreter
REFERENCES
1. William Stalling, Operating System: Internals and Design Principles, Prentice
Hall, 7th Edition, 2012.
2. Promod Chandra P Bhat, An Introduction to Operating Systems: Concepts and
practice, Prentice hall of India, 4th Edition, 2014
3. Tom Adelstein and Bill Lubanovic, Linux System Administration, O’Reilly Media,
Inc., 1st Edition, 2007.
4. Trent Jaeger, Operating Systems Security, Morgan & Claypool Publisher, 2008.
5. Michael J.Palmer, Guide to Operating System Security, Thomson / Course
technology, 2004.
6. Randal E. Bryant and David R. O’Hallaron, Computer Systems: A Programmer’s
Perspective, prentice Hall, 2nd Edition, 2011
COURSE
COURSE TITLE L T P C
CODE
NETWORK SECURITY 3 0 2 4
Total Contact Hours – 75
IS2003
Prerequisite
Computer Networks, Cryptography
PURPOSE
This course provides a comprehensive view of the network security principles and
measures to prevent vulnerabilities and security attacks in the networks.
INSTRUCTIONAL OBJECTIVES
1. Understand the basic concepts of networks, networking devices and various
attacks possible on networking devices
2. Understand the concept of IP security and architecture
3. Understand the various methods and protocols to maintain E-mail security and
web security
4. Understand the various methods of password management and protocols to
maintain system security
REFERENCES
COURSE
COURSE NAME L T P C
CODE
TCP/IP 3 0 2 4
Total Contact Hours – 75 (Theory – 45, Practical –
IS2004 30)
Prerequisite
Computer Networks
PURPOSE
TCP/IP is arguably the single most important computer networking technology. The
Internet and most home networks support TCP/IP as communication protocol. This
course provides a foundation to understand various principles, protocols and design
aspects of Computer Network and also helps to achieve the fundamental purpose of
computer networks in the form of providing access to shared resources.
INSTRUCTIONAL OBJECTIVES
1. Understand the evolution of computer networks over the period of time using the
layered network architecture.
2. Work with client server sockets and also can develop applications to speak with
each other.
3. Learn and understand the next generation Internet protocol and also to work
with wide area network technologies.
REFERENCE BOOKS:
1. Douglas E. Comer,” Internetworking with TCP/IP, Principles, Protocols, and
Architecture”, Addison-Wesley, 5th edition, Vol 1, 2005, ISBN-10: 0131876716 |
ISBN-13: 978-0131876712.
2. Douglas E. Comer, David L. Stevens,” Internetworking with TCP/IP Vol. III,
Client-Server Programming and Applications”, Addison-Wesley, 2nd edition,
2000, ISBN-10: 013260969X, ISBN-13: 978-0132609692.
3. Wendell Odom,” CCNP Route 642-902, CCIE”, Official Certification Guide,
Pearson.
4. Behrouz A. Forouzan, “Data Communications and Networking”, McGraw-Hill, 5th
edition, 2012, ISBN- 10: 0073376221, ISBN-13: 978-0073376226.
COURSE
COURSE NAME L T P C
CODE
IS2005 Forensics and Incident Response 3 0 2 4
Total Contact Hours – 75
Prerequisite
NIL
PURPOSE
The course focuses on the procedures for identification, preservation, and extraction
of electronic evidence, auditing and investigation of network and host system
intrusions, analysis and documentation of information gathered, and preparation of
expert testimonial evidence. The course will also provide hands on experience on
various forensic tools and resources for system administrators and information
system security officers.
INSTRUCTIONAL OBJECTIVES
1. Plan and prepare for all stages of an investigation - detection, initial response
and management interaction.
2. Investigate web server attacks, DNS attacks and router attacks and also can
learn the importance of evidence handling and storage.
3. Monitor network traffic and detect illicit servers and covert channels
REFERENCES
1. Kevin Mandia, Chris Prosise, “Incident Response and computer forensics”, Tata
McGrawHill,2006.
