# Information Security Technologies - Course Lecture Topics

**Course Duration:** 3 months, 2 hours/week (24-30 hours total)
**Target:** Bachelor students, Year II, Semester IV
**Credits:** 4 ECTS

---

## Theme 1: Information Security Fundamentals

### 1.1 Core Concepts and Terminology
- Definition of information security vs cybersecurity
- The CIA Triad: Confidentiality, Integrity, Availability
- Additional security properties: Authentication, Non-repudiation, Accountability
- Assets, threats, vulnerabilities, and risks
- Security incidents vs security breaches
- Defense in depth principle
- Security by design and security by default

### 1.2 Threat Landscape and Attack Vectors
- Classification of threat actors: nation-states, cybercriminals, hacktivists, insiders
- Advanced Persistent Threats (APT) characteristics
- Attack vectors: network, application, physical, social
- Vulnerability lifecycle and responsible disclosure
- Common Vulnerabilities and Exposures (CVE) and CVSS scoring
- MITRE ATT&CK framework for threat intelligence
- AI-powered attacks and automated vulnerability discovery
- Quantum computing threats: "harvest now, decrypt later" attacks
- Supply chain attacks and Software Bill of Materials (SBOM)

---

## Theme 2: Malware and Social Engineering

### 2.1 Malicious Software
- Malware taxonomy: viruses, worms, trojans, ransomware, spyware, rootkits, bootkits
- Fileless malware and living-off-the-land techniques
- Infection vectors and propagation methods
- Ransomware business models: RaaS (Ransomware-as-a-Service), double extortion
- Static and dynamic malware analysis basics
- Antivirus technologies: signature-based, heuristic, behavioral, ML-based detection
- Sandbox evasion techniques

### 2.2 Social Engineering and Human Factor
- Psychology of social engineering attacks
- Phishing variants: spear phishing, whaling, vishing, smishing, quishing (QR code phishing)
- Pretexting, baiting, and tailgating
- Business Email Compromise (BEC) and CEO fraud
- AI-generated phishing content using large language models
- Deepfake attacks: voice cloning, video impersonation
- Adversarial AI: attacks targeting ML-based security systems
- Security awareness training and phishing simulations

---

## Theme 3: Access Control and Identity Management

### 3.1 Access Control Models
- Identification, authentication, authorization concepts
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC) and security labels
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control (ABAC)
- Policy-Based Access Control (PBAC)
- Principle of least privilege and need-to-know
- Separation of duties

### 3.2 Authentication and Account Management
- Authentication factors: knowledge, possession, inherence, location, behavior
- Multi-factor authentication (MFA) implementation
- Password policies, password managers, credential stuffing attacks
- Passwordless authentication: FIDO2/WebAuthn standards, passkeys
- Single Sign-On (SSO) and federated identity (SAML, OAuth 2.0, OpenID Connect)
- Privileged Access Management (PAM) and just-in-time access
- Account lifecycle management and deprovisioning
- Zero Trust Architecture: "never trust, always verify", continuous authentication
- Decentralized identity and verifiable credentials
- Identity Threat Detection and Response (ITDR)

---

## Theme 4: Security Technologies and Infrastructure Protection

### 4.1 Network Security Technologies
- Firewall types: packet filtering, stateful, application-level, next-generation (NGFW)
- Web Application Firewalls (WAF)
- Virtual Private Networks: IPSec, SSL/TLS VPN, OpenVPN
- WireGuard: modern VPN using ChaCha20-Poly1305, Curve25519, BLAKE2
- Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
- Network segmentation, VLANs, and DMZ architecture
- Microsegmentation for zero trust networks
- Security Information and Event Management (SIEM)
- Extended Detection and Response (XDR)
- Security Orchestration, Automation and Response (SOAR)

### 4.2 Endpoint and System Protection
- Endpoint Detection and Response (EDR)
- Host-based intrusion detection (HIDS) and prevention (HIPS)
- Operating system hardening and secure configuration baselines
- Patch management strategies and vulnerability management
- Mobile device security and Mobile Device Management (MDM)
- Data Loss Prevention (DLP)
- Secure Access Service Edge (SASE)
- AI/ML-powered security tools and behavioral analytics
- Application whitelisting and sandboxing

---

## Theme 5: Cryptography - Symmetric and Asymmetric

### 5.1 Symmetric Cryptography
- Principles of symmetric encryption, confusion and diffusion
- Block ciphers vs stream ciphers
- Data Encryption Standard (DES) and Triple DES (legacy, historical importance)
- Advanced Encryption Standard (AES-128, AES-192, AES-256)
- AES modes of operation: ECB (insecure), CBC, CTR, OFB, CFB
- Authenticated encryption with associated data (AEAD): AES-GCM, AES-CCM
- AES-GCM-SIV: nonce-misuse resistant mode
- ChaCha20: stream cipher alternative to AES
- ChaCha20-Poly1305: AEAD cipher used in TLS 1.3 (RFC 8439)
- XChaCha20: extended nonce variant for large-scale encryption
- Ascon: NIST lightweight cryptography standard (2023) for IoT/embedded
- Key management challenges and key derivation functions (HKDF, PBKDF2)

