Close
RMIS-X09
PGDM-PT-2009-12: Term-VIII

Risk Management & IT Security
Prof. Umesh H Rao


This course will give a broad understanding of what is IT security is all about and the vital role that it plays in organizations. The objective of the course is to bring an awareness of information security to the business students, business managers in all areas, not just IT, and help them to raise the level of information security issues across organizations and in business operations performed between different organizations such as B2B, B2C etc. Also to understand the risks arising due to security issues in managing information of a business which are exposed to attacks by malicious users. Topics includes information security planning, risk analysis, policy development, security in mobile, wireless, enterprise networks and legal & regulatory issues. The entire course is based on case study discussion, practical examples and may have some hands on lab exercises and demonstrations.

Pre-requisite: Students should have basic understanding of information systems, basic knowledge of LAN, WAN, intranet and internet etc.

Course Content

1. Introduction to Information Security
2. Information Risk Management & Analysis
3. Security planning, management and policy
4. Role Based Access Control Systems
5. Network Security
6. Digital Security
7. Security Law, Investigation and ethical issues
8. Security Audits and Standards - BS7779 and ISO27000
9. Disaster Recovery & Business Continuity Plan
10. Physical Security

Evaluation

Class participation and case study discussions – 10%
Term Paper & Presentation – 30%
Mid Term - 30%
Final Exam – 30%

References

1. Principles of Information Security – Michael E Whitman and Herbert J Mattord, Cengage Learning publications
2. Introduction to Cryptography - Principles and applications. Delfs, H. and H. Knebl. Springer-Verlag. 2002
3. Design of robust business-to-business electronic marketplaces with guaranteed privacy: J, Kalvenes, A.Basu, Management Science, Vol. 52, no. 11, pp. 1721-1736

Session Plan
Topics Covered
Assignment/Case Study
Introduction and Course structure
Need of Information securityCase Study - CITI BANK
Introduction to Information Security
Classification of Security ThreatsCase Study - Top 10 Security Threats
OS Security (Virus, worms,etc)
Network Security (spoofing, DOS etc)Case Study - Phishing
OS Security (Practical sessions)Lab Demo
Network Security (practical sessions)Lab Demo
Wireless SecurityCase - Mobile Wireless Risks
Digital Security (Cryptography, digital signature etc),
Digital Certification		Case Study - HDFC Online Banking
Web Security
Security Management FrameworkCase - Manager's Role in IT Security
Information Risk and Risk Identification
IT Risk Management and controlsCase - ICICI Bank
Role Based Access Control, IDAM and Single Sign-on
Disaster recovery (DR)
Business Continuity Plan (BCP)
Secuity Polciies, Standrads and Practices
Laws, Ethics in Information Security
Student PresentationsAssignment
Student PresentationsAssignment
Student PresentationsAssignment

Created By: Debasis Mohanty on 08/10/2011 at 03:54 PM
Category: ExPGP-III Doctype: Document

...........................