BC4016 Security Assessment and Risk Analysis Syllabus:

BC4016 Security Assessment and Risk Analysis Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 Describe the concepts of risk management
 Define and differentiate various Contingency Planning components
 Integrate the IRP, DRP, and BCP plans into a coherent strategy to support sustained organizational operations.
 Define and be able to discuss incident response options, and design an Incident Response Plan for sustained organizational operations.

UNIT I SECURITY BASICS

Information Security Overview: critical information characteristics – availability information states – processing security Countermeasures- education, training and awareness, critical information characteristics -confidentiality – critical information characteristics – integrity, information states – storage, information states – transmission, security countermeasures-policy, procedures and practices, threats, vulnerabilities.

UNIT II THREATS AND VULNERABILITIES OF SYSTEMS & RISK MANAGEMENT

Threats and Vulnerabilities of Systems: Major categories of threats, threat impact areas, Countermeasures: assessments, Concepts of Risk Management: consequences, cost/benefit analysis of controls, implementation of cost-effective controls, monitoring the efficiency and effectiveness of controls , threat and vulnerability assessment.

UNIT III SECURITY PLANNING

Security Planning: directives and procedures for policy mechanism, Risk Management: acceptance of risk corrective actions information identification, risk analysis and/or vulnerability assessment components, risk analysis results evaluation, roles and responsibilities, Contingency Planning/Disaster Recovery: agency response procedures and continuity of operations, contingency plan components, determination of backup requirements, development of plans for recovery actions after a disruptive event, development of procedures for off-site processing, emergency destruction procedures, guidelines for determining critical and essential workload, team member responsibilities in responding to an emergency situation

UNIT IV PHYSICAL SECURITY MEASURES, PRACTICES AND PROCEDURES

Physical Security Measures: alarms, building construction, cabling, communications centre, environmental controls, filtered power, physical access control systems. Security Practices and Procedures: access authorization/verification, contractors, employee clearances, position sensitivity, security training and awareness, systems maintenance personnel, Administrative Security Procedural Controls: attribution, copyright protection and licensing, Auditing and Monitoring: conducting security reviews, effectiveness of security programs, investigation of security breaches, privacy review of accountability controls, review of audit trails and logs.

UNIT V OPERATIONS SECURITY

Operations Security (OPSEC): OPSEC surveys/OPSEC planning INFOSEC: computer security – audit, cryptography-encryption – Cryptography-strength – Case study of threat and vulnerability assessment

TOTAL: 45 PERIODS

PRACTICALS:

1. To audit the C/ C++ / Python code using RATS code checking tool.
2. Implement Flawfinder stand-alone script to check for calls to know potentially vulnerable library function calls.
3. Implement FindBugs standalone GUI application, or Eclipse plugin for loading custom rules set.
4. Implement pychecker stand-alone script to find bugs in the code.
5. Installation of splunk and study basic working as to stores data in its index and therefore separate database required
6. Implement splunk to discovers useful information automatically without searching manually
7. Implement splunk to converts log data into Visual graphs and reports to simplify analysis, reporting and troubleshooting
8. Assess and submit a report on cyber security risk assessment for SCADA and DCS networks.

TOTAL: 30 PERIODS

TOTAL:45+30=75 PERIODS

COURSE OUTCOMES:

After the completion of this course, student will be able to
CO1: Recommend contingency strategies including data backup and recovery and alternate site selection for business resumption planning.
CO2: Describe the escalation process from incident to disaster in case of security disaster.
CO3: Design a Disaster Recovery Plan for sustained organizational operations.
CO4: Design a Business Continuity Plan for sustained organizational operations.
CO5: Explain the concept of Operations Security and assessment of threat and vulnerability.

REFERENCES

1. Michael Whitman and Herbert Mattord, “Principles of Incident Response and Disaster Recovery”, Thomson Course Technology, 2007, ISBN: 141883663X
2. http://www.cnss.gov/Assets/pdf/nstissi_4011.pdf
3. Atle Refsdal, Bj rnar Solhaug, Ketil St len.Cyber-Risk Management, Springer, 2015
4. Martin Weiss; Michael G. Solomon, “Auditing IT Infrastructures for Compliance”, Second Edition, Jones & Bartlett Learning, 2016, ISBN: 9781284090703
5. Mark Talabis and Jason Martin, “Information Security Risk Assessment Toolkit”, 1st Edition, Syngres /Elsevier, 2012, ISBN: 9781597497350

Related posts:

  1. PS4001 Power System State Estimation and Security Assessment Syllabus
  2. EV4004 Environmental Impact Assessment Syllabus
  3. OCE434 Environmental Impact Assessment Syllabus
  4. OCE751 Environmental and Social Impact Assessment Syllabus
  5. CE8010 Environmental and Social Impact Assessment Syllabus
  6. IS4312 Industrial Safety Assessment – Internship Syllabus
  7. CN4012 Environmental Impact Assessment for Construction Engineers Syllabus
  8. IM4006 Environmental Impact Assessment for Infrastructure Projects Syllabus
  9. EC3401 Networks and Security Syllabus
  10. CP4391 Security Practices Syllabus
  11. NE4251 Network Security Syllabus
  12. MU4252 Media Security Syllabus
  13. MC4205 Cyber Security Syllabus
  14. BC4004 Biometric Security Syllabus
  15. BC4006 Cloud Security Syllabus
  16. BC4007 Firewall and VPN Security Syllabus
  17. ET4012 Embedded Systems Security Syllabus
  18. IF4301 Information and Network Security Syllabus
  19. NE4261 Network Security Laboratory Syllabus
  20. EL4004 Cryptography and Network Security Syllabus