Course Code: Maj/SE-309
Credit Hours: 3 (3+0)
Prerequisite: Software Engineering
Course Learning Outcomes (CLOs)
| CLO # | Learning Outcome | Domain | BT Level* |
|---|---|---|---|
| 1 | Explain key concepts of information security, including design principles, cryptography, risk management, and ethics. | C | 2 |
| 2 | Discuss legal, ethical, and professional issues in information security. | A | 2 |
| 3 | Apply various security and risk management tools to ensure information security and privacy. | C | 3 |
| 4 | Identify appropriate techniques to address and solve problems in information security. | C | 4 |
(*BT = Bloom’s Taxonomy, C = Cognitive domain, P = Psychomotor domain, A = Affective domain)
16-Week Course Plan with Tool-Based Exercises
| Week | Topics Covered | Reading Material | Class Activity | Assignment (with Tools) |
|---|---|---|---|---|
| 1 | Introduction to Information Security | Stallings Ch. 1 | Case Study: Equifax Data Breach Analysis | Kali Linux Setup: Install and explore basic security tools. |
| 2 | Security Threats & Vulnerabilities | Whitman & Mattord Ch. 2 | Threat Modeling: Identify threats in a given system. | Nmap Network Scan: Identify open ports on a local network. |
| 3 | Security Design Principles | Gollmann Ch. 3 | Security Audit: Evaluate security in a web application. | OWASP ZAP: Perform a basic security test on a website. |
| 4 | Introduction to Cryptography | Stallings Ch. 4 | Hands-on Encryption: Implement Caesar Cipher in Python. | GPG Tool: Encrypt and decrypt messages using GNU Privacy Guard (GPG). |
| 5 | Symmetric & Asymmetric Encryption | Easttom Ch. 5 | RSA Demo: Generate public/private keys using OpenSSL. | Wireshark: Capture and analyze encrypted traffic. |
| 6 | Hash Functions & Digital Signatures | Stallings Ch. 6 | Hashing Lab: Generate hashes using SHA-256. | HashCat: Crack password hashes using dictionary attacks. |
| 7 | Authentication & Access Control | Whitman & Mattord Ch. 7 | 2FA Implementation: Set up Google Authenticator on a website. | Hydra Tool: Perform a brute-force login attack (on a test system). |
| 8 | Midterm Exam + Review Session | All previous topics | Mock Security Audit: Evaluate security flaws in a simulated environment. | Midterm Exam |
| 9 | Secure Software Development & Malware | Gollmann Ch. 8 | Static Code Analysis: Identify security vulnerabilities in code. | YARA Rules: Create a rule to detect a specific malware signature. |
| 10 | Database Security | Easttom Ch. 9 | SQL Injection Simulation: Exploit a test database. | SQLmap: Automate SQL injection testing on a test environment. |
| 11 | Network Security & Firewalls | Stallings Ch. 10 | Firewall Configuration: Set up firewall rules in pfSense. | Snort IDS: Deploy and analyze alerts from an Intrusion Detection System. |
| 12 | Intrusion Detection Systems (IDS) | Whitman & Mattord Ch. 11 | Network Traffic Analysis: Identify suspicious activity. | Splunk: Use Splunk to analyze security logs. |
| 13 | Risk Management & Security Policies | Gollmann Ch. 12 | Risk Assessment Report: Identify risks in a corporate setup. | Metasploit Framework: Perform penetration testing on a simulated system. |
| 14 | Cybercrime, Law, & Ethics | Easttom Ch. 13 | Ethical Hacking Debate: Discuss legal implications of hacking. | OSINT Tools: Use Maltego for intelligence gathering. |
| 15 | Privacy, Anonymity & Digital Forensics | Stallings Ch. 14 | Forensic Data Recovery: Extract deleted files. | Autopsy Tool: Perform digital forensics analysis on a storage device. |
| 16 | Final Exam + Project Presentations | All course content | Final Project Demonstration: Students present security analysis of real-world systems. | Final Exam |
Additional Tool-Based Labs & Exercises
- Password Security: Crack weak passwords using John the Ripper.
- Penetration Testing: Conduct ethical hacking tests using Metasploit.
- Social Engineering Awareness: Simulate phishing attacks using SEToolkit.
- Forensic Analysis: Examine logs and traces of cyberattacks using FTK Imager.
- Network Security Auditing: Scan for vulnerabilities using OpenVAS.
Assessment & Grading Criteria
| Assessment Component | Weightage (%) | Description |
|---|---|---|
| Quizzes (3-4) | 10% | Short tests to assess conceptual understanding |
| Assignments (3-4) | 15% | Practical security tasks using real-world tools |
| Midterm Exam | 25% | Covers topics from Weeks 1-8 |
| Final Exam | 30% | Covers topics from the entire course |
| Semester Project | 15% | Security risk assessment and penetration testing report |
| Class Participation & Presentations | 5% | Engagement in discussions, Q&A sessions |
Total: 100%
Textbook & Reference Materials
Primary Textbook:
- Computer Security: Principles and Practice (3rd edition) – William Stallings
Reference Books:
- Principles of Information Security (6th edition) – M. Whitman & H. Mattord
- Computer Security (3rd edition) – Dieter Gollmann
- Computer Security Fundamentals (3rd edition) – William Easttom
- Official (ISC)² Guide to the CISSP CBK (3rd edition)