UNIT-I
Introduction: History, Critical Characteristics of Information, NSTISSC Security Model, Components of an
Information System, Securing the Components, Balancing Security and Access,
The SDLC, The Security SDLC.
Need for Security: Business Needs, Threats, Attacks, and Secure Software Development
UNIT-II
Legal, Ethical and Professional Issues: Law and ethics in Information Security, Relevant U.S. Laws,
International Laws and Legal Bodies, Ethics and Information Security.
Risk Management: Overview, Risk Identification, Risk Assessment, Risk Control Strategies, selecting a
Risk Control Strategy, Quantitative versus Qualitative Risk Control Practices, Risk Management Discussion
Points, Recommended Risk Control Practices.
UNIT-III
Planning for Security: Security policy, Standards and Practices, Security Blue Print, Security Education,
Continuity strategies.
Security Technology: Firewalls and VPNs: Physical Design, Firewalls, Protecting Remote connections.
UNIT-IV
Security Technology: Intrusion Detection, Access Control, and other Security Tools: Intrusion Detection
and Prevention Systems-Scanning, and Analysis Tools- Access Control Devices.
Cryptography: Foundations of Cryptology, Cipher methods, Cryptographic Algorithms, Cryptographic
Tools, Protocols for Secure Communications, Attacks on Cryptosystems
UNIT-V
Implementing Information Security: Information security project management, Technical topics of
implementation, Non-Technical Aspects of implementation, Security Certification and Accreditation.
Security and Personnel: Positioning and staffing security function, Employment Policies and Practices, and
Internal Control Strategies.
Information Security Maintenance: Security management models, Maintenance model, and Digital
Forensics.
Suggested Readings:
1. Michael E Whitman and Herbert J Mattord, Principles of Information Security, Cengage Learning,
2011.
2. Thomas R Peltier, Justin Peltier, John Blackley, Information Security Fundamentals, Auerbach
Publications, 2010.
3. Detmar W Straub, Seymour Goodman, Richard L Baskerville, Information Security, Policy,
Processes, and Practices, PHI, 2008.
4. Mark Merkow and Jim Breithaupt, Information Security Principle and Practices, Pearson Education,
2007