CS205 : Information Security

I like this Course

Course Info

Course Category

Computer Science/Information Technology

Course Level

Undergraduate

Credit Hours

3

Pre-requisites

CS101

Instructor

NAHIL MAHMOOD

Course Contents

WHAT IS INFORMATION SECURITY ? WHY IS INFORMATION SECURITY NEEDED ? WHO IS INFORMATION SECURITY FOR ? HOW IS INFORMATION SECURITY IMPLEMENTED ? WHO ARE THE PLAYERS IN INFORMATION SECURITY ? WHAT ARE THE FOUR LAYERS OF INFORMATION SECURITY TRANSFORMATION FRAMEWORK ? WHAT IS INFORMATION SECURITY HARDENING ? WHAT IS INFORMATION SECURITY GOVERNANCE ? WHAT IS THE DIFFERENCE BETWEEN AN INFORMATION SECURITY POLICY, SOP, AND GUIDELINE ? WHAT IS AN INFORMATION SECURITY PROGRAM ? WHAT IS THE ROLE OF PEOPLE, PROCESS, AND TECHNOLOGY IN INFORMATION SECURITY ? WHAT IS THE ROLE OF AN INFORMATION SECURITY MANAGER ? WHAT IS INFORMATION SECURITY AWARENESS ? WHAT ARE THE LEADING INFORMATION SECURITY STANDARDS, AND FRAMEWORKS ? WHAT IS INFORMATION SECURITY RISK ? WHAT DOES THE INFORMATION SECURITY LIFECYCLE LOOK LIKE ? WHAT IS MANAGEMENT COMMITMENT ? WHOSE RESPONSIBILITY IS IMPLEMENTATION OF INFORMATION SECURITY ? WHAT CAN HAPPEN IF INFORMATION SECURITY IS NOT IMPLEMENTED (CYBER SECURITY BREACHES)? WHAT ARE THE CHALLENGES OF INFORMATION SECURITY IMPLEMENTATION ? WHAT IS THE ROLE OF A REGULATOR ? WHAT IS THE STATUS OF INFORMATION SECURITY IN PAKISTAN ? WHAT IS THE SOLUTION FOR IMPROVEMENT OF INFORMATION SECURITY IN PAKISTAN ? WHAT DOES THE TYPICAL ENTERPRISE IT NETWORK LOOK LIKE ? WHAT ARE THE MAJOR COMPONENTS OF THE ENTERPRISE IT NETWORK ? WHAT IS THE OSI SECURITY ARCHITECTURE ? THE NEW FRONTIERS OF ENTERPRISE IT: CLOUD, MOBILE, SOCIAL, IOT VIRTUALIZATION AND ENTERPRISE SECURITY CASE STUDY OF ENTERPRISE - SMALL ORGANIZATION CASE STUDY OF ENTERPRISE - MEDIUM SIZED ORGANIZATION CASE STUDY OF ENTERPRISE - LARGE SIZED ORGANIZATION WHAT IS THE TYPICAL STRUCTURE OF AN IT TEAM ? WHAT ARE THE OBJECTIVES AND KPIs OF A CIO AND IT TEAM ? HOW DO THE IT TEAM INTERACT WITH OTHER STAKEHOLDERS IN THE ORGANIZATION ? SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - I (COMPONENTS) SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - II (TRAFFIC FLOWS) SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - III (GENERAL SECURITY DESIGN) WHAT IS HIGH AVAILABILITY (HA) ? HIGH AVAILABILITY DESIGN HOW IS SITE REDUNDANCY INCORPORATED INTO ENTERPRISE NETWORK DESIGN ? HIGH AVAILABILITY AND REDUNDANCY CASE STUDY BACKUP STRATEGIES WHAT IS THE ROLE OF SECURITY TOOLS IN SECURING THE ENTERPRISE ARCHITECTURE ? TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 1 TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 2 WHAT DOES THE TERM "BOX SECURITY" MEAN ? WHAT IS THE BEST APPROACH TO SECURE THE IT ENTERPRISE ARCHITECTURE ? WHAT IS DISASTER RECOVERY (DR) ? WHAT IS BUSINESS CONTINUITY ? HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 1? HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 2? WHAT IS THE ROLE OF AN IT ASSET IN SECURING THE ORGANIZATION ? HOW TO DETERMINE SECURITY POSTURE OF AN ORGANIZATION ? HOW DO YOU DRIVE A SUCCESSFUL INFORMATION SECURITY TRANSFORMATION ? DIFFERENCE BETWEEN SECURITY HARDENING & PATCHING SECURITY HARDENING STRATEGY PREREQUISITES FOR THE SECURITY HARDENING PROGRAM WHO WILL CONDUCT THE SECURITY HARDENING ? WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 1) WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 2) WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 3) A LOOK AT CIS SECURITY BENCHMARKS-PART 1 A LOOK AT CIS SECURITY BENCHMARKS-PART 2 A LOOK AT CIS SECURITY BENCHMARKS-PART 3 A LOOK AT CIS SECURITY BENCHMARKS-PART 4 