Course Title: IT Security and Management

Course Duration: 5 months (20 weeks)

Class Schedule: Twice a week (40 sessions)

Week 1-2: Introduction to IT Security

 Objectives: Understand the basics of IT security and its importance.
 Topics:
o Definition and scope of IT security
o Importance of IT security in modern organizations
o Overview of common security threats
 Activities:
o Lecture and discussion
o Case study analysis
o Group discussion on recent security breaches

Week 3-4: Security Threats and Vulnerabilities

 Objectives: Identify and understand various security threats and vulnerabilities.
 Topics:
o Types of security threats (malware, phishing, social engineering)
- Insider Threats

1. Malware (malicious software’s)- software)-

A type of software designed to harm or exploit any programmable device/ A SYSTEM
-

-Virus: They can replicate themselves by hooking them to the program on the host computer like songs,
videos etc and then they travel all over the Internet. The Creeper Virus was first detected on ARPANET.
Examples include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc. trojan
- I love you virus
-Worms: Worms are also self-replicating in nature but they don’t hook themselves to the program on
host computer. Biggest difference between virus and worms is that worms are network-aware. They can
easily travel from one computer to another if network is available and on the target machine, they will
not do much harm, they will, for example, consume hard disk space thus slowing down the computer.
- EXPANDING FILES
2. Botnets- Bots can be seen as advanced form of worms. They are automated processes that are
designed to interact over the internet without the need for human interaction. They can be good or bad.
The malicious bot can infect one host and after infecting will create a connection to the central server
which will provide commands to all infected hosts attached to that network called Botnet.
-
3. Drive-by-download attacks-

In a drive-by download attack, malicious code is downloaded from a website via a browser,
application or integrated OS without a user's permission or knowledge. A user doesn't have to click on
anything to activate the download. Just accessing or browsing a website can start a download.

o MP3-MP4 CONVERSION

Cybercriminals can use drive-by downloads to inject banking Trojans, steal and collect personal
information as well as introduce exploit kits or other malware to endpoints.
4. Phishing- SMS, EMAIL, PHONE
Phishing attacks are a type of information security threat that employs social engineering to
trick users into breaking normal security practices and giving up confidential information, including
names, addresses, login credentials, Social Security numbers, credit card information, and other financial
information.
-scatter

5. Distributed denial-of-service attacks

- In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a

target, such as a server, website or other network resource, making the target inoperable. The flood of
connection requests, incoming messages or malformed packets forces the target system to slow down or
to crash and shut down, denying service to legitimate users or systems.

- shutting of networks, Network tapping

6. Ransomware
- In a ransomware attack, the victim's computer is locked, typically by encryption, which
keeps the victim from using the device or data that's stored on it. To regain access to the device or data,
the victim has to pay the hacker a ransom, typically in a virtual currency such as Bitcoin. Ransomware
can be spread via malicious email attachments, infected software apps, infected external storage devices
and compromised websites.
- fake ransomware
- Encrypting
- Screen locking

7. Exploit Kits

-An exploit kit is a programming tool that enables a person without any experience writing
software code to create, customize, and distribute malware. Exploit kits are known by a variety of
names, including infection kits, crimeware kits, DIY attack kits, and malware toolkits. (wire shark)
Cybercriminals use these toolkits to attack system vulnerabilities to distribute malware or engage in
other malicious activities, such as stealing corporate data, launching denial of service attacks, or building
botnets.
-

8. APT- An advanced persistent threat (APT) is a targeted cyberattack in which an unauthorized intruder
penetrates a network and remains undetected for an extended period. Rather than causing damage to a
system or network, the goal of an APT attack is to monitor network activity and steal information to gain
access, including exploit kits and malware.
-

Cybercriminals typically use APT attacks to target high-value targets, such as large enterprises and
nation-states, stealing data over a long period.

9. Malvertising is a malicious attack that involves injecting harmful code into legitimate online
advertising networks.
These deceptive ads are then unknowingly displayed to users, leading them to unsafe
destinations. The embedded malicious code often redirects users to harmful websites, risking their
online security.
 - Spotify-

10. Social engineering is the tactic of manipulating, influencing, or deceiving a victim to gain control over
a computer system or to steal personal CONFIDENTIAL and financial information. It uses psychological
manipulation to trick users into making security mistakes or giving away sensitive information.

