Syllabus

(MSCLIS)
(Batch 2013 2015)
nd

Semester

Indian Institute of Information Technology, Allahabad

1

Index
MSCLIS 2 nd Semester
Sl.No.

Topic

Page No.

Core Paper

1.
2.
3.
4.

Data Information & Cryptography

Database Management & 4GLs
Network Security
Technical Risk Assessment

5.

BCP & DRP

6.

SOX

7.

PCI & DSS

Indian Institute of Information and Technology, Allahabad

(Deemed University)

Lecture List
Data Information & Cryptography

Total lectures: 30
Program: MSCLIS (2nd Sem)

Credit hours: 2 hrs

Course Objective:

To understand the concepts of (Stream cipher & Block cipher) encryption and number theory.
To understand public-key parameters and pseudorandom sequences.
To understand the hash functions, authentication and key management techniques.
Detailed Syllabus:

Lectures Required

Unit 1: Number Theory and Overview of Cryptography: Introduction, Information security and
cryptography, Background on functions, Basic terminology and concepts, Symmetric-key
encryption, Digital signatures Authentication and identification, Public-key cryptography, Hash
functions, Protocols and mechanisms, Key establishment, management, and certification. (3 C
Hrs)
Unit 2: Public-Key Parameters: Introduction, Probabilistic primality tests, (True) Primality tests,
Prime number generation, Irreducible polynomials over Zp, Generators and elements of high
order. (5 C Hrs)

Unit 3: Pseudorandom Bits and Sequences: Introduction, Random bit generation, pseudorandom
bit generation, Statistical tests, and cryptographically secure pseudorandom bit generation. (5 C
Hrs)

Unit 4: Stream Ciphers: Introduction, Feedback shift registers, Stream ciphers based on LFSRs
and Other stream ciphers. Block Ciphers: Introduction and overview, Background and general
concepts, Classical ciphers and historical development, DES, IDEA, RC5 and other block
ciphers (5 C Hrs)

Unit 5: Hash Functions and Data Integrity: Introduction, Classification and framework, Basic
constructions and general results, Unkeyed hash functions (MDCs), Keyed hash functions
(MACs), Data integrity and message authentication, Advanced attacks on hash functions (5 C
Hrs)
Unit 6: Identification and Entity Authentication: Introduction, Passwords (weak authentication),
Challenge-response identification (strong authentication), Customized and zero-knowledge
identification protocols and Attacks on identification protocols. (3 C Hrs)

Unit 7: Key Management Techniques: Introduction, Background and basic concepts, Techniques
for distributing confidential keys, Techniques for distributing public keys, Techniques for
controlling key usage, Key management involving multiple domains, Key life cycle issues and
Advanced trusted third party services. Key Establishment Protocols: Key Transport and
Agreement based on Symmetric and Asymmetric techniques. (4 C Hrs)
Recommended Books
Text Books
Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC
Press, 1996.
Reference Books
Modern Cryptography: Theory and Practice by Wenbo Mao Hewlett-Packard Company, Prentice
Hall PTR 2003.

Cryptography and Network Security by William Stallings, Prentice Hall, Fourth Edition.
Lab Guidelines ( -2-credit hour)
Before Mid Semester Exam
All types of Primality Test
All types of Statistical Test
After Mid Semester
Stream Cipher
Block Cipher
Hash code Generation.

Diffie Hellman Key Exchange

Indian Institute of Information and Technology, Allahabad

4

(Deemed University)

Lecture List
Database Management & 4GLs

Total lectures: 45
Program: MSCLIS (2nd Sem)

Credit hours: 3 hrs

Course Objective:

This course is intended to prepare you to design, develop and use information systems using
database management systems (DBMS). We will explore the practices, issues and theoretical
foundations of organizing and analyzing information and information content for the purpose of
designing effective and useful databases. This course will introduce you to the principles of
database systems and database design. You will learn how to use DBMS to construct information
systems for a wide range of applications.
These topics will be examined through readings, discussion, hands-on experience using various
database management systems, and through exercises designed to help explore the capabilities
and utility of different database systems.
Detailed Course:
Introduction to databases and database management systems,
The conceptual data model,
The Relational data model.
Structured Query language (SQL),
Fourth Generation Environments,
The future of the relational model: extensions and replacements,
Transaction processing, Triggers, Indexes, Security, PL/SQL,
Functions, Procedures, Cursors.
Oracle Developer/2000,
Forms, Reports, Graphics Designer/2000 Applications.
Reference Books:
1. Database System Concepts by Abraham Silberschatz et el, 5 th Edition, TMH Publishing Co.
2. Database Management System by Raghu Ramakrishnan et el, 3 rd Edition, TMH Publishing Co.
3. Oracle 10g Programming : A Primer Rajshekhar Sunderraman 2 nd Edition, Addition Wesley
Publishing Co.

