DIRECTORATE OF QUALITY ASSURANCE

Course Portfolio Guidelines

Programme BACHELOR OF TECHNOLOGY HONOURS DEGREE IN SOFTWARE ENGINEERING
Course Code Information Security (ISE4101)
Lecturer Mr M Mukosera
Programme Learning The programme is designed such that on completion of its courses, the graduates should be able to:
Outcomes
1. Develop software systems using universal Software Engineering principles.
2. Identify a problem and proffer suitable secure software solution.
3. Deploy and maintain the software product on various platforms.
4. Analyse ethical, legal and social implications of software engineering and recommend appropriate actions.
5. Use technopreneurial skills to establish a start-up business in the field of Software Engineering.
6. Demonstrate skills of software documentation, quality assurance and project management as part of software
development.
7. Develop secure and reliable computer networks for organisations.
8. Demonstrate awareness on current trends and emerging technologies.
9. Pursue further studies in any of the identified thematic areas.

Course Learning A student passing the course shall be able to:

Outcomes
 account for the cryptographic theories, principles and techniques that are used to establish security
properties, analyze and use methods for cryptography, reflect about limits and applicability of methods
 Identify common network security vulnerabilities/attacks
 explain the foundations of Cryptography and network security
 Critically evaluate the risks and threats to networked computers.
 Demonstrate detailed knowledge of the role of encryption to protect data.
 Analyze security issues arising from the use of certain types of technologies.
  Identify the appropriate procedures required to secure networks.
 Identify the appropriate procedures required for system security testing and procedures of Backup and
recovery

Show the Course Outline indicating the time scheduled for each task e.g.
Course Outline Week Course Content Time Teaching & Learning Methods
Allocated (hrs)
Online Face to
Face
1 Introduction to Systems Security 4  Lectures
- Overview of computer security concepts
and terminology
- Threats, vulnerabilities, and attacks
- Security policies and models

2 Network Security 4  Lectures

- Network security architecture and protocols
- Firewalls, intrusion detection and
prevention systems
- Virtual private networks (VPNs)
- Wireless network security
3 Operating System Security 2  Lecture
- Access control models and mechanisms 2  Practical
- User authentication and authorization
- File system and resource protection
- Malware detection and prevention

4 Application Security 2  Lecture

- Secure software development principles 2  Practical
- Web application security
- Database security
- Mobile application security
5 Cryptography Fundamentals 2  Lecture
- Introduction to cryptography 2  Practical
- Symmetric and asymmetric encryption
- Hash functions and message integrity
- Digital signatures and certificates
6 Key Management and Public Key Infrastructure 2  Lecture
(PKI) 2  Practical
- Key distribution and exchange
- Certificate authorities and trust models
- Public key infrastructure (PKI) components
7 SEMESTER BREAK
8 Secure Protocols and Standards 2  Lecture
- Secure Socket Layer/Transport Layer 2  Quiz
Security (SSL/TLS)
- Secure shell (SSH)
- IPsec and Virtual Private Networks (VPNs)
- Secure email (PGP/GPG)

9 Security in Emerging Technologies 2  Presentations

- Cloud computing security 2  Practicals
- Internet of Things (IoT) security
- Blockchain and cryptocurrency security
- Artificial intelligence (AI) and machine
learning security

10 Security Management and Incident Response 2  Presentations

- Risk assessment and management 2  Practicals
- Security policies and procedures
- Security audits and compliance
- Incident response and handling

11 a.Ethical and Legal Aspects of Systems Security 4  Tutorials

- Ethical considerations in security practices
- Privacy and data protection
 b.Emerging Trends in Systems Security
- Latest advancements and emerging trends
in systems security
- Case studies and real-world examples

12 Final Project 4  Tutorials

- Students will work on a hands-on project to
apply the concepts learned throughout the
course and demonstrate their understanding
of systems security and cryptography.
Course Resource Artificial intelligence boats like Gemini, Chatgpt, sage poe, agentGPT, Perplexity. Example books:
Information 1. "Cryptography and Network Security: Principles and Practice" by William Stallings - This book provides a
comprehensive introduction to cryptography and network security, covering topics such as symmetric and
asymmetric encryption, digital signatures, secure protocols, and network security principles.

2. "Computer Security: Principles and Practice" by William Stallings and Lawrie Brown - This book covers a wide
range of computer security topics, including network security, operating system security, application security,
cryptography, and security management.

3. "Applied Cryptography: Protocols, Algorithms, and Source Code in C" by Bruce Schneier - This book is a practical
guide to cryptography, covering various cryptographic algorithms, protocols, and their applications. It provides
insights into the design and implementation of secure systems.

