Course Outline

PART ONE

BUP AT A GLANCE

1.       Introduction

Bangladesh University of Professionals (BUP), one of the public universities of Bangladesh, was established on 05 June 2008. The aim of the University was to facilitate professional degrees and to run undergraduate, graduate and post-graduate degrees through its faculties, affiliated and embodied colleges, institutes, academy or organizations. BUP, with its unique features, is set up in the green landscape of Mirpur Cantonment located in Dhaka Metropolitan City. The University provides a tranquil, pollution-free, and secure campus life, and above all, a congenial academic atmosphere.

 BUP deals with not only the education of the armed forces personnel but also the students of the civilian community from home and abroad. It welcomes those students who intend to dedicate their total attention and devotion to serious academic pursuits to build up a better tomorrow for the nation. BUP is committed to providing high-quality education that delivers real benefits for the students. Thus, BUP is the unique academic entity in the country, where blending between the civilian and the armed forces students of diverse skills, experience, exposure, and attitude is possible.

1. 1. Motto

The motto of BUP is "Excellence through Knowledge"

1. 2. Mission

To develop the civil and military human capital through advanced education and research to respond to the knowledge-based society of the contemporary world.

 

1. 3. Vision

Bangladesh University of Professionals will emerge as a leading university for both professionals and general students through need-based education and research with global perspective.

1. 4. Core Values

Integrity          : Highest ethical and moral uprightness.

Discipline        : Strict discipline in all activities.

Creativity        : Creativity in all spheres.

Commitment   : High quality academic standards.

Wisdom           : Enhanced education and research.

0. 5. Objectives
1. To become a leading public university in Bangladesh and in the region.
2. To promote knowledge in the field of science and technology, business, medicine,

social science, strategy, and security.

3. To promote leadership and civil-military relationships.
4. To develop intellectual and practical expertise.
5. To provide the best possible academic atmosphere.
6. To preserve the spirit of national culture, heritage, and traditions.
7. To facilitate higher education in the Armed Forces.
8. To prepare the Faculty and Staff with necessary competencies.
1. To deliver competent professionals relevant to the demands of society.
10. To sustain collaborative relationships with communities and educational partners.
11. To provide efficient services to support programs, campus community, and quality of life.
12. 6. Embodied Faculties

BUP offers and regulates degrees in multi-disciplinary dimensions in the field of science, technology, strategy, humanities, liberal education, business, social sciences, medical science, war and security studies, and other fields of knowledge through its following 05 faculties:

1. Faculty of Arts and Social Sciences (FASS)
2. Faculty of Business Studies (FBS)
3. Faculty of Security and Strategic Studies (FSSS)
4. Faculty of Science and Technology (FST)
5. Faculty of Medical Studies (FMS)
6. 7. The Medium of Instructions

English is the medium of Instructions and Examinations in Bangladesh University of Professionals (BUP).

1. 8. Address

Bangladesh University of Professionals
Mirpur Cantonment, Dhaka- 1216, Bangladesh
Tel:88-02-8000368, PABX 8000261-4
Fax: 88-02-8000443

E-mail: info@bup.edu.bd
Website: www.bup.edu.bd

2.       Student Services

2.1       Guidance and Counseling

The guidance and counseling services are available to students on academic and other matters of interest as follows:

1. To give the student information on matters important to success in academic activities.
2. To get information about the student which will be of help in solving his/her problems.
3. To establish a feeling of mutual understanding between students and teachers.
4. To help the student work out a plan for solving his/her difficulties.
5. To help the student know himself better –his/her interests, abilities, aptitudes, and opportunities.
6. To encourage and develop special abilities and right attitudes.
7. To inspire successful endeavor toward attainment; and
8. To assist the student in planning for educational and vocational choices.

2.2       Students Adviser

A Faculty Member is assigned as Student Adviser for each section of a batch, who, as a routine matter, meets the students at least once a week and attends them whenever the students feel it necessary.

2.3       Scholarship and Stipend

It is not applicable for professional master’s programs.

2.4       Internship/Placement (If Applicable)

There is an office in BUP named Counselling and Placement Center (CPC). This center assists students in finding suitable jobs as well as getting an internship. Besides, the CPC is also involved in arranging workshops and seminars to practice resume writing, interview techniques, job search skills, and presentation techniques.

There is a committee to provide the required assistance to the students for placement in different organizations as part of the internship program. The committee comprises the Dean of the Faculty, Chairman of the Department, respective Student Adviser, and Placement Officer. The Dean of the Faculty acts as a convener of this committee.

Respective professional master’s programs may have different internship/placement policies depending upon the requirement of the Department. They may also be a part of BUP Alumni Association.

2.5       Co-Curricular and Club Activities

From its inception, the students of BUP have been spontaneously participating in co-curricular and club activities to enhance their physical, intellectual, moral, and ethical development. The clubs are active and contribute successfully in arranging different university events and ensuring quality/standard. They organize inter-batch/department competitions, inter-university and other competitions. They also organize different important events like cultural programs, sports, debates, etc., and participate in different events and competitions. The students of BUP are also connected with other universities through different clubs. The clubs that are currently functional in BUP are:

1. BUP Accounting Forum (Administered by Department of Business Administration in Accounting & Information Systems, FBS)
2. BUP Business & Communication Club (BUP BCC) (Administered by Department of Business Administration in Marketing, FBS)
3. BUP Career Club (Administered by Dept. of Business Administration -General, FBS)
4. BUP Cultural Forum (Administered by Dept of Sociology, FASS)
5. BUP Debating Club (BUPDC) (Administered by Dept of Public Administration, FASS)
6. BUP Development Leader's Club (BUPDLC) (Administered by Dept of Development Studies, FASS)
7. BUP Disaster Management Forum (BUPDMF) (Administered by Dept of Disaster and Human Security Management, FASS)
8. BUP Economics Club (Administered by Dept of Economics, FASS)
1. BUP Film Club (Administered by Dept of Mass Communication & Journalism, FSSS)
10. BUP Finance Society (BUPFS) (Administered by Department of Business, Administration in Finance & Banking, FBS)
11. BUP Global Affairs Council (Administered by Dept of International Relations, FSSS)
50. BUP Human Resource and Leadership Club (HRLC) (Administered by Department of Business Administration in Management Studies, FBS)
1000. BUP Infotech Club (BUPITC) (Administered by Information and CommunicationTechnology, FST)
14. BUP Law & Moot Court Club (BUPLMCC) (Administered by Dept of Law, FSSS)
15. BUP Literature & Drama Club (Administered by Dept of English, FASS)
16. BUP Photography Society (BUPPS) (Administered by Dept of Mass Communication & Journalism, FSSS)
17. BUP Research Society (Administered by Dept of English, FASS)
18. BUP Robotics Club (Administered by Information and Communication Technology, FST)
19. Environmental Club of BUP (Administered by Environmental Science, FST)
20. IEEE BUP Student Branch (Administered by Information and Communication Technology, FST)
21. Quizzers Club of BUP (Administered by Dept of International Relations, FSSS)
5. BUP Computer Programming Club (Administered by Dept of Computer Science and Engineering, FST)

The number of clubs may increase to cover other important and interesting events/issues in the coming days. Students of the Professional Master’s programs may participate in the Co-Curricular and club activities.

2.6       Industry/Organization/Field Visits

Different departments of BUP organize visits to various organizations/places according to the requirements of their programs. Students of the professional master’s program will attend Industry/Organization/ Field visits as per their respective curriculum.

2.7       Guest Lectures/Seminars/Symposiums/Workshops/Exercises                   

Guest Lectures/Seminars/ Symposiums/Workshops/ Exercises on important and contemporary academic issues and lectures/presentations by eminent academicians/professionals/experts are organized throughout the academic year. Students of the professional master’s program may attend such academic activities.

2.8       Admission Procedure

BUP seeks applications from prospective candidates, who fulfill admission qualifications for Masters in Information Systems Security (MISS) as specified in BUP Admission Guideline. The program is offered annually to graduate candidates only. The admission notice is circulated usually in the month of September/October of each year through media advertisement and BUP website notice board. The candidates are asked to apply online. The detailed admission procedure has been spelled out in Admission Guideline, which is available in BUP website (www.bup.edu.bd).

2.8.1 Eligibility for Admission

For admission to the program leading to a Masters in Information Systems Security (MISS), an applicant must have:

1. A minimum GPA of 3.50 out of 5.00 or a first division or equivalent in any one of SSC and HSC or in equivalent examinations and must not have a GPA less than 2.50 out of 5.00 or a third division or equivalent in any of the aforementioned examinations.
2. At least 50% marks or a minimum GPA of 2.50 out of 4.0 or its equivalent in B.Sc. Engg. or equivalent in the relevant branch.