Indian Institute of Information and Technology, Allahabad

(Deemed University)

Lecture List
Network Security

Total lectures: 45
Program: MSCLIS (2nd Sem)

Credit hours: 3 hrs

Course Objective
This course provides an essential study of computer security issues and methods in networking
systems. Topics to be covered include review of networking, advanced cryptography, access
control, distributed authentication, TCP/IP security, firewalls, IPSec, Virtual Private Networks,
and intrusion detection systems.
Detailed Syllabus:

Lectures Required

Unit 1: Introduction to Network security, Model for Network security, Model for Network
access security. (2 C Hrs)
Unit 2:
Real-time Communication Security: Introduction to TCP/IP protocol stack,
Implementation layers for security protocols and implications, IPsec: AH and ESP, IPsec: IKE.
(7 C Hrs)
Unit 3: Media- Based-Vulnerabilities, Network Device Vulnerabilities, Back Doors, Denial of
Service (DoS), Spoofing, Man-in-the-Middle, and replay, Protocol-Based Attacks, DNS Attack,
DNS Spoofing, DNS Poisoning, ARP Poisoning, TCP/IP Hijacking . (10 C Hrs)
Unit 4: Virtual LAN (VLAN) , Demilitarization Zone (DMZ) , Network Access Control (NAC),
Proxy Server , Honey Pot , Network Intrusion Detection Systems (NIDS) and Host Network
Intrusion Prevention Systems Protocol Analyzers, Internet Content Filters, Integrated Network
Security Hardware . (10 C Hrs)
Unit 5: Authentication: Kerberos, X.509 Authentication Service, Scanning: Port Scanning, Port
Knocking- Advantages, Disadvantages. Peer to Peer security.(4 C Hrs)
Unit 6: Electronic Mail Security: Distribution lists, Establishing keys, Privacy, source
authentication, message integrity, non-repudiation, proof of submission, proof of delivery,
message flow confidentiality, anonymity, Pretty Good Privacy (PGP) (6 C Hrs)
Unit 7: Firewalls and Web Security: Packet filters, Application level gateways, Encrypted
tunnels, Cookies. Assignments on latest network security techniques (6 C Hrs)

Recommended Books
Text Books
Mark Ciampa Security + Guide to Network Security Fundamentals/Edition 3 Cengage Learning
publisher, ISBN-10: 1428340661 ISBN-13: 978-1428340664

William Stallings, Cryptography and Network Security Principles and Practices, Prentice
Hall of India, Third Edition, 2003.
Reference Books
Cisco: Fundamentals of Network Security Companion Guide (Cisco Networking Academy
Program).
Saadat Malik, Saadat Malik. Network Security Principles and Practices (CCIE Professional
Development). Pearson Education. 2002. (ISBN: 1587050250)
Lab Guidelines ( -2-credit hour)
Before Mid Semester Exam
NS-2 Fundamentals learning
DoS attack generation
After Mid Semester
Kerberos Implementation
VPN generation
PGP implementation

Indian Institute of Information and Technology, Allahabad

7

(Deemed University)

Lecture List
Technical Risk Assessment

Total lectures: 30
Program: MSCLIS (2nd Sem)

Credit hours: 2 hrs

Course Objective:

To orient the students about the different types of methodology existing for risk assessment, to
expose the students to evaluate with I.T infrastructure component and business process
evaluation, to educate the student to conduct Vulnerability Assessment and Penetration Testing.
Detailed Syllabus:

1.
2.
3.
4.
5.
6.
7.

Lectures Required

Introduction to Assessing I.T Infrastructure Vulnerabilities

Introduction to I.T Infrastructure Component.
Risk Assessment Methodologies
Performing the Assessment.
Post-Assessment Activities.
Security Assessment Templates
Preparing the final report

Lab:
1.

Tools used for assessment and evaluations

Indian Institute of Information and Technology, Allahabad

8

(Deemed University)

Lecture List
BCP & DRP

Total lectures: 30
Program: MSCLIS (2nd Sem)

Credit hours: 2 hrs

Course Objective:
Detailed Syllabus:

Lectures Required

Business Continuity Planning

1. Introduction
2. Analysis
a. Impact analysis
b. Threat analysis
c. Definition of impact scenarios
d. Recovery requirement documentation
3. Solution design
4. Implementation
5. Testing and organizational acceptance
6. Maintenance
a. Information update and testing
b. Testing and verification of technical solutions
c. Testing and verification of organization recovery procedures
d. Treatment of test failures
Disaster Recovery Planning
1. Business data protection
2. Preventions against data loss
a. No off-site data Possibly no recovery
b. Data backup with no hot site
c. Data backup with a hot site
d. Electronic vaulting
e. Point-in-time copies
f. Transaction integrity
g. Zero or near-Zero data loss
h. Highly automated, business integrated solution

