Information Security

Sulaimani Polytechnic University College of Informatics

Database , IT Department

Academic Year 2019-2020

InfoSec Course Book Mr. ReBaz NaJeeb R.

Course Information
Course name: Information Security
Course Code ISC20X
Instructor: Rebaz N. Ramadhan
Faculty\ department: SPU : IT, Database depts
Contact information: Address: Department.
E-mail: Rebaz.najeeb@koyauniversity.org

Timetable
Day Time Hall
Classes 9:00 – 11:00 Hall IT G1
Monday 11:00-1:00 Hall IT G2
1:00 – 3:00 Hall DB
Evening
Monday 4:30 – 6:00 Hall DB

GRADING
the students are required to take two closed-book class tests.
1st Mid-term Exam. 20% + %5 activity
2nd Mid-term Exam 20% + 5% activity
Final Exam 50%

HACK ME IF YOU CAN… You will get your reward….

Rebaz.eng@gmail.com

CLASSROOM PRINCIPLES FOR THIS MODULE

Be
• punctual, please
• Do not use mobile phone inside my classroom.
• Attend all the classes, because missing a lecture can cause troubles for the next
lectures.

1 | P a g e

 InfoSec Course Book Mr. ReBaz NaJeeb R.

• AAA (Ask Anything Anytime) regarding lectures.

WHERE YOU CAN GET MY LECTURE NOTES:
• handouts from your representative.
Course Overview

Information Security is the state of being protected against the unauthorized use of information.
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection, recording or destruction of information. The
information or data may take any form, e.g. electronic or physical.
Information security's primary focus is the balanced protection of the confidentiality, integrity and
availability of data (also known as the CIA triad) while maintaining a focus on efficient policy
implementation, all without hampering organization productivity.
This is largely achieved through a multi-step risk management process that identifies assets, threat
sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the
effectiveness of the risk management plan.



Course Objectives and Outcomes

After completing this course, students should have the following skills:
• Familiar with the notions of Information Security principles CIA.
• Have clear understanding of threats, and techniques to protect your computing device.
• Be able to apply the most of the data security algorithms.
• To know how to cipher and decipher plain text by using different encrypting algorithms.
• Be familiar with Traditional, and modern cryptography.
• Be able to define DES, and RSA.
• Be able to differentiate among virus, Trojan, worm, and etc.

2 | P a g e

 InfoSec Course Book Mr. ReBaz NaJeeb R.

• Understanding hacking, and know how to be an ethical hacker.

• Learning all of branches of security such as securing data, network and data base.

References
The course textbook is
Network Security Foundations: Technology Fundamentals for IT Success
Book by Matthew Strebe

Other good references are

Understanding Cryptography: A Textbook for Students and Practitioners
By Christof Paar, Jan Pelzl

Video course :
Information Security Lessons. Dr. Daniel Soper

https://www.youtube.com/watch?v=zBFB34YGK1U&list=PL1LIXLIF50uWgPqWAfO1wh7GNlCyQLfxi
12 lessons.

Weekly Course Outlines

Introduction to Security
- Aspects of Security
- Security Attacks
Lecture 1 - Security Service
- Security Mechanism
- Model for Network Security
-Cyber Security
CIA and more
- Confidentiality
Lecture 2 - Integrity
- Availability
- More objectives.
Security Threats
Lecture 3
- Interception

3 | P a g e

InfoSec Course Book Mr. ReBaz NaJeeb R.

- Interruption
- Modification
- Fabrication
- Types of intruders
Introduction to cryptography
- Cipher system
Lecture 4 - Some Basic Terminology
- Cipher system requirements
- Classification of Cipher System
Classical cryptographic methods
1- Transposition Ciphers:
Lecture 5 - Reverse cipher
- Columnar transposition cipher
- Double transposition
Lecture 6 Classical cryptographic methods
Lecture 7 2- Substitution Ciphers
Monoalphabetic cipher
Direct Standard (Caesar Cipher)
Standard Reverse:
Lecture 8
keyword cipher
Multiplicative cipher
Affine cipher
Lecture 9 Classical cryptographic methods
2-Substitution Ciphers
- Polyalphabetic ciphers
Lecture 10 Vigenere cipher
Beaufort Cipher
One time pad
Key stream based ciphers
Lecture 11
- The LFSR key stream Generator
Modern Cryptography
Lecture 12 - Private Key Cipher
- Public Key Cipher
Lecture 13 Data Encryption Standard (DES)
- DES encryption scheme
Lecture 14
- DES decryption
Double DES
Lecture 15
Triple DES
Lecture 16
4 | P a g e

InfoSec Course Book Mr. ReBaz NaJeeb R.

Block Cipher modes of operation

- Electronic Codebook Mode (ECB)
- Cipher Block Chaining mode
Lecture 17
(CBC)
- Cipher Feedback Mode (CFB)
- Output Feedback Mode (OFB)
Modular Arithmetic
Lecture 18 - Euler’s Φ-Function.
- Euclidean Algorithm.
Lecture 19 Public Key Cipher
Lecture 20 - The RSA cryptosystem
Lecture 21 Introduction to Cryptanalysis
Lecture 22 - Cryptanalysis of classical cipher
system
- Cryptanalysis of the
transposition cipher system
- Cryptanalysis of the Substitution
Lecture 23 cipher system
- Cryptanalysis of Shift
Ciphers(mono)
- Cryptanalysis of Polyalphabetic
Ciphers
Lecture 24 Securing website in php
Information Hiding
Lecture 25 - Introduction to Steganography.
- Steganography Types
Lecture 26 Program Security: (viruses,
worms, Trojan)
- Backdoor or Trapdoor
- Logic Bomb
Lecture 27 - Trojan Horse
- Viruses
- Worms
- Zombie
Internet Security (IP Security,
Lecture 28 Virtual Private Network, Router
Security)

5 | P a g e

InfoSec Course Book Mr. ReBaz NaJeeb R.

Question paper sample:

Q1/ briefly, mention the main objectives of information security (CIA and
more).
15 marks
Q2/ If you know the keys between a sender and receiver are exchanged,
key1=“kalar” and key2=”hot”. By using double columnar transposition
algorithm, try to encrypt a plaintext which is “I will find him”.
(15 marks)
Q3/ Prove that multiplicative modular inverse of k=9 is 3 (K-1=3) , by using
Extended Euclidean for English language alphabets. Then encrypt this message
=”KPTI” by the given key. (15
mark)

Q4/ Choose the best answer for the following questions (15
marks)
1- Cryptography means
A) Covered meaning B) hidden meaning C) mixed meaning D)
unclear meaning

2- Using VPN (Virtual Private Network) is a type of

A) DDoS attack B) Direct access attack C) Spoofing D)
Eavesdropping

3- S/he can only observe communications or data

A) active attacker B) passive attacker C) cracker D) all of
them

4-The first computer worm is called

A) Mydoom B) ILOVEYOU C) Morris D) Brain

5- Which of the following information assets is irreplaceable?

A) Customized applications B) Software C) Utilities D) Hardware

6 | P a g e

InfoSec Course Book Mr. ReBaz NaJeeb R.

-------------------------Work hard and smart --------------------------

7 | P a g e