and Disaster Recovery
|Aim of Subject:
||To expose the students to the importance of computer security and disaster
recovery in the organization.
|Learning Outcome of Subject:
At the completion of the subject, students should be able to:
- Identify, analyse and discuss the basic issues underlying computer security and disaster recovery.
- Identify the objectives of computer security and the role of security services to achieve these objectives.
- Identify the role of cryptographic techniques in computer security.
- Apply various cryptographic algorithms and protocols.
- Identify, analyse and discuss the mechanisms underlying various kinds of malware and the methods used to mitigate them.
- Explain the scope of various information security standards and their limitations.
- Identify and explain the role of disaster recovery and business continuity planning and strategies.
- Present technical information and study/project results through report writing.
- Work as a team and interact effectively.
- Ability to acquire and apply fundamental principles of science and engineering(10%)
- Capability to communicate effectively(5%)
- Acquisition of technical competence in specialised areas of engineering discipline(60%)
- Ability to identify, formulate and model problems and find engineering solutions based on a systems approach(5%)
- Ability to conduct investigation and research on engineering problems in a chosen field of study.(5%)
- Understanding of the importance of sustainability and cost-effectiveness in design and development of engineering solutions(5%)
- Ability to work effectively as an individual, and as a member/leader in a team.(5%)
- Capability and enthusiasm for self-improvement through continuous professional development and life-long learning(5%)
- Test/Quiz - written exam(10%)
- Tutorial / Assignment - group/individual assignment,group discussion and Q&A session in tutorial,to enhance understanding of basic concepts and application examples of the subjects(30%)
- Final Exam - written exam(60%)
|Teaching and Learning Activities:
||45 hours (lectures and tutorials)
||ECP2056: Data Communications and Computer Networking
- William Stallings, “Cryptography and Network Security”, Prentice Hall, 2003.
Richard H Baker, "Network Security", McGraw Hill, 1995.
Bates, "Disaster Recovery for LANs", McGraw Hill, 1994.
Overview of computer security. Attacks and services. Control of usage:
hardware and software.
Encryption and Authentication
Conventional encryption model. Data encryption standard (DES). Traffic
confidentiality. Key distribution. Public-key cryptology. The RSA algorithm.
Key management. Authentication requirements, functions and protocols. Digital
Intruders, Viruses and Worms
Intrusion techniques. Nontechnical attacks. Password protection and
its vulnerability. Intrusion detection. Nature of viruses. Malicious programs.
Types of viruses. Antivirus approaches. Worm propagation and countermeasures:
access control, intrusion detection and firewalls.
Recovery requirements. Recovery policy, and strategy. Recovery technical
team. Execution of recovery plans. Documentation and backup system. Loss