Professional Documents
Culture Documents
Course Description:
This course is designed to present the management aspects of security for global information
systems. Information security is viewed with respect to natural and human generated threats. The
material covered addresses information system security planning, development of security policies
and programs, risk assessment, risk management, disaster recovery, business continuity and
personnel issues. Examples of real world information security issues and practices implemented in
todays business environment, as well as government security laws are presented.
Course Objectives:
The course is to acquaint the students of Information Security with the prevailing management
aspects of securing information and information systems. The students will get knowledge about
all management aspects of securing systems e.g. Assets Identification and Classification, Risk
Assessment, and Audit in detail. The course also enables students to attain equivalent knowledge
and skills as laid down by ISACA, ISO-27001 Standard and its Compliance. It provides basic
understanding on Information Security (IS) Governance, Risk Management, Incident Response
Mechanisms, Internal Audit, Security Frameworks, Methodologies and Architecture. The course
demands technical knowledge that is required for securing information and communication
systems and would also include tools and foundational aspects of ISM Standards.
Page 1 of 3
National University of Sciences & Technology (NUST)
School of Electrical Engineering and Computer Science (SEECS)
Department of Computer Science
OHT-1: 15%
OHT-2: 15%
Semester Project:10%
End Semester Exam:40%
Total : 100 %
Books:
Text Book:
1. Shon Harris, CISSP All-In-One Exam Guide, 2012, 6th Edition, McGraw-Hill/Osborne Media.
(ISBN-10: 0071781749)
2. Harold F. Tipton and Micki Krause, Information Security Management Handbook, 2007, 6th
Edition, CRC Press. (ISBN-10: 0849374952)
Reference Books:
1. Steven Hernandez, Official (ISC) Guide to the CISSP CBK, 2009, 2nd Edition, Auerbach
Publications. (ISBN-10: 1439809593)
Topics to be Covered:
1. Information Security Controls & Principles
2. Information Security Governance
3. Information Security Risk Management
4. Security and Audit Frameworks, Methodologies and Architecture
5. Business Continuity Management
6. Access Management ( Physical & Logical)
7. IS Incident Management
8. Operation Security Management
9. Information Security Management System based on ISO27001
10. Understanding Organizational Behavior
Page 2 of 3
National University of Sciences & Technology (NUST)
School of Electrical Engineering and Computer Science (SEECS)
Department of Computer Science
6 OHT-1
7 Understanding Organizational Behavior
8 Business Continuity and Management
9 Access Management (Physical and Logical)
10 IS-Incident Management
11 Assignment Presentations and Reporting
12 OHT-2
13 Security and Audit Frameworks, Methodologies and Architecture
14 Practical Hands on Workshop [Information Security Management System based on ISO27001
(Implementation and Auditing) ]
15 Practical Hands on Workshop [Information Security Management System based on ISO27001
(Implementation and Auditing) ]
16 Practical Hands on Workshop [Information Security Management System based on ISO27001
(Implementation and Auditing) ]
17 Project Presentations and Reporting
18 ESE
Grading Policy:
Quiz Policy: The quizzes may be unannounced and normally last for ten minutes. The question
framed is to test the concepts involved in last few lectures.
Assignment The course website will be the primary source for announcements and submitting
Policy: assignments.
Plagiarism: Collaboration and group wok is encouraged but each student is required to submit
his/her own contribution(s). Your writings must be your own thoughts. You must cite
and acknowledge all sources of information in your assignments. Cheating and
plagiarism will not be tolerated and will lead to strict penalties including zero marks in
assignments as well as referral to the Dean for appropriate action(s).
Page 3 of 3