This document provides information on an Information Security Awareness course offered at GTU. The course aims to help students attain the competency of using information security concepts and tools to protect data. It covers topics such as security threats, operating system security, mobile device and web browser security, social engineering, and cybercrimes. The course involves both theoretical and practical components, including exercises to configure security settings, analyze attacks, and identify secure practices. It is designed to develop students' skills in securing systems and handling data responsibly in today's digital world.
This document provides information about Module 002 of the course IT 411 - Information Assurance and Security 2. The module aims to examine fundamental computer security techniques and identify potential security issues. It covers topics like cryptography, application security, incident response, risk assessment, and compliance with regulations. The module outlines learning objectives, outcomes, resources, tasks, content items, and assessments. It also includes detailed lessons on topics like the financial impacts of cybercrime, developing a security strategy using the 10 steps approach, techniques for protecting against attacks like examining the perimeter and network segregation, and methods for detecting attacks through logging.
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxraju957290
MN502 Overview of Network Security Page 6 of 6
Assessment Details and Submission Guidelines
Unit Code
MN502
Unit Title
Overview of Network Security
Assessment Type
Individual Assessment
Assessment Title
Demonstration of a network security tool
Purpose of the assessment (with ULO Mapping)
a) Discuss common threats and attacks on networked information systems
b) Identify most common intrusion detection attacks, and discuss how to prevent them
c) Apply skills to analyse complex problems in network security under supervision
Weight
15%
Total Marks
20
Word limit
Not Applicable
Due Date
W Week 7
Submission Guidelines
· All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.
· The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.
· Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.
Extension
· If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment
Academic Misconduct
· Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure.For further information, please refer to the Academic Integrity Section in your Unit Description.
Assessment Cover Sheet
Student ID:
Student Surname:
Given Name:
Course:
School:
Unit Code:
Unit Title:
Due Date:
Date Submitted:
Campus:
Lecturer:
Tutor:
All work must be submitted on Moodle by the due date. If an extension of time to submit work is required, a Special Consideration Application must be submitted. Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment
Academic Misconduct
Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure.For fu ...
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
This document discusses cybersecurity training for employees. It emphasizes the importance of raising employee awareness about cybersecurity policies and risks through regular trainings. Effective training programs should be mandatory, interactive, and provide updates on new threats and policy changes. The document also discusses ensuring data protection when employees work remotely through measures like multi-factor authentication, encryption, VPNs, and data backups. Common cyber threats to businesses like phishing, malware, and ransomware are described along with tools that managers can use to test security awareness and identify vulnerabilities. Outsourcing cybersecurity to specialists and using AI tools are presented as options for businesses, each with advantages and disadvantages.
This document outlines a 5-step process for managing organizational ICT security:
1. Identify the organization's business objectives to ensure ICT resources support them.
2. Identify all ICT resources, including network infrastructure, servers, user devices, and hardware.
3. Identify and assess risks to ICT resources, such as theft, damage, and unauthorized access, and prioritize them based on likelihood and cost.
4. Develop activities to mitigate risks through a 7-layered approach involving policies, physical security, perimeter controls, internal access management, host protection, and application hardening.
5. Implement and monitor the security program with roles for the CIO, CISO, ICT
Cyber Security and Digital Forensics, BSc(Hons) (ESOFT) 2022-23 (1).docThowfeekFayees
The document provides information on the BSc (Hons) Cyber Security and Digital Forensics programme offered by ESOFT Metro Campus in collaboration with Kingston University. It outlines the programme structure, intended learning outcomes, and entry requirements. The 3-year programme aims to produce graduates with knowledge of cyber security, digital forensics, and computing fundamentals. It includes core modules in areas like programming, networking, and ethics, and culminates in an individual final-year project. The programme is designed to develop both technical skills and transferable skills to prepare students for careers in cyber security.
This document discusses integrating webhook support into alert policies for an alert notification system. It begins by introducing alert notifications and their importance for cybersecurity. Webhooks allow applications to automatically send notifications when events occur. The proposed system would allow alert policies to be integrated with webhooks, sending warning messages via email or webhook notifications. Benefits of this approach include customizable messages, automated alerting and responses, simple integration, monitoring and reliability. The methodology describes configuring alert policies with webhook profiles containing URLs and payloads. When alerts trigger, notifications can be sent to webhooks or administrators by email. This provides a way for systems to automatically communicate about security issues. Future work could include categorizing webhook profiles and adding validation and filtering of messages.
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
This document provides information about Domain 3 of the CISM exam, which focuses on developing and managing an information security program. It discusses key areas like aligning the security program with business goals and strategy, defining resource requirements, and establishing security standards, awareness training, and monitoring. Domain 3 represents 27% of the exam and covers topics such as program alignment and resource management, building security into processes, and security reporting.
Prepared by Dr. Javed Ali Baloch Moderated by Dr. Far.docxharrisonhoward80223
Prepared by: Dr. Javed Ali Baloch Moderated by: Dr. Fariza Sabrina July, 2017
Assessment Details and Submission Guidelines
Unit Code MN502
Unit Title Overview of Network Security
Assessment
Type
Individual
Assessment
Title
Demonstration of a network security tool
Purpose of the
assessment
(with ULO
Mapping)
a) Discuss common threats and attacks on networked information systems
b) Identify most common intrusion detection attacks, and discuss how to
prevent them
c) Apply skills to analyse complex problems in network security under
supervision
Weight 15%
Total Marks 20
Word limit Not Applicable
Due Date 01/09/2017 11:55PM
Submission
Guidelines
All work must be submitted on Moodle by the due date along with a title
Page.
The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body)
font and 2.54 cm margins on all four sides of your page with appropriate
section headings.
Reference sources must be cited in the text of the report, and listed
appropriately at the end in a reference list using IEEE referencing style.
Extension If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly to the School's Administration Officer,
in Melbourne on Level 6 or in Sydney on Level 7. You must submit this
application three working days prior to the due date of the assignment.
Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/specialconsiderationdeferment
Academic
Misconduct
Academic Misconduct is a serious offence. Depending on the seriousness of
the case, penalties can vary from a written warning or zero marks to exclusion
from the course or rescinding the degree. Students should make themselves
familiar with the full policy and procedure available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-
Procedure. For further information, please refer to the Academic Integrity
Section in your Unit Description.
http://www.mit.edu.au/about
http://www.mit.edu.au/about
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/po.
This document provides information about Module 002 of the course IT 411 - Information Assurance and Security 2. The module aims to examine fundamental computer security techniques and identify potential security issues. It covers topics like cryptography, application security, incident response, risk assessment, and compliance with regulations. The module outlines learning objectives, outcomes, resources, tasks, content items, and assessments. It also includes detailed lessons on topics like the financial impacts of cybercrime, developing a security strategy using the 10 steps approach, techniques for protecting against attacks like examining the perimeter and network segregation, and methods for detecting attacks through logging.
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxraju957290
MN502 Overview of Network Security Page 6 of 6
Assessment Details and Submission Guidelines
Unit Code
MN502
Unit Title
Overview of Network Security
Assessment Type
Individual Assessment
Assessment Title
Demonstration of a network security tool
Purpose of the assessment (with ULO Mapping)
a) Discuss common threats and attacks on networked information systems
b) Identify most common intrusion detection attacks, and discuss how to prevent them
c) Apply skills to analyse complex problems in network security under supervision
Weight
15%
Total Marks
20
Word limit
Not Applicable
Due Date
W Week 7
Submission Guidelines
· All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.
· The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.
· Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.
Extension
· If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment
Academic Misconduct
· Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure.For further information, please refer to the Academic Integrity Section in your Unit Description.
Assessment Cover Sheet
Student ID:
Student Surname:
Given Name:
Course:
School:
Unit Code:
Unit Title:
Due Date:
Date Submitted:
Campus:
Lecturer:
Tutor:
All work must be submitted on Moodle by the due date. If an extension of time to submit work is required, a Special Consideration Application must be submitted. Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment
Academic Misconduct
Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure.For fu ...
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
This document discusses cybersecurity training for employees. It emphasizes the importance of raising employee awareness about cybersecurity policies and risks through regular trainings. Effective training programs should be mandatory, interactive, and provide updates on new threats and policy changes. The document also discusses ensuring data protection when employees work remotely through measures like multi-factor authentication, encryption, VPNs, and data backups. Common cyber threats to businesses like phishing, malware, and ransomware are described along with tools that managers can use to test security awareness and identify vulnerabilities. Outsourcing cybersecurity to specialists and using AI tools are presented as options for businesses, each with advantages and disadvantages.
