summary of course description · distribution, keys management, security protocols. course...
TRANSCRIPT
1
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Cryptography for
Cyber and Network Security. Course Code: CS 611
Prerequisites: Course Teaching Language: English
Course Level : 1 Credit Hours: 3(3, 0, 0)
Course Description
Information Security elements, mathematical and practical foundation of
cryptography, Kerckhoffs's principle, classical cryptography , attack models,
cryptanalysis, block and stream ciphers, symmetric crypto, crypto modes,
asymmetric crypto, public key infrastructure, message authentication & digital
signature , hash functions, key agreement schemes, crypto protocols, user
identification & authentication, passwords, secret sharing schemes , keys
distribution, keys management, security protocols.
Course Objectives
This course provides the essential foundation on cryptograph algorithms and schemes necessary for cyber security and network security It presents in-depth review of commonly-used security mechanisms and techniques.
Summary of Course Description
2
وكالة الجامعة
للدراسات العليا والبحث العلمي
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills)
By completion of this course students are expected to be able to:
Describe the major types of cryptographic algorithms and typical
applications.
Recognize hash function ,digital signatures and their roles in
integrity and authenticity.
Outline the crypto protocols and the associated attacks.
Knowledge
Develop implementations for some of the common cryptographic
algorithms.
Explain the difference between symmetric and asymmetric
cryptography.
Cognitive Skills
Evaluate the performance of different cryptographic algorithms
and protocols to secure communication systems.
Interpersonal Skills &
Responsibility
Assess effectively in a group the security status of a range of
technologies based on crypto algorithms and protocols used.
Communication,
Information Technology,
Numerical
Course Content:
List of Topics No. of
Weeks
Contact
hours
Introduction of Information security 1 3
Mathematical Foundation 2 6
Classical Cryptography 2 6
Attack , Threats, Vulnerabilities, 1 3
Symmetric Cryptography 2 6
Asymmetric Cryptography 2 6
3
وكالة الجامعة
للدراسات العليا والبحث العلمي
Key management & Public Key Infrastructure 1 3
Message Authentication & Digital signature 1 3
Authentication schemes 1 3
Security Protocols 2 6
Course Supportive Books & References
Book Title Author Publisher Publication Year
Understanding
Cryptography,
Paar ,Pelzl ,
Springer-
Verlag Berlin
Heidelberg
2010
Cryptography
and Network
Security:
Principles and
Practice,
William
Stallings Pearson. 2016
Applied
Cryptography:
Protocols,
Algorithms and
Source Code in
C
Bruce Schneier
Wiley 2015
4
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Digital Crime and Forensics
Course Code: (CS 616)
Prerequisites: Ethical Hacking
and Penetration Testing (CS 615) Course Teaching Language: English
Course Level : 3rd level Credit Hours: 3(3, 0, 0)
Course Description
This course provides student with an introduction to digital crime and with insight
to system forensics investigation and response. He will also gain the ability to
analyze potential vulnerabilities that can have an adverse impact on digital assets.
In addition, the student will learn procedures for investigating computer and
cybercrime, and concepts for collecting, analyzing, recovering, and preserving
forensic evidence. Students will learn how to respond to cyber breaches, including
the recovery, preservation, analysis of digital evidence, and proper incident
response. In addition to the tools of the digital forensics trade, students will
become familiar with relevant federal statutes. They will be presented with
various scenarios a digital forensics investigator may face and be asked how they
would react.
Summary of Course Description
5
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Objectives
The student should be able to:
1. Define and discuss types of computer crime, intellectual property, and
codes of ethics in Information technology professions.
2. Describe the basic concepts of forensics.
3. Describe major forensic methodologies.
4. Describe the various storage formats.
5. Describe the functionality of e-mail and e-mail protocols.
6. Explain how major forensic software is used.
7. Analyze varying forensic approaches to different crimes.
8. Use steganography.
9. Illustrate how to retrieve evidence from logs, directories, and the index
file.
Learning outcomes: (comprehension, knowledge, intellectual & scientificskills)By completion of this course students are expected to be able to:
Recognize types of computer crimes.
