Created byV Kamakoti
The level 1 course is intended to address the basics of information Security Concepts and the general industry trends. We will be covering the following topics:
1. What is Information Security? Why do you need it? – Basic Principles of Confidentiality, Integrity Availability Concepts Policies, procedures,Guidelines, Standards Administrative Measures and Technical Measures, People, Process, Technology
2. Current Trends in information Security, Cloud Computing: benefits and Issues related to info Sec. Standards available for InfoSec: Cobit, Cadbury, ISO 27001, OWASP, OSSTMM, etc - An Overview, Certifiable Standards: How, What, When, Who.
3. Vulnerability, Threat and Risk, Risk Assessment and Mitigation + Quick fixes, Introduction to BCP / DRP / Incident management, Segregation and Separation of Duties & Roles and responsibilities, IT ACT 2000
4. Types of assessments for Information Security - VAPT of Networks; Web Appln Audits; IT assessments or audits; Assessment of Network Equipments; Assessment of Security Devices (Web Filtering, Firewalls, IDS / IPS, Routers; Data Center Assessment; Security of Application Software; SAP Security; Desktop Security; RDBMS Security; BCP / DRP assessments; Policy reviews;
5. Network Security & Common and Popular Tools Used
6. Windows and Linux security, Types of Audits in Windows Environment: Server Security, Active Directory (Group Policy), Anti-Virus, Mails, Malware, End point protection, Shadow Passwords, SUDO users, etc
7. Web Application Security: OWASP, Common Issues in Web Apps, What is XSS, SQL injection, CSRF, Password Vulnerabilities, SSL, CAPTCHA, Session Hijacking, Local and Remote File Inclusion, Audit Trails, Web Server Issues, etc
To access the content, please enroll in the course.
Course Syllabus & Schedule
1) Prof. V. Kamakoti, Department of Computer Science and Engineering, IIT Madras specializes in the area of Computer Architecture and Hardware Design. His introduction to Information Security is through building secure systems. He is an advisor for many security critical organizations including Banking Institutions. He completed his Master of Science (By research) and PhD at the Department of Computer Science and Engineering, IIT Madras in the years 1992 and 1995 respectively. He completed his BE in Computer Science and Engineering from Sri Venketaswara College of Engineering (Affiliated to University of Madras) in the year 1989.
2) Dilip H. Ayyar has close to 18 years of experience in the Information Security area. He has co-founded two companies, the 7i Security (P) Ltd and Deccan Infotech (P) Ltd. These companies are involved in providing services such as Security operations Center, Network Operations Centre, Cloud computing, Virtualization, Storage as a service, etc. His role as a Technical Director includes Security Policy Formulations for clients, Security Audits and Penetration Testing for Clients, Web Security Audits and Concurrent Audit of Information Security. His clients include Bank data centers and stock exchanges. He holds a Bachelors Degree in Engineering, followed by an MBA. He has also got the following certifications- C|CISO, CRISC, CISM, CISA, CEH, CHFI, CFE, CCNA, ISO 27001 Lead Auditor & Implementer, ISO 9001:2008 LEAD AUDITOR, and, BS 15000 IMPLEMENTER