4. "Security Engineering: A Guide to Building Dependable Distributed Systems" by Ross Anderson - This book
explores the principles and techniques of building secure systems, including cryptographic protocols, access
control, software security, and system design considerations.

Hardware/Software Laptop, Windows, IDE, Java or Python

Requirements
Schedule of Formative
and Summative Week Assessment Type Time Allocated (Hrs)
Assessments 1, Assignment 1 3
2, Quiz 1. 1
 3 Test 1 1h30min
Assignment 2 3
Quiz 2 1
Test 2 1h30min
Final examination. etc. 3

Schedule of The practicals to be done in the Semester and when they will be done by students in weeks
Laboratories Works
Week Topic
3 Cryptography
6 Network security
9 System security
10 Application of all course techniques
Practical Manuals THIS LAB MANUAL SUPPLEMENTS THE TEACHING MATERIALS IN THE SYSTEMS SECURITY AND CRYPTOGRAPHY
COURSE.
 At least 3 practical questions should be completed and assessed every week starting week 2 from semester
beginning.
 A lab report with all solutions to be compiled by student and submitted before semester end

1. Conduct a vulnerability assessment of a network infrastructure and propose remediation measures to

address the identified vulnerabilities.
2. Develop a malware detection and prevention system using antivirus software and intrusion detection
techniques on a Windows-based operating system.
3. Conduct a security assessment of a web application, identifying common vulnerabilities such as cross-site
scripting (XSS) and SQL injection, and propose mitigation strategies.
4. Develop an incident response plan for a simulated security incident, including steps for detection,
containment, eradication, and recovery.
5. Set up a local certificate authority (CA) using tools like OpenSSL and issue digital certificates for a web
server.
6. Write a JAVA program to encrypt and decrypt text using DES algorithm.
7. Write a JAVA program to encrypt and decrypt text using AES algorithm.
8. Implement the DES-2, DES-3 using java cryptography package
9. Using RSA algorithm, Encrypt TEXT data and decrypt the data.
 10. Using RSA algorithm, Encrypt INTEGER data and decrypt the data.
11. Calculate the message digest of text using the SHA-1 algorithm.
12. Calculate the message digest of text using the MD5 algorithm
13. Develop a program that validates the authenticity of a digital certificate by checking the certificate chain
and verifying the CA's signature.
14. A)Write a program to store a password as hash value in a database. B) write another one to add a salt and
store
15. Write a java program to encrypt user passwords before they are stored in a database table, and to retrieve
them whenever they are to be brought back for verification
16. Write a java program to perform encryption and decryption using the following algorithms:
a. Ceaser cipher
b. Substitution cipher – mono alphabetic
c. Playfair cipher
17. Design and implement a key management system that securely stores and retrieves encryption keys for
multiple users or systems.

Relevant Policies And Students to follow all plagiarism set rules

Procedure Manuals
Sample questions Questions, assignments and tests are subject to change depending what is covered but here are some guidelines
ASSIGNMENT 1 – 100marks

1a)Explain Public Key cryptography with a suitable example.[10]

b) Explain the RSA algorithm with an example.[10]

2a)What are Digital Signatures? How are Digital Signatures different from Public
key cryptography?[10]
b) Explain about the importance of Hashing and Message Digest in Digital
Signatures.[10]
3a)Explain about Security goals, attacks, services and Mechanisms.[10]
b) What is the difference between stream and block ciphers. [10]

4.a) Explain about AES Algorithm. [10]

5)Define network security and discuss its key goals, including confidentiality, integrity, and availability. [10]
6)Explain the concept of defense in depth and discuss the various layers of network security controls that can be
implemented. [10]
7)Describe common network attacks, such as DoS (Denial of Service) and DDoS (Distributed Denial of Service), and
discuss mitigation strategies for these attacks. [10]

ASSIGNMENT 2 – 100 marks

a) Write a java program to encrypt and decrypt the text “I am coming tonight” using DES algorithm. [10]
b) With aid of an example explain Diffie Hellman key exchange and explain the man in the middle attack in
detail.[10]
c) Explain stegenography in detail. How is it different from cryptography?[10]
d) Explain the functioning of HMAC algorithm.[10]
e) A receiver received the cipher text C = 10 sent by a sender whose public key is e = 5. If the algorithm used is
RSA with n = 35 then what is the value of the plain text M? [10]
f) Explain the role of IPsec in providing secure network layer communications and VPN (Virtual Private
Network) connections [10].
g) Discuss the key elements of a security policy and its role in guiding security practices within an
organization. [10]
h) Discuss the security considerations and challenges in cloud computing environments. [10]
i) Explain the security implications and risks associated with the Internet of Things (IoT) devices. [10]
j) Describe the security considerations and potential vulnerabilities in blockchain and cryptocurrency
systems. [10]