A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 1 A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 2 A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 3 A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 4 COMPARISON OF CIS SECURITY BENCHMARKS VERSUS DISA STIGS CASE STUDY - SECURITY HARDENING - WINDOWS SERVER 2012 R2 CASE STUDY - SECURITY HARDENING - LINUX SERVER CASE STUDY - SECURITY HARDENING - SOLARIS SERVER CASE STUDY - SECURITY HARDENING - APACHE SERVER CASE STUDY - SECURITY HARDENING - ORACLE SOLARIS SERVER CASE STUDY - SECURITY HARDENING - MS SQL SERVER CASE STUDY - SECURITY HARDENING - ORACLE DB SERVER CASE STUDY SECURITY HARDENING - WINDOWS 8 WORKSTATION CASE STUDY SECURITY HARDENING - WINDOWS 10 WORKSTATION CASE STUDY SECURITY HARDENING - MS EXCHANGE CASE STUDY SECURITY HARDENING ACTIVE DIRECTORY (AD) CASE STUDY SECURITY HARDENING - MS INTERNET EXPLORER BROWSER CASE STUDY SECURITY HARDENING - GOOGLE BROWSER CASE STUDY SECURITY HARDENING - MOZILLA FIREFOX CASE STUDY SECURITY HARDENING - NETWORK FW CASE STUDY SECURITY HARDENING - NETWORK SWITCHES LAYER 2 CASE STUDY SECURITY HARDENING - NETWORK ROUTERS CASE STUDY SECURITY HARDENING - NETWORK WLAN CONTROLLER CASE STUDY SECURITY HARDENING - NETWORK LAYER 3 SWITCH CASE STUDY SECURITY HARDENING - VMWARE CASE STUDY SECURITY HARDENING - CLOUD - AMAZON WEB SERVICES SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-1 SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-2 SECURITY HARDENING OF SOFTWARE APPLICATIONS - INTRODUCTION CASE STUDY SECURITY HARDENING - ASP.NET VERSION 4 CASE STUDY SECURITY HARDENING - PHP VERSION X CASE STUDY SECURITY HARDENING - ASP.NET MVC FRAMEWORK CASE STUDY SECURITY HARDENING SHAREPOINT APPLICATIONS CASE STUDY SECURITY HARDENING - C APPLICATIONS CASE STUDY SECURITY HARDENING - C++ APPLICATIONS CASE STUDY SECURITY HARDENING - JAVA APPLICATIONS CASE STUDY SECURITY HARDENING PERL APPLICATIONS CASE STUDY SECURITY HARDENING - MOBILE DEVICES - ANDROID CASE STUDY SECURITY HARDENING - MOBILE DEVICES - IOS SECURITY HARDENING OF ASTERISK VOIP - PART 1 SECURITY HARDENING OF ASTERISK VOIP - PART 2 VERSION CONTROL FOR IT ASSETS SOFTWARE VERSION CONTROL BEST PRACTICES SECURITY HARDENING - SECURE SOFTWARE IMAGES MANUAL AND AUTOMATED WORK IN SECURITY HARDENING QUALYS DEMO - SECURITY HARDENING QUALYS DEMO - SECURITY HARDENING II SECURITY HARDENING LIFECYCLE - MAINTAINING AN INTEGRATED AND CURRENT PROGRAM HOW TO SECURITY HARDEN IT ASSETS FOR WHICH BENCHMARK OR STIG IS NOT AVAILABLE ? QUALYS POLICY LIBRARIES SECURITY HARDENING FOR OUTSOURCED IT ASSETS WHAT IS VULNERABILITY MANAGEMENT (VM) ? WHAT ARE THE STEPS IN A VULNERABILITY MANAGEMENT LIFECYCLE ? WHY IS SOFTWARE INSECURE ? WHY IS A VULNERABILITY MANAGEMENT PROGRAM REQUIRED ? WHAT IS CVE, AND VULNERABILITY BULLETIN ? WHAT IS AN EXPLOIT ? IMPORTANCE OF AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM AT STAGE 2 CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 1) CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 2) BEST PRACTICES FOR APPLYING SECURITY PATCHES WHO CONDUCTS THE VULNERABILITY MANAGEMENT ? VULNERABILITY SCANNING TOOLS - NESSUS FEATURES VULNERABILITY SCANNING TOOLS - QUALYS FEATURES CASE STUDY - NESSUS DEMO - PART 1 CASE STUDY - NESSUS DEMO - PART 2 CASE STUDY - NESSUS DEMO - PART 3 CASE STUDY - QUALYS DEMO - PART 1 CASE STUDY - QUALYS DEMO - PART 2 CASE STUDY - QUALYS DEMO - PART 3 HOW DO VULNERABILITY MANAGEMENT SCANNERS WORK ? QUALYS WEB APPLICATION SCANNING QUALYS ADDITIONAL FEATURES OPENVAS OPEN SOURCE VULNERABILITY SCANNER SUGGESTED FREQUENCY FOR THE VULNERABILITY MANAGEMENT PROGRAM POTENTIAL CHALLENGES AND PITFALLS IN THE