This document outlines a 5-step process for managing organizational ICT security:
1. Identify the organization's business objectives to ensure ICT resources support them.
2. Identify all ICT resources, including network infrastructure, servers, user devices, and hardware.
3. Identify and assess risks to ICT resources, such as theft, damage, and unauthorized access, and prioritize them based on likelihood and cost.
4. Develop activities to mitigate risks through a 7-layered approach involving policies, physical security, perimeter controls, internal access management, host protection, and application hardening.
5. Implement and monitor the security program with roles for the CIO, CISO, ICT
Cyber Security and Digital Forensics, BSc(Hons) (ESOFT) 2022-23 (1).docThowfeekFayees
The document provides information on the BSc (Hons) Cyber Security and Digital Forensics programme offered by ESOFT Metro Campus in collaboration with Kingston University. It outlines the programme structure, intended learning outcomes, and entry requirements. The 3-year programme aims to produce graduates with knowledge of cyber security, digital forensics, and computing fundamentals. It includes core modules in areas like programming, networking, and ethics, and culminates in an individual final-year project. The programme is designed to develop both technical skills and transferable skills to prepare students for careers in cyber security.
This document discusses integrating webhook support into alert policies for an alert notification system. It begins by introducing alert notifications and their importance for cybersecurity. Webhooks allow applications to automatically send notifications when events occur. The proposed system would allow alert policies to be integrated with webhooks, sending warning messages via email or webhook notifications. Benefits of this approach include customizable messages, automated alerting and responses, simple integration, monitoring and reliability. The methodology describes configuring alert policies with webhook profiles containing URLs and payloads. When alerts trigger, notifications can be sent to webhooks or administrators by email. This provides a way for systems to automatically communicate about security issues. Future work could include categorizing webhook profiles and adding validation and filtering of messages.
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
This document provides information about Domain 3 of the CISM exam, which focuses on developing and managing an information security program. It discusses key areas like aligning the security program with business goals and strategy, defining resource requirements, and establishing security standards, awareness training, and monitoring. Domain 3 represents 27% of the exam and covers topics such as program alignment and resource management, building security into processes, and security reporting.
Prepared by Dr. Javed Ali Baloch Moderated by Dr. Far.docxharrisonhoward80223
Prepared by: Dr. Javed Ali Baloch Moderated by: Dr. Fariza Sabrina July, 2017
Assessment Details and Submission Guidelines
Unit Code MN502
Unit Title Overview of Network Security
Assessment
Type
Individual
Assessment
Title
Demonstration of a network security tool
Purpose of the
assessment
(with ULO
Mapping)
a) Discuss common threats and attacks on networked information systems
b) Identify most common intrusion detection attacks, and discuss how to
prevent them
c) Apply skills to analyse complex problems in network security under
supervision
Weight 15%
Total Marks 20
Word limit Not Applicable
Due Date 01/09/2017 11:55PM
Submission
Guidelines
All work must be submitted on Moodle by the due date along with a title
Page.
The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body)
font and 2.54 cm margins on all four sides of your page with appropriate
section headings.
Reference sources must be cited in the text of the report, and listed
appropriately at the end in a reference list using IEEE referencing style.
Extension If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly to the School's Administration Officer,
in Melbourne on Level 6 or in Sydney on Level 7. You must submit this
application three working days prior to the due date of the assignment.
Further information is available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/specialconsiderationdeferment
Academic
Misconduct
Academic Misconduct is a serious offence. Depending on the seriousness of
the case, penalties can vary from a written warning or zero marks to exclusion
from the course or rescinding the degree. Students should make themselves
familiar with the full policy and procedure available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-
Procedure. For further information, please refer to the Academic Integrity
Section in your Unit Description.
http://www.mit.edu.au/about
http://www.mit.edu.au/about
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http://www.mit.edu.au/about-mit/institute-publications/po.
Information Security Assessment Dammam Technical College MSIS .docxjaggernaoma
Information Security Assessment Dammam Technical College
MSIS Capstone Project – CS699
Progress Report
Information Security Assessment for Dammam Technical College
Presented by:
Student Reg#
Student Name:
Project Advisor
College of Computing & Informatics
SAUDI ELECTRONIC UNIVERSITY
Table of Contents
iiiTable of Figures
Table of Tables
iv
Revision History
v
1.Introduction
1
1.1
Course Description
1
1.2
Organization Overview
1
1.3
Scope
1
1.4
Business Goals
1
1.5
Organization Structure
1
1.6
Security Requirements
1
1.7
Document Conventions
2
1.8
Project Plan
2
1.9
Report Structure
2
2.Literature Review
3
3.IT Architecture Analysis
4
3.1
Identify IT resources:
4
3.1.1
IT assets
4
3.1.2
IT Human Resources
4
3.1.3
Relationship between IT and Business
4
3.2
Characterize the IT network: diagram, topology, protocols used, etc.
4
3.3
Operating Environment
5
3.4
Assumptions and Dependencies
5
4.Identify security threats and security controls.
6
4.1
Identify security threats
6
4.2
List the existing security controls
6
4.3
Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat.
6
5.Security Evaluation
7
5.1
Risk Identification
7
5.2
Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method)
7
5.3
Choosing a security evaluation standard (Common Criteria, etc.)
7
5.4
Carry out the security evaluation strictly following the chosen standard.
7
6.Proposition (and maybe Implementation) of Security Improvements
8
6.1
Propose a suitable security policy
8
6.2
Identify appropriate Security Controls
8
6.3
Propose security controls implementation plan
8
6.4
Propose an appropriate Security Life-Cycle and Security Management Plan
8
6.5
Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.)
8
6.6
Ethical Considerations in the proposal
9
7.Proposition Nonfunctional Requirements
10
7.1
Performance Requirements
10
7.2
Safety Requirements
10
7.3
Software Quality Attributes
10
7.4
Other Requirements (Optional)
10
8.References
11
Appendix A: Glossary
12
Appendix B: Analysis Models
13
Appendix C: Software and hardware details and technical specifications
14
Table of Figures
ure 1: Orgazation Structuesss………………………………………………………………….8Fig
Figure 2: Gnatt Chart Project Plan…………………………………………….…………..…….10
Figure 3: IT Architecture …………...………………………………….…………..……………12
Fure 4: Network Diagram ………...………………………………….…………….……………14
Table of Tables
Table 1: IT Assets list
13
Revision History
Name
Date
Reason For Changes
Version
1
1. Introduction
1.1 Course Description
The capstone course allows the students to review an organization’s needs and address all the challenges involved with implementing and/or changing information technology focusing on information security in a complex organization. Students will analyze organizational objectives and propose a solution and a full implementation plan. The proposed solution must address st.
Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
Success of any software system largely looms upon its vigilance efficiency that prompts organizations to
meet the set of objectives in the arena of networks. In the highly competitive world, everything appears to
be vulnerable; information system is also not an exception to this fact. The security of information system
has become a cause of great concern. On the contrary, till time the software security engineers are trying
hard to develop fully protected and highly secured information systems but all these developments are at
nascent stages. It is quite revelling that in the earlier research studies, little attention is paid to highlight an
accurate status of the security alertness for developed software. Hence, keeping all these factors at the
backdrop, this paper is an attempt to propose a holistic Security Maturity Model (SMM), in which five
levels/stars have been developed, driven on the strength of the security vigilance occurring at the various
stages for any software. SMM is in its conceptual stage; the detailed steps will certainly require time to be
developed so that every software system can reap out the benefits of this model. To categorize/discriminate
the level of potency, SMM will be highlighted through appropriate ranking/star system. It is hoped that if
SMM will be followed in its true letter and sprit; undoubtedly, this will restore the clients’ trust and
confidence on the software as well as their corresponding vendors. Moreover, this will also enable software
industry to follow transparent and ethical practices.
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
According to cybersecurity experts, cyber risks are now the top concern globally. The top risks in 2023 include the lack of standardized cybersecurity practices, intensifying severity of data breaches, and increasing social engineering attacks. To mitigate these risks, organizations should implement a five-step strategy: 1) conduct user education and training, 2) perform vulnerability scanning, 3) conduct regular penetration testing, 4) ensure compliance with security standards, and 5) implement an internal security policy and train employees on following it. This will help organizations better manage growing cybersecurity threats and reduce risks of data breaches.