2.8.2 Admission Rules

For admission to the courses leading to the degree of M.Sc. Engg. /M. Engg.in Information Systems Security (MISS), an applicant must have obtained a bachelor’s degree in CSE, EEE, ICT, EECE, ETE, ECE, ICE, IT, Software Engineering or relevant engineering background from any recognized university from home and abroad.  

2.8.3    Selection Process

Every year admission circular is usually published in the month of September/October. Admission test is held in November. Selection of candidates is made based on their standing in the combined merit list in the admission test.

Admission Test Marks includes:

Written Test (MCQ)	50%
Communication Test	15%
Marks from previous public examinations	35%

1. Written Test:

All candidates are required to take a written admission test of 70 marks (which will be converted into 50%), where he/she will have to qualify. The written test will be of Multiple-Choice Question and will be conducted for 1 hour. The written test will cover the following topics along with marks distribution:

Admission Test Syllabus

Subject Name	Computer Fundamental	Software & Hardware	Quantitative Reasoning-
Marks	25	25	20
Total Marks	70

2. Communication Test (Interview/Viva Voce):

The selected candidates need to appear for a communication test based on their written test result before the panel of communication test consisting of faculty members. 15% of total marks will be allotted. Academic Committee may edit/ fix its percentage time to time.

3. Marks from Past Public Examinations:

The results of past public examinations will carry 35% Marks, where 20% is from B.Sc. or equivalent exam and 15% from HSC and SSC exams. The marks are calculated in a simple linear distribution from candidates’ GPA.

2.9       Admission in the Program

The selected candidates from BUP must collect their Admission Form from the Department and complete admission/registration formalities within the given time frame by paying the required fees at the beginning of the academic year. The following rules will apply in this regard:

1. 1. The candidate fails to complete admission formalities within the prescribed date and time, his/her selection will be considered canceled.
   2. The student who fails to attend the class within two weeks of the commencement of 1^st Semester/trimester class his/her admission will be considered canceled.

2.10     Tuition and other Fees

All civil and military students (where applicable) will be required to pay tuition and other fees as under:

SL.	Category of fees/charges	M.Sc. Engg.	M.Engg.	Remarks
1.	Admission Fee	10,000.00	10,000.00	Once
2	Semester Registration Fee	1000.00	1000.00	Once
3	Course Registration Fee (100/ Cr)	3,600.00	3,600.00	As Per Cr Reg
4	Thesis / Project	45,000.00	22,800.00	As Per Cr Reg
5	Library Fee (500 /Sem)	2,000.00	2,000.00	Each semester
6	Computer Lab and Training Aid Fee (2000/Sem)	8,000.00	8,000.00	Each semester
7	Tuition Fee (2400 / Credit)	86,400.00	86,400.00	Each semester
8	Exam Fee/Course Registration Fee (1000/ Theory Credit)	18,000.00	30,000.00	Per subject
9	Grade Sheet Fee (500/Sem)	2,000.00	2,000.00	Each semester
10	Student Welfare Fee (1000/Sem)	4,000.00	4,000.00	Each semester
11	Cultural/Magazine Fee (150/Sem)	600.00	600.00	Each semester
12	Dissertation Fee (400 per credit)	7,200.00	2,400.00	As Per Cr Reg
13	Center Fee (1500/Sem)	6,000.00	6,000.00	Each semester
14	ID Card Fee	200.00	200.00	Once
15	Tie/Scraf /Souvenir	940.00	940.00	Once
16	BNCC	60.00	60.00	Once
Grand Total		1,95,000.00	1,80,000.00

1. 1. 1. Additional Fees/Payments (As Required):

Ser	Subjects	Amount (Tk.)
1.	Re-admission	10,000.00
2.	Non-Collegiate (Per Subject)	5,000.00
3.	Late Registration Fee	1,500.00
4.	Special Final Exam	15,000.00
5.	Retake Course Fee	12,000.00
6.	Supplementary Exam Fee	8000.00

Notes: Admission cancellation and refund of admission fee will be executed as per following: No amount of total admission fee will be refunded.

2.11     Review of Fee Structure

All fees will be reviewed as and when necessary, by the university authority, and the students will be liable to pay the fees as per changed/reviewed fees.

2.12     Deadline for Submission of Fees/Dues

The students must clear all the fees during the admission process after the publication of the selected candidates' list by the respective Faculty/Department. For subsequent semester/trimesters, the payment of all fees/dues must be maintained Semester/trimester wise, and the following rules will apply in this regard:

1. The semester/trimester fees are to be paid as per the policy of the respective program.
2. The students may pay their fees after 1^st 15 days within one-month time by paying a penalty of Tk. 500.00 for every 15 days.
3. If a student fails to pay the semester/trimester fees within one and a half months, his/her name will be dropped, and the student will have to apply for re-registration if he/she desires to continue his/her study. If approved, he/she may take re-admission, paying the required re-admission fee.

2.13     Course Load to Students

The students must register for the required number of courses per Semester/trimester offered by the respective professional programs. During each Semester/trimester, students are allowed to take/enroll in a maximum of two additional retake course. The students are allowed to retake a course twice and improve a course only once throughout his/her entire registration period. He/she must complete all the Professional Master’s courses within his/her valid registration period.

2.14     Credit Hour

The total time that a teacher must interact with students in a teaching-learning environment for a particular course is defined as credit hour. Precisely, it is the contact hour between the assigned teacher and students. All programs of BUP must consider 01 (One) Credit hour amounting to 14 to 15 contact hours. An ideal contact hour must fulfill the following prerequisites:

1. The prescribed contact hour must be fully utilized meaningfully to achieve the planned outcome of the intended lesson.
2. Following the lesson covered in the contact hour, double the time of contact hour must be allotted to the students for assignments, exercise, home-works, or any other suitable activities in order to validate the planned outcome of the lesson.

2.15     Conduct of Courses

Generally, an individual course teacher is assigned to design and teach a particular course in a semester/trimester. The following guidelines are followed for conducting different courses:

1. At the beginning of the semester/trimester, the course teacher prepares a course outline/ course kit according to the approved course curriculum, performance evaluation and grading system list of suggested textbooks/references, and a tentative schedule of classes, examinations, and events. He/she distributes a copy of the same course outline to each registered student for the course and must submit a copy to the Department's Office.
2. The students must appear one (01) Mid-Term Examinations in a semester/trimester as per the given schedule. As a rule, 'Retake' of Mid Term Examination is not allowed, except for sickness, hospitalization, or other unavoidable circumstances, provided the student has valid supporting documents, and he/she has been permitted by the course teacher and Chairman of the Department before the examination commences.
3. Students must submit Term Paper/Project Paper/Assignment (individual and group) assigned to them in a semester/trimester for each course.
4. Any fraction in the marks obtained is to be rounded up to the advantage of the student i.e. any fraction is to be rounded up to the next number.
5. In special circumstances, if the program is conducted online/internet-based, a separate module will be set up after discussion with the faculty and the concerned persons subject to the approval of the dean of the faculty.

2.16     Class Attendance

Attendance in all classes is mandatory. A certain percentage of the total marks for each course is allotted for class attendance. If a student is to appear at the final examination, she/he must fulfill the criteria of being Collegiate (having 50% or more attendance). Students who become Dis-collegiate (having attendance below 50% attendance) will not be allowed to sit for the final examination. A student must obtain permission from the Chairman of the Department for any kind of absence due to valid reasons and must inform the Course Teacher and Program Coordinator. The marks distribution for attendance is given below:

Attendance	Marks
85% and above	10.0
75% < 85%	9.0
65% < 75%	8.0
55% < 65%	7.0
50% < 55%	6.0
Less than 50%	Dis-collegiate

Note: However, Departments can consider any kind of exceptional cases (Dis-collegiate Policy) subject to the approval of Dean of the respective faculty.

3.       Performance Evaluation System

3.1       Distribution of Marks for Evaluation

Letter grades are used to evaluate the performance of a student in a course. The following grading system is followed for performance evaluation of the students:

Remarks	Distribution
Final Exam	50%
Mid-term	20%
Class Test (Best 3 out of 4) (3 Class Test and 01 lab Test Mandatory)	10%
Lab Assessment	10%
Class attendance	10%
Total:	100%

The BUP authority reserves the right to review/revise the above grading system. However, depending on the nature of the course, minor modifications can be made by the respective course teacher, provided it is incorporated in the course outline.

