B. ELECTIVE COURSES: SELECT THREE (3) COURSES ONLY | Razak Faculty of Technology and Informatics

MNS 2633 Information Assurance Architecture and Technologies

Information Assurance and the application of security assurance models involves the theory and application of a variety of network security architectures and technologies. Implementation of a security policy and its testing is crucial to the satisfactory operation of a network and its applications. The firewall (perimeter and internal) provides a range of techniques and tools in support of policy implementation and for protection against penetrations and resulting exploits. This course provides background theory together with a substantial amount of hands-on workshop experience using very recent security technology and covering the following topics:

packet filters, proxies, stateful packet inspection
app level security, content security and authentication
cryptographic tools using AES encryption and MD5 & SHA authentication
NAT (Network Address Translation)
SSL/TLS and X.509 digital certificates
IPSec and SSL security tunnelling
Virtual Private Network design, implementation & testing
Monitoring and performance

MNS 2733 Enterprise Risk Management

This course discusses in depth the risk management in organization. Emphasize is given on the risk management model development, control process, risk evaluation and development control. Students will be asked to view the issues related to risk management from the human factor, process and technical perspective. Relevant technical topics will be included as hands-on exercise.

MNS 2833 Penetration Testing and Counter measures
With the exponential growth of the Internet and networked computers, cyber crime has become one of the most important problems in the computer world. Online credit card fraud, compromised computer servers and other privacy enormities have created a cloud of distrust among online customers. We need to find the best way possible to protect our information systems. A single intrusion of a computer network can result in loss, unauthorized utilization or modification of large amount of data, and cause the paralyses of normal usage of the network communications. Intrusion Detection is identifying unauthorized users in a computer system. This subject is aimed at educating the students with various attack types available and the way to countermeasure those attacks using different Intrusion Detection Systems (IDS) types available. In addition, lab exercises will cover the applications of tools in finding the vulnerabilities and securing the infrastructure.

MNS 2433 Critical Infrastructure Security and Cyber threats
This course discusses various aspects of critical infrastructure security. The course will consider why and how the critical infrastructure problems will impact the public agenda, why some solutions can be adopted and the others are rejected. The course will primarily examine the policy making at a national level in Malaysia, but will also analyze examples from different countries available.

MNS 2533 Biometrics in Information Assurance
The course discusses in depth the principles of biometric in the field of Information security.The course emphasizes the technological aspects of Biometrics and multimedia security (Steganography and Watermarking) and the applications while giving importance to state-of-art technology. The course highlights the technological merger of the Biometrics and multimedia Security in industries such as: Fingerprinting, Face recognition, and others biometrics technologies. Relevant technical topics will be included as hands-on exercise. MATLAB software is used to implement some of hands-on exercise application.

MNS2623 Wireless Infrastructure Security

This course will cover the theory and practice of wireless and mobile network technologies and address a range of risks and vulnerabilities which require specific penetration testing techniques. The characteristics of a variety of wireless and mobile personal, local and wide area networks, including Bluetooth, NFC/RFID, Android, IP Camera CCTV streaming will be studied in a laboratory environment. The manner in which these networks can be compromised by attacks on the network (such as, sniffing, spoofing, hijacking, man-in-the-middle , traffic injection, brute force, or denial of service) as well as host-based attacks such as spyware and buffer overflow will be evaluated in the laboratory. A range of equipment will be connected to the Virtual Machines including, Wireless Access Points, Android Mobiles, Bluetooth Mobiles, Contactless Cards, IP Cameras and others. The laboratory part of this course (50%) will illustrate vulnerabilities in security implementations in various types of commonly used networks and demonstrate how penetration testing is carried out in a wireless and mobile environment.

MNS 2123 Issues in Information Assurance
The objective of this course is to expose students with issues in information assurance (IA) and the solutions to these problems from the case study, industrial visits and experts view. This course will focus on the IA technology as well as IA policy and management aspects in Malaysia.

MNS 2723 Software Development and Vulnerability Analysis
This course discusses in depth the principles of developing software in a secure manner. Emphasize is given on the process of developing the software, covering software development requirement analysis, design, implementation, testing, and deployment. Students will be asked to view the issues related to secure software development from the management perspective. Relevant technical topics such as source code vulnerabilities will be included as hands-on exercise.

MNS 2223 Applied Cryptography
The main aims of this course are to discuss:

the need for different types of security services
the main types of cryptographic mechanism
various cryptographic mechanisms provide different services
some of the issues relating to the management of these services.

MNS 2133 Principles of Business Continuity Management
This course discusses in depth the principles of business continuity planning. Emphasize is given on the business continuity planning model, disaster recovery, backup system and planning and securing online document. Students will be asked to view the issues related to business continuity planning from the management and technical perspective. Relevant technical topics will be included as hands-on exercise.