With effect from the AY: 2024-25

22CIE55
CYBER SECURITY
(Professional Elective 2)

Instruction 3 L Hours per Week

Duration of SEE 3 Hours
SEE 60 Marks
CIE 40 Marks
Credits 3

Pre-Requisites:
A foundational understanding of computer science principles, basic programming skills, knowledge of operating
systems, familiarity with network fundamentals, prior coursework or experience in IT (network security, software
development), and comfort with technical terminology and cybersecurity concepts.
Course objectives:
This course aims to:
1. Gain a comprehensive understanding of cybersecurity principles, including definitions, challenges, and
human factors.
2. Analyze the origins, categories, and methods of cybercrimes, including tools and defenses.
3. Examine vulnerabilities in software platforms and operating systems, and strategies for prevention,
detection, and mitigation.
4. Educate on the security requirements and risk management strategies for databases and cloud
environments.
5. Introduce security concerns of cyber-physical systems (CPS) and guide on using threat intelligence tools
and recovery processes.

Course outcomes:
Upon completion of this course, students should be able to:
1. Understand and articulate key principles and challenges of cybersecurity, including human factors and the
cyber security kill chain.
2. Identify and describe various categories of cybercrimes and implement appropriate tools and methods for
defense.
3. Recognize, prevent, and mitigate vulnerabilities in software and operating systems, ensuring secure software
lifecycle processes.
4. Understand security requirements for databases and cloud environments, employing risk analysis and security
tools to protect data and services.
5. Assess security and privacy concerns of CPS, apply threat intelligence tools, and manage investigation and
recovery processes following cyber security incidents.

CO-PO Articulation Matrix

PO/ P P P P P P P P P P P PS PS PS
PSO PO
O O O O O O O O O O O O O O
11
CO 1 2 3 4 5 6 7 8 9 10 12 1 2 3
CO 1 3 2 1 - - - - - - - 2 1 1 2 2
CO 2 3 2 2 1 2 - - - - - 2 2 2 1 2
CO 3 3 3 3 2 3 - - - - - 3 3 1 2 3
CO 4 2 3 2 2 1 - - - - - 3 2 1 2 3
CO 5 3 2 3 3 2 - - - - - 3 2 1 2 3

UNIT – I
Cyber security: Definition, Principles. Cyber security challenges: old techniques and broader results, the shift in the
threat landscape. Cybercrime: Definition and Origins of the word. Cyber offenses: Categories of Cybercrime. Tools
and Methods Used in Cybercrime: Introduction, Proxy servers and Anonymizers, Phishing, Password Cracking, Key
loggers and Spywares, Virus and Worms, Trojan Horses and Backdoors, Steganography, DoS and DDos Attacks, SQL
Injection, Buffer Overflow. Understanding the Cyber security Kill Chain: External reconnaissance,
Access, and privilege escalation. Authentication, Authorization, and Accountability (AAA): Access control, Identity
management, user authentication, and technical aspects of accountability.

UNIT – II
Software Security: Categories of Vulnerabilities, Prevention and Detection of Vulnerabilities, Mitigating Exploitation
of Vulnerabilities. Security in the Design of Operating Systems: Simplicity of Design Layered Design Kernelized
Design Reference Monitor Correctness and Completeness Secure Design Principles Trusted Systems Trusted System
Functions.

UNIT – III
Web and Mobile Security: Fundamental Concepts and Approaches, Sandboxing, Client-Side and Server-Side
Vulnerabilities and Mitigations. Cybercrime: Mobile and Wireless Devices: Proliferation of Mobile and Wireless
Devices, Trends in Mobility, Credit Card Frauds in Mobile and Wireless Computing Era, Security challenges posed by
mobile devices, registry settings for mobile devices, Authentication Service Security, Attacks on Mobile phones.

UNIT – IV
Database Security: Security Requirements of Databases, Reliability, and Integrity, Database Disclosure. Cloud
Computing Security: Introduction to Cloud Computing, Service and Deployment Models, Risk Analysis, Cloud as a
Security Control, Cloud Security Tools and Techniques, Cloud Identity Management, Securing IaaS.

UNIT – V
Threat Intelligence: Introduction, Open-Source Tools, Microsoft Threat Intelligence, Leveraging Threat Intelligence
to Investigate Suspicious Activity. Investigating an Incident: Investigating an Incident, Scoping the issue, Key
artifacts, investigating a compromised system on-premises, Investigating a compromised system in a hybrid cloud.
Recovery Process: Disaster recovery planning process, challenges. Cyber-Physical Systems (CPS): Characteristics,
Risks, Security and Privacy Concerns.

Text books:
1. Nina Godbole, Sunit Belapure, “Cyber Security: Understanding Cybercrimes, Computer Forensics, and Legal
Perspectives”, First Edition, Wiley India, 2011.
2. Security in Computing, Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies, Fifth Edition,
Prentice Hall, 2018.
3. The Cyber Security Body of Knowledge, Awais Rashid, Howard Chivers, George Danezis, Emil Lupu,
Andrew Martin, First Edition, 2019
4. Cyber security - Attack and Defense Strategies, Yuri Diogenes, Erdal Ozkaya - Third Edition, Packt
Publishing, 2022.

Suggested Reading:
1. Cyber security Essentials, Charles J. Brooks, Christopher Grow, Philip Craig, Donald Short, John Wiley &
Sons, Sybex A Wiley Brand, 2018
2. Network Security Assessment, Chris McNab, Third Edition, O'Reilly Media, Inc., 2016
3. Computer security: principles and practice, William Stallings, Lawrie Brown, Second Edition, Pearson
Education, 2013
4. Network Security Essentials: Applications And Standards, William Stallings, Fourth Edition, Pearson
Education, 2011.

Web Resources:
1. OWASP - Open Web Application Security Project: https://owasp.org
2. NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
3. SANS Institute: https://www.sans.org/
4. CIS - Center for Internet Security: https://www.cisecurity.org
5. ISACA: https://www.isaca.org