2. Peter Stephenson, "Investigating Computer Crime: A Handbook for Corporate
Investigations", Sept 1999
3. Eoghan Casey, "Handbook Computer Crime Investigation's Forensic Tools and
Technology", Academic Press, 1st Edition, 2001
4. Skoudis. E., Perlman. R. Counter Hack: A Step-by-Step Guide to Computer
Attacks and Effective Defenses. Prentice Hall Professional Technical Reference.
2001.
5. Norbert Zaenglein, "Disk Detective: Secret You Must Know to Recover
Information from a Computer", Paladin Press, 2000
6. Bill Nelson, Amelia Philips and Christopher Steuart, “Guide to computer
forensics and investigations”, course technology,4thedition, ISBN: 1-435-49883-6
COURSE
COURSE NAME L T P C
CODE
IS2047 SEMINAR 0 0 1 1
PURPOSE
Seminar is one of the important components for the engineering graduates to exhibit
and expose their knowledge in their field of interest. It also gives a platform for the
students to innovate and express their ideas in front of future engineering graduates
and professionals.
INSTRUCTIONAL OBJECTIVES
1. To make a student study and present a seminar on a topic of current relevance
in Information Technology or related fields.
2. Enhancing the debating capability of the student while presenting a seminar on a
technical topic.
3. Training a student to face the audience and freely express and present his ideas
without any fear and nervousness, thus creating self-confidence and courage
which are essentially needed for an Engineer.
GUIDELINES
1. Each student is expected to give a seminar on a topic of current relevance in
IT/Related field with in a semester.
2. Students have to refer published papers from standard journals.
3. The seminar report must not be the reproduction of the original papers but it can
be used as reference.
ASSESMENT
Assessment will be done according to university regulation.
COURSE
COURSE TITLE L T P C
CODE
IT2049 PROJECT WORK PHASE I / III SEMESTER 0 0 12 6
IT2050 PROJECT WORK PHASE II / IV SEMESTER 0 0 32 16
PURPOSE
To undertake research in an area related to the program of study
INSTRUCTIONAL OBJECTIVES
The student shall be capable of identifying a problem related to the program of study
and carry out wholesome research on it leading to findings which will facilitate
development of a new/improved product, process for the benefit of the society.
M.Tech projects should be socially relevant and research-oriented ones. Each
student is expected to do an individual project. The project work is carried out in two
phases – Phase I in III semester and Phase II in IV semester. Phase II of the project
work shall be in continuation of Phase I only. At the completion of a project the
student will submit a project report, which will be evaluated (end semester
assessment) by duly appointed examiner(s). This evaluation will be based on the
project report and a viva voce examination on the project. The method of assessment
for both Phase I and Phase II is shown in the following table:
Student will be allowed to appear in the final viva voce examination only if he / she
has submitted his / her project work in the form of paper for presentation / publication
in a conference / journal and produced the proof of acknowledgement of receipt of
paper from the organizers / publishers.
INTERDISCIPLINARY ELECTIVE L T P C
Total Contact Hours:45 3 0 0 3
Students to choose one Elective course from the list of Post Graduate courses
specified under the faculty of Engineering and Technology other than the courses
under MTech(ISCF) curriculum either I,II or III semester.
COURSE
COURSE NAME L T P C
CODE
APPLIED CRYPTOLOGY 3 0 0 3
Total contact hours – 45
IS2101
Prerequisite
Cryptography, Network Security
PURPOSE
The course provides an overview of the various encryption techniques, how to use
them to protect the data.
INSTRUCTIONAL OBJECTIVES
1. Understand basic encryption methods and algorithms, he strengths and
weaknesses of encryption algorithms
2. Understand encryption key exchange and management
3. Understand how to deploy encryption techniques to secure data stored on
computer systems
4. Understand how to deploy encryption techniques to secure data in transit
across data networks and also to
demonstrate best practice deployment of cryptographically technologies
UNIT - I (9 Hours)
Foundations – Protocol Building Blocks - Basic Protocols - Intermediate Protocols –
Advanced Protocols - Zero-Knowledge Proofs - Zero-Knowledge Proofs of Identity -
Blind Signatures - Identity-Based Public-Key Cryptography - Oblivious Transfer -
Oblivious Signatures - Esoteric
Protocols
UNIT - II (9 Hours)
Key Length - Key Management - Electronic Codebook Mode - Block Replay - Cipher
Block Chaining Mode - Stream Ciphers - Self-Synchronizing Stream Ciphers - Cipher-
Feedback Mode - Synchronous Stream Ciphers - Output-Feedback Mode - Counter
Mode - Choosing a Cipher Mode - Interleaving - Block Ciphers versus Stream
Ciphers - Choosing an Algorithm - Public- Key Cryptography versus Symmetric
Cryptography - Encrypting Communications Channels - Encrypting Data for Storage -
Hardware Encryption versus Software Encryption - Compression, Encoding, and
Encryption - Detecting Encryption – Hiding and Destroying Information.
