Systems Security – KASNEB Syllabus

PAPER NO.16 SYSTEMS SECURITY

GENERAL OBJECTIVE

This paper is intended to equip the candidate with the knowledge, skills and attitudes that will enable him/her to secure ICT systems.

LEARNING OUTCOMES

A candidate who passes this paper should be able to:

  • Identify types of threats to ICT systems
  • Adopt different security mechanisms
  • Prepare business continuity planning (BCP) strategies
  • Develop and implement a systems security policy
  • Undertake basic computer forensic audits
  • Demonstrate social-ethical and professional values in computing.

CONTENT

Introduction to systems security

  • Overview of systems security
  • Principles of system security
  • Classifications of systems security
  • Security core concepts
  • Security mechanisms

Security threats and controls

  • Sources of threats
  • Types of threats
  • Crimes against ICT and computer criminals
  • Controlling security threats
  • Ethical hacking

Systems security errors

  • Overview of system security errors
  • Human errors
  • Procedural errors
  • Software errors
  • Electromechanical problems
  • Dirty data

Systems security measures

  • Physical security
  • Logical security(authentication, access rights, passwords, others)

Data and software security

  • Overview of data and software security
  • Data and software security precautions
  • Vulnerability assessment
  • Employing virus security precautions

Network security

  • Overview of network security
  • Duplicate and alternate routing
  • Network intrusion, detection and prevention
  • Secure socket layer and transport layer security
  • IPv4 and IPv6 security
  • Wireless network security
  • Mobile device security
  • Wireless protected access

Introduction to cryptography

  • Overview of cryptography
  • Encryption and decryption
  • Cryptography tools and techniques
  • Cryptographic attack
  • Security services of cryptography
  • Public key infrastructure

ICT risk management

  • Risk management concepts
  • Risk analysis
  • Risk assessment
  • Risk monitoring and review
  • Risk mitigation
  • Corporate risk document

Business continuity planning (BCP)

  • BCP scope, teams and roles
  • Backup types and strategies
  • Hot and cold sites
  • Disaster recovery plans

Systems security policy

  • Components of systems security policy
  • Systems security policy development
  • System security policy implementation
  • Systems security strategies
  • Systems audit

Introduction to computer forensics

  • Computer forensics concepts
  • Incidence handling
  • Investigating desktop incidents
  • Investigating network incidents
  • Securing and preserving evidence

Professional values and ethics in computing

  • Intellectual property and fraud
  • Information systems ethical and social concerns
  • Telecommuting and ethical issues of the worker
  • Codes of ethics for IT professionals
  • Professional ethics and values on the web and Internet
  • Objectivity and integrity in computing
  • The role of professional societies in enforcing professional standards in computing
  • Vetting of ICT employees

Emerging issues and trends



Leave a Reply

Your email address will not be published. Required fields are marked *