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
After reading chapter 10
Watch.. https://www.youtube.com/watch?v=FLeTLzsSMnk "So how important are those SAT's" on YouTube.
Then answer these questions
1-How do you answer questions from students or parents about the difference between the test, and whether taking one test or the other provides an advantage in the admission process?
2-How can counselors help students find out about accommodations available to them based on their financial or disability needs?
3- How would you advise a student or family who are concerned about the influence of testing in college admission? What is the appropriate way of describing the role of standardized admission test in college admission decisions?
Section 1 - Information Security Management 1
WEEK 1: INFORMATION SECURITY MANAGMENTAcme Toys, Inc. Network,[Brian Dennison]
IT454_IP1
1.0 Proposed Organization
Acme Toys, Inc. has been a leading manufacturer of toys. It has a new building which acts as the headquarters and house the company’s departments; marketing, accounting, distribution, sales, manufacturing, IT and the R&D departments. Apart from setting up the departments, the company has set up a big network that has enabled sharing of resources and communication between employees. Inside each department, there are numerous workstations which are connected to the department servers. Also, there is a main server that controls the entire servers. The servers have been delivering support for: Multiple processors, multiuser environment, large memory requirements and support of distributed applications.
In addition, the network should be able to support high-level, multiuser applications that will run simultaneously. The profiles of employees range from a sales executive who is not computer savvy to IT professionals and people in the R&D department who are technology savvy. Due to the diverse user profiles, the company also needs to consider the ease of use of the OS.
The IT department is in the process of planning its security program in order to secure the information of the organization. Although the entire company will be networked, a separate network is required for the R&D department because of security reasons. This department should be deployed with strong security technologies and procedures. In addition, the manufacturing department plans to expand its network within the next six months by fifty percent.
2.0 Principles of Security Management
2.1 People
Since the workforce of this organization consists of employees with different duties and levels of computer usage, then measures should be placed to control the access level of the systems on stored information. For instance, the sales executives are naïve to computer usage. Thus other than being able to have easy of access of information and in a summarized format, they should have less privileges of access. For instance, they should have permission to retrieve i.
The document provides information on various certification and training options for penetration testing and ethical hacking. It discusses several vendors that provide both online and bootcamp training programs, and lists the costs associated with each. It provides details on certifications from vendors like CompTIA, EC-Council, GIAC, Mile2, and Offensive Security. These certifications range in focus from foundational security skills to advanced penetration testing. The document also notes some free online resources available for additional preparation.
This document provides information on computing course options for years 11 and 12. It outlines 5 different courses: 2 Unit Information Processes and Technology, 2 Unit Software Design and Development, 2 Unit Information Technology - IT VET, and 1 Unit Computing Applications. The courses cover a range of topics from information systems and programming to multimedia and networking. The IT VET course also provides a pathway to obtain a Certificate 3 in Information Technology.
The document provides details on the Hardware and Network Servicing Level-V TVET program curriculum. It includes:
- An overview of the 280-hour program which includes classroom and on-the-job training to develop skills in hardware and network servicing.
- Eight learning modules focused on skills like researching technology options, disaster recovery planning, and installing/managing networks.
- Assessment approaches including formative and summative evaluations to check achievement of learning outcomes.
- Considerations for reasonable adjustments to support trainees with disabilities.
This document outlines a course on mobile application development. It includes:
- An overview of the course, which teaches skills for developing user-friendly mobile apps to meet industry demand.
- A list of 28 practical exercises students will complete to develop apps using technologies like Android Studio, SQLite, Firebase, and Flutter.
- Details on assessments, required software and equipment, affective domain outcomes, and topics to be covered in each of the 6 units.
The course aims to give students competency in mobile app development and prepares them for jobs in the growing industry.
PurposeThis course project is intended to assess your abilitTakishaPeck109
Purpose
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:
The ability to discern when a risk assessment should be performed and carrying out the task
Understanding user or customer access requirements, whether remote or local
Using a layered security approach to establish and maintain access controls
Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.
Required Source Information and Tools
The following tools and resources will be needed to complete this project:
Course textbook
Access to the Internet
Access to the library
Text sheet: Integrated Distributors Incorporated (access_project_ts_integrateddistributors)
Learning Objectives and Outcomes
Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following:
Relate how an access control policy framework is used to define authorization and access to an information technology (IT) infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation.
Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
Define proper security controls within the User Domain to mitigate risks and threats caused by human nature and behavior.
Implement appropriate access controls for information systems within IT infrastructures.
Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
Project Checkpoints
The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on your interim work. In this project, you have four ungraded checkpoint deliverables. (See the syllabus for the schedule.) You may discuss project questions with the instructor, and you should receive feedback from the instructor on previously submitted work. The checkpoint deliverable ensures refinement of the final deliverables, if incorporated effectively. The final deliverable for this project is a professional report and a PowerPoint presentation.
Checkpoint
Purpose of the Checkpoint
Expected Deliverables
1
Understanding requirements
Clarification on project deliverables
Discussion on project concerns and progress up to thi ...
Information Security Assessment Dammam Technical College Infor.docxjaggernaoma
This document provides an information security assessment for Dammam Technical College. It begins with an introduction that outlines the organization's description, goals, structure, and security requirements. It then discusses plans for the project, including analyzing the IT architecture, identifying security threats and controls, performing a security evaluation, and proposing security improvements. The remainder of the document is structured to cover each of these planned sections in detail. It aims to analyze the current IT systems and infrastructure, evaluate security risks, and make recommendations to enhance the information security posture of the organization.
I need 10 pages of report and 10 slides PurposeThis course pdoylymaura
I need 10 pages of report and 10 slides
Purpose
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:
The ability to discern when a risk assessment should be performed and carrying out the task
Understanding user or customer access requirements, whether remote or local
Using a layered security approach to establish and maintain access controls
Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.
Required Source Information and Tools
The following tools and resources will be needed to complete this project:
Course textbook
Access to the Internet
Access to the library
Text sheet: Integrated Distributors Incorporated (access_project_ts_integrateddistributors)
Learning Objectives and Outcomes
Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following:
Relate how an access control policy framework is used to define authorization and access to an information technology (IT) infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation.
Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
Define proper security controls within the User Domain to mitigate risks and threats caused by human nature and behavior.
Implement appropriate access controls for information systems within IT infrastructures.
Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
Project Checkpoints
The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on your interim work. In this project, you have four ungraded checkpoint deliverables. (See the syllabus for the schedule.) You may discuss project questions with the instructor, and you should receive feedback from the instructor on previously submitted work. The checkpoint deliverable ensures refinement of the final deliverables, if incorporated effectively. The final deliverable for this project is a professional report and a PowerPoint presentation.
Checkpoint
Purpose of the Checkpoint
Expected Deliverables
1
Understanding requirements
Clarification on project deliverables
Discussion o ...
This document provides a toolkit for universities to prepare communications in response to a cyber attack or security incident. It includes resources such as:
- A framework for effective communication developed by Knight and Nurse.
- Guidelines for pre-event planning including identifying aims, crisis communication capabilities, partners, and rehearsals.
- A cyber response flowchart outlining disclosure decisions and communication considerations.
- Sections on framing messages, disclosure options, and delivering the message.
- The goal is to help universities minimize impact, reduce reputational damage and costs from a cyber incident by having an effective prepared communication response. It emphasizes the importance of collaboration across the institution.
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
Project Name
Your Full Name
Course Number and Name (As it appears on your Course Guide.)
Professor’s Name (As it appears on your Course Guide.)
University Name (As it appears on the Course Guide.)
Date (Month must be spelled out. Use the date that the paper is due.)
*
*
*
Project Description & ObjectivesDescribe the project in non-technical terms.Describe the project objectives and how the project has met each objective.Explanation #1Explanation #2Explanation #3State the project scope statement. Detail the requirements of the project.Adhere to quality management.
*
*
*
Work Breakdown Structure (WBS)Insert the WBS.Highlight brief task explanation on the slide but explain thoroughly on the speaker notes.
*
Project Schedule and MilestonesCreate timeline.List activity sequences and durations.Indicate the critical path.