UNIT - III (9 Hours)
Information Theory - Complexity Theory - Number Theory - Factoring - Prime Number
Generation - Discrete Logarithms in a Finite Field - Data Encryption Standard (DES) –
Lucifer - Madryga - NewDES - GOST – 3 Way – Crab – RC5 - Double Encryption -
Triple Encryption - CDMF Key Shortening - Whitening.
UNIT - IV (9 Hours)
Pseudo-Random-Sequence Generators and Stream Ciphers – RC4 - SEAL -
Feedback with Carry Shift Registers - Stream Ciphers Using FCSRs - Nonlinear-
Feedback Shift Registers - System-Theoretic Approach to Stream-Cipher Design -
Complexity-Theoretic Approach to Stream-Cipher Design - N- Hash - MD4 - MD5 -
MD2 - Secure Hash Algorithm (SHA) - One- Way Hash Functions Using Symmetric
Block Algorithms - Using Public-Key Algorithms - Message Authentication Codes
UNIT - V (9 Hours)
RSA - Pohlig-Hellman - McEliece - Elliptic Curve Cryptosystems -Digital Signature
Algorithm (DSA) - Gost Digital Signature Algorithm - Discrete Logarithm Signature
Schemes - Ongchnorr- Shamir -Cellular Automata - Feige-Fiat-Shamir -Guillou-
Quisquater - Diffie-Hellman - Station-to-Station Protocol -Shamir’s Three-Pass
Protocol - IBM Secret-Key Management Protocol - MITRENET - Kerberos - IBM
Common Cryptographic Architecture
REFERENCES
1. Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code
in C”
1. John Wiley & Sons, Inc, 2nd Edition, 1996.
2. Wenbo Mao, “Modern Cryptography Theory and Practice”, Pearson Education,
2004
3. AtulKahate, “Cryptography and Network Security”, Tata McGrew Hill, 2003.
4. William Stallings, “Cryptography and Network Security”, 3rd Edition, Pearson
Education, 2003.
COURSE
COURSE NAME L T P C
CODE
PRINCIPLES OF SECURE CODING 2 0 2 3
Total Contact Hours – 60
IS2102
Prerequisite
Knowledge of Programming is preferred
PURPOSE
Commonly exploited software vulnerabilities are usually caused by avoidable
software defects. Overcoming these defects during the process of development of
software leads to secure coding practices. So, the purpose of this course is to
identify, explain and demonstrate the problems in insecure coding practices and
methods to rectify the same.
INSTRUCTIONAL OBJECTIVES
1. Understand the need for secure coding and proactive development process
2. Explain and demonstrate secure coding practices
3. Learn input issues related to database and web and fundamental principles of
software security engineering
REFERENCES
1. Michael Howard , David LeBlanc, “Writing Secure Code”, Microsoft Press, 2nd
Edition, 2003
2. Robert C.Seacord, “ Secure Coding in C and C++”, Pearson Education, 2nd
edition, 2013
3. Julia H. Allen, Sean J. Barnum, Robert J. Ellison, Gary McGraw, Nancy R.
Mead, “ Software Security Engineering : A guide for Project Managers”, Addison-
Wesley Professional, 2008
Course
Course Name L T P C
Code
MOBILE AND DIGITAL FORENSICS 3 0 0 3
Total Contact Hours – 45
IS2103 Prerequisite
Knowledge of Forensics and Incident
response is preferred
PURPOSE
The use of Mobile phones and digital devices across the globe has increased
dramatically. These devices are more susceptible to information security attacks and
thus they also possess huge evidences which shall be used during crime scene
investigation. This makes the course on mobile and digital forensics an inevitable one
for the security professionals. This course on mobile and digital forensics will provide
a better understanding for the course participants on different forms of evidences in
many digital devices, collection and interpretation of the same.