VULNERABILITY MANAGEMENT PROGRAM ASSET MANAGEMENT - MAINTAINING THE ENTERPRISE ASSETS - CHALLENGES ASSET MANAGEMENT THROUGH QUALYS ASSET MANAGEMENT TOOLS FOR SECURITY FUNCTIONS WHAT IS SECURITY ENGINEERING ? WHAT IS THE OBJECTIVE OF SECURITY ENGINEERING ? WHOSE RESPONSIBILITY IS SECURITY ENGINEERING ? CIS 20 CRITICAL SECURITY CONTROLS CSC1: INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES CSC2: INVENTORY OF AUTHORIZED AND UNAUTHORIZED SOFTWARE CSC3-I: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE CSC3-II: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE CSC4-I: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION CSC4-II: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION CSC5-I: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES CSC5-II: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES CSC6-I: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS CSC6-II: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS CSC7-I: EMAIL AND WEB BROWSER PROTECTIONS CSC7-II: EMAIL AND WEB BROWSER PROTECTIONS CSC8-I: MALWARE DEFENSES CSC8-II: MALWARE DEFENSES CIS CONTROL 9: Limitation and Control of Network Ports, Protocols, and Services CIS Control 10: Data Recovery Capabilities CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES-II CIS CONTROL 12: BOUNDARY DEFENSE-I CIS CONTROL 12: BOUNDARY DEFENSE-II CIS CONTROL 12: BOUNDARY DEFENSE-III CIS CONTROL 13: DATA PROTECTION-I CIS CONTROL 13: DATA PROTECTION-II CIS CONTROL 13: DATA PROTECTION-III CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-I CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-II CIS CONTROL 15: WIRELESS ACCESS CONTROL-I CIS CONTROL 15: WIRELESS ACCESS CONTROL-II CIS CONTROL 15: WIRELESS ACCESS CONTROL-III CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-I CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-II CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-III CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-I CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-II CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-I CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-II CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-III CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-I CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-II CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-I CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-II WHAT IS IT GOVERNANCE ? WHAT IS INFORMATION SECURITY GOVERNANCE ? WHY INFORMATION SECURITY GOVERNANCE IS AT STAGE 4 OF THE SECURITY TRANSFORMATION ? CAN INFORMATION SECURITY GOVERNANCE BE IMPLEMENTED SOONER THAN STAGE 4 ? ANOTHER LOOK AT PAKISTAN'S INFORMATION SECURITY POSTURE AND CHALLENGES WHAT ARE THE INFORMATION SECURITY GOVERNANCE BUILDING BLOCKS ? WHOSE RESPONSIBILITY IS INFORMATION SECURITY GOVERNANCE ? HOW IS INFORMATION SECURITY GOVERNANCE IMPLEMENTED ? HOW CAN YOU BUILD AN EFFECTIVE INFORMATION SECURITY GOVERNANCE PROGRAM ? WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (LARGE ORGANIZATION) WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (MID-SIZED ORGANIZATION) WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (SMALL ORGANIZATION) ROLE OF THE CISO IN DRIVING THE INFOSEC PROGRAM WHAT ARE KEY INHIBITORS WHICH WILL LEAD TO FAILURE OF THE INFORMATION SECURITY PROGRAM ? INFORMATION SECURITY STRATEGY FOR SMALLER ORGANIZATIONS COMMON CHALLENGES WITH SECURITY GOVERNANCE DOCUMENTATION SECURITY DOCUMENTATION: POLICIES SECURITY DOCUMENTATION: STANDARDS SECURITY DOCUMENTATION: PROCEDURES SECURITY DOCUMENTATION: GUIDELINES HOW TO DEVELOP EFFECTIVE SECURITY POLICIES & DOCUMENTS WORLD'S