COURSE SYLLABUS

PRINCIPLES OF INFORMATION SECURITY

1. Module Code: INS3062

2. Number of credits: 3
3. Pre-requisite(s): Information Systems in Organizations (INS2025)
4. Teaching Language: English
5. Lecturer Information:
No Name Title Institution Email Phone
1. Nguyen Thanh Assoc. Prof. Dr. [email protected]
Tung
2. Nguyen Dai Tho Doctor [email protected] 0989063690
.vn

6. Main aim(s) of the module:

The course provides a broad view of the entire field of information security, strategies
for managing an information security program, background on many related elements,
and enough detail to facilitate an understanding of the topic as a whole. It aims to be
a balanced introduction to both security management and the technical components of
information security. The essentiel tenet of the course is that information security in
the modern organization is a problem for management to solve, and not one that
technology alone can address. In other words, an organization’s information security
has important economic consequences for which management will be held
accountable.
7. Learning outcomes of the module:

For Knowledge:

1. DEFINE key terms and essential concepts of information security

1
2. LIST the phases of the security systems development life cycle
3. DESCRIBE the information security roles of professionals within an organization
4. DISCUSS the organizational business need for information security
5. LIST and DESCRIBE the threats posed to information security and common attacks
associated with those threats
6. DISCUSS the development, maintenance, and enforcement of information security
policy, standards, practices, procedures, and guidelines
7. EXPLAIN a number of widely accepted security models and frameworks as well as
security education training and awareness programs
8. DESCRIBE the planning process that supports business continuity, disaster recovery,
and incident response
9. DESCRIBE the procedures of risk identification and assessment
10. DISCUSS the various types of risk control mechanisms
11. DISCUSS conceptual frameworks for evaluating risk controls and FORMULATE a
cost-benefit analysis
12. DISCUSS the important role of access control in computer-based information systems
13. DESCRIBE firewall technology and the various approaches to firewall
implementation
14. IDENTIFY the various approaches to the protection of remote connections
15. IDENTIFY and DESCRIBE the categories, models, and detection approaches of
intrusion detection and prevention systems
16. DEFINE and DESCRIBE honeypots, honeynets, and padded cell systems
17. LIST and DEFINE the major categories of scanning and analysis tools
18. EXPLAIN the basic principles of cryptography and the operating principles of the
most popular cryptographic tools
19. LIST and EXPLAIN the major protocols used for secure communications
20. DISCUSS the organizational considerations, technical strategies and models for
implementing a project plan
21. LIST and DISCUSS the nontechnical aspects of information security implementation
in times of rapid change
22. DESCRIBE the ongoing technical and administrative evaluation of the information
security program of an organization
23. DISCUSS digital forensics and the process of acquiring, analyzing, and maintaining
potential evidentiary material

For skills and attitude

24. USE a virtual machine software to build a security testing environment
25. USE scanning and enumeration tools to find the services being offered by a system on
the network in the first step to either hardening a system or attacking it
26. USE automated vulnerability scanners to identify potential vulnerabilities in systems
27. USE a penetration testing tool to attempt an exploit against existing vulnerabilities
28. DISCOVER a few of the many options available to implement backup and recovery in
the Windows environment
29. PRACTICE the management of user access on computer systems
30. USE some simple techniques and tools for host intrusion detection
31. DISCOVER how system logs work in the Windows environment
32. DISCOVER some of the processes involved in routine privacy measures
33. PRACTICE some approaches used for software firewalls on the Windows platform
34. USE tools to capture and analyze packets on the network

2
35. USE a virtual private network connection to make remote access more secure
36. DISCOVER a simple certificate infrastructure in the Windows environment
37. USE tools to get past passwords set up for computer systems
38. EXPLORE a few options that are available to deal with the threat of malicious code
Note: - The learning outcomes of the module are constructed based on the learning
outcomes of the program (Annex 1);
- Compatibility matrix between learning outcomes of the module and learning
outcomes of the program (Annex 2).