3.1.1    Distribution of Marks for Evaluation (Theory Courses)

Letter grades (e.g., A+, A, A-, B+ etc.) are used to evaluate a student's performance in a course. The following mark distribution system can be followed for the performance evaluation of students. However, the respective Department can vary according to their book of the syllabus:

Grading Distribution	% of Total Grade Allocated
Class Attendance and Performance	The weightage of these items will be based on the approved book of the syllabus of the respective programs.
Mid Term Exam
Assignment
Term Paper (Book Review / Research Paper Writing)
Semester/trimester Final
Total

 

 

 

 

 

 

 

 

 

 

 

 

3.1.2    Distribution of Marks for Evaluation (Laboratory Courses)

The marks for the Laboratory courses are distributed according to the type of laboratory course based on the respective Department's requirement. The distribution of the marks for three types of Laboratories is given below:

1. Marks Distribution for Laboratory

Category	Marks Distribution (%)
Lab test	The weightage of these items will be based on the approved book of the syllabus of the respective programs.
Quiz
Viva
Attendance
Home Assignment/Report
Class Performance/Observation
Total

2. Marks Distribution of Project-Based Laboratory

Category	Marks Distribution (%)
Project	The weightage of these items will be based on the approved book of the syllabus of the respective programs.
Quiz
Viva/Presentation
Attendance
Home assignment/report
Class Performance/Observation
Total

3. Marks Distribution of Programming Based Laboratory

Category	Marks Distribution (%)
Online Test – 1	The weightage of these items will be based on the approved book of the syllabus of the respective programs.
Online Test – 2
Viva
Attendance
Observation
Class Performance
Total

3.1.3    Research Monograph/Thesis/Internship/Project Report

In addition to the theoretical examination of the Research Monograph/Thesis/Internship/ Project Report to be submitted by the students, there shall also be an oral defense of the written work. Three (03) copies of the Thesis/Internship/ Project Report work shall be submitted to the examination committee. The Examination Committee shall appoint the examiners for the Research Monograph/Thesis/Internship/Project Report as per the requirements of their respective professional programs.

Evaluation of Research Monograph/Thesis/ Internship/Project Report (Written Work)	Oral Defense	In-Course/Continuous Assessment
The weightage of these items will be based on the approved book of the syllabus of the respective programs.	The weightage of these items will be based on the approved book of the syllabus of the respective programs.	The weightage of these items will be based on the approved book of the syllabus of the respective programs.

3.1.4    Resubmission of Research Monograph/Thesis/Internship/Project Report

For valid grounds such as lack of originality or plagiarism, the issue of Thesis/ Internship/ Project Report resubmission will be conducted as per the discretion of examiner(s) concern. In case of resubmitting the Thesis/Internship Report/ Project, the students will be given an additional 02 months to rectify/amend their work. Three (03) copies of the Thesis/Internship/ Project Report should be submitted again. The cost of the examination (e.g. remuneration of supervisors and examiners) will be paid by the student.

3.2       Grading System

Numerical Grade	Letter Grade		Grade Point
80% and above	A+	(A Plus)	4.00
75% to < 80%	A	(A Regular)	3.75
70% to < 75%	A-	(A Minus)	3.50
65% to < 70%	B+	(B Plus)	3.25
60% to < 65%	B	(B Regular)	3.00
55% to < 60%	B-	(B Minus)	2.75
50% to < 55%	C+	(C Plus)	2.50
45% to < 50%	C	(C Regular)	2.25
40% to < 45%	D	-	2.00
< 40%	F	-	0.00
-	W	-	Withdrawn

3.3       Calculation of GPA (Grade Point Average) and CGPA (Cumulative Grade Point Average)

Grade Point Average (GPA) is the weighted average of all the grade points obtained in all the courses passed/completed by a student. CGPA (Cumulative Grade Point Average) will be computed after each Semester/trimester to determine the academic standing of the student in the program. The four-step procedure that will be followed to calculate the CGPA of a student is given below:

1. Grade points earned in each course will be computed based on credit hours in that course and the individual grade earned in that course by multiplying both.
2. All subject grade points (determined at step "a") will be added to determine the total grade points earned.
3. Credits of all completed/passed courses (excluding the course for which the student applies for Supplementary Examination) will be added together to determine the total number of credits.
4. GPA will be determined by dividing the results of step 2 by the result of step 3.

3.3.1    Calculation of GPA

Grade Point Average (GPA) is the weighted average of the grade points obtained of all the courses passed/completed by a student. For example, if a student passes/completes n courses in a term having credits of С1, С2,.., Cn and his grade points in these courses are G1, G2, ....

Gn respectively, then

                                                           ∑ C_i G_i

                              GPA =    

                                                             ∑ C_i

1. A numerical example, Suppose, a student has completed five courses in a term

obtained the following grades:

Course Code	Credit(s) (Ci)	Grade	Grade Points (Gi)	Points Earned (CixGi)
5101	3	A+	4.00	12
5102	3	B	3.00	9
5103	3	A	3.75	11.25
5104	2	B+	3.25	6.5
5105	1	A-	3.50	3.5

Then his/her GPA for the term will be computed as follows:

3x4.00+3x3.00+3x3.75+2x3.25+1x3.50

Grade Point Average (GPA) Calculation =

                  3+3+3+2+1

                                                                              = 3.52

2. When a course is repeated for improvement, the last result or grade point shall be counted for calculating GPA and CGPA. If the grade point obtained in improvement is lower than the grade point obtained earlier, the earlier one (previous grade point) shall stand.
3. Performance in all courses, including the 'F' grade, shall be reflected in the Grade Sheet.

3.3.2    Cumulative Grade Point Average (CGPA) Calculation

Cumulative Grade Point Average (GPA) is the weighted average of the grade points obtained of all the courses passed/completed by a student. For example, if a student passes/completes n courses in a term having credits оf С1, С2, Cn and his grade points in these courses are G1, G2, ..Gn respectively, then

3.3.3 Rounding Off the GPA/CGPA

The GPA/CGPA is to be rounded off after two digits of the decimal. For example, to round off 3.465 and above after two decimal digits, it is to be rounded off as 3.47. To round off 3.464 and below after two decimal digits, it is to be rounded off as 3.46.

4.       Promotion Policy

To be promoted from one semester to another, students must obtain a minimum CGPA (with a maximum number of ‘F’ Grade to be considered in each semester) /as mentioned in the table below:

Serial	02-years Masters Program
	Semester (From & To)	Required Minimum CGPA (During the mentioned semester)	Number of ‘F’ Grade to be considered (in each semester)
1	1st – 2nd	2.50	* Maximum one (01) ‘F’ Grade
2	2nd – 3rd	2.50	* Maximum one (01) ‘F’ Grade
3	3rd – 4th	2.50	* Maximum one (01) ‘F’ Grade

Note: Star (*) marked will not be applicable for retake course

If a student gets ‘F’ grade in more than one (01) course in any semesters and/or fails to obtain required CGPA of 2.50 in a semester as mentioned above, he/she will automatically be relegated to the next batch, and such relegation more than twice entire the registration period will warrant permanent withdrawal of the student from the program. However, besides the retaking cources obtaining ‘F’ Grade, the relegated student will also have the option to improve or retake for rest of the courses.

5.       Withdrawal Policies

5.1       Temporary Withdrawal

Temporary withdrawal means a student has voluntarily withdrawn himself/herself from a particular semester/trimester. In such case, the following rules will be maintained:

1. A student can withdraw himself/herself from a semester/trimester without penalty by applying to the authority minimum of four weeks before the commencement of the Semester/trimester.
2. A case of withdrawal is subject to the approval of the respective Dean.
3. Withdrawal is not allowed after the Midterm Examination during a semester/trimester.
4. A student will have to re-register their required courses by the next Semester/trimester with the next immediate batch.
5. The student can avail themselves of such opportunity only once within their valid registration period.

5.2       Permanent Withdrawal

The term 'Permanent Withdrawal' stands for permanent and voluntary discontinuation of the student from the program. The implication of permanent withdrawal includes cancellation of admission and expiry of registration.

5.3       Withdrawal on Poor Performance

Students may be permanently withdrawn from the program because of their poor performance. A student is always advised to maintain a minimum CGPA. Any student failing to obtain the required CGPA as per promotion policy will be relegated to the next immediate batch. However, two (02) times relegation or three times failure in a course at any time throughout the entire valid registration period will warrant permanent withdrawal of the student from the program.