Recognize the basic concepts of forensics and major forensic
methodologies.
Knowledge
Analyze varying forensic approaches to different crimes. Cognitive Skills
Work effectively as an individual and as a member of a team to
accomplish a goal.
Interpersonal Skills
& Responsibility
Communicate effectively by oral, written and visual means with a
range of audiences.
Communication,
Information
Technology,
Numerical
6
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Content
List of Topics No. of Weeks Contact hours
Security Awareness, Policies, and Digital Crime. 1 3 Describe common computer crimes. 2 6 Introduction to Digital Forensics and Investigations.
2 6
Forensic Methods and Labs. 2 6 Collecting, Seizing, and Protecting Evidence. 1 3 Understanding Techniques for Hiding and Scrambling Information.
2 6
E-mail Forensics. 1 3 Mobile Forensics 1 3 Explain how major forensic software is used 1 3 Windows Forensics. 1 3
Course Supportive Books & References
Book Title Author Publisher Publication
Year
System Forensics,
Investigation, and
Response, Second
Chuck Easttom
Edition, jones &
Bartlett 2014,:
ISBN-13: 978-1-
284-03105-8.
2014
Computer
security:
Principles and
practice (3rd ed.).
Stallings, W., & Brown L.
Upper Saddle
River, NJ:
Pearson
Education, Inc.
ISBN-13:
9780133773927
(2015).
7
وكالة الجامعة
للدراسات العليا والبحث العلمي
Cybercrime and
Digital Forensics:
An Introduction,
Thomas J. Holt, Adam M.
Bossler, Kathryn C. and
Seigfried-Spellar
Routledge, 2nd
edition, 2018 2018
Digital Forensics André Årnes John Wiley, 1st
Edition, 2018 2018
Digital Forensics
with Open Source
Tools
Cory Altheide and
Harlan Carvey
Elsevier, 1st
Edition, 2011 2011
Digital Forensics
and Incident
Response
Gerard Johansen Packet, 2017 2017
Practical Mobile
Forensics
Rohit Tamma , Oleg
Skulkin , Heather
Mahalik , and Satish
Bommisetty
3rd Edition,
Packet ,2018 2018
8
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Ethical Hacking and Penetration Testing
Course Code: CS 615
Prerequisites: Security Risk Analysis Management Systems (CS 612)
Course Teaching Language: English
Course Level : 2nd level Credit Hours: 3(3, 0, 0)
Course Description
This course provides an introduction to the principles and techniques associated
with penetration testing and ethical hacking. The course covers planning,
reconnaissance, scanning, exploitation, post-exploitation, and result reporting.
The student will learn how system vulnerabilities can be exploited and how to
avoid such problems.
Course Objectives
The main purpose of this course is to:
- Teach students the underlying principles and techniques associated with
penetration testing and ethical hacking.
- Introduce students to the entire penetration testing process including
planning, reconnaissance, scanning, exploitation, post-exploitation, and
result reporting.
- Provide students with the fundamental information associated with each
of the methods employed and insecurities identified.
Summary of Course Description
9
وكالة الجامعة
للدراسات العليا والبحث العلمي
- Explore remedial techniques that enable students to develop an excellent
understanding of current cybersecurity issues and ways that user,
administrator, and programmer errors can lead to exploitable
insecurities.
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge
Recognize the underlying principles and techniques associated with penetration testing and ethical hacking.
Cognitive Skills Analyze the stages an ethical hacker requires to take in order to compromise a target system.
Interpersonal Skills & Responsibility
Critically evaluate security techniques used to protect system and user data.
Capability/Transferable Skills Critically evaluate security techniques used to protect system and user data.
Course Content:
List of Topics No. of
Weeks Contact hours
Introduction to Hacking and Penetration Testing 1 3
Reconnaissance, Scanning and Exploitation 2 6
Information Gathering Techniques 1 6
Target Enumeration and Port Scanning Techniques 2 6
Vulnerability Assessment 1 3
Network Sniffing 2 6
Remote Exploitation 2 6
Post-exploitation 1 3
Wireless Hacking 1 3
Web Hacking 2 6
11
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Supportive Books & References
Book Title Author Publisher Publication
Year
Ethical Hacking and
Penetration Testing Guide Rafay Baloch
Routledge
Publications, CRC
Press, ISBN-
10: 1482231611,
ISBN-13: 978-
1482231618.
