Indian Institute of Information Technology, Allahabad

Department of Information Technology

Course Syllabus

Course Code [Information Security Laws and Regulation]

LTP Credit: L:2 T:1 P:0

Objective of the Course: The purpose of this course is to develop the foundation of Information security governance, implementation of cyber security practices in the organization. The students will be given stress on industry specific standards, best practice that can be used to implement cyber security programmes across different industry sectors. The students will be given learning on different cyber security strategies used to implement standards. The other side of the course is the relevant laws and regulation that are constantly being evolved to the changing threat landscape and mandatory to comply with.

Outcome of the course:·

• Create information security policies;

• The prevailing laws addressing the protection of information and incidents that can be classified as crime;

• To systematically decode the element of cyber crime in order to understand the cyber attack execution strategies.

• To learn the component of information security programme and how to ensure compliance of international frameworks.

Component	Unit	Topics for Coverage
Component 1	Unit 1	The need for Information security laws,regulation and standards. Information Security programmes and practices, Analysis of cyber crime based on parameter to develop attack vector pathways. Information security strategies for effective information security implementation. Information security requirements and classification. Overview of information security metrics used in organizational need for information security. Use of CVE database, Overview of IS027001. IT Act,2000.
Component 1	Unit 2	Information security Regulation for Critical Infrastructure protection, Components of CII, Threat Landscape, Critical Digital Assets, Regulation NERC 5.71, Framework implementation guidance.
Component 2	Unit 3	Information Security Regulation for Payment Card Industry, Design consideration based on Network flow and Data flow requirements. The regulatory need for operators, merchants and its implementation,Best practices implementation, Compliance requirements.
Component 2	Unit 4	Data protection laws and regulations, GDPR, Privacy impact analysis, Implement, Investigation life cycle.

Part 1:

Part 2:

Text Book:

P.W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (2014, Oxford University Press)
Nina Godbole, Cyber Security( Wiley India)

Reference Book:

Guide to cyber laws : information technology act-2000, e-commerce, data protection & the internet by Ryder Rodney D.
A Guide to Information Technology : Cyber Laws & E-commerce By: Ahmed Syed, Shakil ; Raheja, Rajiv.

Legal dimensions of cyberspace By: edited by S. K. Verma ; Raman Mittal.