### 5.2 Asymmetric Cryptography
- Public key cryptography principles and mathematical foundations
- RSA algorithm: key generation, encryption, signing (RSA-2048, RSA-4096)
- RSA padding schemes: OAEP for encryption, PSS for signatures
- Elliptic Curve Cryptography (ECC): NIST curves (P-256, P-384, P-521)
- Curve25519/X25519: high-speed elliptic curve for key exchange
- Ed25519/EdDSA: fast deterministic digital signatures
- X448/Ed448: higher security curve variants (224-bit security)
- Diffie-Hellman key exchange: classical DH, ECDH, X25519
- Hybrid encryption schemes combining symmetric and asymmetric
- Post-Quantum Cryptography (PQC) and quantum computing threats
- Shor's algorithm threat to RSA/ECC, Grover's algorithm impact on symmetric
- NIST PQC Standards (FIPS 203, 204, 205 - 2024):
  - ML-KEM (CRYSTALS-Kyber): lattice-based key encapsulation
  - ML-DSA (CRYSTALS-Dilithium): lattice-based digital signatures
  - SLH-DSA (SPHINCS+): hash-based stateless signatures
- Additional PQC algorithms: FALCON, BIKE, HQC, Classic McEliece
- Crypto-agility: designing systems for algorithm migration
- Hybrid classical/PQC schemes: X25519+ML-KEM for transitional security

---

## Theme 6: Data Integrity, Digital Signatures, and PKI

### 6.1 Hashing and Data Integrity
- Cryptographic hash function properties: collision resistance, preimage resistance, avalanche effect
- Birthday attack and hash collision probability
- Legacy hashes: MD5, SHA-1 (deprecated, collision attacks demonstrated)
- SHA-2 family: SHA-256, SHA-384, SHA-512, SHA-512/256
- SHA-3 (Keccak): SHA3-256, SHA3-512, sponge construction
- SHA-3 Extendable Output Functions (XOF): SHAKE128, SHAKE256
- BLAKE2 (BLAKE2b, BLAKE2s): faster than SHA-3, widely used
- BLAKE3: parallelizable, single algorithm for hashing/MAC/KDF/XOF
- Message Authentication Codes: HMAC-SHA256, HMAC-SHA3, KMAC, Poly1305
- Hash-based integrity verification and checksums
- Password hashing: bcrypt, scrypt, Argon2id (memory-hard functions)
- Argon2 variants and parameter tuning (memory cost, time cost, parallelism)

### 6.2 Digital Signatures and Certificates
- Digital signature schemes and their security properties
- RSA signatures: PKCS#1 v1.5 (legacy), RSA-PSS (recommended)
- DSA and ECDSA (P-256, P-384)
- EdDSA (Ed25519, Ed448): deterministic, fast verification
- Schnorr signatures and BLS signatures (aggregatable, blockchain applications)
- Threshold signatures and multi-signatures
- Post-quantum signatures: ML-DSA (Dilithium), SLH-DSA (SPHINCS+), FALCON
- Public Key Infrastructure (PKI) components and trust models
- Certificate Authorities (CA) hierarchy and cross-certification
- X.509 certificates structure, extensions, and validation
- Certificate lifecycle: issuance, renewal, revocation (CRL, OCSP)
- Certificate Transparency (CT) logs for detecting mis-issuance
- Automated Certificate Management: ACME protocol, Let's Encrypt
- TLS 1.3 protocol: improved handshake, mandatory forward secrecy
- DNS-based Authentication (DANE) and TLSA records
- Code signing, software integrity, and supply chain security (Sigstore, SLSA)
- Emerging cryptographic technologies: homomorphic encryption, MPC, zero-knowledge proofs

---

## Theme 7: Cloud Security and Infrastructure Protection

### 7.1 Cloud Security Fundamentals
- Cloud service models: IaaS, PaaS, SaaS security responsibilities
- Shared responsibility model by cloud provider
- Cloud Security Alliance (CSA) Cloud Controls Matrix
- Identity and Access Management in cloud: IAM policies, service accounts
- Data encryption in transit (TLS) and at rest (envelope encryption)
- Key management services and customer-managed keys
- Cloud compliance certifications: SOC 2, ISO 27001, FedRAMP
- Multi-cloud security: consistent policies across AWS, Azure, GCP
- Container security: Docker hardening, image scanning, runtime protection
- Kubernetes security: RBAC, network policies, pod security standards
- Serverless security: function permissions, cold start vulnerabilities
- Infrastructure as Code (IaC) security scanning: Terraform, CloudFormation
- Cloud-Native Application Protection Platform (CNAPP)
- API security: API gateways, rate limiting, OAuth 2.0, API threat protection