1st Edition
(2014)
The Basics of Hacking and
Penetration Testing: Ethical
Hacking and Penetration
Testing Made Easy
Patrick
Engebretson
Syngress
Publications, ISBN-
10: 9780124116443,
ISBN-13: 978-
0124116443.
2nd Edition
(2013)
11
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Network Security. Course Code: CS 625
Prerequisites: Course Teaching Language: English
Course Level : 2nd or 3rd Credit Hours: 3(3, 0, 0)
Course Description
Network security attacks and impacts, Network and protocols vulnerabilities,
DDoS attacks, Botnets, DNS cache poisoning, BGP security, Security models,
Network security protocols (IPsec, SSL, and Kerberos), VPN , Application layer
security protocols ( POP, IMAP, SMB, Web Services Security), Access control,
Firewall, Intrusion detection systems, Network security management (SIEM
technology), Wireless infrastructure security.
Course Objectives
The main purpose of the course is to provide a solid understanding of the main
issues related to security in modern networked computer systems. This covers
underlying concepts and foundations of network vulnerabilities and attacks, basic
knowledge about security-relevant decisions in designing IT infrastructures,
security models and protocols, techniques and technologies to defend networks
and security management.
Summary of Course Description
12
وكالة الجامعة
للدراسات العليا والبحث العلمي
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge
Recognize network vulnerabilities and security issues practical networks. Describe network security protocols (wired and wireless) and in practice.
Outline network defense tools and technologies.
Cognitive Skills
Explain how the architecture of communication networks and the internet gives rise to security challenges.
Interpersonal Skills & Responsibility
Analyze and evaluate network security status using network security management tools.
Capability/Transferable Skills
Demonstrate how security defense technologies can protect networks from attacks by analysis of traffic data collected from simulation environments.
Course Content
List of Topics No. of Weeks Contact hours
Introduction to Network security 1 3
Network Vulnerabilities & attacks 1 3
Network layer security protocols 1 3
Application layer protocols 2 6
Access control and security models 2 6
Firewalls 2 6
Intrusion detection systems 2 6
Network security management (SIEM
technology) 2 6
Wireless infrastructure security. 2. 6
13
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Supportive Books & References
Book Title Author Publisher Publication
Year
Network Security
Essentials: Applications
and Standards
William Stallings Pearson. 2016
CCNA Security 210-260
Official Cert Guide
Omar Santos ,
John Stuppi CISCO. 2015
Information Security:
Principles and Practice,
Marks Stamp
Wiley 2018
14
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Secure Programming Course Code: CS 614
Prerequisites: Cryptography for
Cyber and Network Security (CS 611) Course Teaching Language: English
Course Level : 2nd level Credit Hours: 3(3, 0, 0)
Course Description
This course will present the basic topics in computer security and their relation to
secure programming. Security models, threats, design principles and secure
coding practices will be discussed. We will also look at programming language
features and semantics to evaluate whether they help or hurt the ability to write
secure programs.
Course Objectives
The main purpose of this course is to teach students:
- The principles of secure programming.
- How to identify common application vulnerabilities.
- Perform security attacks (e.g., buffer overflow, format string
vulnerabilities).
- How to mitigate exploits of common application vulnerabilities.
- The adoption of secure coding practices.
Summary of Course Description
15
وكالة الجامعة
للدراسات العليا والبحث العلمي
Learning outcomes: (comprehension, knowledge, intellectual & scientific
skills) By completion of this course students are expected to be able to:
Knowledge Recognize the fundamental principles and mechanisms of
software security.
Cognitive Skills
Compare and contrast programming languages for secure
features.
Develop secure applications and products.
Interpersonal Skills &
Responsibility
Identify common security vulnerabilities in application code and
develop solutions to overcome these vulnerabilities. Capability/Transferable
Skills Explain effectively the techniques of secure coding.