11.Man-in-the-middle attacks
- A man-in-the-middle (MITM) attack is a cyberattack where an attacker secretly intercepts
communication between two parties. The attacker's goal is to steal data or trick the victim into
taking a specific action.

 The attacker positions themselves between the two parties, such as a user and a website
 The attacker listens in on the conversation or impersonates one of the parties
 The attacker may modify the data being exchanged
 The victim believes they are communicating directly with the other party
What the attacker can do
 Steal passwords, banking details, or other sensitive data
 Convince the victim to change their login credentials
 Convince the victim to make a purchase or transfer funds
 Access or control the victim's account
How to prevent MITM attacks
 Use strong cryptographic protocols that include endpoint authentication
 Implement SSL/TLS encryption
 Avoid using outdated or under-secured ciphers
Examples of MITM attacks Equifax's 2017 data breach, The 2015 Superfish adware on Lenovo
computers, The 2011 DigiNotar breach, and The NSA's 2013 attack on Google users' search
records.

12. Spyware

-Spyware is a type of malware that collects information about a user or device without their
consent. It can steal passwords, bank account numbers, and other sensitive information. Spyware can
also slow down a device, alter its security settings, and download more malware.

How does spyware work?

 Hides itself: Spyware can disguise itself with non-threatening file names or mimic legitimate
processes.
 Bypasses security: Spyware can deactivate firewalls, antivirus software, or other security
features.
 Autostarts: Spyware can embed itself within the system's startup processes.
 Tracks keystrokes: Spyware can track what keys a user types on their keyboard.
 o Vulnerability assessment and management

o The four steps in a vulnerability assessment are:

o Real-world examples of security breaches

 Activities:
o Interactive lecture
o Vulnerability assessment exercise
o Group presentation on a recent security incident
Week 5-6: Risk Management
 Objectives: Learn about risk management processes and techniques.
 Topics:
o Risk assessment and analysis
o Risk mitigation strategies
o Developing a risk management plan

 Activities:
o Lecture and Q&A session
o Risk assessment workshop
o Case study on risk management in a real organization

Week 7-8: Security Policies and Procedures

 Objectives: Understand the role of security policies and procedures in IT security.
https://www.7sec.com/blog/develop-policies-for-an-all-round-approach-to-information-
security/
 Topics:
o Importance of security policies
o Developing and implementing security policies
o Compliance and regulatory requirements
 Activities:
o Lecture and discussion
o Policy development exercise
o Role-playing scenarios on policy enforcement
Identify what are the possible security threats that may occur in your system and create a vulnerability
assse
Course Title: IT Security and Management
Course Duration: 5 Months (Twice a Week)
Total Sessions: 40 (2 sessions per week)

Month 1: Introduction to IT Security

Week 1-2: Fundamentals of IT Security

 Session 1: Course Introduction, Overview of IT Security
 Session 2: Key Concepts: Confidentiality, Integrity, Availability (CIA Triad)

Week 3-4: Threats and Vulnerabilities

 Session 3: Common Threats (Malware, Phishing, etc.)
 Session 4: Vulnerability Assessment and Management

Week 5: Security Policies and Procedures

 Session 5: Developing Security Policies
 Session 6: Implementing Security Procedures

Month 2: Network Security

Week 6-7: Network Security Basics

Network security encompasses all the steps taken to protect the integrity of a computer network and
the data within it. Network security is important because it keeps sensitive data safe from cyber-attacks
and ensures the network is usable and trustworthy. Successful network security strategies employ
multiple security solutions to protect users and organizations from malware and cyber-attacks, like
distributed denial of service.
  Session 7: Network Security Fundamentals
Network layers and security
Networks contain layers, as represented by the Open Systems
Interconnection (OSI) model. Data passes through these layers as it travels
among devices, and different cyber threats target different layers. Therefore,
each layer in the stack must be secured for the network to be considered
secure.

This table matches the OSI levels to the corresponding type of network
security.
Layers (ISO 7498-1) ISO 7498-2 Security Model

Application Authentication

Presentation Access control

Session Nonrepudiation

Transport Data integrity

Network Confidentiality

Data Link Assurance and availability

Physical Notarization and signature

  Types of network security software and tools
 Access control. This method limits access to network applications and systems to a specific
group of users and devices. These systems deny access to users and devices not already
sanctioned.