*
Project Human Resource ManagementIdentify stakeholders.Indicate the project team matrix (weak, balanced, and strong).Explain how the project team was developed and managed.Identify procurement management, i.e., vendors, contractors, suppliers, etc.
*
Project CostEstablish the approved budget.Identify the cost for the resources.State the cost of the project. (Is it under or over budget?)Note the technology used with associated cost.BenefitsDrawbacks or barriers
*
Project CommunicationsEnsure that all project information is collected, documented, and archived.Distribute and share information with stakeholders, management, and project team members.Identify risks.Qualitative RisksQuantitative Risks
*
Competitive Analysis
*
*
*
Competitive Analysis, Cont.
*
*
*
Procedures
*
*
*
Assumptions, Constraints & DependenciesIdentify the assumptions used to determine the project scope.Evaluate project’s success from these assumptions.Evaluate project’s obstacles from these assumptions.Explain the scope, time, and cost constraints.List any dependencies. Explain.
*
Project Lessons LearnedRecommend methods to avoid similar obstacles in future projects.List of six (6) best practices arising from this project.#1#2#3#4#5#6
*
Next Steps
NOTE: Is there another phase for this project? What is the project closure?
*High-level GoalsRelationshipUltimate Goal
*
*
ReferencesYou must use references that coincide with the in-text citations in your presentation written in correct APA format. All references should come from Strayer University databases such as EbscoHost, eLibrary, ProQuest, etc. If your professor allows use of the internet avoid using .com sites, but you may use .org or .gov sites that are copyrighted.
*
ABC: INFORMATION TECHNOLOGY PROJECT CHARTER
Name:
Institutional Affiliation:
1.0. INTRODUCTIONPurpose of INFORMATION TECHNOLOGY Project Charterthe abc’s INFORMATIONA tECHNONOLOGY pROJECT PROPOSAL charter documents a research and formulation of a surveillance security system which is targeted to appraise in ...
The document provides a risk assessment of Blackboard and LJMU's online information systems. It models the systems and processes for handling assessment coursework. The assessment identified assets like Blackboard, the student information system, and online payment facilities. It analyzed risks to the confidentiality, integrity, and availability of these assets. The assessment was conducted according to the UK HMG Information Assurance Standard No. 1 to evaluate and suggest solutions to technical risks.
The task was to develop an audit scope and business line breakdown, based on the supplied narrative for our fake organization, the "Department of Controlled Substances (DCS)". I was an external auditor who has been contracted to come and perform a full scale, top-to-bottom audit of DCS
This document describes a proposed user-centric machine learning framework for a cyber security operations center. It discusses the typical data sources in a SOC like security logs and alerts from various systems. It explains how this data can be processed and used to create an effective machine learning system to evaluate user risks. This would help security analysts prioritize investigations and improve efficiency. The proposed framework integrates alert information, security logs, and analyst notes to generate features and labels for machine learning models. It aims to reduce manual analysis workload while enhancing security. The document also provides an example implementation using real industry data to demonstrate the full process from data collection and labeling to model training and evaluation.
Glyndwr University is establishing a sister college in the USA. This poses legal implications under the UK Data Protection Act 1998, as the USA does not have equivalent data protection legislation. The Act prohibits transferring personal data to countries without adequate protections. To legally share data with the USA, Glyndwr must comply with the "Safe Harbour" principles agreed between the EU and USA, which aim to ensure adequate privacy protections. Key requirements include obtaining consent for data use and processing, keeping data secure, accurate and up-to-date, and providing access for individuals to correct errors. Complying with Safe Harbour allows Glyndwr to legally pursue its plans for the sister college while protecting privacy under UK law.
CompTIA PenTest+: Everything you need to know about the examInfosec
Penetration testers find and report vulnerabilities before they can be exploited. CompTIA’s PenTest+ is one of the best certifications to validate those skills, and it’s being updated to align with the most up-to-date hacking and pentesting skills requested by employers in 2021.
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docxtoltonkendal
Running Head: STATEMENT OF WORK
STATEMENT OF WORK 2
Assignment: 2-2 Final Project Milestone One: Statement of Work
Terri Y. Hudson
Southern New Hampshire University – IT 552
November 6, 2016
Agency-wide security awareness Program Proposal
Introduction
For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal.
Objective
This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information-security awareness program (United States, 2000).
Background
The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets.
1. Technical infrastructure
The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products.
2. Computing Environment
The organization’s desktop computers are of Windows 2007/ 98 and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based.
3. Security Posture of the Organization
The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. Th ...
Information Security Assessment Dammam Technical College MSIS .docxjaggernaoma
Information Security Assessment Dammam Technical College
MSIS Capstone Project – CS699
Progress Report
Information Security Assessment for Dammam Technical College
Presented by:
Student Reg#
Student Name:
Project Advisor
College of Computing & Informatics
SAUDI ELECTRONIC UNIVERSITY
Table of Contents
iiiTable of Figures
Table of Tables
iv
Revision History
v
1.Introduction
1
1.1
Course Description
1
1.2
Organization Overview
1
1.3
Scope
1
1.4
Business Goals
1
1.5
Organization Structure
1
1.6
Security Requirements
1
1.7
Document Conventions
2
1.8
Project Plan
2
1.9
Report Structure
2
2.Literature Review
3
3.IT Architecture Analysis
4
3.1
Identify IT resources:
4
3.1.1
IT assets
4
3.1.2
IT Human Resources
4
3.1.3
Relationship between IT and Business
4
3.2
Characterize the IT network: diagram, topology, protocols used, etc.
4
3.3
Operating Environment
5
3.4
Assumptions and Dependencies
5
4.Identify security threats and security controls.
6
4.1
Identify security threats
6
4.2
List the existing security controls
6
4.3
Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat.
6
5.Security Evaluation
7
5.1
Risk Identification
7
5.2
Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method)
7
5.3
Choosing a security evaluation standard (Common Criteria, etc.)
7
5.4
Carry out the security evaluation strictly following the chosen standard.
7
6.Proposition (and maybe Implementation) of Security Improvements
8
6.1
Propose a suitable security policy
8
6.2
Identify appropriate Security Controls
8
6.3
Propose security controls implementation plan
8
6.4
Propose an appropriate Security Life-Cycle and Security Management Plan
8
6.5
Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.)
8
6.6
Ethical Considerations in the proposal
9
7.Proposition Nonfunctional Requirements
10
7.1
Performance Requirements
10
7.2
Safety Requirements
10
7.3
Software Quality Attributes
10
7.4
Other Requirements (Optional)
10
8.References
11
Appendix A: Glossary
12
Appendix B: Analysis Models
13
Appendix C: Software and hardware details and technical specifications
14
Table of Figures
ure 1: Orgazation Structuesss………………………………………………………………….8Fig
Figure 2: Gnatt Chart Project Plan…………………………………………….…………..…….10
Figure 3: IT Architecture …………...………………………………….…………..……………12
Fure 4: Network Diagram ………...………………………………….…………….……………14
Table of Tables
Table 1: IT Assets list
13
Revision History
Name
Date
Reason For Changes
Version
1
1. Introduction
1.1 Course Description
The capstone course allows the students to review an organization’s needs and address all the challenges involved with implementing and/or changing information technology focusing on information security in a complex organization. Students will analyze organizational objectives and propose a solution and a full implementation plan. The proposed solution must address st.
Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
Success of any software system largely looms upon its vigilance efficiency that prompts organizations to
meet the set of objectives in the arena of networks. In the highly competitive world, everything appears to
be vulnerable; information system is also not an exception to this fact. The security of information system
has become a cause of great concern. On the contrary, till time the software security engineers are trying
hard to develop fully protected and highly secured information systems but all these developments are at
nascent stages. It is quite revelling that in the earlier research studies, little attention is paid to highlight an
accurate status of the security alertness for developed software. Hence, keeping all these factors at the
backdrop, this paper is an attempt to propose a holistic Security Maturity Model (SMM), in which five
levels/stars have been developed, driven on the strength of the security vigilance occurring at the various
stages for any software. SMM is in its conceptual stage; the detailed steps will certainly require time to be
developed so that every software system can reap out the benefits of this model. To categorize/discriminate
the level of potency, SMM will be highlighted through appropriate ranking/star system. It is hoped that if
SMM will be followed in its true letter and sprit; undoubtedly, this will restore the clients’ trust and
confidence on the software as well as their corresponding vendors. Moreover, this will also enable software
industry to follow transparent and ethical practices.