Course Content:
List of Topics No. of Weeks Contact
hours
Overview of Secure Programming 1 3
Integer Security, Integer Overflow and Security
Vulnerabilities 1 3
Stack-based Buffer Overflow 1 3
Data Pointer and Function Pointer Vulnerabilities 1 3
Advanced Buffer Overflow Attacks 2 6
Load-time Exploitation 1 3
Basics of Static and Dynamic Linking 1 3
Format String Vulnerabilities 1 3
Path Traversal Vulnerabilities 1 3
File I/O Race Conditions 1 3
Concurrency and Multithreads 2 6
Deadlock and Vulnerabilities 2 6
16
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Supportive Books & References
Book Title Author Publisher Publication Year
Secure Coding in
C and C++
Robert C.
Seacord,
Addison-Wesley
Professional, ISBN-
10: 9780321822130,
ISBN-13: 978-
0321822130.
2nd Edition (2013)
Computer
Security: A Hands
on Approach
Wenliang Du,
CreateSpace
Independent
Publishing, ISBN-
10: 154836794X,
ISBN-13: 978-
1548367947.
1st Edition (2017)
17
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Security of Cloud
Computing Systems Course Code: (CS 621)
Prerequisites: NA Course Teaching Language: English
Course Level : : 2nd or 3rd level Credit Hours: 3(3, 0, 0)
Course Description
This course provides the ground-up coverage on the high level concepts of cloud
landscape, architectural principles, techniques, design patterns and real-world
best practices applied to Cloud service providers and consumers and delivering
secure Cloud based services. The course will describe the Cloud security
architecture and explore the guiding security design principles, design patterns,
industry standards, applied technologies and addressing regulatory compliance
requirements critical to design, implement, deliver and manage secure cloud-
based services. The course delves deep into the secure cloud architectural aspects
with regards to identifying and mitigating risks, protection and isolation of
physical & logical infrastructures including compute, network and storage,
comprehensive data protection at all OSI layers, end-to-end identity management
& access control, monitoring and auditing processes and meeting compliance with
industry and regulatory mandates.
Course Objectives
The student should be able to:
Understand the Fundamentals of cloud computing architectures based on
current standards, protocols, and best practices intended for delivering
Cloud based enterprise IT services and business applications.
Identify the known threats, risks, vulnerabilities and privacy issues
associated with Cloud based IT services.
Summary of Course Description
18
وكالة الجامعة
للدراسات العليا والبحث العلمي
Understand the concepts and guiding principles for designing and
implementing appropriate safeguards and countermeasures for Cloud
based IT services.
design cloud services that meets essential Cloud infrastructure
characteristics – on demand computing, shared resources, elasticity and
measuring usage.
Design security architectures that assures secure isolation of physical and
logical infrastructures.
Understand the industry security standards, regulatory mandates, audit
policies and compliance requirements for Cloud based infrastructures
Learning outcomes: (comprehension, knowledge, intellectual & scientific
skills) By completion of this course students are expected to be able to:
Knowledge
Recognize the Fundamentals of cloud computing architectures based on current standards. Recognize threats, risks, vulnerabilities and privacy
issues associated with Cloud based IT services.
Cognitive Skills Design security architectures that assures secure isolation of physical and logical infrastructures.
Interpersonal Skills & Responsibility
Work effectively as an individual and as a member of a team to accomplish a goal.
Capability/Transferable Skills
Communicate effectively by oral, written and visual means with a range of audiences.
Course Content:
List of Topics No. of Weeks Contact
hours
Fundamentals of Cloud Computing and Architectural Characteristics.
Understand what is Cloud computing?
Architectural and Technological Influences of Cloud Computing.
Understand the Cloud deployment models.
Scope of Control.
Cloud Computing Roles.
Risks and Security Concerns.
2 6
19
وكالة الجامعة
للدراسات العليا والبحث العلمي
Security Design and Architecture for Cloud Computing
Guiding Security design principles for Cloud Computing.
Quick look at CSA, NIST and ENISA guidelines for Cloud Security.
Common attack vectors and threats.
2 6
Secure Isolation of Physical & Logical Infrastructure
Isolation.
