Information Security


🏫 University
📆 2024–2024
👨‍🎓 110

Introduction

Welcome to our information security course! Over the next fifteen weeks, we’ll explore the world of information security together, covering a range of topics essential for understanding this field. In today’s interconnected world, computers play a central role in our lives. But with that reliance comes the need for trust. Think of security as akin to building a dam: there’s the technical side—the construction—and the cultural aspect—filling it with water. Similarly, security involves both technical components (software, hardware, firmware) and cultural aspects (user behavior, organizational discipline).

Our course is structured to provide a holistic understanding of information security, encompassing both technical and cultural aspects. We’ll begin by laying the foundation with fundamental concepts, gradually progressing to more advanced topics. Each module will consist of engaging lectures, interactive discussions, practical exercises, and hands-on labs to enhance your learning experience. Additionally, supplementary materials and resources will be provided to further enrich your understanding of the subject matter.

Course Abstract

The course is intended to address the basics of Information Security Concepts and the general industry trends. We will be covering the following topics:

  1. What is Information Security? Why do you need it?
    • Basic Principles of Confidentiality, Integrity, Availability
    • Concepts Policies, procedures, Guidelines, Standards
    • Administrative Measures and Technical Measures
    • People, Processes, Technology
  2. Current Trends in Information Security, Cloud Computing: benefits and Issues related to info Sec.
    • Standards available for InfoSec: Cobit, Cadbury, ISO 27001, OWASP, OSSTMM, etc - An Overview
    • Certifiable Standards: How, What, When, Who.
  3. Vulnerability, Threat and Risk, Risk Assessment and Mitigation + Quick fixes
    • Introduction to BCP / DRP / Incident Management
    • Segregation and Separation of Duties & Roles and responsibilities
    • IT ACT 2000
  4. Types of assessments for Information Security
    • VAPT of Networks; Web Appln Audits; IT assessments or audits; Assessment of Network equipment
    • Assessment of Security Devices (Web Filtering, Firewalls, IDS / IPS, Routers; Data Center Assessment
    • Security of Application Software; SAP Security; Desktop Security; RDBMS Security; BCP / DRP assessments; Policy reviews

  5. Network Security & Common and Popular Tools Used

  6. Windows and Linux security
    • Types of Audits in Windows Environment: Server Security, Active Directory (Group Policy), Anti-Virus, Mails, Malware
    • Endpoint protection, Shadow Passwords, SUDO users, etc
  7. Web Application Security: OWASP
    • Common Issues in Web Apps
    • What is XSS, SQL injection, CSRF, Password Vulnerabilities, SSL, CAPTCHA, Session Hijacking
    • Local and Remote File Inclusion, Audit Trails, Web Server Issues, etc

My role

  • 2024–: Instructor.

Course Learning Objectives

Welcome to the Information Security Fundamentals course! Throughout this program, you’ll dive into the core principles of Information Security and develop practical skills to secure digital assets effectively. By the end of this course, you will be able to:

  • Objective 1. Understand the essential concepts of Information Security, including its significance and basic principles like Confidentiality, Integrity, and Availability (CIA).
  • Objective 2. Explore common threats, vulnerabilities, and risks in information systems, and learn how to assess, mitigate, and manage them effectively.
  • Objective 3. Gain proficiency in network security fundamentals, including identifying and implementing security measures to safeguard networks against unauthorized access and attacks.
  • Objective 4. Develop practical skills in securing operating systems such as Windows and Linux, including audits, server security, and endpoint protection.
  • Objective 5. Acquire knowledge of Web Application Security principles, including common vulnerabilities and methods to secure web servers against attacks like XSS, SQL injection, and CSRF.

With a strong foundation in Information Security principles and hands-on experience with practical techniques, you’ll be well-equipped to navigate the complex landscape of cybersecurity and protect critical digital assets effectively.

Course setup

The course is structured over fifteen weeks, comprising lectures, practical exercises, and hands-on modules. Each week, students will attend lectures conducted by the instructor, Azhar Ghafoor, covering various topics essential for understanding information security. Lecture materials, including slide decks and reference materials, will be provided to students for their reference. Additionally, practical exercises and hands-on modules will be conducted to reinforce theoretical concepts and provide students with real-world application scenarios. Course rules are established to encourage active participation, including asking questions, engaging in discussions, and maintaining focus during lectures.

Grading

Student evaluation will be based on various components, including: - Participation: Active participation in lectures, discussions, and practical exercises. - Assignments: Completion and submission of assigned tasks, including practical exercises and assessments. - Examinations: Performance in midterm and final examinations assessing understanding of course content. - Project: Completion and presentation of a course project demonstrating practical application of information security concepts. Grading criteria for each component will be outlined in the course syllabus provided to students at the beginning of the term.