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
According to cybersecurity experts, cyber risks are now the top concern globally. The top risks in 2023 include the lack of standardized cybersecurity practices, intensifying severity of data breaches, and increasing social engineering attacks. To mitigate these risks, organizations should implement a five-step strategy: 1) conduct user education and training, 2) perform vulnerability scanning, 3) conduct regular penetration testing, 4) ensure compliance with security standards, and 5) implement an internal security policy and train employees on following it. This will help organizations better manage growing cybersecurity threats and reduce risks of data breaches.
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
After reading chapter 10
Watch.. https://www.youtube.com/watch?v=FLeTLzsSMnk "So how important are those SAT's" on YouTube.
Then answer these questions
1-How do you answer questions from students or parents about the difference between the test, and whether taking one test or the other provides an advantage in the admission process?
2-How can counselors help students find out about accommodations available to them based on their financial or disability needs?
3- How would you advise a student or family who are concerned about the influence of testing in college admission? What is the appropriate way of describing the role of standardized admission test in college admission decisions?
Section 1 - Information Security Management 1
WEEK 1: INFORMATION SECURITY MANAGMENTAcme Toys, Inc. Network,[Brian Dennison]
IT454_IP1
1.0 Proposed Organization
Acme Toys, Inc. has been a leading manufacturer of toys. It has a new building which acts as the headquarters and house the company’s departments; marketing, accounting, distribution, sales, manufacturing, IT and the R&D departments. Apart from setting up the departments, the company has set up a big network that has enabled sharing of resources and communication between employees. Inside each department, there are numerous workstations which are connected to the department servers. Also, there is a main server that controls the entire servers. The servers have been delivering support for: Multiple processors, multiuser environment, large memory requirements and support of distributed applications.
In addition, the network should be able to support high-level, multiuser applications that will run simultaneously. The profiles of employees range from a sales executive who is not computer savvy to IT professionals and people in the R&D department who are technology savvy. Due to the diverse user profiles, the company also needs to consider the ease of use of the OS.
The IT department is in the process of planning its security program in order to secure the information of the organization. Although the entire company will be networked, a separate network is required for the R&D department because of security reasons. This department should be deployed with strong security technologies and procedures. In addition, the manufacturing department plans to expand its network within the next six months by fifty percent.
2.0 Principles of Security Management
2.1 People
Since the workforce of this organization consists of employees with different duties and levels of computer usage, then measures should be placed to control the access level of the systems on stored information. For instance, the sales executives are naïve to computer usage. Thus other than being able to have easy of access of information and in a summarized format, they should have less privileges of access. For instance, they should have permission to retrieve i.
The document provides information on various certification and training options for penetration testing and ethical hacking. It discusses several vendors that provide both online and bootcamp training programs, and lists the costs associated with each. It provides details on certifications from vendors like CompTIA, EC-Council, GIAC, Mile2, and Offensive Security. These certifications range in focus from foundational security skills to advanced penetration testing. The document also notes some free online resources available for additional preparation.
This document provides information on computing course options for years 11 and 12. It outlines 5 different courses: 2 Unit Information Processes and Technology, 2 Unit Software Design and Development, 2 Unit Information Technology - IT VET, and 1 Unit Computing Applications. The courses cover a range of topics from information systems and programming to multimedia and networking. The IT VET course also provides a pathway to obtain a Certificate 3 in Information Technology.
The document provides details on the Hardware and Network Servicing Level-V TVET program curriculum. It includes:
- An overview of the 280-hour program which includes classroom and on-the-job training to develop skills in hardware and network servicing.
- Eight learning modules focused on skills like researching technology options, disaster recovery planning, and installing/managing networks.
- Assessment approaches including formative and summative evaluations to check achievement of learning outcomes.
- Considerations for reasonable adjustments to support trainees with disabilities.
This document outlines a course on mobile application development. It includes:
- An overview of the course, which teaches skills for developing user-friendly mobile apps to meet industry demand.
- A list of 28 practical exercises students will complete to develop apps using technologies like Android Studio, SQLite, Firebase, and Flutter.
- Details on assessments, required software and equipment, affective domain outcomes, and topics to be covered in each of the 6 units.
The course aims to give students competency in mobile app development and prepares them for jobs in the growing industry.
PurposeThis course project is intended to assess your abilitTakishaPeck109
Purpose
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:
The ability to discern when a risk assessment should be performed and carrying out the task
Understanding user or customer access requirements, whether remote or local
Using a layered security approach to establish and maintain access controls
Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.
Required Source Information and Tools
The following tools and resources will be needed to complete this project:
Course textbook
Access to the Internet
Access to the library
Text sheet: Integrated Distributors Incorporated (access_project_ts_integrateddistributors)
Learning Objectives and Outcomes
Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following:
Relate how an access control policy framework is used to define authorization and access to an information technology (IT) infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation.
Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
Define proper security controls within the User Domain to mitigate risks and threats caused by human nature and behavior.
Implement appropriate access controls for information systems within IT infrastructures.
Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
Project Checkpoints
The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on your interim work. In this project, you have four ungraded checkpoint deliverables. (See the syllabus for the schedule.) You may discuss project questions with the instructor, and you should receive feedback from the instructor on previously submitted work. The checkpoint deliverable ensures refinement of the final deliverables, if incorporated effectively. The final deliverable for this project is a professional report and a PowerPoint presentation.
Checkpoint
Purpose of the Checkpoint
Expected Deliverables
1
Understanding requirements
Clarification on project deliverables
Discussion on project concerns and progress up to thi ...
Information Security Assessment Dammam Technical College Infor.docxjaggernaoma
This document provides an information security assessment for Dammam Technical College. It begins with an introduction that outlines the organization's description, goals, structure, and security requirements. It then discusses plans for the project, including analyzing the IT architecture, identifying security threats and controls, performing a security evaluation, and proposing security improvements. The remainder of the document is structured to cover each of these planned sections in detail. It aims to analyze the current IT systems and infrastructure, evaluate security risks, and make recommendations to enhance the information security posture of the organization.
I need 10 pages of report and 10 slides PurposeThis course pdoylymaura
I need 10 pages of report and 10 slides
Purpose
This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:
The ability to discern when a risk assessment should be performed and carrying out the task
Understanding user or customer access requirements, whether remote or local
Using a layered security approach to establish and maintain access controls
Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous lessons of instruction for this course.
Required Source Information and Tools
The following tools and resources will be needed to complete this project:
Course textbook
Access to the Internet
Access to the library
Text sheet: Integrated Distributors Incorporated (access_project_ts_integrateddistributors)
Learning Objectives and Outcomes
Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following:
Relate how an access control policy framework is used to define authorization and access to an information technology (IT) infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation.
Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
Define proper security controls within the User Domain to mitigate risks and threats caused by human nature and behavior.
Implement appropriate access controls for information systems within IT infrastructures.
Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
Project Checkpoints
The course project has a checkpoint strategy. Checkpoint deliverables allow you to receive valuable feedback on your interim work. In this project, you have four ungraded checkpoint deliverables. (See the syllabus for the schedule.) You may discuss project questions with the instructor, and you should receive feedback from the instructor on previously submitted work. The checkpoint deliverable ensures refinement of the final deliverables, if incorporated effectively. The final deliverable for this project is a professional report and a PowerPoint presentation.
Checkpoint
Purpose of the Checkpoint
Expected Deliverables
1
Understanding requirements
Clarification on project deliverables
Discussion o ...
This document provides a toolkit for universities to prepare communications in response to a cyber attack or security incident. It includes resources such as:
- A framework for effective communication developed by Knight and Nurse.
- Guidelines for pre-event planning including identifying aims, crisis communication capabilities, partners, and rehearsals.
- A cyber response flowchart outlining disclosure decisions and communication considerations.
- Sections on framing messages, disclosure options, and delivering the message.
- The goal is to help universities minimize impact, reduce reputational damage and costs from a cyber incident by having an effective prepared communication response. It emphasizes the importance of collaboration across the institution.
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
Project Name
Your Full Name
Course Number and Name (As it appears on your Course Guide.)
Professor’s Name (As it appears on your Course Guide.)
University Name (As it appears on the Course Guide.)
Date (Month must be spelled out. Use the date that the paper is due.)