Common attack vectors and threats.
Secure Isolation Strategies.
2 6
Data Protection for Cloud Infrastructure and Services
Understand the Cloud based Information Life Cycle.
Data protection for Confidentiality and Integrity.
Common attack vectors and threats.
Encryption, Data Redaction, Tokenization, Obfuscation, PKI and Key
Management, Assuring data deletion.
Data retention, deletion and archiving procedures for tenant data.
Data Protection Strategies.
2 6
Enforcing Access Control for Cloud Infrastructure based Services
Understand the access control requirements for Cloud
infrastructure.
Common attack vectors and threats.
Enforcing Access Control Strategies.
1 3
Monitoring, Auditing and Management
Proactive activity monitoring, Incident Response
Monitoring for unauthorized access, malicious traffic, abuse of
system privileges, intrusion detection, events and alerts
Auditing – Record generation, Reporting and Management
Tamper-proofing audit logs
Quality of Services
Secure Management
2 6
Introduction to Identity Management in Cloud Computing
User Identification, Authentication, and Authorization in Cloud
Infrastructure
Be able to understand the concepts of Identity & Access
Management.
The role of Identity provisioning.
1 3
21
وكالة الجامعة
للدراسات العليا والبحث العلمي
Cloud Computing Security Design Patterns – I
Trusted Platform
Geo-tagging
Cloud VM Platform Encryption
Trusted Cloud Resource Pools
Secure Cloud Interfaces
Cloud Resource Access Control
Cloud Data Breach Protection
Permanent Data Loss Protection
In-Transit Cloud Data Encryption
2 6
Cloud Service Providers – Technology Review
OpenStack Platform
Docker
Amazon Web Services
1 3
Course Supportive Books & References
Book Title Author Publisher Publication Year
Securing The
Cloud: Cloud
Computing
Security
Techniques
and Tactics
by Vic (J.R.)
Winkler (
Syngress/Elsevier)
- 978-1-59749-
592-9-2015
2015
Cloud
Computing
Design
Patterns
Thomas Erl
(Prentice Hall),
2015 - 978-
0133858563
2015
21
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Security of Database Systems
Course Code: CS 623
Prerequisites: None Course Teaching Language: English Course Level : 2nd level or 3rd level Credit Hours: 3(3, 0, 0)
Course Description
The course provides a strong foundation in database security and auditing. This
course utilizes real scenarios and step-by‐step examples. The following topics are
covered: security, profiles, password policies, privileges and roles, Virtual Private
Databases, and auditing. The course also covers advanced topics such as SQL
injection, database management security issues such as securing the DBMS,
enforcing access controls, and related issues.
Course Objectives
The main purpose of this course is to teach students:
How to identify risks and vulnerabilities in operating systems from a
database perspective.
Good password policies, and techniques to secure passwords in your
organization
How to implement administration policies for users.
The various database security models and their advantages or
disadvantages.
How to implement a Virtual Private Database using views, roles, and
application context.
An overview of auditing fundamentals, and create your own auditing
model.
Summary of Course Description
22
وكالة الجامعة
للدراسات العليا والبحث العلمي
The purpose and use of data dictionaries, encryption and SQL injection
How to explore an interesting research topic of your choice related to
database security
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge Recognize the principles of access control and its
applications to database security.
Cognitive Skills
Design and implement access control rules to assign
privileges and protect data in databases.
Develop and implement Virtual Private Database to
protect data in databases.
Interpersonal Skills & Responsibility
Use and practice various access control theories and
techniques including mandatory access control,
discretionary access control, and role‐based access
control. Capability/Transferable Skills
Explain effectively the concepts of database auditing.
Course Content
List of Topics No. of
Weeks Contact hours
Overview of Database Security 1 3
Profiles, Password Policies, Privileges and Roles 1 3
Access Control of Relational Databases 1 3
Role-based Access Control in Database
Management 1 3
Access Control Models for XML Databases 1 3
23
وكالة الجامعة
للدراسات العليا والبحث العلمي
Database Applications Security Models 1 3
Virtual Private Databases 2 6
SQL Injection Exploitation and Defense 2 6
Database Auditing Models 1 3
Application Data Auditing 1 3
Auditing Database Activities 1 3
Security and Auditing Project Cases 2 6
Course Supportive Books & References
Book Title Author Publisher Publication Year
Database
Security and
Auditing:
Protecting Data
Integrity and
Accessibility
Hassan A.