INSTRUCTIONAL OBJECTIVES
1. Understand the basics of wireless technologies and security.
2. Become knowledgeable in mobile phone forensics and android forensics.
3. Learn the methods of investigation using digital forensic techniques.
UNIT- I (9 Hours)
Overview of wireless technologies and security: Personal Area Networks, Wireless
Local Area Networks, Metropolitan Area Networks, Wide Area Networks. Wireless
threats, vulnerabilities and security: Wireless LANs, War Driving, War Chalking, War
Flying, Common Wi-fi security recommendations, PDA Security, Cell Phones and
Security, Wireless DoS attacks, GPS Jamming, Identity theft.
UNIT - II (9 Hours)
CIA triad in mobile phones-Voice, SMS and Identification data interception in GSM:
Introduction, practical setup and tools, implementation- Software and Hardware
Mobile phone tricks: Netmonitor, GSM network service codes, mobile phone codes,
catalog tricks and AT command set- SMS security issues
UNIT - IV (7 Hours)
Digital forensics: Introduction – Evidential potential of digital devices: closed vs. open
systems, evaluating digital evidence potential- Device handling: seizure issues,
device identification, networked devices and contamination-
UNIT - V (8 Hours)
Digital forensics examination principles: Previewing, imaging, continuity, hashing and
evidence locations- Seven element security model- developmental model of digital
systems- audit and logs- Evidence interpretation: Data content and context
REFERENCES
1. Gregory Kipper, “Wireless Crime and Forensic Investigation”, Auerbach
Publications, 2007
2. Iosif I. Androulidakis, “ Mobile phone security and forensics: A practical
approach”, Springer publications, 2012
3. Andrew Hoog, “ Android Forensics: Investigation, Analysis and Mobile Security
for Google Android”, Elsevier publications, 2011
4. Angus M.Marshall, “ Digital forensics: Digital evidence in criminal investigation”,
John – Wiley and Sons, 2008
COURSE
COURSE NAME L T P C
CODE
MOBILE AND WIRELESS SECURITY 3 0 0 3
Total Contact Hours – 45
IS_R2104
Prerequisite
TCP/IP, Principles of Network Security
PURPOSE
The course deals with the security and privacy problems in the realm of wireless
networks and mobile computing. The subject is useful to researchers working in the
fields of mobile and wireless security and privacy and to graduate students seeking
new areas to perform research.
INSTRUCTIONAL OBJECTIVES
1. Gain in-depth knowledge on wireless and mobile network security and its
relation to the new security based protocols.
2. Apply proactive and defensive measures to counter potential threats, attacks
and intrusions.
3. Design secured wireless and mobile networks that optimise accessibility
whilst minimising vulnerability to security risks.
(6 HOURS)
Introduction, RFID Security and privacy, RFID chips Techniques and Protocols, RFID
anti-counterfeiting, Man-in-the-middle attacks on RFID systems, Digital Signature
Transponder, Combining Physics and Cryptography to Enhance Privacy in RFID
Systems, Scalability Issues in Large-Scale Applications, An Efficient and Secure
RFID Security Method with Ownership Transfer, Policy-based Dynamic Privacy
Protection Framework leveraging Globally Mobile RFIDs, User-Centric Security for
RFID based Distributed Systems, Optimizing RFID protocols for Low Information
Leakage, RFID: an anti-counterfeiting tool.
REFERENCES
1. Kia Makki, Peter Reiher, “Mobile and Wireless Network Security and
Privacy “, Springer, ISBN 978-0-387-71057-0, 2007.