8. Assessment methods

No Assessment items Value Notes

1. Class participation 10%
2. Mid-term quiz 10%
3. Hands-on projects 20%
4. Final exam 60%
Total 100%

9. Required textbook(s):

Required text
Michael E. Whitman and Herbert J. Mattord. Principles of Information Security, Sixth
Edition. ISBN-10 1337102067, ISBN-13 978-1337102063. Cengage, 2017.

Required lab manual

Michael E. Whitman, Herbert J. Mattord, and Andrew Green. Hands-On Information
Security Lab Manual, Fourth Edition. ISBN-10 1285167570, ISBN-13 978-
1285167572. Cengage, 2014.

Recommended references
William Stallings and Lawrie Brown. Computer Security: Principles and Practice,
Fourth Edition. ISBN-10 0134794109, ISBN-13 978-0134794105. Pearson, 2017.
Gurpreet Dhillon. Information Security: Text & Cases, Second Edition. ISBN-13 978-
1943153251. Prospect Press, 2017.
David Kim and Michael G. Solomon. Fundamentals of Information Systems Security,
Third Edition. ISBN-10 128411645X, ISBN-13: 978-1284116458. Jones & Bartlett
Learning, 2016.
Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies. Security in
Computing, Fifth Edition. ISBN-10 0134085043, ISBN-13 978-0134085043. Prentice
Hall, 2015.

Recommended lab manuals

3
 Andrew J. Hurd. CompTIA Security+ Guide to Network Security Fundamentals Lab
Manual, Sixth Edition. ISBN-10 1337288799, ISBN-13 978-1337288798. Course
Technology, 2017.
David Kim and Michael G. Solomon. Fundamentals of Information Systems Security
Lab Manual, Second Edition. ISBN-10 1284074935, ISBN-13 978-1284074932. Jones
& Bartlett Learning, 2014.
Vincent J. Nestler, Keith Harrison, Matthew P. Hirsch, and Wm. Arthur Conklin.
Principles of Computer Security Lab Manual, Fourth Edition. ISBN-10 0071836551,
ISBN-13 978-0071836555. McGraw-Hill Education, 2014.

10. Module’s description :

Topic 1: Introduction to information security

Establishes the foundation for understanding the field of information security by
defining key terms, explaining essential concepts, and reviewing the origins of the field
Topic 2: The need for security
Examines the business drivers behind the design process of information security
analysis, the various threats facing organizations, the methods for ranking and prioritizing
these threats, the types of attacks that could result from them with affects to organization’s
information systems, and key principles of information security
Topic 3: Planning for security
Presents a number of widely accepted security models and frameworks, best business
practices and standards of due care and due diligence, an overview of the development of
security policy with details on the major components, scope, and target audience for each
level of security policy, data classification schemes, the security education training and
awareness (SETA) program, and the planning process that supports business continuity,
disaster recovery, and incident response
Topic 4: Risk management
Describes how to conduct a fundamental information security assessment, the various
types of control mechanisms, the steps involved in performing the initial risk assessment,
the risk management process, the risk analysis and various types of feasibility analyses
Topic 5: Security technology: Firewalls and VPNs
Provides a detailed overview of the configuration and use of technologies designed to
segregate the organization’s systems from the insecure Internet with the various
definitions and categorizations of firewall technologies and the architectures under which
firewalls may be deployed, the rules and guidelines associated with the proper
configuration and use of firewalls, remote dial-up services and the security precautions