6.       Examination Assessment System

BUP follows a single examiner system, and continuous assessment is done to evaluate a student in a semester/trimester. The following rules will apply for all tests and examinations:

1. Records of in-course (Midterm, Class tests, Attendance, Assignments etc.) will be evaluated by the teacher of the relevant course in a prescribed form (or online portal) showing the marks obtained by the students. The course teacher will display (i) one copy of the mark sheet on the notice board (or online) for information of the students (ii) send one copy to the Chairman of the Department (iii) send one copy to the Chairperson of the Examination Committee, and (iv) one copy to the Controller of Examinations at least one week before the commencement of the final examination. This timeframe needs to be strictly maintained.
2. The questions for the semester/trimester final examination will be set by the course teacher and submitted to the Moderation Committee of the respective Faculty. If more than one teacher can take a single course in different sections of a batch, then a combined set of questions will have to be prepared through the Moderation Committee. The question setters of a particular course should not be the moderators of that specific course.

Note: Students with physical disabilities will get an extra 10 minutes per hour in the examination.

6.1       Supplementary Examination

As a rule, supplementary examinations of any kind are discouraged. However, if a student fails to appear in the scheduled Semester/trimester Final Examination for unavoidable and valid reasons; he/she may be allowed to appear at such examination based on the following guidelines under the grounds described below:

1. In case of a student's extreme compassionate ground or any other reason that the Chairman of the Department approves, he/she must appear the supplementary examination within 45 days from the date on which the particular examination was held.
2. The student should apply to the concerned Dean (through the respective Department) within seven days from the last examination with the required supporting documents describing the reasons for his/her inability to appear for the scheduled semester/trimester final examination. The Dean, if convinced, will forward to the office of the Controller of Examinations duly recommending approval and thereby allowing for making arrangements to conduct the examination on the respective course/subject.
3. The student will have to pay the required fees as per the University Policy for appearing at the supplementary examination and completing other examination formalities for the course(s) so appeared.
4. No more than 'B+' (GPA 3.25) grade will be awarded to the student for supplementary examinations. However, special cases may be considered with prior approval of the respective Dean.
5. The existing rules of semester/trimester final examination will apply to the conduct of supplementary examinations e.g. question setting, moderation, evaluation, and result publication etc.

6.2       Improvement Policy

A student earning lower than 'B' Grade (i.e. lower than Grade Point 3.00) in any course(s), may choose to improve the grade by appearing at the improvement examination. In case of improvement examination, the following rules will be maintained:

 

1. The student must apply to the Dean for approval before at least one month of the commencement of the final examination and will get a chance to improve the grade of a course only once in a valid registration period.
2. The student must sit for only the Semester/trimester Final Examination with the immediate next batch.
3. If the grade point obtained by the student in the improvement examination is lower than the earlier obtained grade point, the earlier one (previous grade point) will stand.
4. Improvement examination for a course will not be allowed after graduation.
5. No improvement examination will be allowed for any practical course, viva voce, internship and 'Thesis’/project/dissertation and/or the like.

6.3       Retaking a Course

In case of retaking of course(s) of the Professional Master’s Program, students must complete the process within the valid registration period. A student will be allowed to retake only one (01) course in any semester/trimester of a particular year. They will be allowed to retake a course twice only throughout their entire registration period. Retaking a course (or grade) will be guided by the following rules:

A student earning an 'F' grade or being Dis-collegiate/Absent/Expelled from the examination will be required to retake the course offered in the immediate next batch or if the situation is considered reasonable/convenient. In this case, a student can continue with the immediate next available batch. Since achieving a passing grade in all courses is mandatory individually as the degree requirement.

1. The student will have to be allowed by the Dean of the Faculty and Chairman of therespective Department to sit for the examination. In case of retaking course(s), the following rules will be maintained:

1. The student must sit for all In-course and the Final examination.
2. For appearing in the examination for retaking a course, his/her class attendance is an important factor, which should be checked and ensured by the respective Chairman of the Department.

6.4       Registration Duration

The duration of registration period of Professional Master’s Program will be ‘Program Duration + 02 Years’. For example, if the LL.M Professional Program duration is 01 (one) year, then its registration period will be ’01 Year + 02 Years i.e. 03 (Three) years. The duration of the registration period may be extended subject to the approval of Academic Council.

7.       Awarding Professional Master’s Degree and Requirements

Students must fulfill all degree requirements within the valid registration period for the Professional Master’s program. The requirements are as follows:

1. Students must not have any 'F' grade.
2. Students must have a minimum CGPA of 2.50.
3. Minimum grade in the Internship/ Thesis/ Project/ Dissertation/ Research Monograph is C'.

8.       Dismissals on Disciplinary Grounds

A student may be dismissed or expelled from the program for adopting unfair means (Copying in examinations/ to influence grades), unruly behavior, or any other breach of discipline. The implication of dismissal may include cancellation of admission and termination of registration.

9.       Discipline and Code of Conduct

Adherence to strict discipline is considered a core concept of building future leaders. The students must abide by the rules, regulations, and code of conduct of the university. Students are forbidden to be members or organize students' organizations, clubs, society, etc., other than those set up by the University authority. They must maintain a peaceful and congenial atmosphere in the academic building, particularly adjacent to the classroom, library, faculty rooms, etc. The students will not be allowed to enter the classroom if they are contrary to the following rules:

1. Arriving late in the class.
2. Not wearing appropriate dress/attire as per the BUP dress code.
3. Any unfair means in exams/tests (The minimum punishment for unfair means in an examination is the cancellation of all courses of running Semester/trimester + 01 Semester/trimester Onwards).

Note: For the details, "The Students' Discipline Rules" is available on BUP website.

10.     Other Breaches of Discipline

The Academic Council may dismiss any student on the disciplinary ground if any form of indiscipline or unruly behavior is observed in him/her, disrupting the academic environment or program or being considered detrimental to BUP's image. The Discipline Committee will process the matter. Zero tolerance to drug, violence, and Sexual Exploitation and Abuse (SEA).

11.     Students' Redress Measures

If an examinee anticipates any discrepancies regarding his/her results/grade/marks, this will be brought to the notice of the Controller of Examinations through the Head of the Department within 30 (thirty) days from the date of publication of the result.

1. A certain amount of fee is required for the application of re-scrutiny. In case of re-scrutiny, the Controller of Examinations or his/her nominated teacher/officer will re-scrutinize the same whether there is any miscalculation of marks or any unmarked question of the script. In case of miscalculation, the Controller of Examinations or concerned officer will adjust the correct marks and finalize the result.
2. If any unmarked question of the script is found, then the concerned examiner will re-examine/ re-evaluate the unmarked question of the script. In that case, if the concerned examiner is not available, then the only unmarked question of the script will be examined/evaluated by any other examiner (alternative examiner).
3. After the scrutiny, the Controller of Examinations will republish the corrected result.

12. Executive Decision for Any Arising Situation

If this Academic Guideline does not explicitly or satisfactorily address any arising situation, in that case, the matter will be referred to the Vice Chancellor for a decision. Execution of such a decision will duly be reported to the Academic Council for information only.

13.  Amendments

Any of the provisions of this guideline may be changed and/or new provisions added as per the University's Rules.

14.   Conclusion

BUP Professional Master’s Academic Guideline-2023 is for the students, and it is to be followed for the best use of student's academic interests. It is the guide for the Faculty Members to assess the overall evaluation system of the students of BUP and acquaint themselves with BUP's rules and regulations.

PART-TWO

 

DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY (ICT)

1.      Introduction to ICT Department

The Department of Information and Communication Technology (ICT) at Bangladesh University of Professionals (BUP) is committed to excellence in education, research, and innovation. The department aims to develop skilled professionals and researchers by offering programs tailored to meet the challenges of the dynamic ICT landscape. With a curriculum emphasizing hands-on learning, theoretical foundations, and industry-aligned skills, the ICT Department nurtures talents capable of addressing global technological needs.

The department's vision is to advance ICT education through cutting-edge research, innovative teaching methodologies, and industry collaboration. Equipped with state-of-the-art labs and a dedicated faculty team, it strives to foster critical thinking, problem-solving, and leadership in the realm of technology.