2. Siva Ram Murthy.C, Manoj B.S, “Adhoc Wireless Networks Architectures
andBy Yulong Zou, Senior Member IEEE, Jia Zhu, Xianbin Wang, Senior
Member IEEE, and Lajos Hanzo, Fellow IEEE
3. “A Survey on Wireless Security: Technical Challenges, Recent Advances,
and Future Trends” Zou et al.: A Survey on Wireless Security: Technical
Challenges, Recent Advances, and Future Trends
4. Noureddine Boudriga, ”Security of MobileCommunications”,
5. ISBN 9780849379413, 2010.
6. Kitsos, Paris; Zhang, Yan, “RFID Security Techniques, Protocols and
System-On-Chip Design”, ISBN 978-0-387-76481-8, 2008.
7. Johny Cache, Joshua Wright and Vincent Liu,” Hacking Wireless
Exposed:Wireless Security Secrets & Solutions “, second edition, McGraw
Hill, ISBN: 978-0-07-166662-6, 2010.
COURSE
COURSE NAME L T P C
CODE
INTERACTIVE PROGRAMMING WITH PYTHON 2 0 2 3
Total Contact Hours – 60
IS2105
Prerequisite
Web systems and Network security
PURPOSE
This course will help the students to gain mastery over Python scripting and its
application to problems in computer and network security. This course is ideal for
penetration testers, security enthusiasts and network administrators who want to
learn to automate tasks or go beyond just using readymade tools.
INSTRUCTIONAL OBJECTIVES
1. Acquire fundamental knowledge on the concepts of python scripting
2. Understand the system and network security programming
3. Acquire knowledge on developing web servers and clients
4. Understand various exploitation techniques
COURSE
COURSE NAME L T P C
CODE
MALWARE ANALYSIS 2 0 2 3
Total Contact Hours – 60
IS_R2106
Prerequisite
Network Security
PURPOSE
The purpose is to understand the purpose of malware, work with examples of famous
virus and worms.
INSTRUCTIONAL OBJECTIVES
1. To understand the purpose of computer infection program.
2. To implement the covert channel and mechanisms.
3. To test and exploit various malware in open source environment.
4. To analyze and design the famous virus and worms.
REFERENCES
COURSE
COURSE TITLE L T P C
CODE
PENETRATION TESTING & VULNERABILITY 2 0 2 3
ASSESSMENT
IS_R2107 Total Contact Hours – 60
Prerequisite
Network Security
PURPOSE
The purpose is to understand the methodologies and techniques used for penetrating
a machine using tools.
INSTRUCTIONAL OBJECTIVES
1. To identify security vulnerabilities and weaknesses in the target applications.
2. To identify how security controls can be improved to prevent hackers gaining
access to operating systems and networked environments.
3. To test and exploit systems using various tools.
4. To understand the impact of hacking in real time machines.
REFERENCES
1. Kali Linux Wireless Penetration Testing Beginner's Guide by Vivek
Ramachandran, Cameron Buchanan,2015 Packt Publishing
2. SQL Injection Attacks and Defense 1st Edition, by Justin Clarke-Salt, Syngress
Publication
3. Mastering Modern Web Penetration Testing By Prakhar Prasad, October 2016
Packt Publishing.
4. Kali Linux 2: Windows Penetration Testing, By Wolf Halton, Bo Weaver , June
2016 Packt Publishing.
5. Kali Linux Revealed: Mastering the Penetration Testing Distribution – June 5,
2017,by Raphael Hertzog (Author), Jim O'Gorman (Author), Offsec Press
Publisher
COURSE
COURSE NAME L T P C
CODE
COMPUTER AND INFORMATION SECURITY
3 0 0 3
MANAGEMENT
IS2108 Pre-requisite
Knowledge of TCP/IP, Cryptography and
Network security is preferred
PURPOSE
The ubiquity of computers and internet in the life of human beings has enabled chance, motive
and means to do harm. With such endangers in front of us, it becomes necessary security for
security professionals, to learn about how manage computer and information security aspects.
Hence this course provides methods to develop new framework for information security,
overview of security risk assessment and management and security planning in an
organization.
INSTRUCTIONAL OBJECTIVES
1. Understand the myths of information security management and methods to develop new
frameworks for information security.
2. Understand the myths of information security management and methods to develop new
frameworks for information security.
3. Understand the fundamentals of information security risk assessments.
4. Become knowledgeable in the area of security management planning and configuration
management.