Afyouni,
Cengage
Learning, ISBN-
10: 0619215593,
ISBN-13: 978-
0619215590.
1st Edition (2005)
Database
Security
Alfred Basta and
Melissa Zgola,
Cengage
Learning, ISBN-
10: 1435453905,
ISBN-13: 978-
1435453906.
1st Edition (2011)
24
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Security of Operating
System
Course Code: (CS 622)
Prerequisites: NA Course Teaching Language: English
Course Level : 2nd or 3rd level Credit Hours: 3(3, 0, 0)
Course Description
This course provides Understanding of secure operating system requirements,
design principles and theories, protection methods, access control, authentication,
vulnerability, analysis and case studies
Course Objectives
The student should be able to:
Explain what security in computing systems means.
Describe at a high level the vulnerabilities and threats in the software and
operating systems.
Describe computer architectures and identify support for designing
secure operating systems and virtual machines.
Apply formal methods to design secure operating systems.
Describe security auditing, controls, plans, procedures, administration,
and risk assessment in managing computing systems
Summary of Course Description
25
وكالة الجامعة
للدراسات العليا والبحث العلمي
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge
Recognize the vulnerabilities and threats in the software and operating systems. Describe computer architectures and identify
support for designing secure operating systems and
virtual machines.
Cognitive Skills Design secure operating systems.
Interpersonal Skills & Responsibility
Work effectively as an individual and as a member of a team to accomplish a goal
Capability/Transferable Skills
Communicate effectively by oral, written and visual
means with a range of audiences.
Course Content
List of Topics No. of Weeks Contact
hours
Review: Operating Systems, Computer Architecture,
Assembly Language. 2 6
Common vulnerabilities 2 6
Requirements of secure operating systems and design
principles 2 6
Theoretical foundation for designing trusted OS 2 6
Access control and authentication methods 1 3
Virtualization and its effect on secure OS 2 6
Reverse Code Engineering 1 3
Case studies of secure OS 2 6
System administration 1 3
26
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Supportive Books & References
Book Title Author Publisher Publication Year
Computer
Security
Principles and
Practice
William
Stallings and
Lawrie Brown
2nd Edition, Peason
Prentice Hall, Inc., 2011,
(ISBN-10: 0132775069,
ISBN-13: 978-
0132775069,
Publication Date:
November 19, 2011)
2011
27
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Security Risk Analysis
and Management Systems Course Code: CS612
Prerequisites: Course Teaching Language: English
Course Level : 1st Credit Hours: 3(3, 0, 0)
Course Description
Threat analysis , Assessing Vulnerability, Information , Critical infrastructure and
Key Assets, Security policy, Risk analysis process, Risk analysis models, tools and
technologies, Risk identification , Risk assessment, Prioritizing Risk, Risk control,
selecting risk control strategies, Risk control practices, planning and strategies to
mitigate risk.
Course Objectives
This course analyzes the practical challenges in managing information technology systems and cyber risks. It focuses on the costs and tradeoffs that are involved in all security decisions based on evaluation and prioritization of information assets . Projects will assist students to develop strategic planning using operational skills and application of security background.
Summary of Course Description
28
وكالة الجامعة
للدراسات العليا والبحث العلمي
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge
Recognize the main issues of risk in information and
communication technologies.
List models, and tools used in security risk analysis and
crisis management in information systems context.
Outline the strategies to mitigate risk and control practices.
Cognitive Skills
Analyze the security risks associated with the critical
infrastructure.
Examine key infrastructure sector asset types, functions,
and regulatory structures.
Analyze a risk of a key infrastructure sector and develop a
protection strategy.
Interpersonal Skills & Responsibility
Evaluate the risk management program development
process.
Capability/Transferable Skills
Demonstrate how to select and then apply a risk
methodology/framework in an organization.