The department stands as a beacon for aspiring technologists and researchers, preparing them to excel in academia, industry, and beyond. The department places special emphasis on:

1. Interactive classroom sessions and an uninterrupted curriculum to ensure effective learning.
2. Innovative teaching methods, blending the latest global trends with state-of-the-art facilities.
3. A balance of competent internal faculties and outsourced expert resource persons for specialized knowledge.
4. Regular guest lectures and visits to organizations, providing industry exposure.
5. A continuous feedback and assessment system to ensure academic excellence.
6. A culture of discipline, punctuality, and commitment in all aspects of academic life.
7. Adherence to a code of conduct and dress code that instills professionalism.
8. A focus on nurturing students as good human beings with the qualities of successful leaders.
1. Providing a tranquil, secure campus environment free from external disturbances.

Through these initiatives, the ICT Department at BUP prepares students to excel academically, professionally, and ethically, contributing significantly to both national and global ICT advancements.

2.       Current Programs

The Department of ICT is running the following programs:

1. B.Sc. in Information and Communication Engineering (BICE)
2. M.Sc.Engg./M.Engg.in Information and Communication Engineering (MICE)
3. M.Sc.Engg./M. Engg. in Information Systems Security (MISS)
4. M.Sc.Engg./M. Engg. in Information and Communication Technology (MICT)

Programs	Duration	Total Courses Theory+ Laboratory	Credit on Courses	Industrial Attachment/ Dissertation Credit	Total Credit	Remarks
BICE	4 Years	42 +25	151	3+6	160	B.Sc. in ICE
MICE	1.5 Years	6/10	18/30	18/6	36	M.Sc. Engg. /M.Engg.
MISS	2 Years	8/12	22/34	18/6	40	M.Sc.Engg. / M.Engg.
MICT	2 Years	8/12	22/34	18/6	40	M.Sc. Engg. /M.Engg.

3.       Faculty Members

All the programs of the Department of ICT are conducted by a group of esteemed and highly qualified faculty members. Details are in www.bup.edu.bd.  Besides, experienced adjunct faculties from renowned universities are also engaged in academic activities of this department.

4.       Mailing Address

Chairman, Department of ICT

Faculty of Science and Technology (FST)

Bangladesh University of Professionals (BUP)

Mirpur Cantonment, Dhaka-1216

Phone: 02-8000485, Fax: 88-02-8000443

E-mail: ict@bup.edu.bd

5.       Masters in Information Systems Security (MISS)

5.1.      Introduction

The Masters in Information Systems Security (MISS) is a comprehensive two-year program designed to prepare technology professionals for leadership roles in security-centric, technology-driven environments. The program equips students with the skills to evaluate security requirements, design and implement robust solutions, and ensure the continuous protection of information and network systems. The curriculum emphasizes advanced knowledge and practical expertise in designing, managing, and securing IT infrastructures, making graduates indispensable in industries where IT security is paramount. This program uniquely prepares professionals for critical roles in safeguarding organizational assets against an ever-evolving landscape of cyber threats.

MISS graduates bring exceptional value to a wide array of sectors. Their responsibilities often include managing IT infrastructures, overseeing intrusion detection systems, and addressing customer service issues related to security. The increasing prevalence of cyber-attacks and rapid technological advancements have created a high demand for well-trained cybersecurity professionals across industries. Graduates of the MISS program are equipped to assume specialized roles, including Security Analysts, Malware Analysts, Incident Responders, etc. In addition, the program lays a solid foundation for senior leadership positions such as: Chief Security Officer (CSO), Chief Information Security Officer (CISO). These roles involve managing comprehensive security measures and leading organizational strategies to mitigate risks and ensure information assurance. As organizations increasingly prioritize cybersecurity, the MISS program stands out by offering students the opportunity to acquire cutting-edge skills and knowledge, preparing them for success in dynamic and high-demand security roles.

5.2.      Vision of the Program

To develop a world-standard program on information systems security through advanced education and research that equips professionals to tackle evolving security challenges.

5.3.      Mission of the Program

To equip students with hands on knowledge and skills necessary to maximize students’ potentials with a view to preparing an individual specialist on information systems security.

5.4.      Program Objectives

The department has the following program objectives:

1. To equip students with in-depth knowledge of security protocols, encryption, and cybersecurity technologies to safeguard and defend computer systems and networks.
2. To foster hands-on skills in implementing secure network configurations and using industry-standard tools, such as firewalls, intrusion detection systems, and vulnerability scanners.
3. To prepare students to assess, mitigate, and manage risks associated with information systems, ensuring resilience against potential threats.
4. To investigate information systems security incidents and develop and implement solutions to recover or minimize the loss of information.
5. To prepare graduates to design, implement, and monitor comprehensive cybersecurity measures that protect critical information technology resources.

5.5.      Learning Outcomes

Graduating with MISS degree from BUP will be able to:

1. Demonstrate comprehensive knowledge of security protocols, encryption methods, and cybersecurity technologies essential for protecting and defending computer systems and networks.
2. Acquire hands-on skills in configuring secure networks and effectively utilizing industry-standard security tools, such as firewalls, intrusion detection systems, and vulnerability scanners, to enhance network security.
3. Conduct risk assessments, identify potential security vulnerabilities, and develop risk mitigation strategies to manage and minimize security risks associated with information systems.
4. Proficient in investigating security incidents, developing solutions to recover lost data or minimize information loss, and implementing responsive strategies to handle cybersecurity incidents.
5. Design, implement, and monitor comprehensive cybersecurity measures that safeguard critical IT resources, ensuring the integrity and resilience of information systems against evolving cyber threats.

6.       Course and Credit Related Information

6.1       List of all Core and Elective Courses with their Credit Distribution:

Sl.	Name of the Course	Theory (Credit)	Total Contact Hours
Core Courses
	MISS-6101 Principles of Information Security	3.0	48.00
	MISS-6102 Secure Software Design	3.0	48.00
	MISS-6103 Systems & Network Security	3.0	48.00
	MISS-6201 Information Systems Audit	3.0	48.00
	MISS-6202 Penetration Testing	3.0	48.00
	GED-6203 Research Methodology	1.0	32.00
Elective Courses
1.	MISS-6004 Digital Forensics	3.0	48.00
2.	MISS-6005 Cryptography	3.0	48.00
3.	MISS-6006 Threat Hunting & SOC Management	3.0	48.00
4.	MISS-6007 Cloud Computing Security	3.0	48.00
5.	MISS-6008 Cyber Law and Ethics	3.0	48.00
6.	MISS-6009 Block Chain Technology & Fintech Security	3.0	48.00
7.	MISS-6010 Data Privacy Engineering	3.0	48.00
8.	MISS-6011 Malware Analysis & Reverse Engineering	3.0	48.00
9.	MISS-6012 Artificial Intelligence & Machine Learning	3.0	48.00
10.	MISS-6013 Management of Governance, Risks & Compliance	3.0	48.00
11.	MISS-6014 Big Data Analysis & Design	3.0	48.00
12.	MISS-6000 Thesis	18.0	---
13.	MISS-6001 Project	6.0	---

Note: Courses may be added or removed based on by the authority based on the availability of the resources and industry practice

 

6.2       Summary

SL	YEAR	SEMESTER	DEGREE	NO. OF THEORY COURSES	THEORY (CR.)	THESIS/ PROJECT	CREDIT
1	First	1st	M.Sc. Engg.	3	9	-	9
			M. Engg.	3	9	-	9
		2nd	M.Sc. Engg.	4	10	-	10
			M. Engg.	4	10	-	10
2	Second	1st	M.Sc. Engg.	1	3	9	12
			M. Engg.	3	09	-	09
		2nd	M.Sc. Engg.	-	-	9	9
			M. Engg.	2	6	6	12
Total			M.Sc. Engg.		-	-	40
			M. Engg.		-	-	40

6.3       Course Designation System

Each course is designated by a maximum of four-letter code identifying the department offering the course followed by a three-digit number having the following interpretation:

1. The first digit (from left) corresponds to the year/level in which the course is normally taken by the students.
2. The second digit (from left) corresponds to the semester/ term in which the course is normally taken by the students.
3. The last two digits denote various courses.