*
*
*
Project Description & ObjectivesDescribe the project in non-technical terms.Describe the project objectives and how the project has met each objective.Explanation #1Explanation #2Explanation #3State the project scope statement. Detail the requirements of the project.Adhere to quality management.
*
*
*
Work Breakdown Structure (WBS)Insert the WBS.Highlight brief task explanation on the slide but explain thoroughly on the speaker notes.
*
Project Schedule and MilestonesCreate timeline.List activity sequences and durations.Indicate the critical path.
*
Project Human Resource ManagementIdentify stakeholders.Indicate the project team matrix (weak, balanced, and strong).Explain how the project team was developed and managed.Identify procurement management, i.e., vendors, contractors, suppliers, etc.
*
Project CostEstablish the approved budget.Identify the cost for the resources.State the cost of the project. (Is it under or over budget?)Note the technology used with associated cost.BenefitsDrawbacks or barriers
*
Project CommunicationsEnsure that all project information is collected, documented, and archived.Distribute and share information with stakeholders, management, and project team members.Identify risks.Qualitative RisksQuantitative Risks
*
Competitive Analysis
*
*
*
Competitive Analysis, Cont.
*
*
*
Procedures
*
*
*
Assumptions, Constraints & DependenciesIdentify the assumptions used to determine the project scope.Evaluate project’s success from these assumptions.Evaluate project’s obstacles from these assumptions.Explain the scope, time, and cost constraints.List any dependencies. Explain.
*
Project Lessons LearnedRecommend methods to avoid similar obstacles in future projects.List of six (6) best practices arising from this project.#1#2#3#4#5#6
*
Next Steps
NOTE: Is there another phase for this project? What is the project closure?
*High-level GoalsRelationshipUltimate Goal
*
*
ReferencesYou must use references that coincide with the in-text citations in your presentation written in correct APA format. All references should come from Strayer University databases such as EbscoHost, eLibrary, ProQuest, etc. If your professor allows use of the internet avoid using .com sites, but you may use .org or .gov sites that are copyrighted.
*
ABC: INFORMATION TECHNOLOGY PROJECT CHARTER
Name:
Institutional Affiliation:
1.0. INTRODUCTIONPurpose of INFORMATION TECHNOLOGY Project Charterthe abc’s INFORMATIONA tECHNONOLOGY pROJECT PROPOSAL charter documents a research and formulation of a surveillance security system which is targeted to appraise in ...
The document provides a risk assessment of Blackboard and LJMU's online information systems. It models the systems and processes for handling assessment coursework. The assessment identified assets like Blackboard, the student information system, and online payment facilities. It analyzed risks to the confidentiality, integrity, and availability of these assets. The assessment was conducted according to the UK HMG Information Assurance Standard No. 1 to evaluate and suggest solutions to technical risks.
The task was to develop an audit scope and business line breakdown, based on the supplied narrative for our fake organization, the "Department of Controlled Substances (DCS)". I was an external auditor who has been contracted to come and perform a full scale, top-to-bottom audit of DCS
This document describes a proposed user-centric machine learning framework for a cyber security operations center. It discusses the typical data sources in a SOC like security logs and alerts from various systems. It explains how this data can be processed and used to create an effective machine learning system to evaluate user risks. This would help security analysts prioritize investigations and improve efficiency. The proposed framework integrates alert information, security logs, and analyst notes to generate features and labels for machine learning models. It aims to reduce manual analysis workload while enhancing security. The document also provides an example implementation using real industry data to demonstrate the full process from data collection and labeling to model training and evaluation.
Glyndwr University is establishing a sister college in the USA. This poses legal implications under the UK Data Protection Act 1998, as the USA does not have equivalent data protection legislation. The Act prohibits transferring personal data to countries without adequate protections. To legally share data with the USA, Glyndwr must comply with the "Safe Harbour" principles agreed between the EU and USA, which aim to ensure adequate privacy protections. Key requirements include obtaining consent for data use and processing, keeping data secure, accurate and up-to-date, and providing access for individuals to correct errors. Complying with Safe Harbour allows Glyndwr to legally pursue its plans for the sister college while protecting privacy under UK law.
CompTIA PenTest+: Everything you need to know about the examInfosec
Penetration testers find and report vulnerabilities before they can be exploited. CompTIA’s PenTest+ is one of the best certifications to validate those skills, and it’s being updated to align with the most up-to-date hacking and pentesting skills requested by employers in 2021.
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docxtoltonkendal
Running Head: STATEMENT OF WORK
STATEMENT OF WORK 2
Assignment: 2-2 Final Project Milestone One: Statement of Work
Terri Y. Hudson
Southern New Hampshire University – IT 552
November 6, 2016
Agency-wide security awareness Program Proposal
Introduction
For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal.
Objective
This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information-security awareness program (United States, 2000).
Background
The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets.
1. Technical infrastructure
The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products.
2. Computing Environment
The organization’s desktop computers are of Windows 2007/ 98 and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based.
3. Security Posture of the Organization
The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. Th ...
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
ISA.pdf
1. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 1 of 10
GUJARAT TECHNOLOGICAL UNIVERSITY (GTU)
Competency-focused Outcome-based Green Curriculum-2021 (COGC-2021)
Semester-II
Course Title: Information Security Awareness
(Course Code: 4321603)
Diploma programme in which this course is offered Semester in which offered
Information Technology Second
1. RATIONALE
As digital services are increasing, so are security attacks. Almost all successful
information security breaches have one variable in common: human error. The
technological advancement in terms of security has become very effective but the
effectiveness of technical security measures only goes as far as humans properly
utilize them. In today's digital world, information security is more important than
ever. It is no longer the responsibility of security professionals only; Individuals are
equally responsible too.
Cyber-attacks and cybercrimes have increased significantly. As a result, awareness of
the risks and consequences of cybercrime and cyber attacks is a critical first step in
establishing a secure information society. This course is therefore so designed that
the students will be able to apply the principles of information security along with
the tools as and when required to mitigate the threat.
2. COMPETENCY
The purpose of this course is to help the student to attain the following industry identified
competency through various teaching learning experiences:
Use information security concepts along with various security tools and techniques
for data protection.
3. COURSE OUTCOMES (COs)
The practical exercises, the underpinning knowledge and the relevant soft skills associated
with this competency are to be developed in the student to display the following COs:
a) Explain Importance of information security awareness for data protection and attacks
in system security.
b) Apply knowledge of security threats to computer systems, and perform
countermeasures to secure a computer.
c) Apply various tools and techniques to secure mobile devices, email and web
browsers.
d) Implement various social engineering strategies to minimize the risk of data being
compromised through human error.
e) Use computing and internet resources based on legal and ethical factors to
understand cybercrime and law.
2. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 2 of 10
4. TEACHING AND EXAMINATION SCHEME
Teaching Scheme
(In Hours)
Total Credits
(L+T/2+P/2)
Examination Scheme
Theory Marks Practical Marks Total
Marks
L T P C CA ESE CA ESE
0 1 4 3 0 0 25* 25 50
(*): Out of 25 marks under the theory CA, 10 marks are for assessment of the micro-project
to facilitate integration of COs and the remaining 20 marks is the average of 2 tests to be
taken during the semester for the assessing the attainment of the cognitive domain UOs
required for the attainment of the COs.
Legends: L-Lecture; T – Tutorial/Teacher Guided Theory Practice; P - Practical; C – Credit, CA -
Continuous Assessment; ESE - End Semester Examination.
5. SUGGESTED PRACTICAL EXERCISES
The following practical outcomes (PrOs) that are the sub-components of the COs. Some of
the PrOs marked ‘*’ are compulsory, as they are crucial for that particular CO at the
‘Precision Level’ of Dave’s Taxonomy related to ‘Psychomotor Domain’.
Sr.
No.
Practical Outcomes (PrOs)
Unit
No.
Approx.
Hrs.
required
1
Prepare a case study on recent 2 information security attacks.
Summarize and discuss which part of the CIA triad has been broken
in each.
I 02
2
Choose any 2 real-world examples of security attacks and identify
techniques and tools used by attackers for active and passive
attacks.
I 02
3
Install Spyrix Free Keylogger, Iwantsoft Free Keylogger, or any
other keylogger. configure your PC to monitor the system for
keystrokes and screenshots.
II 04
4
Protect your personal computer system by creating a secure User
Accounts policy for safety and security
II 02
5 Configure windows firewall for inbound and outbound rules. II 04
6
Use USB security software such as Autorun Deleter, Panda USB
Vaccine to minimize risk from removable devices.