Course Content
List of Topics No. of
Weeks Contact hours
Introduction to information security management 1 3
Information, Critical infrastructure and Key Assets 1 3
Threat and vulnerabilities analysis 2 6
Security policy 2 6
Risk analysis process 2 6
Risk analysis models, tools, and technologies 2 6
Risk identification, assessment, and prioritization 2 6
Risk control 1 3
Risk control practice 1 3
Planning and strategies to mitigate risk 1 3
29
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Supportive Books & References
Book Title Author Publisher Publication Year
Management of Information Security
Whitman, Mattord
Cengage Learning
2018
Risk Analysis and Security Countermeasure Selection
Thomas L. Norman ,
CRC Press 2015
Effective Security Management
Charles Sennewald
Curtis Baillie
Butterworth-Heinemann
2015
31
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Name: Security of Mobile
computing Course Code: CS 624
Prerequisites: None Course Teaching Language: English
Course Level : 2nd level or 3rd level Credit Hours: 3(3, 0, 0)
Course Description
The purpose of this course is to provide students with the theoretical knowledge
and practical skills needed to appraise vulnerabilities and threat vectors
associated with mobile computing devices. This course provides an in-depth
technical overview of the security features and limitations of modern mobile
devices and systems, including the top risks and vulnerabilities, every IT
professional needs to know. The following topics are covered: mobile computing
overview, wireless communications infrastructure vulnerabilities, wireless
communications infrastructure vulnerabilities mitigation techniques, mobile
platform vulnerabilities, mobile platform vulnerabilities mitigation techniques,
mobile applications vulnerabilities, mobile applications vulnerabilities mitigation
techniques, mobile device vulnerabilities, mobile device vulnerabilities mitigation
techniques and organizational mobile device security policy requirements.
Summary of Course Description
31
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Objectives
The main purpose of this course is to make students able to:
Understand fundamental mobile computing principles and models.
Examine secure mobile computing principles.
Understand security trade-offs of most popular platforms.
Analyze mobile computing threats and vulnerabilities.
Understand how to design and to implement secure mobile applications.
Appraise methodologies and best practices for secure mobile computing.
Examine secure mobile computing strategies and policy elements.
Learning outcomes: (comprehension, knowledge, intellectual & scientific skills) By completion of this course students are expected to be able to:
Knowledge
Demonstrate the ability to recognize the mobile
computing infrastructure, communications, devices,
platforms, and applications.
Demonstrate the ability to recognize mobile
communications, infrastructure and devices
vulnerabilities mitigation techniques.
Cognitive Skills
Analyze mobile device physical threats and mobile
application/platforms vulnerabilities.
Develop mobile computing security controls.
Interpersonal Skills & Responsibility
Work effectively as an individual and as a member of
a team to accomplish a goal.
Uses secure mobile computing principals and models
to identify secure mobile computing strategies and
policy elements.
Capability/Transferable Skills
Explain effectively the methodologies and best practices for secure mobile computing.
32
وكالة الجامعة
للدراسات العليا والبحث العلمي
Course Content:
List of Topics No. of
Weeks Contact hours
Information security overview 1 3
Mobile computing technologies 1 3
Mobile computing security risks 2 6
Mobile infrastructure threat vectors and attack
scenarios 1 3
Mobile infrastructure vulnerabilities mitigation
techniques 2 6
Mobile communications threats, security controls
and analysis 1 3
Mobile device vulnerabilities, safeguards and
controls 1 3
Mobile platform security controls and testing 1 3
Mobile applications security 1 3
Mobile cloud computing security 1 3
Mobile computing security compliance drivers 1 3
Mobile computing security policy specification and
gap analysis 2 6
Course Supportive Books & References
Book Title Author Publisher Publication Year Hacking Exposed Mobile: Security Secrets & Solutions.
Bergman, N., Stanfield, M., Rouse, J., Scambray, J., et al.
McGraw Hill Osbourne Media: New York, NY
2013
Mobile Application Security
Himanshu Dwivedi, Chris Clark, David Thiel
Mcgraw-hill
2010