National University of Sciences and Technology
Home | Back
IS-833 IT Security Evaluation & Auditing
Campus MCS
Programs PG
Session Fall Semester 2016
Course Title IT Security Evaluation & Auditing
Course Code IS-833
Credit Hours
Pre-Requisutes
Course Objectives The course is designed to provide a deep insight of the information security evaluation and auditing process. The theme mainly emphasizes on two main contents i.e. Evaluation and Auditing.
Detail Content
  • 1. Introduction to Security Evaluation & Standards Trusted Computer System Evaluation Criteria (TCSEC) (The Orange Book), Information Technology Security Evaluation Criteria (ITSEC)
  • Common Criteria (CC)/ FIPS-140-2 Common Criteria (CC) for information technology security evaluation, Target of Evaluation (TOE) Specification, Security Target, Protection Profiles, Evaluation Assurance Levels, FIPS-140-2 Standard
  • ATAM (Architectural Tradeoff Analysis Method) Quality attributes and their role in software architectures, Quality attribute tradeoffs, Why architecture analysis is important, How to execute an ATAM evaluation, in particular, The steps of the ATAM
  • Information Security Audit Process Technology and Audit, IS Audit Function Knowledge, Standards and Guidelines for IS Auditing, Audit Planning Process, Audit Management
  • IT Governance Information Systems/Information Technology Governance, Management Issues, Governance Techniques
  • Systems & infrastructure Life Cycle Management Information Management and Usage, Development, Acquisition, and Maintenance of Information Systems, Audit Role in Feasibility Studies and Conversions
Text/Ref Books
  1. Using the Common Criteria for IT Security Evaluation by Debra S. Herrmann, Auerbach Publications, 2002.
  2. Auditor's Guide to Information Systems Auditing, Richard E. Cascarino, John Wiley 2007.
  3. Auditing Information Systems by Jack J. Champlain, Wiley 2003, second edition.
  4. The Orange Book (DoDD 5200.28-STD)
  5. Aggressive Network Self-Defense by Neil R. Wyler, Bruce Potter, Chris Hurley
  6. “Meta sploit: The Penetration Tester's” by David Kennedy by(Author), Jim O'Gorman B005DTOK04 , (Author), Devon Kearns , (Author), MatiAharoni (Author)
  7. “The Shell coder's Handbook: Discovering and Exploiting Security Holes” by Chris Anley, John Heasman, and Felix Linder.
  8. Web Application Vulnerabilities: Detect, Exploit, Prevent by Steven Palmer
Time Schedule Fall Semester 2015
Faculty/Resource Person Lt Col Dr. Monis Akhlaq, PhD
University of Bradford, UK.
Discipline: Computer/Information Security
Specialization: Improved Performance High Speed Network Intrusion Detection Systems (NIDS)