|
Home | Back
|
|
IS-833 IT Security Evaluation & Auditing
|
|
Campus
|
MCS
|
|
Programs
|
PG
|
|
Session
|
Fall Semester 2016
|
|
Course Title
|
IT Security Evaluation & Auditing
|
|
Course Code
|
IS-833
|
|
Credit Hours
|
3+0
|
|
Pre-Requisutes
|
None
|
|
Course Objectives
|
The course is designed to provide a deep insight of the information security evaluation and auditing process. The theme mainly emphasizes on two main contents i.e. Evaluation and Auditing.
Outcome:
Evaluation module will familiarize students about the security evaluation of IT products and services. Auditing contents will provide the learning process of audit services in accordance with IT audit standards that will ultimately help to assist the organization in protecting and controlling their information systems.
|
|
Detail Content
|
- Introduction to Security Evaluation & Standards
Trusted Computer System Evaluation Criteria (TCSEC) (The Orange Book), Information Technology Security Evaluation Criteria (ITSEC)
- Common Criteria (CC)/ FIPS-140-2
Common Criteria (CC) for information technology security evaluation, Target of Evaluation (TOE) Specification, Security Target, Protection Profiles, Evaluation Assurance Levels, FIPS-140-2 Standard
- ATAM (Architectural Tradeoff Analysis Method)
Quality attributes and their role in software architectures, Quality attribute tradeoffs, Why architecture analysis is important, How to execute an ATAM evaluation, in particular, The steps of the ATAM
- Information Security Audit Process
Technology and Audit, IS Audit Function Knowledge, Standards and Guidelines for IS Auditing, Audit Planning Process, Audit Management
- IT Governance
Information Systems/Information Technology Governance, Management Issues, Governance Techniques
- Systems & infrastructure Life Cycle Management
Information Management and Usage, Development, Acquisition, and Maintenance of Information Systems, Audit Role in Feasibility Studies and Conversions
- IT service Delivery & support
Technical Infrastructure, Service Center Management
- Protection of Information Assets
Information Assets Security Management, Logical Information Technology Security, Applied Information Technology Security, Physical and Environmental Security
|
|
Text/Ref Books
|
- Using the Common Criteria for IT Security Evaluation by Debra S.
Herrmann, Auerbach Publications, 2002.
- Auditor's Guide to Information Systems Auditing, Richard E.
Cascarino, John Wiley 2007.
- Auditing Information Systems by Jack J. Champlain, Wiley 2003,
second edition.
Reference:
- . The Orange Book (DoDD 5200.28-STD)
- Aggressive Network Self-Defense by Neil R. Wyler, Bruce Potter, Chris Hurley
- “Metasploit: The Penetration Tester's” by David Kennedy
by(Author), Jim O'Gorman B005DTOK04 , (Author), Devon Kearns ,
(Author), MatiAharoni (Author)
- “ TheShellcoder's Handbook: Discovering and Exploiting Security Holes” by Chris Anley , John Heasman , Felix Linder.
- Web Application Vulnerabilities: Detect, Exploit, Prevent by Steven Palmer
|
|
Time Schedule
|
|
|
Faculty/Resource Person
|
Lec Waleed Bin Shahid
|
|