REFERENCES
1. Donn Parkers, “Fighting Computer Crime: A New Framework for Protecting
Information”, John Wiley & Sons, 2003.
2. Micki Krause, Harold F.Tripton, “Information Security Management Handbook”,
Auerbach Publications, 2012.
COURSE
COURSE NAME L T P C
CODE
RISK ASSESSMENT & SECURITY AUDIT 3 0 0 3
Total Contact Hours – 45
IS2109
Prerequisite
Nil
PURPOSE
The purpose is to understand the risk assessment while handling and processing information
and implementing security in audit.
INSTRUCTIONAL OBJECTIVES
1. To gain the knowledge about Information Risk.
2. To discovery knowledge in collecting data about organization.
3. To do various analysis on Information Risk Assessment.
4. To understand IT audit and its activities.
UNIT I - INTRODUCTION (9 Hours)
What is Risk? –Information Security Risk Assessment Overview- Drivers, Laws and
Regulations- Risk Assessment Frame work – Practical Approach.
UNIT II - DATA COLLECTION (9 Hours)
The Sponsors- The Project Team- Data Collection Mechanisms- Executive
Interviews- Document Requests- IT Assets Inventories- Profile & Control Survey-
Consolidation.
UNIT III - DATA ANALYSIS (9 Hours)
Compiling Observations- Preparation of catalogs- System Risk Computation- Impact
Analysis Scheme- Final Risk Score.
UNIT IV - RISK ASSESSMENT (9 Hours)
System Risk Analysis- Risk Prioritization- System Specific Risk Treatment- Issue
Registers- Methodology- Result- Risk Registers- Post Mortem.
UNIT V - SECURITY AUDIT PROCESS (9 Hours)
Pre-planning audit- Audit Risk Assessment- Performing Audit- Internal Controls- Audit
Evidence- Audit Testing- Audit Finding- Follow-up activities.
REFERENCES
1. Mark Talabis, “Information Security Risk Assessment Toolkit: Practical
Assessments through Data Collection and Data Analysis”, Kindle Edition. ISBN:
978-1-59749-735-0.
2. David L. Cannon, “CISA Certified Information Systems Auditor Study Guide”,
SYBEX Publication. ISBN: 978-0-470-23152-4.
COURSE
COURSE NAME L T P C
CODE
STORAGE MANAGEMENT & SECURITY 3 0 0 3
Total Contact Hours – 45
IS2110
Prerequisite
Nil
PURPOSE
The purpose is to understand the managing information in storage system and effective
security implementation on platforms.
INSTRUCTIONAL OBJECTIVES
1. To explain the basic information storage and retrieval concepts.
2. To understand the issues those are specific to efficient information retrieval.
3. To design and implement a small to medium size information storage and
Retrieval system.
4. To implement security issues while storing and retrieving information.
UNIT - I (9 Hours)
Storage System- Intro to Information Storage and Management, Storage System
Environment, Data Protection: Raid, Intelligent Storage System.
UNIT - II (9 Hours)
Storage Networking Technologies and Virtualization, Storage Networks, Network
Attached Storage, IP SAN, Content Addressed Storage, Storage Virtualization.
UNIT - III (9 Hours)
Introduction to Business Continuity, Backup and Recovery, Local Replication, Remote
Replication.
UNIT - IV (9 Hours)
Securing the storage Infrastructure, Storage Security Framework, Risk Triad, Storage
Security Domains, Security Implementation in Storage Networking.
UNIT - V (9 Hours)
Managing the Storage Infrastructure, Monitoring the Storage Infrastructure, Storage
Management Activities, Developing an Ideal Solution, Concepts in Practice,
REFERENCES
1. Information Storage and Management: Storing, Managing, and Protecting Digital
1. Information, EMC Corporation
2. John Chirillo, Scott Blaul, “Storage Security: Protecting SAN, NAS and DAS”,
Wiley Publishers, 2003
3. David Alexander, Amanda French, David Sutton,” Information Security
Management Principles” The British Computer Society, 2008
COURSE
COURSE NAME L T P C
CODE
CLOUD ARCHITECTURES AND SECURITY 2 0 2 3
Total Contact Hours – 60 (Theory – 30, Practical –
30)
IS2111
Pre-requisite
Knowledge of TCP/IP, Cryptography and Network
security is preferred
PURPOSE
Cloud computing has drawn the attention of many business organization and normal users of
computers in the recent past. Security aspects of cloud computing have always been subjected
to many criticisms. Hence it becomes important for any security professional to possess an
understanding of the cloud architecture and methods to secure the same. The aforementioned
fact evident the need for the course.