The course designation system is illustrated as follows:

MISS-6101	Principles of Information Security
	Course Title
	Course Serial Number
	(Reserved for departmental use to denote course)
	Signifies 1st Semester course Signifies 1st Year course Department identification code

6.4       Semester-wise Course and Credit Distribution for M.Sc. Engg. Degree (Thesis group)

Year	Semester	Course Code	Course Name	Theory (Credit)	Total Credit Hour	Total Contact Hour
1st	1st	MISS-6101	Principles of Information Security	3.0	3.0	48.00
		MISS-6102	Secure Software Design	3.0	3.0	48.00
		MISS-6103	Systems and Network Security	3.0	3.0	48.00
	2nd	MISS-6201	Information Systems Audit	3.0	3.0	48.00
		MISS-6202	Penetration Testing	3.0	3.0	48.00
		GED-6203	Research Methodology	1.0	2.0	32.00
		MISS-60**	Elective-I	3.0	3.0	48.00
2nd	1st	MISS-60**	Elective-II	3.0	3.0	48.00
		MISS-6000	Thesis	9.0	--	--
	2nd	MISS-6000	Thesis	9.0	--	--

Note: The distribution of elective courses in different semesters may be changed by the authority based on the availability of the resources and industry practice.

6.5       Semester-wise Course and Credit Distribution for M. Engg. Degree (Project group)

Year	Semester	Course Code	Course Name	Theory (Credit)	Total Credit Hour	Total Contact Hour
1st	1st	MISS-6101	Principles of Information Security	3.0	3.0	48.00
		MISS-6102	Secure Software Design	3.0	3.0	48.00
		MISS-6103	Systems and Network Security	3.0	3.0	48.00
	2nd	MISS-6201	Information Systems Audit	3.0	3.0	48.00
		MISS-6202	Penetration Testing	3.0	3.0	48.00
		GED-6203	Research Methodology	1.0	2.0	32.00
		MISS-60**	Elective-I	3.0	3.0	48.00
2nd	1st	MISS-60**	Elective-II	3.0	3.0	48.00
		MISS-60**	Elective-III	3.0	3.0	48.00
		MISS-60**	Elective-IV	3.0	3.0	48.00
	2nd	MISS-60**	Elective-V	3.0	3.0	48.00
		MISS-60**	Elective-VI	3.0	3.0	48.00
		MISS 6001	Project	6.0	--	--

Note: The distribution of elective courses in different semesters may be changed by the authority based on the availability of the resources and industry practice.

 

 

 

Detail syllabus is attached in Annex A

 

7.       Teaching Strategy

Students gain knowledge and understanding through practical work that allows the exposure and exploration of underpinning theory and concepts. Guided reading and online content support students in developing their understanding of the subject area. An emphasis on formative feedback and tasks is built into all the first-year modules and may include participation in online activities, in order to practice and explore the topics covered in classes more fully.

8.       Assessment Strategy

Students’ knowledge and understanding is assessed by a range of activities that include both formative (developed to provide feedback on learning) and summative (graded) tasks. A wide range of assessment methods are used. Tasks may involve traditional approaches such as case studies, assignments, presentations and term papers, time constrained tests and exams (Details are given in Article 16.1).

9.         Thesis/Project Related Guidelines

1. After the completion of the first semester, if a student gets CGPA greater than or equal   to     3.25, he will be eligible to get a thesis. He can choose to do a project as well.
2. No eligibility criteria for project students.
3. If any student below CGPA 3.25 at the end of the first semester is interested to apply for thesis, he/she may apply to the Chairman with recommendation from the supervisor.
4. The Chairman will review the proposal through an internal Board of Member and may/may not allow to pursue thesis.

9.1       Thesis

1. Research work for a thesis shall be carried out under the supervision of a full-time member of the staff belonging to the relevant department/ Institute of BUP/DU/BUET/MIST or any other university recognized by UGC. However, in special cases, a full-time member of the staff belonging to a department outside ICT may be appointed as Supervisor, if the research content of the thesis is within the field of specialization of the member of the staff. A Co-supervisor from within or outside the department may be appointed, if necessary. The thesis proposal of a student shall be submitted for approval of the Academic Committee after completion of at least 18 credit hours of course work.
2. If any change is necessary of the approved thesis (title, content, cost, Supervisor, Co- supervisor etc.) it shall be approved by the Academic Committee.
3. Eligible thesis students will be selected by the department. But thesis works will be done by individual students. It cannot be carried out in a group
4. The research work must be carried out in BUP or at a place(s) recommended by the Academic Committee. The work schedule and financial involvement should be mentioned in the research proposal for carrying out research work outside the University.
5. Every student shall submit to the Chairman, Department of ICT, through his/her Supervisor, required number of type written copies of his/her thesis in the approved format on or before a date to be fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT.
6. The student shall certify that the research work was done by him/her and that this work has not been submitted elsewhere for the award of any other diploma or degree.
7. The thesis should demonstrate evidence of satisfactory knowledge in the field of research undertaken by the student.
8. Every student submitting a thesis in partial fulfillment of the requirements of a degree, shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT and must satisfy the examiners that he/she is capable of intelligently applying the results of this research to the solution of problems, of undertaking independent work, and also afford evidence of satisfactory knowledge related to the theory and technique  used in his/her research work.
1. The Thesis dissertation should be original, and plagiarism-free. The 25% or less similarity index is acceptable, as determined by Turnitin Plagiarism Checker. Self-plagiarism is acceptable.

 

0. 1. 1. Thesis Lifecycle for Effective Management
1. Submission of thesis Proposal -Notice will be given for 2^nd semester students after 8 weeks and must be submitted within 2 weeks after 9 credits.
2. Supervisor confirmation-October.
3. Presentation of Title Confirmation - Notice given at the beginning of November and must present a presentation on last November.
4. Follow-up form filling and submission – Every month twice.
5. Follow-up of Phase 1 – Present 1^st progress presentation June 1^st week.
6. Follow-up of Phase 2 – Present 2^nd progress presentation October 1^st week.
7. Pre-defense – October last week.
8. Final defense – November last week.
   1. 2. Submission of Thesis

Every student submitting a thesis report in partial fulfillment of the requirement of a degree shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT and must satisfy the examiners that he/she has gained satisfactory knowledge related to the project work.

0. 1. 3. Examination Board for Thesis
1. An Examination Board for every student for thesis oral examination shall be approved by the Chairman, the Department of ICT on recommendation of the thesis Supervisor and to be forwarded to Dean, FST for final approval. The Supervisor shall act as the Chairman and the Chairman of the Department of ICT will be an ex-officio member of the Examination Board. The Board shall consist of at least four members including the Chairman, the Department of ICT and the Supervisor. The Examination Board shall be constituted as follows:

Supervisor	Chairman
Co-supervisor (if any)	Member
Chairman, Department of ICT (Ex-officio)	Member
One or two members from within the Department	Member
One external member from outside the student relevant institute/ Department	External

    Note: If the Chairman of the department, supervise any thesis work, then senior

     faculty member will be designated as an Ex-officio.

2. If any member of the Examination Board is unable to accept the appointment or must relinquish his/her appointment before the examination, Chairman, Department of ICT shall appoint another member in his/her place, on suggestion from the Supervisor. This appointment will be reported to the Academic Committee.
3. In case a student fails to satisfy the Examination Board in thesis and /or oral examination, the student shall be given one more chance to resubmit the thesis and/or appear in oral examination as recommended by the Board.

 

9.2       Project

1. Project work shall be carried out under the supervision of a full-time member of the staff belonging to the relevant department of BUP/DU/BUET/MIST or any other university recognized by UGC. However, in special cases, a full- time member of the staff belonging to a department outside ICT may be appointed as Supervisor, if the research content of the project work is within the field of specialization of the member of the staff. The title of the project, cost and the Supervisor shall be recommended by the Academic Committee for approval which will be reported to the Dean, FST. The project proposal of a student shall be submitted for approval of the Academic Committee after completion of minimum 18 Credits.
2. If any change is necessary to the approved thesis (Title, Content, Cost, Supervisor, Co- supervisor etc.) it shall be approved by the Academic Committee.
3. Eligible project students will be selected by the department. But project work will be done by individual students. It cannot be carried out in a group.
4. The project work must be carried out in BUP or at a place(s) approved by the Chairman, Department of ICT for approval by the Academic Committee. The work schedule and financial involvement should be mentioned in the project proposal for carrying out project work outside the BUP.
5. Every student shall submit to the Chairman, Department of ICT, through his/her Supervisor, required number of type written copies of his/her project report in the approved format before a date to be fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT.
6. The student shall certify that the project work was done by him/her and the work has not been submitted elsewhere for the award of any other diploma or degree.
7. The project should demonstrate evidence of satisfactory knowledge in the field of project undertaken by the student.
8. Every student submitting a project report in partial fulfillment of the requirement of a degree shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT.
1. The Project dissertation should be original, and plagiarism-free. The 25% or less similarity index is acceptable, as determined by Turnitin Plagiarism Checker. Self-plagiarism is acceptable.

