Title Summary.pdf ✅

Summary. Here is a summary of the topics and questions we covered in each week/lecture. The learning outcomes of each lecture is also a good source for understanding the goals of each lecture. In addition, practicing on the courses theoretical and practical assignments can help you get an in depth insight into the topics covered. Week-1 ● What is computer/information security? ● What do we need to protect/secure? ● Which core security objectives do we seek for protecting our assets? ● What are the Challenges of protecting our assets? ● What can have an impact on the security of our assets? ● How can we find out if our systems contain Vulnerability? ● What are the threats to computer/information security? ● What should we be aware of with regards to Threats and Vulnerabilities? ● What steps can we take to minimize the risk? ● What frameworks can help us in Improving Critical Infrastructure Cybersecurity? Week-2 ● What is Cryptography? ● What is Encryption? ● What is a Cryptosystem? ● What are the different Encryption Techniques? ● How does classical Cryptography function? ● What is a One-Time Pad? ● What is a Random Number Generator and why do we need it? ● What is Symmetric Cryptography? ● What is Asymmetric Cryptography? ● What is a Hash Functions and how can it help us with data integrity? ● What is Steganography and how does it work? Week-3 ● How does Symmetric cryptography (AES) work? ● What are Block and Stream ciphers? ● How do we use a Block cipher? ● What are Block cipher modes of operation and why do we need them? ● What is Message Padding and why do we need them? ● What are the challenges of Using Symmetric cryptography? ● How does Asymmetric cryptography (RSA) work? ● What is a digital signature and how can we use it to ensure desired security properties? ● How can digital signing with Asymmetric Algorithms? ● How can digital signing with Symmetric Algorithms? ● What are the challenges of Using Asymmetric cryptography?
Week-4 ● What are Key exchange algorithms and what are they used for? ● How does the Diffie-Hellman Key Agreement protocol function? ● What is a Man-in-the-Middle Attack and how is it carried out? ● What is Public Key Infrastructure (PKI)? ● What is X.509 certificate and how is it used in PKI? ● How is the Certificate Life Cycle? ● What types of certificates can be issued and how do they differ? ● How are certificates validated? ● What is a Certificate Revocation List (CRL) and why do we need it? ● What is Online Certificate Status Protocol (OCSP) and why do we need it? ● What is Pretty Good Privacy (PGP) and how does it differ from a Certificate based PKI? ● How does PGP manage keys? Week-5 ● What are steps one often has to go through to get access to a resource/asset? ● How do we identify an entity that wants to access our resources/assets? ● What are the challenges and possible solutions related to Identification (ID)? ● What is authentication? ● How do we authenticate an entity that wants to access our resources/assets? ● What are the challenges and possible solutions related to authentication? ● What is meant by Strong authentication? Week-6 ● What is Authorization and why do we need it? ● How does Authentication differ from Authorization? ● What are the challenges with Authorization? ● How can we ensure that authorization is given only to legitimate users? ● What are Access Control Models and how can they help us with Authorization? ● What are the Access Control Techniques and Technologies that we can use with regards to Authorization? Week-8 ● What is a protocol? ● What are the different status of data/information? ● What are the authentication protocols based on something the user knows and how do they function? ● What are the authentication protocols based on something the user has and how do they function? ● What are the authentication protocols based on something the user is and how do they function? ● How do we handle identity and authentication across domains(different companies)? ● What is a Federated protocol and does it help us solve identity across domains(different companies)? ● What is a JSON Web Token (JWT), why do we need it and how does it function? ● What is an Identity & Access Management(IAM) system and why do we need it?
Week-9 ● How is security handled at different layers of the TCP/IP protocol? ● What are the IP Security Issues? ● What is Transport Layer Security(TLS)/Secure Socket Layer (SSL) and why do we need it? ● How does TLS function and what are different parts that make it work? ● How does TLS ensure confidentiality? ● How does TLS ensure Integrity? ● How does TLS ensure authenticity of the server or client? ● What is the difference between TLSv1.2 and TLSv1.3? Week-10 ● What are the different steps of an attack? ● How does computer networking function and what are protocols involved in achieving two parties to communicate over the network? ● What is Firewall and why do we need it? ● What are the requirements of a Firewall? ● What is a Firewall policy? ● What are the different types of a firewall and how do they differ? ● What are the different types ofFirewall architecture and how do they differ? ● What are the limitations of a Firewall? Week-12 ● What is Intrusion Detection(IDS) and Intrusion Prevention(IPS) and why do we need them? ● How are IDS/IPS classified? ● Challenges in using IDS? ● What is a Host Intrusion Detection System(HIDS) and how does it function? ● What is a Network Intrusion Detection System(NIDS) and how does it function? ● What are the limitations of using a NIDS? ● What is the difference between a HIDS and a NIDS? ● Which HIDS is used in the course as a proof of concept? ● Which NIDS is used in the course as a proof of concept? Week-14 ● Why is it difficult to secure software? ● What is the software life-cycle and why do we need security to be part of the whole software life-cycle? ● What is the OWASP Top 10 Application Security Risks and how can it help us with software security? ● What is the OWASP Top 10 Proactive Controls and how can it help us with software security? ● What is the OWASP Application Security Verification Standard and how can it help us with software security? ● What is the IEEE Avoiding The Top 10 Software Security Design Flaws and how can it help us with software security? ● Which software vulnerability scanning tools are used in the course as a proof of concept?