LEADING INFORMATION SECURITY GOVERNANCE FRAMEWORK - ISO27001:2013 (ISMS) THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 4-6 THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 7-10 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 1 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 2 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 3 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 4 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 5 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 6 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 7 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 8 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 9 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 10 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 11 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 12 THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 13 HOW TO USE ISO27002:2013 OTHER INFORMATION SECURITY FRAMEWORKS: PCI DSS V3 OTHER INFORMATION SECURITY FRAMEWORKS: SANS TOP 20 CRITICAL SECURITY CONTROLS OTHER INFORMATION SECURITY FRAMEWORKS: NIST OTHER IT GOVERNANCE FRAMEWORKS: COBIT OTHER IT GOVERNANCE FRAMEWORKS: CMMI ISO31000:2018 - RISK MANAGEMENT - AN INTRODUCTION ISO31000:2018 - RISK MANAGEMENT - 8 PRINCIPLES ISO31000:2018 - RISK MANAGEMENT - FRAMEWORK ISO31000:2018 - RISK MANAGEMENT - PROCESS ISO31000:2018 - RISK MANAGEMENT - HOW TO IMPLEMENT INCIDENT MANAGEMENT-I INCIDENT MANAGEMENT-II CHANGE MANAGEMENT-I CHANGE MANAGEMENT-II CHANGE MANAGEMENT-III PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 1 (IMPORTANCE) PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 2 (STRUCTURE) PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 3 (REPORTING) PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 4 (LEADERSHIP) CAPACITY MANAGEMENT - PART 1 CAPACITY MANAGEMENT - PART 2 RISK MANAGEMENT & INTERNAL AUDIT-I RISK MANAGEMENT & INTERNAL AUDIT-II MANAGEMENT REVIEW HUMAN RESOURCE SECURITY CIRCULAR NO. 5, 2017, SBP, TECHNOLOGY GOVERNANCE FRAMEWORK CYBER SECURITY MATURITY MATRIX (CSMM) - OVERVIEW CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 1: FOUNDATION CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 2: FUNDAMENTALS CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 3: HARDENED CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 4: PROTECTED CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 5: MONITORED CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 6: SECURED ANOTHER LOOK AT THE INFORMATION SECURITY LIFECYCLE WHAT IS SECURITY VALIDATION ? HOW IS SECURITY VALIDATION PERFORMED ? WHAT IS SECURITY TESTING ? WHAT IS SECURITY ACCREDITATION ? WHAT IS SECURITY ACCREDITATION PART 2 ? EMBEDDING INFORMATION SECURITY INTO THE SDLC SOFTWARE SECURITY TESTING & VALIDATION - PART 1 SOFTWARE SECURITY TESTING & VALIDATION - PART 2 EMBEDDING INFORMATION SECURITY INTO PROJECT MANAGEMENT HOW TO CONDUCT AN INTERNAL SECURITY ASSESSMENT ? WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS ? WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 2? WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 3? WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 4? WHAT ARE THE STAGES OF A THIRD PARTY PENETRATION TEST ? HOW TO FAIL IN IMPLEMENTING A SUCCESSFUL SECURITY TRANSFORMATION ? BENEFITS OF THE SECURITY TRANSFORMATION SECURITY TRANSFORMATION TIMELINE WHOSE RESPONSIBILITY IS THE SECURITY TRANSFORMATION ? RAISING MANAGEMENT SUPPORT FOR SECURITY TRANSFORMATION PROJECT KEY QUESTIONS TO ASSESS SECURITY POSTURE OF THE ORGANIZATION KEY LEADERSHIP QUALITIES OF THE SECURITY TRANSFORMATION HEAD COURSE WRAP-UP