Close
ITSM-W07
(PGDM [PT-Weekend] 2007-10 : Term-VIII)

IT Security Management
(Faculty: H.R. Umesh)

COURSE OUTLINE


This course is concerned with fundamental principles of computer security as applied to management. The objective of the course is to bring an awareness of information security to the business students, business managers in all areas, not just IT, and help them to raise the level of information security issues across organizations and in business operations performed between different organizations such as B2B, B2C etc. Also to understand the risks arising due to security issues in managing information of a business which are exposed to attacks by malicious users. Topics includes information security, risk analysis, policy development, security in the latest technologies such as mobile, wireless, enterprise networks and legal & regulatory issues.

Pre-requisite: Students should have basic understanding of information systems, basic knowledge of LAN, WAN, intranet and internet.

Course Content

1. Introduction to Information Security
2. Information Risk Management & Analysis
3. Security planning, management and policy
4. Role Based Access Control Systems
5. Network Security
6. Digital Security
7. Security Law, Investigation and ethical issues
8. Security Audits and Standards - BS7779 and ISO27000
9. Disaster Recovery & Business Continuity Plan
10. Physical Security
11. Ethical Hacking in Business

Tentative Session Plan
SessionModuleDescriptionRemarks
1Introduction1. Course outline
2. Course content
3. Course structure
4. Introduction to IT Security
5. Why do we need information security?
6. Business Needs?		Case Study
2Information Risk Management1. Risk & Risk Identification
2. Risk Management & Control		Case Study
3 & 4Security Planning, Security Management1. Security Management Framework
2. Security Policy, standards and Practices
5Role Based Access Control Systems1. Role Based Access
2. Identity Management
3. Single sign-on		Guest Speaker

(Chief Architect – Honeywell )

6 & 7Network Security1. What is Network security
2. Why do we need network security?
8 & 9Digital Security1. Digital Security (Web Security)
2. Digital Certification
3. E-mail security		Case Study
10Security Law, Investigation and ethical issues1. Law and Ethics in Information Security
2. Relevant US and Indian Laws
3. Organization Liabilities		Case Study
11 & 12Security Audits4. Standards
5. Security Audits
6. Implementing Standards		Guest Speaker

(Director - Oracle Corporation)

13Disaster Recovery7. What is DR
8. DR Planning
9. DR Strategy
10. What is BCP		Guest Speaker

(Managing Director - MUSA Software)

14Physical Security11. Introduction to Physical Security
12. Strategies
15Ethical hacking13. What is Ethical hacking
14. ECH certifications
15. Why Organizations need Ethical Hackers?
Evaluation

Quiz (2) – 40%
Case Study Discussions – 10%
Term paper – 10%
Final Exam – 40%

Case Study

Objectives of Case Analysis:

1. To identify major issues/problem(s)
2. Examine facts and evaluate evidences
3. Apply knowledge / experience / understanding gained in the class to analyze and take necessary actions and consider feasibility of alternative courses of action
4. Steps for implementation

References

1. Principles of Information Security – Michael E Whitman and Herbert J Mattord, Cengage Learning publications
2. Introduction to Cryptography - Principles and applications. Delfs, H. and H. Knebl. Springer-Verlag. 2002
3. Design of robust business-to-business electronic marketplaces with guaranteed privacy: J, Kalvenes, A.Basu, Management Science, Vol. 52, no. 11, pp. 1721-1736
Created By: Bijoy Kar on 12/10/2009 at 12:18 PM
Category: ExPGP-NR-III Doctype: Document

...........................