MC4205 Cyber Security Syllabus:

MC4205 Cyber Security Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To learn the principles of cyber security and to identify threats and risks.
 To learn how to secure physical assets and develop system security controls.
 To understand how to apply security for Business applications and Network Communications.
 To learn the technical means to achieve security.
 To learn to monitor and audit security measures.

UNIT I PLANNING FOR CYBER SECURITY

Best Practices-Standards and a plan of Action-Security Governance Principles, components and Approach-Information Risk Management-Asset Identification-Threat Identification-Vulnerability Identification-Risk Assessment Approaches-Likelihood and Impact Assessment-Risk Determination, Evaluation and Treatment-Security Management Function-Security Policy-Acceptable Use Policy Security Management Best Practices – Security Models: Bell La Padula model, Biba Integrity Model – Chinese Wall model

UNIT II SECURITY CONTROLS

People Management-Human Resource Security-Security Awareness and Education-Information Management- Information Classification and handling-Privacy-Documents and Record Management Physical Asset Management-Office Equipment-Industrial Control Systems-Mobile Device Security System Development-Incorporating Security into SDLC – Disaster management and Incident response planning.

UNIT III CYBER SECURITY FOR BUSINESS APPLICATIONS AND NETWORKS

Business Application Management-Corporate Business Application Security-End user Developed Applications-System Access- Authentication Mechanisms-Access Control-System Management Virtual Servers-Network Storage Systems-Network Management Concepts-Firewall-IP Security Electronic Communications – Case study on OWASP vulnerabilities using OWASP ZAP tool.

UNIT IV TECHNICAL SECURITY

Supply Chain Management-Cloud Security-Security Architecture-Malware Protection-Intrusion Detection-Digital Rights Management-Cryptographic Techniques-Threat and Incident Management Vulnerability Management-Security Event Management-Forensic Investigations-Local Environment Management-Business Continuity.

UNIT V SECURITY ASSESSMENT

Security Monitoring and Improvement-Security Audit-Security Performance-Information Risk Reporting-Information Security Compliance Monitoring-Security Monitoring and Improvement Best Practices.

SUGGESTED ACTIVITIES:

1. Discuss and debate information security policies that a privacy focused social media company should comply with.
2. Discuss data privacy policies implemented in various countries.
3. Demonstrate how ADB (Android debug bridge) is being used for malicious purposes.
4. Demonstrate how to troubleshoot networks and analyze packets using tools like WireShark.
5. Discuss the control challenges in virtual networks over cloud environments.
Discuss the common security flaws present in web applications and demonstrate how they can identified using tools like ACUNETIX (or similar tools)
 OWASP ZAP : https://owasp.org/www-project-zap/
 ACUNETIX: https://www.acunetix.com/
 WireShark: https://www.wireshark.org/
 ADB: https://developer.android.com/studio/command-line/adb

COURSE OUTCOMES:

On completion of the course, the student will be able to
CO1: Develop a set of risk and security requirements to ensure that there are no gaps in an organization’s security practices.
CO2: Achieve management, operational and technical means for effective cyber security.
CO3: Audit and monitor the performance of cyber security controls.
CO4: Spot gaps in the system and devise improvements.
CO5: Identify and report vulnerabilities in the system

TOTAL: 45 PERIODS

REFERENCES

1. William Stallings, “Effective Cyber Security – A guide to using Best Practices and Standards”, Addison-Wesley Professional, First Edition, 2019.
2. Adam Shostack, “Threat Modelling – Designing for Security”, Wiley Publications, First Edition, 2014.
3. Gregory J. Touhill and C. Joseph Touhill, “Cyber Security for Executives – A Practical Guide”, Wiley Publications, First Edition, 2014.
4. Raef Meeuwisse, “Cyber Security for Beginners”, Second Edition, Cyber Simplicity Ltd, 2017.
5. Patrick Engebretson, “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”, 2nd Edition, Syngress, 2013.
6. Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies, “Security in Computing”, Fifth Edition, Prentice Hall, 2015.