INSTRUCTIONAL OBJECTIVES
1. Understand the fundamentals of cloud computing.
UNIT - I (4 Hours)
Cloud Computing Fundamental: Cloud Computing definition, private, public and
hybrid cloud. Cloud types; IaaS, PaaS, SaaS. Benefits and challenges of cloud
computing, public vs private clouds, role of virtualization in enabling the cloud;
Business Agility: Benefits and challenges to Cloud architecture.
UNIT - II (6 Hours)
Cloud Applications: Technologies and the processes required when deploying web
services-Deploying a web service from inside and outside a cloud architecture,
advantages and disadvantages- Development environments for service development;
Amazon, Azure, Google App.
UNIT - III (5 Hours)
Security Concepts: Confidentiality, privacy, integrity, authentication, non-
repudiation, availability, access control, defence in depth, least privilege- how these
concepts apply in the cloud and their importance in PaaS, IaaS and SaaS. e.g. User
authentication in the cloud;
UNIT - IV (7 Hours)
Multi-tenancy Issues: Isolation of users/VMs from each other- How the cloud provider
can provide this- Virtualization System Security Issues: e.g. ESX and ESXi Security,
ESX file system security- storage considerations, backup and recovery- Virtualization
System Vulnerabilities
UNIT - V (8 Hours)
Security management in the cloud – security management standards- SaaS, PaaS,
IaaS availability management- access control- Data security and storage in cloud
REFERENCES
1. GautamShroff, Enterprise Cloud Computing Technology Architecture
Applications [ISBN: 978-0521137355]
2. Toby Velte, Anthony Velte, Robert Elsenpeter, Cloud Computing, A Practical
Approach [ISBN: 0071626948]
3. Tim Mather, SubraKumaraswamy, ShahedLatif, Cloud Security and Privacy: An
Enterprise Perspective on Risks and Compliance [ISBN: 0596802765]
4. Ronald L. Krutz, Russell Dean Vines, Cloud Security [ISBN: 0470589876]
COURSE
COURSE NAME L T P C
CODE
Cyber Law 3 0 0 3
Total contact hours – 45
IS2112
Prerequisite
Nil
PURPOSE
The purpose is to understand the basics of cyber law and its related issues.
INSTRUCTIONAL OBJECTIVES
1. To explain the basic information on cyber security.
2. To understand the issues those are specific to amendment rights.
3. To have knowledge on copy right issues of software’s.
4. To understand ethical laws of computer for different countries.
UNIT - I (9 Hours)
Introduction-Cyber Security and its problem-Intervention Strategies: Redundancy,
Diversity and Autarchy.
UNIT - II (9 Hours)
Private ordering solutions, Regulation and Jurisdiction for global Cyber security, Copy
Right-source of risks, Pirates, Internet Infringement, Fair Use, postings, criminal
liability, First Amendments, Data Losing.
UNIT - IV (9 Hours)
Duty of Care, Criminal Liability, Procedural issues, Electronic Contracts & Digital
Signatures, Misappropriation of information, Civil Rights, Tax, Evidence.
UNIT - V (9 Hours)
Ethics, Legal Developments, Late 1990 to 2000, Cyber security in Society, Security in
cyber laws case studies, General law and Cyber Law-a Swift Analysis.
REFERENCES
1. Jonathan Rosenoer,“Cyber Law: The law of the Internet”, Springer-Verlag, 1997
2. Mark F Grady, FransescoParisi, “The Law and Economics of Cyber Security”,
Cambridge University Press, 2006
SEMESTER I
COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - I
CAC2001 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To enhance holistic development of students and improve their employability skills.