II 02
7
Use EaseUSTodo Backup or any other tool to create backup and
restore your computer.
II 02
8 Configure the security settings of your browser. III 02
9
Test browser security using the following tools and report your
findings: Qualys BrowserCheck, Cloudflare ESNI Checker, Privacy
Analyzer, Panopticlick, AmIUnique
III 04
10
Test your email data breach which can be used for identity theft
using following tools:
1. https://www.f-secure.com/en/home/free-tools/identity-
theft-checker
2. https://haveibeenpwned.com/
III 02
3. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 3 of 10
Sr.
No.
Practical Outcomes (PrOs)
Unit
No.
Approx.
Hrs.
required
If your identity is compromised then prepare a report on how to
mitigate the risk?
11
Analyze and identify normal and spam E-mail headers using any
header analyzer tool for fraud or phishing emails. Summarize your
finding in the report. (Tool: https://mailheader.org/ or any other)
III 04
12
Secure your mobile device
1. Prevent installation of third-party applications.
2. Check permissions given to the installed application and
evaluate whether the given permission is actually required
by that application i.e., message application should not
have permission to access camera
3. To prevent your device from connecting to poorly
configured or insecure networks disable auto-connect in
wifi settings.
4. Turn off location services, Bluetooth, wifi, mobile data as
and when it is not required
5. Configure backup and restore data settings on your
mobile device
III 02
13
Use Google password manager available at given link
https://passwords.google.com/ to save, manage, protect and
create strong passwords.
III 02
14 Demonstrate a phishing attack simulation with the GoPhish tool. IV 04
15
Test website authenticity and possible phishing websites using
VirusTotal, Google Transparency Report, URLVoid, or any other
tools. Identify ways to report Fraudulent or Scam Websites.
IV 04
16
Configure all privacy settings for social networks with which you
have an account and review your entire profile.
IV 04
17
Survey recent social media scams like lottery scams, job scams and
prepare a report for the following:
● What is the attacker trying to gain?
● Who is being scammed?
● What are the consequences for the person being
scammed?
● Why does the scam work successfully?
● What awareness is required which could avoid the scam?
IV 04
18
Study a government Cybercrime portal to prepare a report on
cybercrime and its laws.
V 02
19 Prepare a report on how to report cybercrime online V 02
20
Prepare a report on online acceptable behavior against unethical
behavior.
V 02
Total 56
4. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 4 of 10
Note
i. More Practical Exercises can be designed and offered by the respective course teacher to
develop the industry relevant skills/outcomes to match the COs. The above table is only a
suggestive list.
i. The following are some sample ‘Process’ and ‘Product’ related skills (more may be
added/deleted depending on the course) that occur in the above listed Practical Exercises
of this course required which are embedded in the COs and ultimately the competency..
Sr.
No.
Sample Performance Indicators for the PrOs Weightage in %
1 Analyze and identify a suitable approach for problem-
solving
25
2 Use of appropriate technology/software/tools 25
3 Relevance and quality of output 20
4 Interpret the result and conclusion 15
5 Prepare a report/presentation for the given problem 15
Total 100
6. MAJOR EQUIPMENT/ INSTRUMENTS REQUIRED
These major equipment with broad specifications for the PrOs is a guide to procure them by
the administrators to usher in uniformity of practicals in all institutions across the state.
Sr.
No.
Equipment Name with Broad Specifications
PrO. No.
1 Computer system with an operating system and Internet Facility All
2 Spyrix Free Keylogger, Iwantsoft Free Keylogger 3
3 Autorun Deleter, Panda USB Vaccine 6
4 EaseUSTodo Backup 7
5 GophishOpen-Source Tool 14
7. AFFECTIVE DOMAIN OUTCOMES
The following sample Affective Domain Outcomes (ADOs) are embedded in many of the
above mentioned COs and PrOs. More could be added to fulfil the development of this
competency.
a) Work as a leader/a team member.
b) Follow ethical practices.
The ADOs are best developed through the laboratory/field based exercises. Moreover, the
level of achievement of the ADOs according to Krathwohl’s ‘Affective Domain Taxonomy’
should gradually increase as planned below:
i. ‘Valuing Level’ in 1st year
ii. ‘Organization Level’ in 2nd year.
iii. ‘Characterization Level’ in 3rd year.
5. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 5 of 10
9. UNDERPINNING THEORY
Only the major Underpinning Theory is formulated as higher level UOs of Revised Bloom’s
taxonomy in order development of the COs and competency is not missed out by the
students and teachers. If required, more such higher level UOs could be included by the
course teacher to focus on attainment of COs and competency.
Unit
Unit Outcomes (UOs)
(4 to 6 UOs at Application and
above level)
Topics and Sub-topics
Unit – I
Basics of
Information
security and
awareness
1a.Explain fundamentals of
security aspects
1b. Explain Security principles
1c. Understand the threats and
risks to modern data and
information systems.
1d.Differentiate between active
and passive security attacks
1.1 What is Information Security,
Importance of Information Security
and its awareness
1.2 CIA Triad, Parkerian Hexad
1.3 Information security threats
1.4 Security attacks- active and passive
Unit – II
Computer
System
Security
2a. Justify the need for operating
system security
2b. Identify the risks associated
with the usage of removable
devices and drives
2c. Manage secure user accounts
to access the operating system
2d. Apply operating system
hardening techniques
2e. Apply configuration of the
firewall for operating system
security
2f. Differentiate between the types
of malwares and their effects
2.1 Function of Operating system,
importance of Operating System
security
2.2 Removable Devices & Drives:
Introduction, Types, Risks involved
while using the removable devices,
Best Practices for safe & secure
usage.
2.3 Secure User Account Policy
2.4 Operating system Hardening - strong
passwords, OS updates, software
patches, system back-ups, Installing
and Updating Antivirus,
2.5 Configuration of a firewall for OS
security
2.6 Malware, Ransomware & Key-
loggers: Introduction and types of
malwares (Virus, Worms, Trojans,
Rootkits, Adware, Spyware,
Crimeware)
Unit-III
Mobile
Devices,
Email and
Web
browser
Security
3a. Describe Mobile Security
3b. Classify mobile deceive threats
into broad categories.
3c. Identify security measures to
prevent the mobile threat
3d. Analyze ways to prevent
attacks on passwords.
3.1 Introduction to Mobile Security
3.2 Types of threats on mobile devices:
application-based, web-based,
network and physical threat
3.3 Security measures to prevent the
mobile threat, Secure data on a lost
mobile device
3.4 Importance of password, common
Attacks on Password, Password
Best Practices, maintaining good
6. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 6 of 10
Unit
Unit Outcomes (UOs)
(4 to 6 UOs at Application and
above level)
Topics and Sub-topics
3e. Infer methods to maintain
good password
3f. Survey mobile device
protection methods
3g. Assess email security concepts
to use email safely
3h. Analyze web security features
and risks to improve web
browser security
password, Multi-Factor
Authentication (MFA), Password
Manager
3.5 Mobile device protection: device
hardening, managing app
permissions, secure WI-FI, screen
locks, downloading and updating
Apps, backup
3.6 Email Security: How an E-mail
Works, Threats through Emails,
Guidelines for using Email Safely
3.7 Web Browser Security: Web
Browser feature and risks, how to
improve web browsers security,
Security Extensions in Browsers,
content filtering
Unit– IV
Social
Engineering
and Social
Networking
Security
4a. Demonstrate knowledge of
Internet safety practices and
policies to protect one on
social networks.
4b. Describe risks associated with
social networks
4c. Compare similarities and
differences between offline
and online scams.
4d. Explain why social engineering
is an important consideration
for cyber security.
4e. Analyze how particular social
engineering attacks take
advantage of specific features
of the Internet and of human
nature.
4.1 Introduction to Social Network, safe
and proper use of Social Network,
flagging and reporting of
inappropriate content on Social
Network
4.2 Frauds and harassment on social
media through fake profiles,
sextortion using video call,
cyberstalking, Cyberbullying
4.3 Spotting fake news, fake posts, fake
messages, fake customer care/toll-
free numbers on social media
4.4 What is social engineering?
4.5 Types of Social engineering attacks
- Phishing, Spear Phishing,
Smishing, Vishing, Pretexting,
Search Engine Phishing Attack,
Whaling, scareware, baiting, Quid
Pro Quo
4.6 Ways to prevent social engineering
attacks
Unit– V
Cyber Crimes
and Internet
ethics
5a. Classify cybercrimes from the
nature of the crime.