 Antivirus and antimalware. Antivirus and antimalware are software designed to detect, remove
or prevent viruses and malware, such as Trojan horses, ransomware and spyware, from infecting
a computer and, consequently, a network.

Antivirus software is a tool that helps you scan, detect and remove viruses. It
acts as a shield for your device, protecting it from viruses (a kind of
malicious software). Viruses can replicate themselves and spread throughout
your computer system, causing damage and stealing information. Think of
them like a digital illness — they can corrupt files, disrupt programs and
even give hackers access to your personal data.

Modern antivirus programs go beyond identifying basic viruses, such as

a heuristic virus, and offer features like:

 Scanning your device for suspicious activity, including emails,

downloads and even websites you visit
 Isolating malicious actors or removing them altogether

What Is Anti-Malware Software?

Antivirus software is a strong defense, but it’s not the only weapon in your
cybersecurity arsenal. Anti-malware is a type of software that helps you
combat a wider range of malware than just viruses. It can be spyware that
steals your data, ransomware that locks your files or trojans that disguise
themselves as legitimate programs.

Malware protection is a great way to deal with such threats. A good anti-
malware software program can help you:

 Identify and remove various malware threats using techniques like

signature-based detection (looking for known malware patterns) and
behavioral analysis (monitoring programs for suspicious activity)
 Offer real-time protection by constantly scanning your device for new
threats

 Application security. It is crucial to monitor and protect applications that organizations use to
run their businesses. This is true whether an organization creates that application or buys it, as
modern malware threats often target Open Source code and containers that organizations use to
build software and applications.

 Behavioral analytics. This method analyzes network behavior and automatically detects and
alerts organizations to abnormal activities.
 Cloud security. Cloud providers often sell add-on cloud security tools that provide security
capabilities in their cloud. The cloud provider manages the security of its overall infrastructure
and offers tools for the user to protect their instances within the overall cloud infrastructure. For
example, Amazon Web Services provides security groups that control the incoming and outgoing
traffic associated with an application or resource.
  Session 8: Firewalls and VPNs

Week 8-9: Intrusion Detection and Prevention

 Session 9: Intrusion Detection Systems (IDS)
 Session 10: Intrusion Prevention Systems (IPS)

Week 10: Secure Network Design

 Session 11: Designing Secure Networks
 Session 12: Network Segmentation and Isolation

Month 3: Application and Data Security

Week 11-12: Application Security
 Session 13: Secure Software Development
 Session 14: Web Application Security
Week 13-14: Data Security
 Session 15: Data Encryption Techniques
 Session 16: Data Loss Prevention (DLP)
Week 15: Cloud Security
 Session 17: Introduction to Cloud Security
 Session 18: Securing Cloud Services

Month 4: Risk Management and Compliance

Week 16-17: Risk Management
 Session 19: Risk Assessment and Analysis
 Session 20: Risk Mitigation Strategies
Week 18-19: Compliance and Legal Issues
 Session 21: Regulatory Compliance (GDPR, HIPAA, etc.)
 Session 22: Legal and Ethical Issues in IT Security
Week 20: Incident Response
 Session 23: Incident Response Planning
 Session 24: Incident Handling and Reporting

Month 5: Advanced Topics and Review

Week 21-22: Advanced Security Topics
 Session 25: Advanced Persistent Threats (APTs)
 Session 26: Cybersecurity Trends and Future Directions
Week 23-24: Security Audits and Penetration Testing
 Session 27: Conducting Security Audits
 Session 28: Penetration Testing Techniques
Week 25: Review and Final Project
 Session 29: Course Review and Q&A
 Session 30: Final Project Presentation

Assessment and Evaluation

 Quizzes: Bi-weekly quizzes to assess understanding of key concepts.
 Assignments: Practical assignments and case studies.
 Final Project: A comprehensive project to apply the learned concepts.
 Participation: Active participation in discussions and practical sessions.

This plan provides a comprehensive overview of IT Security and Management, ensuring students gain
both theoretical knowledge and practical skills. Let me know if you need any adjustments or additional
details!