Indian Institute of Information and Technology, Allahabad

9

(Deemed University)

Lecture List
SOX

Total lectures: 30
Program: MSCLIS (2nd Sem)

Credit hours: 2 hrs

Course Objective:

Recent corporate failures around the world owing to accounting frauds mandated the conception
and framing of a sound legislation system which ensures the security of data maintained by
corporate and the Sarbanes-Oxley Act, 2002 was enacted. This course therefore exposes the
students to the importance of this act in providing IT security to every kind of records, including
financial records.
Detailed Syllabus:

Lectures Required

Unit 1: Meaning of SOX, its legislative history, McKesson Scandal, Enron Scandal, scope of the
act, relevance, costs and benefits, implications for Indian companies, implications for US
subsidiaries in India
Lectures Required: 04

Unit 2: Outline of the act, role of auditors, lawyers, CEOs and CFOs, stakeholders protection,
white-collar crimes, whistle-blower protection, The Dodd-Frank Whistle Blower Program,
Documentation: Form 10-K, 10-Q, 8-K, Public Company Accounting Oversight Board
(PCAOB), role & responsibilities of audit committee
Lectures
Required: 06

Unit 3: Records Management Implications - Records Management as a key component of

internal controls, provisions regarding records retention and destruction, IT issues in record
management
Lectures Required: 07
Unit 4: Implementation of key provisions Section 302, Section 401, Section 404, Section 409,
Section 802, Information Security Governance,
Lectures Required: 08
Unit 5: SOX and IT security, IT general controls and application controls, real time disclosures,
spreadsheet controls
Lectures Required: 05
Recommended Books
Text Books
1. Sarbanes Oxley ( A Practice Manual) by Mohan R Lavi, Snowhite Publications
2. Essentials Of Sarbanes-Oxley by Sanjay Anand, John Wiley

3. Understanding SOX (Sarbanes Oxley Act) by Abhishek Sharma Bharat Law House

10

Indian Institute of Information and Technology, Allahabad

(Deemed University)

Lecture List
PCI & DSS

Total lectures: 30
Program: MSCLIS (2nd Sem)

Credit hours: 2 hrs

Course Objective

To understand the necessity of Payment Card Industry (PCI) Data

Security Standards (DSS).
To understand how to protect the credit card industry from financial
loss or eroded consumer confidence in credit cards as a means of
transacting money.
To know the PCI DSS guidelines.
To understand how the PCI DSS requirements fit into an
organizations network security framework.
To know how to effectively implement network security controls so
that you can be both compliant and secure.
Detailed Syllabus:

Lectures Required

Unit 1: Introduction to fraud, ID theft and regulatory mandates, PCI Introduction, Risk and
Consequences, Benefits of Compliance. (3 C Hrs)
Unit 2: PCI data security standard, PCI DSS Application Information, Scope of Assessment for
compliance with PCI DSS requirements, Instructions and content for report on Compliance (5 C
Hrs)
Unit 3: Building & Maintaining a Secure Network: Introduction, Maintaining Firewall
configuration, PCI DSS requirements, Intrusion Detection Systems, Antivirus Solutions, System
defaults and other Security requirements. (5 C Hrs)
Unit 4: Card holder Data protection mechanism, Vulnerability Management, Logging Access
and Event and Access Control Measures (5 C Hrs)
Unit 5: Monitoring & Testing: Introduction, Monitoring PCI environment, Auditing network and
data access, Testing monitoring system and processes. (4 C Hrs)
Unit 6: PCI DSS in wireless: Operation guide for complying with PCI DSS, Applicable
requirements pertaining to wireless for all networks and in-scope wireless networks. (4 C Hrs)

11

Unit 7: Information Security Policy for DSS, Case study: How to plan a project to meet
compliance, Responsibilities and Auditing. (4 C Hrs)
Recommended Books & White Paper
PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance
by Tony Bradley (Technical Editor), James D. Burton, Anton Chuvakin,Anatoly Elberg,Brian
Freedman,David King,Scott Paladino, Paul Shcooping, Elsevier.2007.
Information Supplement: PCI DSS Wireless Guideline Prepared by the PCI SSC Wireless
Special Interest Group (SIG) Implementation Team, White Paper, July 2009.
Reference Books
Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment
Procedures Version 2.0, Prepared by the PCI SSC Special Interest Group (SIG) Implementation
Team, October 2010.
Payment Card Industry Data Security Standard Handbook by Timothy M. Virtue , John wiley
and sons, 2009.
Lab Guidelines ( -1-credit hour)
Before Mid Semester Exam
Analysis of the card information flow through packet sniffer

Analysis of Metasploit tool

After Mid Semester

Analysis of Nexpose tool

12