5b. Describe laws relevant to
cybercrime
5c. Summarize methods to report
5.1 What is cybercrime, Categories of
Cyber Crimes, Cyber Crime laws
5.2 Cyber Crime Reporting: How to
Report Cyber Crimes? Report &
Track Cyber Crime Complaints
7. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 7 of 10
Unit
Unit Outcomes (UOs)
(4 to 6 UOs at Application and
above level)
Topics and Sub-topics
cybercrime and track
cybercrime
5d. Distinguish ethical behavior
with unethical behavior
5.3 Internet Ethics: Introduction
Internet Ethics, Unethical behavior
in Internet & Examples, Acceptable
behavior and Examples
Note: The UOs need to be formulated at the ‘Application Level’ and above of Revised Bloom’s
Taxonomy’ to accelerate the attainment of the COs and the competency.
10. SUGGESTED SPECIFICATION TABLE FOR QUESTION PAPER DESIGN
Unit
No.
Unit Title
Teaching
Hours
Distribution of Theory Marks
R
Level
U
Level
A
Level
Total
Marks
I Basics of Information
security and awareness
04
---Not Applicable---
II Computer System
Security
14
III Mobile Devices, Email
and Web browser
Security
16
IV Social Engineering and
Social Networking
Security
16
V Cyber Crimes and
Internet ethics
06
Total 56
Legends: R=Remember, U=Understand, A=Apply and above (Revised Bloom’s taxonomy)
Note: This specification table provides general guidelines to assist student for their learning
and to teachers to teach and question paper designers/setters to formulate test
items/questions assess the attainment of the UOs. The actual distribution of marks at
different taxonomy levels (of R, U and A) in the question paper may vary slightly from above
table.
11. SUGGESTED STUDENT ACTIVITIES
Other than the classroom and laboratory learning, following are the suggested student-
related co-curricular activities which can be undertaken to accelerate the attainment of the
various outcomes in this course: Students should conduct following activities in group and
prepare reports of about 5 pages for each activity, also collect/record physical evidences for
their (student’s) portfolio which will be useful for their placement interviews:
a) Register on https://cybercrime.gov.in/Webform/CyberVolunteerinstruction.aspx as a
“Cyber Volunteer” to serve society in making cyberspace clean and safe.
b) Make online safety infographics, posters, or cartoons that contain cyber safety tips
and circulate them within your social media to alert other users.
8. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 8 of 10
c) Play security awareness games on the following link or any other similar website with
your friends and family members: https://www.cdse.edu/Training/Security-
Awareness-Games/?utm_source=pocket_mylist
d) Study different cybercrime cases and their verdict on following or any other site:
https://www.cyberlawsindia.net/cases.html
e) Undertake course on https://onlinecourses.swayam2.ac.in/nou22_cs04/preview or
any other site
12. SUGGESTED SPECIAL INSTRUCTIONAL STRATEGIES (if any)
These are sample strategies, which the teacher can use to accelerate the attainment of the
various outcomes in this course:
a) Massive open online courses (MOOCs) may be used to teach various topics/sub
topics.
b) Guide student(s) in undertaking micro-projects.
c) ‘L’ in section No. 4means different types of teaching methods that are to be
employed by teachers to develop the outcomes.
d) About 20% of the topics/sub-topics which are relatively simpler or descriptive in
nature is to be given to the students for self-learning, but to be assessed using different
assessment methods.
e) With respect to section No.11, teachers need to ensure to create opportunities and
provisions for co-curricular activities.
13. SUGGESTED MICRO-PROJECTS
Only one micro-project is planned to be undertaken by a student that needs to be assigned
to him/her in the beginning of the semester. In the first four semesters, the micro-project
are group-based. However, in the fifth and sixth semesters, it should be preferably be
individually undertaken to build up the skill and confidence in every student to become
problem solver so that s/he contributes to the projects of the industry. In special situations
where groups have to be formed for micro-projects, the number of students in the group
should not exceed three.
The micro-project could be industry application based, internet-based, workshop-based,
laboratory-based or field-based. Each micro-project should encompass two or more COs
which are in fact, an integration of PrOs, UOs and ADOs. Each student will have to maintain a
dated work diary consisting of individual contributions in the project work and give a
seminar presentation of it before submission. The total duration of the micro-project should
not be less than 16 (sixteen) student engagement hours during the course. The student
ought to submit a micro-project by the end of the semester to develop the industry
orientedCOs.
A suggestive list of micro-projects is given here. This has to match the competency and the
COs. Similar micro-projects could be added by the concerned course teacher:
a) Use privacy-protected search engines for internet searching and compare their
results with normal search engines.
b) Use private browsers and compare results with normal browsers in terms of tracking.
c) Search for your pictures on reverse image search engines and Track where and how
your images appear online.
d) Create a password strength checker using python
9. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 9 of 10
14. SUGGESTED LEARNING RESOURCES
Sr.
No.
Title of Book
Author
Publication with place, year and ISBN
1 Cyber Security
Nina Godbole,
SunitBelapure
Wiley Publication ISBN: 9788126521791
2
Cryptography and Network
Security - Principles and
Practice | Seventh Edition
William Stallings
Pearson Education; Seventh edition (30
June 2017) ISBN: 978-9332585225
3
Cryptography And Network
Security | 3rd Edition
Forouzan Behrouz,
Debdeep
Mukhopadhyay
McGraw Hill Education ISBN: 978-
9339220945
4
Information Security-
Principles and Practices
Mark Merkow
Pearson Education.ISBN- 978-81-317-
1288-7
15. SOFTWARE/LEARNING WEBSITES
a) https://infosecawareness.in/
b) http://www.isea.gov.in/
c) https://www.csk.gov.in/security-tools.html
d) https://www.cert-in.org.in/
e) https://thehackernews.com/
f) https://www.infosecurity-magazine.com/
g) https://threatpost.com/
h) https://cybercrime.gov.in/
16. PO-COMPETENCY-CO MAPPING
Legend: ‘3’ for high, ‘2’ for medium, ‘1’ for low or ‘-’ for the relevant correlation of each competency, CO, with PO/ PSO
Semester II
Information Security Awareness (4321603)
POs and PSOs
Competency & Course
Outcomes
PO 1
Basic &
Discipline
specific
knowledg
e
PO 2
Probl
em
Analy
sis
PO 3
Design/
develop
ment of
solution
s
PO 4
Engineering
Tools,
Experiment
ation
&Testing
PO 5
Engineering
practices for
society,
sustainability &
environment
PO 6
Proje
ct
Mana
geme
nt
PO 7
Life-
long
learn
ing
PSO 1 PSO 2
PSO 3
(If
needed)
Competency Use principles of
basic electronics in various
engineering applications
Course Outcomes
CO a) Explain Importance of
information security awareness for
data protection and attacks in
system security.
3 - - 1 1 1 2
CO b) Apply knowledge of
security threats to computer
systems, and perform
countermeasures to secure a
computer.
1 2 - 3 2 1 2
CO c) Apply various tools and
techniques to secure mobile
devices, email, and web browser
1 2 1 3 2 1 2
CO d) Implement various
social engineering strategies to
minimize the risk of data being
compromised through human
error.
2 2 1 3 2 1 2
CO e) Use computing and
internet resources based on legal
and ethical factors to understand
cybercrime and laws.
1 - - 3 2 1 2
10. Information Security Awareness Course Code: 4321603
GTU - COGC-2021 Curriculum Page 10 of 10
17. COURSE CURRICULUM DEVELOPMENT COMMITTEE
GTU Resource Persons
Sr.
No.
Name and
Designation
Institute Email
1
Prof. Manoj
Parmar
HOD-IT
RCTI,Ahmedabad
manojec@gmail.com
2 Mr. Saifee Vohra
Government
Polytechnic,
Ahmadabad
saifeevohra@gmail.com
3
Dr. Lataben
J.Gadhavi
Government
Polytechnic,
Gandhinagar
latagpg@gmail.com
4
Mrs.Hemali L.
Vithalani
Government
polytechnic for Girls,
Ahmadabad
vithalani.hemali@gmail.c
om