### 7.2 Network and Infrastructure Resilience
- Availability concepts: uptime, SLAs, nines of availability
- Redundancy patterns: active-passive, active-active, N+1
- Disaster recovery: RTO, RPO, hot/warm/cold sites
- Business continuity planning and testing
- Backup strategies: 3-2-1 rule, immutable backups, air-gapped backups
- High availability architectures and load balancing
- DDoS attack types and mitigation: volumetric, protocol, application layer
- Content Delivery Networks (CDN) for protection and performance
- Incident response in cloud environments
- Chaos engineering and resilience testing

---

## Theme 8: Risk Management, Policies, and Compliance

### 8.1 Security Risk Management
- Risk management lifecycle: identify, assess, treat, monitor
- Risk assessment methodologies: quantitative vs qualitative
- Asset identification and classification
- Threat modeling: STRIDE, PASTA, attack trees
- Vulnerability assessment tools and penetration testing
- Risk calculation: likelihood x impact matrices
- Risk treatment options: accept, mitigate, transfer (insurance), avoid
- Risk appetite and risk tolerance
- Security metrics, KPIs, and KRIs
- ISO 27005 risk management framework
- Third-party risk management and vendor assessments
- Continuous risk monitoring and automated scanning
- Cyber insurance: coverage types, requirements, limitations

### 8.2 Security Policies and Standards
- Security policy hierarchy: policies, standards, procedures, guidelines
- ISO/IEC 27001 Information Security Management System (ISMS)
- NIST Cybersecurity Framework 2.0 and its five functions
- CIS Controls and security benchmarks
- Security governance: roles (CISO, DPO), committees, reporting
- Security audit types: internal, external, certification
- Compliance verification and evidence collection
- Incident response planning: preparation, detection, containment, eradication, recovery, lessons learned
- Security Operations Center (SOC) models and maturity
- EU regulations: NIS2 Directive, DORA (financial sector), Cyber Resilience Act
- EU AI Act implications for security systems
- GDPR and privacy regulations: cross-border data transfer, breach notification
- Industry-specific compliance: PCI DSS, HIPAA, SOX

---

## Laboratory Work Alignment

| Lab | Topic | Hours |
|-----|-------|-------|
| LL1 | Security incident analysis, major breaches case studies | 2 |
| LL2 | Social engineering techniques exploration | 2 |
| LL3 | Secure environment configuration, hardening | 2 |
| LL4 | Local security policies in Windows/Linux | 2 |
| LL5 | Firewall configuration, VPN setup | 4 |
| LL6 | Authentication, authorization, accounting (AAA) | 2 |
| LL7 | File and data encryption tools | 2 |
| LL8 | Symmetric encryption implementation | 2 |
| LL9 | Data integrity verification, hashing | 2 |
| LL10 | Digital signatures implementation | 2 |
| LL11 | Information asset identification, vulnerability scanning | 2 |
| LL12 | Risk assessment, risk treatment planning | 2 |
| LL13 | ISMS development for organization | 2 |
| LL14 | Security policy creation | 2 |

---

## Standards and References (2024-2026)

### ISO/IEC Standards
- ISO/IEC 27001:2022 - Information Security Management Systems
- ISO/IEC 27002:2022 - Information Security Controls
- ISO/IEC 27005:2022 - Information Security Risk Management
- ISO/IEC 27017:2023 - Cloud Security Controls
- ISO/IEC 27701:2019 - Privacy Information Management

### NIST Publications
- NIST FIPS 203 (2024) - ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)
- NIST FIPS 204 (2024) - ML-DSA (Module-Lattice-Based Digital Signature Algorithm)
- NIST FIPS 205 (2024) - SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)
- NIST SP 800-207 - Zero Trust Architecture
- NIST Cybersecurity Framework 2.0 (2024)
- NIST SP 800-63B - Digital Identity Guidelines (Authentication)

### EU Regulations and Directives (2024-2026)
- NIS2 Directive (EU 2022/2555) - Network and Information Security
- DORA (EU 2022/2554) - Digital Operational Resilience Act
- EU AI Act (2024) - Artificial Intelligence Regulation
- EU Cyber Resilience Act (2024)

### Industry Frameworks and Reports
- MITRE ATT&CK Framework (updated quarterly)
- ENISA Threat Landscape Report (annual)
- Cloud Security Alliance (CSA) - Cloud Controls Matrix v4
- OWASP Top 10 (2021, update expected 2025)
- CIS Controls v8.1

### Cryptographic Standards
- RFC 8446 - TLS 1.3
- RFC 8439 - ChaCha20-Poly1305
- RFC 7748 - Elliptic Curves for Security (X25519, X448)
- RFC 8032 - EdDSA (Ed25519, Ed448)
- RFC 9180 - Hybrid Public Key Encryption (HPKE)

---

## Assessment Structure

| Component | Weight |
|-----------|--------|
| Periodic Assessment 1 (Themes 1-4) | 15% |
| Periodic Assessment 2 (Themes 5-8) | 15% |
| Laboratory Work | 15% |
| Individual Study (mind maps, security policies) | 15% |
| Final Examination | 40% |

---

*Course prepared for Technical University of Moldova, Faculty of Computers, Informatics and Microelectronics, Assistant Lecturer Masiutin Maxim*