9.2.1    Project Lifecycle

1. Submission of project proposal -Notice will be given for 3^rd semester students after 8 weeks and must be submitted within 2 weeks after completion of 18 theory credit hours.
2. Supervisor confirmation- March.
   (c) Presentation of Title Confirmation - Notice given beginning of April and must present a presentation on last April.
3. Follow-up form filling and submission – Every month once
   (e) Follow-up of Phase 1 – Present 1^stprogress presentation Mid-September
4. (f) Follow-up of Phase 2 – Present 2^ndprogress presentation Mid-October
5. (g) Pre-defense – Mid-November
   (h) Final defense – Mid-December

9.2.2    Submission of Project

Every student submitting a project report in partial fulfillment of the requirement of a degree shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Head of the Department of ICT and must satisfy the examiners that he/she has gained satisfactory knowledge related to the project work.

9.2.3    Examination Board for Project

1. An Examination Board for students for the project examination shall consist of at least four members including the Supervisor. The Supervisor shall act as the Chairman. The Academic Committee shall recommend the names of the examiners for approval of Dean FST. The Examination Board shall be constituted as follows:

Supervisor	Chairman
Co-supervisor (if any)	Member
Chairman, Department of ICT (Ex-officio)	Member
One or two members from within the Department	Member
One external member from outside the student relevant institute/ Department	External

                 Note: If the Chairman of the department, supervise any thesis work, then senior

                 faculty member will be designated as an Ex-officio.

2. If any member of the Examination board is unable to accept the appointment or must relinquish his/her appointment before the examination, Chairman, Department of ICT shall appoint another member in his/her place on the recommendation of the relevant Academic Committee.
3. In case a student fails to satisfy the Examination Board in project report and /or presentation, the student can be given one more chance to resubmit the project report and/or appear in another examination as recommended by the Board.
4. 3.       Thesis/Project Evaluation
5. Total evaluation of the thesis/project will be out of 100 which will be done during the final defense.
6. The evaluation of the supervisor will carry out 50% of the final marks and the evaluation of the other board members will carry 50% of the final marks.

9.4       Re-Defense Fees for Thesis/Project

If any student cannot complete the project in their final semester, he/she can re-defend the project with the next batch. However, this will happen only after paying the re-defense fee and getting the approval of the departmental Chairman.

 

 

Annex A

Core Courses

MISS-6101: Principles of Information Security

Credit Hour: 3.0

Course Objectives:

1. To understand how Information Security can counteract attempts to attack an individual’s “info sphere,” the person’s sensitive information
2. To provide the fundamental skills and understanding needed to manage risk & recover disaster
3. To acknowledge the students about the fundamentals of cryptography and how cryptography serves as the central language of information security
4. To understanding how issues of privacy affect information security
5. To gain the fundamental knowledge of Cyber Security and commonly used terms in Cyber Security
6. To Understand Cyber Security / Information Security Architecture
7. To know how vulnerabilities occur and how to limit your exposure to them.
8. To gain a fundamental understanding of what an attack/threats are and how to identify and prevent them from occurring
9. To know the international laws in securing cyberspace

 

Course Outcomes:

Upon completing the course, graduates will be able to:

1. Demonstrate a basic understanding of the practice of Information Security, especially in evaluation of information security risks across diverse settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services. 
2. Acknowledge the ethical considerations in all judgments and decisions in academic and professional settings. 
3. Utilize software packages (for example Maple) to explore the intricacies of cryptography, demonstrating comprehension of the use of these and other tools in Information Security.
4. Possess a fundamental knowledge of Cyber Security
5. Understand what a vulnerability is and how to address most common vulnerabilities
6. Know basic and fundamental risk and disaster management principles as it relates to Cyber Security
7. Demonstrate and apply knowledge of current trends in ICT security, particularly those that relate to security protocols and policy, cryptography, malware, digital forensics, and legal evidence
8. Investigate emerging security trends and their application to professional practice
9. Apply skills in the identification of security threats, implementation of secure system properties, security testing, and incident response

 

Course Content:

Introduction to Information Security / cyber security; The Need for Security; Information Security Standards and Frameworks, Cyber security models (the CIA triad, the star model), Types of Cyber-attacks; Attack motives that drives an attacker; Methods of cyber-attack & attack vectors; Cybercrime, Cyber harassment, Cyber warfare, Cyber surveillance, Issues making cyber security difficult, Cloud Computing and Distributed Computing, Blockchain Technology for cybersecurity.

Legal, Ethical, Professional Issues in Information Security; Types of Risks and Risk Management Frameworks (RMF); Disaster recovery plan and procedures, National ICT Act & Policy, National Information security policy guideline, government and private sector roles in securing cyberspace, international laws in securing cyberspace.

Access Control & Identity and Access Management: Protection Domains, Access Control Lists, User Privilege in Database Systems; Authentication: Authentication using a physical object, Authentication using biometrics; Control physical and logical access to assets; manage identification and authentication of people, devices, and services; federated identity with a third-party service; implement and manage authorization mechanisms; manage the identity and access provisioning lifecycle; implement authentication systems.

Cryptography:  Symmetric Cryptography, Public Key Cryptography: RSA cryptosystem–Key distribution – Key management –Diffie Hellman key exchange-ElGamal cryptosystem Elliptic curve arithmetic-Elliptic curve cryptography. Symmetric Key Ciphers: DES–Block cypher Principles of DES – Strength of DES – Differential and linear cryptanalysis - Block cypher design principles – Block cypher mode of operation – Evaluation criteria for AES – Advanced Encryption Standard-RC4–Key distribution. Message Authentication and Integrity: Authentication requirement – Authentication function –MAC–Hash function–Security of hash function and MAC – SHA –Digital signature and authentication protocols–DSS- Entity Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication applications - Kerberos, X.509. Security Practice and System Security: Electronic Mail security–PGP, S/MIME –IP security – Web Security - System Security: Intruders–Malicious software – viruses – Firewalls.

Asset Security: Asset Security, Data Management: Determine and Maintain Ownership, Data Standards, Longevity and Use, Classify Information and Supporting Assets, Asset Management, Protect Privacy, Ensure Appropriate Retention, Determine Data Security Controls, Standards Selection.

Security Engineering: Security Engineering, The Engineering Lifecycle Using Security Design Principles, Fundamental Concepts of Security Models, Information Systems Security Evaluation Models, Security Capabilities of Information Systems, Vulnerabilities of Security Architectures, Database Security, Software and System Vulnerabilities and Threats, Vulnerabilities in Mobile Systems, Vulnerabilities in Embedded Devices and Cyber-Physical Systems, The Application and Use of Cryptography, Site and Facility Design Considerations, Site Planning, Implementation and Operation of Facilities Security.

Configuration Management & Systems Hardening: OS, Database Management Systems, Networking Solutions and Devices, Software, Secure Systems, Trusted Computing Base, Firewalls, Antivirus and Anti-Antivirus Techniques, Digital Signatures, Code Signing, Jailing, Model-Based Intrusion Detection Systems, Encapsulating Mobile Code, Java Security.

Laboratory and Case Study:

1. Case Study on Cybersecurity and Risk Framework
2. Case Study on Identity and Access Management architecture design and Risk Assessment
3. Case Study on Security Architecture and Engineering
4. Configuration Review and Hardening of different Operating Systems
5. Configuration Review and Hardening of different Database Management Systems
6. Configuration Review and Hardening for Network Devices, i.e., Router, Switch
7. Configuration Review and Hardening for Security Solutions, i.e., Firewall, Email Security, Anti-DDOS, Sandbox, Web Proxy, etc.
8. Hardening and Configuration Review Lab for
9. Utility and Security Solutions
10. Course Final Project Assignment on Systems Hardening and Configuration Review

References:

1. Michael E. Whitman, Herbert J. Mattord, Principles of Information Security.
2. Jason Andress, The Basics of Information Security.
3. David Sutton, Cyber security: A practitioner’s guide.
4. P.W. Singer, Allan Friedman, Cyber security and Cyber war: What Everyone Needs to Know, 1st Edition, ISBN-13: 978-0199918119.
5. Rhodes-Ousley, Mark. Information Security: The Complete Reference, 1^st Edition, Information Security Management: Concepts and Practice, New York, McGraw-Hill, 2013.
6. Don Franke, Cyber Security Basics: Protect your organization by applying the fundamentals, 1^st Edition.
7. Kenneth Geers, Strategic Cyber Security, CCD COE Publication, ISBN 978-9949-9040-7-5 (pdf).

