Scribd Logo
Upload

Welcome to Scribd!

  • Course Outline Is 830

    Uploaded by

    lectureslides
    152 views3 pages
    Information security

    Original Title

    Course Outline is 830 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Information security

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    152 views3 pages

    Course Outline Is 830

    Uploaded by

    lectureslides
    Information security

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    National University of Sciences & Technology (NUST)

    School of Electrical Engineering and Computer Science (SEECS)


    Department of Computer Science

    IS-830 Information Security Management


    Course Code: IS-830 Semester: 1st
    Credit Hours: 3+0 Prerequisite N/A
    Codes:
    Instructor: Class: MSIS-9
    Office: Telephone:
    Lecture Days: E-mail:
    Class Room: Consulting Hours:
    Knowledge Updates on LMS: Before/after every lecture
    Group:

    Course Description:
    This course is designed to present the management aspects of security for global information
    systems. Information security is viewed with respect to natural and human generated threats. The
    material covered addresses information system security planning, development of security policies
    and programs, risk assessment, risk management, disaster recovery, business continuity and
    personnel issues. Examples of real world information security issues and practices implemented in
    todays business environment, as well as government security laws are presented.

    Course Objectives:
    The course is to acquaint the students of Information Security with the prevailing management
    aspects of securing information and information systems. The students will get knowledge about
    all management aspects of securing systems e.g. Assets Identification and Classification, Risk
    Assessment, and Audit in detail. The course also enables students to attain equivalent knowledge
    and skills as laid down by ISACA, ISO-27001 Standard and its Compliance. It provides basic
    understanding on Information Security (IS) Governance, Risk Management, Incident Response
    Mechanisms, Internal Audit, Security Frameworks, Methodologies and Architecture. The course
    demands technical knowledge that is required for securing information and communication
    systems and would also include tools and foundational aspects of ISM Standards.

    Course Learning Outcomes (CLOs):


    To understand architectural and foundational aspects of ISM Standards
    To provide basic understanding on Information Security (IS) Governance, Risk Management, Incident
    Response Mechanisms, Security Frameworks, Methodologies and Architecture
    To attain equivalent knowledge and skills as laid down by ISACA, ISO-27001 Standard and its Compliance
    To gain an in depth knowledge of protecting a companys information system assets

    Course Assessment and Weightages (In accordance with NUST statutes)


    Quizzes: 10%
    Assignments: 10%

    Page 1 of 3
    National University of Sciences & Technology (NUST)
    School of Electrical Engineering and Computer Science (SEECS)
    Department of Computer Science

    OHT-1: 15%
    OHT-2: 15%
    Semester Project:10%
    End Semester Exam:40%
    Total : 100 %

    Books:
    Text Book:
    1. Shon Harris, CISSP All-In-One Exam Guide, 2012, 6th Edition, McGraw-Hill/Osborne Media.
    (ISBN-10: 0071781749)
    2. Harold F. Tipton and Micki Krause, Information Security Management Handbook, 2007, 6th
    Edition, CRC Press. (ISBN-10: 0849374952)
    Reference Books:
    1. Steven Hernandez, Official (ISC) Guide to the CISSP CBK, 2009, 2nd Edition, Auerbach
    Publications. (ISBN-10: 1439809593)

    Topics to be Covered:
    1. Information Security Controls & Principles
    2. Information Security Governance
    3. Information Security Risk Management
    4. Security and Audit Frameworks, Methodologies and Architecture
    5. Business Continuity Management
    6. Access Management ( Physical & Logical)
    7. IS Incident Management
    8. Operation Security Management
    9. Information Security Management System based on ISO27001
    10. Understanding Organizational Behavior

    Week no. Topics


    1 Core Information Security Principles
    Understanding Information Security Controls
    Activity
    2, 3 Understanding Information Security Governance
    4 Information Security Risk Management
    Understanding Risk Management Principles
    Introduction to Asset Inventory
    Asset Classification and Value Calculation
    Threat and Vulnerability Analysis
    Risk Calculation
    5 Information Security Risk Management (Continued)
    Risk Management Guidelines (NIST SP 800-30, ISO-27005)
    Risk Assessment Techniques (OCTAVE, CRAMM etc.)

    Page 2 of 3
    National University of Sciences & Technology (NUST)
    School of Electrical Engineering and Computer Science (SEECS)
    Department of Computer Science

    6 OHT-1
    7 Understanding Organizational Behavior
    8 Business Continuity and Management
    9 Access Management (Physical and Logical)
    10 IS-Incident Management
    11 Assignment Presentations and Reporting
    12 OHT-2
    13 Security and Audit Frameworks, Methodologies and Architecture
    14 Practical Hands on Workshop [Information Security Management System based on ISO27001
    (Implementation and Auditing) ]
    15 Practical Hands on Workshop [Information Security Management System based on ISO27001
    (Implementation and Auditing) ]
    16 Practical Hands on Workshop [Information Security Management System based on ISO27001
    (Implementation and Auditing) ]
    17 Project Presentations and Reporting
    18 ESE

    Grading Policy:
    Quiz Policy: The quizzes may be unannounced and normally last for ten minutes. The question
    framed is to test the concepts involved in last few lectures.
    Assignment The course website will be the primary source for announcements and submitting
    Policy: assignments.
    Plagiarism: Collaboration and group wok is encouraged but each student is required to submit
    his/her own contribution(s). Your writings must be your own thoughts. You must cite
    and acknowledge all sources of information in your assignments. Cheating and
    plagiarism will not be tolerated and will lead to strict penalties including zero marks in
    assignments as well as referral to the Dean for appropriate action(s).

    Page 3 of 3

    You might also like