INSTRUCTIONAL OBJECTIVES
1 To improve aptitude, problem solving skills and reasoning ability of the student.
2 To collectively solve problems in teams & group.
3 Understand the importance of verbal and written communication in the
workplace
4 Understand the significance of oral presentations, and when they may be used.
5 Practice verbal communication by making a technical presentation to the class
6 Develop time management Skills
UNIT II-ARITHMETIC – I
Percentages, Profit & Loss, Equations
UNIT III-REASONING - I
Logical Reasoning
REFERENCES
1. Quantitative Aptitude by Dinesh Khattar – Pearsons Publicaitons
2. Quantitative Aptitude and Reasoning by RV Praveen – EEE Publications
3. Quantitative Aptitude by Abijith Guha – TATA Mc GRAW Hill Publications
4. Soft Skills for Everyone by Jeff Butterfield – Cengage Learning India Private
Limited
5. Six Thinking Hats is a book by Edward de Bono - Little Brown and Company
6. IBPS PO - CWE Success Master by Arihant - Arihant Publications(I) Pvt.Ltd –
Meerut
SEMESTER II
COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - II
CAC2001 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To enhance holistic development of students and improve their employability skills.
INSTRUCTIONAL OBJECTIVES
1 To improve aptitude, problem solving skills and reasoning ability of the student.
2 To collectively solve problems in teams & group.
3 Understand the importance of verbal and written communication in the
workplace
4 Understand the significance of oral presentations, and when they may be used.
5 Understand the fundamentals of listening and how one can present in a group
discussion
6 Prepare or update resume according to the tips presented in class.
UNIT - I- ARITHMETIC – II
Ratios & Proportions, Mixtures & Solutions
UNIT - IV – COMMUNICATION - I
Group discussion, Personal interview
UNIT - V - COMMUNICATION - II
Verbal Reasoning test papers
ASSESSMENT
Communication (Internal)
Individuals are put through formal GD and personal interviews.
Comprehensive assessment of individuals’ performance in GD & PI will be
carried out.
REFERENCES
1. Quantitative Aptitude by Dinesh Khattar – Pearsons Publicaitons
2. Quantitative Aptitude and Reasoning by RV Praveen – EEE Publications
3. Quantitative Aptitude by Abijith Guha – TATA Mc GRAW Hill Publications
4. General English for Competitive Examination by A.P. Bharadwaj – Pearson
Educaiton
5. English for Competitive Examination by Showick Thorpe - Pearson Educaiton
6. IBPS PO - CWE Success Master by Arihant - Arihant Publications(I) Pvt.Ltd -
Meerut
7. Verbal Ability for CAT by Sujith Kumar - Pearson India
8. Verbal Ability & Reading Comprehension by Arun Sharma - Tata McGraw - Hill
Education
SEMESTER III
COURSE L T P C
COURSE NAME
CODE
CARRET ADVANCEMENT COURSE FOR 1 0 1 1
ENGINEERS - III
CAC2003 Total contact hours – 30
Prerequisite
NIL
PURPOSE
To develop professional skills abreast with contemporary teaching learning
methodologies.
INSTRUCTIONAL OBJECTIVES
1 Acquire knowledge on planning, preparing and designing a learning program
2 Prepare effective learning resources for active practice sessions
3 Facilitate active learning with new methodologies and approaches
4 Create balanced assessment tools
5 Hone teaching skills for further enrichment
REFERENCES
1. Cambridge International Diploma for Teachers and Trainers Text book by Ian
Barker - Foundation books
2. Whitehead, Creating a Living Educational Theory from Questions of the kind:
How do I improve my Practice? Cambridge J. of Education
Android Security Design and Internals L T P C
Total Contact Hours 3 0 2 4
IS2113
Prerequisite
NIL
PURPOSE
The purpose is to understand the working of Android and learning about its
architecture and security related issues
INSTRUCTIONAL OBJECTIVES
1 To study about the basic architecture of Android and its features
2 To learn the various natures of permission in Android Platform
3 To implement a simple Android APK following Secure coding principles
4 To understand and implement the various services provided through Android
platform
5 To build and secure custom Android ROM.