Home | Back
|
IS-833 IT Security Evaluation & Auditing
|
Campus
|
MCS
|
Programs
|
PG
|
Session
|
Fall Semester 2016
|
Course Title
|
IT Security Evaluation & Auditing
|
Course Code
|
IS-833
|
Credit Hours
|
|
Pre-Requisutes
|
|
Course Objectives
|
The course is designed to provide a deep insight of the information security evaluation and auditing process. The theme mainly emphasizes on two main contents i.e. Evaluation and Auditing.
|
Detail Content
|
- 1. Introduction to Security Evaluation & Standards Trusted Computer System Evaluation Criteria (TCSEC) (The Orange Book), Information Technology Security Evaluation Criteria (ITSEC)
- Common Criteria (CC)/ FIPS-140-2 Common Criteria (CC) for information technology security evaluation, Target of Evaluation (TOE) Specification, Security Target, Protection Profiles, Evaluation Assurance Levels, FIPS-140-2 Standard
- ATAM (Architectural Tradeoff Analysis Method) Quality attributes and their role in software architectures, Quality attribute tradeoffs, Why architecture analysis is important, How to execute an ATAM evaluation, in particular, The steps of the ATAM
- Information Security Audit Process Technology and Audit, IS Audit Function Knowledge, Standards and Guidelines for IS Auditing, Audit Planning Process, Audit Management
- IT Governance Information Systems/Information Technology Governance, Management Issues, Governance Techniques
- Systems & infrastructure Life Cycle Management Information Management and Usage, Development, Acquisition, and Maintenance of Information Systems, Audit Role in Feasibility Studies and Conversions
|
Text/Ref Books
|
- Using the Common Criteria for IT Security Evaluation by Debra S. Herrmann, Auerbach Publications, 2002.
- Auditor's Guide to Information Systems Auditing, Richard E. Cascarino, John Wiley 2007.
- Auditing Information Systems by Jack J. Champlain, Wiley 2003, second edition.
- The Orange Book (DoDD 5200.28-STD)
- Aggressive Network Self-Defense by Neil R. Wyler, Bruce Potter, Chris Hurley
- “Meta sploit: The Penetration Tester's” by David Kennedy by(Author), Jim O'Gorman B005DTOK04 , (Author), Devon Kearns , (Author), MatiAharoni (Author)
- “The Shell coder's Handbook: Discovering and Exploiting Security Holes” by Chris Anley, John Heasman, and Felix Linder.
- Web Application Vulnerabilities: Detect, Exploit, Prevent by Steven Palmer
|
Time Schedule
|
Fall Semester 2015
|
Faculty/Resource Person
|
Lt Col Dr. Monis Akhlaq, PhD
University of Bradford, UK.
Discipline: Computer/Information Security
Specialization: Improved Performance High Speed Network Intrusion Detection Systems (NIDS)
|
|