4
necessary to secure access points for organizations still deploying this older technology,
content-filtering capabilities and considerations, and technologies designed to provide
remote access to authorized users through virtual private networks
Topic 6: Security technology: Intrusion detection and prevention systems, and other
security tools
Continues the discussion of security technologies by examining the concept of
intrusion and the technologies necessary to prevent, detect, react to, and recover from
intrusions: specific types of intrusion detection and prevention systems (IDPSs) – the host
IDPS, network IDPS, and application IDPS, their respective configurations and uses,
specialized detection technologies designed to entice attackers into decoy systems (and
thus far away from critical systems) or simply to identify the attackers’ entry into these
decoy areas (honeypots, honeynets, and padded cell systems), trace-back systems designed
to track down the true addresses of attackers who were lured into decoy systems, key
security tools that can be used to examine the current state of the organization’s systems
and identify potential vulnerabilities or weaknesses in its overall security posture, and
access control devices commonly deployed by modern operating systems and new
technologies in the area of biometrics that can provide strong authentication to existing
implementations
Topic 7: Cryptography
Describes the underlying foundations of modern cryptosystems as well as their
architectures and implementations with a summary of the history of modern cryptography,
the various types of ciphers that played key roles in that history, some of the mathematical
techniques that comprise cryptosystems, including hash functions, a comparison of
traditional symmetric encryption systems with more modern asymmetric encryption
systems, the role of asymmetric systems as the foundation of public-key encryption
systems, the cryptography-based protocols used in secure communications, including S-
HTTP, S/MIME, SET, and SSH, steganography and its emerging role as an effective
means of hiding information, and a revision of attacks on information security that are
specifically targeted at cryptosystems
Topic 8: Implementing information security
Examines the elements critical to implementing the design of an information security
program, including the bull’s-eye model for implementing information security, a
discussion of whether an organization should outsource components of its information

5
 security program, and issues of change management, program improvement, and
additional planning for business continuity efforts
Topic 9: Information security maintenance
Describes the ongoing technical and administrative evaluation of the information
security program that an organization must perform to maintain the security of its
information systems with an exploration of ongoing risk analysis, risk evaluation, and
measurement, all of which are part of risk management, special considerations needed for
the varieties of vulnerability analysis in modern organizations, from Internet penetration
testing to wireless network risk assessment, and the subject of digital forensics

11. Course schedule / Teaching plan:

Week Content Reference Learning

Outcomes
1 Course overview Course syllabus 1, 2, 3
Introduction to information security
Chapter 1
2 The need for security Chapter 2 4, 5
3 Hands-on projects: Using VMware, Lab 3.0, Lab 3.2, Lab 24, 25, 26
Scanning and enumeration, Vulnerability 3.4
identification and research
4 Planning for security Chapter 4 6, 7, 8
5 Risk management Chapter 5 9, 10, 11
6 Hands-on projects: Vulnerability validation, Lab 3.5, Lab 3.9, Lab 27, 28, 29
Windows data backup and recovery, 3.10
Windows access controls
6 Midterm (30 minutes) Chapters 1, 2, 4, and
5
7, 8, 9 Security technology Chapters 6 and 7 12, 13, 14, 15, 16,
17
10 Hands-on projects: Windows host intrusion Lab 3.11, Lab 3.12, 30, 31, 32
detection, Windows log security issues, Lab 3.13
Windows privacy and anti-forensics issues
11 Cryptography Chapter 8 18, 19
12 Implementing information security Chapter 10 20, 21
13 Hands-on projects: Software firewalls, Lab 3.14, Lab 3.17, 33, 34, 35
Network traffic analysis, Virtual private Lab 3.18
networks and remote access
14 Information security maintenance Chapter 12 22, 23
15 Hands-on projects: Digital certificates, Lab 3.19, Lab 3.20, 36, 37, 38
Password circumvention, Antivirus Lab 3.21
Final Exam

6
 of 10)
Module

Score (Scale
1.1. General VNU knowledge
(1)
Annexes:

General
1.2. General knowledge of the field

knowledge

7
2.1. Master knowledge of business and management
outcomes of the program

8
2.2. Master knowledge of management in business and
information systems

7
2.3.1. Understand and apply key concepts and basic
techniques of the MIS sector

8
2.3.2. Critically analyze core issues in MIS
the program

2.3.3. Clearly and condensely present research results in

MIS

9
2.3.4. Critially assess issues in MIS from different
dimensions
(2) Specialized knowledge and capabilities of

3.1. Presentation skills

3.2. Writing skills

8
3.3. IT skills

7 3.4. Data analysis skills

3.5. Team working skills
7

3.6. Problem Solving skills

Annex 2: Compatibility matrix between learning outcomes of the module and learning

7
(3) Generic skills

3.7. Information processing skills

6

3.8. Lifelong skills

6

3.9. English
learning skills
skills