MISS-6102: Secure Software Design

Credit Hour: 3.0

Course Objectives:

1. To understand the role of security in the Software Development Life Cycle (SDLC) process and explain it clearly
2. To understand the impact of security principles and practices on a software product, which is essential to consider in SDLC
3. To master comprehensive development considerations for ensuring a secure software system
4. To get oriented with the best cyber-attacks the best coding practices for ensuring system security against the most common and impactful cyber-attacks
5. To get acquainted with software UI design considerations and practices for designing more secure websites and applications

 

Course Outcomes:

Upon completing the course, the students will be able to:

1. Understand the principles of designing secure software architecture, including the use of security patterns and best practices.
2. Identify, define, and integrate security requirements into the software development process.
3. Conduct threat modeling to identify, assess, and prioritize potential security risks.
4. Write secure code, identify common programming vulnerabilities, and conduct code reviews and static code analysis.
5. Design secure authentication mechanisms and implement proper authorization controls.
6. Handle sensitive data securely, including the use of encryption and hashing techniques and database security considerations.
7. Identify common web and mobile application vulnerabilities, write secure code for these applications, and implement security measures like web application firewalls.
8. Integrate security into the DevOps pipeline and implement continuous integration and continuous deployment (CI/CD) security practices.
9. Understand how to prepare for and respond to security incidents during development, maintain security during software updates, and implement patch and vulnerability management practices.
10. Analyze security risks and make informed decisions about security measures and effectively communicate security concepts and recommendations to stakeholders.

 

Course Content:

Introduction to Secure Software Development: Overview of secure software development principles, Importance of integrating security into the software development life cycle (SDLC).

Security Requirements Engineering: Identifying and defining security requirements, integrating security requirements with functional requirements.

Threat Modelling: Techniques for identifying and assessing potential security threats, creating threat models to analyze and prioritize risks.

Secure Architecture Design: Principles of designing secure software architecture, Security patterns and best practices for system design,

Secure Coding Practices: Writing secure code and common programming vulnerabilities, Code reviews and static code analysis for security.

Authentication and Authorization: Designing secure authentication mechanisms, Implementing proper authorization controls.

Data Security: Secure handling of sensitive data, Encryption and hashing techniques, Database security considerations.

Web Application Security: Common web application vulnerabilities, Secure coding for web applications, Web application firewalls.

Mobile Application Security: Security considerations for mobile app development, Securing data storage and transmission in mobile apps.

Secure DevOps and CI/CD: Integrating security into the DevOps pipeline, Continuous integration and continuous deployment (CI/CD) security.

Security Testing: Types of security testing (e.g., penetration testing, code review), Automated and manual security testing approaches.

Secure Software Development Tools: Introduction to security tools for developers, Code scanning tools, static analyzers, and other security-related tools.

Secure Software Development Frameworks: Overview of secure development frameworks, Integrating security features from established frameworks.

Secure Software Development Standards and Compliance: Overview of security standards (e.g., CMM, OWASP, NIST, PCI SLC, PCI S3), Ensuring compliance with industry-specific security requirements.

Incident Response in Software Development: Preparing for and responding to security incidents during development, Secure rollback and recovery processes.

Secure Software Maintenance: Best practices for maintaining security during software updates, Patch management and vulnerability management.

Legal and Ethical Considerations: Understanding legal and ethical responsibilities in secure software development, Privacy considerations and compliance.

Laboratory and Case Study:

1. Case Study Secure Software Business Requirement Analysis
2. Case Study Secure Software Systems Architecture
3. Lab on Secure Coding using a software development framework
4. Lab on Static Code Analysis using different static software testing tools
5. Lab on Dynamic Code Analysis using different Dynamic software testing tools
6. Lab on Application VAPT considering OWASP to 10 and SANS 25 Dangerous software error, i.e. SQL Injection, Broken Authentication, CSS, CSRF, etc.
7. Course Final Project Assignment on Software VAPT

 

References:

1. Theodor Richardson, Charles N Thies, Secure Software Design.
2. Loren Kohnfelder, Designing Secure Software: A Guide for Developers.

MISS-6103: Systems & Network Security
Credit Hour: 3.0

Course Objectives:

1. To identify some of the factors driving the need for network and operating system security
2. To identify and classify examples of attacks
3. To define the terms vulnerability, threat and attack
4. To identify physical points of vulnerability in simple networks
5. To compare symmetric and asymmetric encryption systems and their vulnerability to attack and explain the characteristics of hybrid systems
6. To gain the fundamentals of storage device hardware and Relational storage model
7. To achieve knowledge on Cloud and Big data file systems
8. To know how to secure cloud data privacy

Course Outcomes:

Upon completing the course, the students will be able to:

1. Monitor, evaluate and test security conditions and environment
2. Develop an organizational security plan that provides for periodic reviews of security policies and procedures
3. Evaluate tools and technologies for use in protecting the network and individual network systems
4. Implement security plan and monitor solutions
5. Monitor and evaluate audit logs and set administrator alerts
6. Respond to any breach of security and adjust organizational security plan accordingly.
7. Understand file systems and analyze existing and future data processing needs 
8. Develop relational storage model that reflects the organization's fundamental business rules
9. Develop and refine the conceptual data model, including all entities, relationships, attributes, and business rules
10. Apply cloud and big data file systems

Course Content:

Network Security architecture and security: Understanding Computer Network Security; Hostile Scripts; Security Assessment, Analysis and Assurance Cryptography; System Intrusion Detection and Prevention; Standardization and Security Criteria; Computer Network Security Protocols; Securing application layer protocols; Securing Network Layer, Security in Wireless and Sensor Networks; Operating system vulnerability, Securing Network and Computers- Types of Attacks (Malware, DoS, Spoofing, OS and Application exploits), Securing mechanisms – Authentication, Authorization and Encryption - Encryption Methods, Authentication Methods, VLANs and VPNs, Certificates and PKI; Implementing Security Policies - User and Group Account access policies, Securing Passwords, File System Rights, Network Access Control; Network application security – SSL(Email, Web), Authenticated connections for file transfer.

Operating Systems implementation and Security: Kernel, Distributions, Terminals, Manual pages, Command History, Navigation, File Management, Visual Editor, File permissions, Special permissions, Sudoers, Resource limits, Process management and Scheduling, Services, System, and init Logging and Log Rotation, Installing and Running Open Source Software / different Packages, Linux package management, SSH, Tunneling, and Post-Quantum Cryptography, Networking and Firewalls; DNS, DHCP, and LDAP; Monitoring, Auditing, and Network Analysis - Intrusion Detection, Audit Trails and Log Files, Network Traffic Capture and Analysis; Disaster Planning and Recovery - UPS and AC(Power and environmental conditioning), RAID, Hardware Redundancy and Clusters , Vulnerability Assessment - Policy and the Human Component,  Firewall Rule configuration, Patch Level detection, Port Scanning, Privileged Accounts.

Storage Security: Database Management Systems, The Relational Model of data, Relational Algebra, Relational operations, Insertion, Deletion, SQL tables, implementing a database schema using SQL, Defining and running transactions using SQL, Oracle database management systems. Introduction to Storage device hardware , File systems, Erasure coding and array coding, RAID array coding techniques, Storage area networks (SAN), Network-attached storage (NAS), Cloud storage and big data, Cloud and big data file systems: Hadoop Distributed File System, (HDFS), GFS, Windows Azure file systems, Amazon S3 file systems, Programming with HDFS, GFS, Azure, and Amazon S3, Das model, Statistical database security, geospatial database security, security through watermarking & Steganography, Relational storage models, Key value stores, Data consistency and availability in the cloud, Cloud data privacy and security, Personal cloud storage systems design and implementation.

Zero Trust Architecture: Addressing the adversaries already in the Network: Zero Trust, Architecture, Credential Rotation, Compromised Internal Assets, Securing the Network, Tripwire and Red Herring Defenses, Patching, Deputizing Endpoints as Hardened Security Sensors

Data-Centric Security: Application (Reverse) Proxies, Full Stack Security Design, Web Application Firewalls, Database Firewalls/Database Activity Monitoring, File Classification, Data Loss Prevention (DLP), Data Governance, Mobile Device Management (MDM) and Mobile Application Management (MAM), Private Cloud Security, Public Cloud Security, Container Security

Laboratory and Case Study:

1. Requirement Identification and Analysis for IS Infrastructure
2. Secure Network Design
3. Network Diagram Preparation
4. Lab on Network Review and Implementation
5. Networking Configuration
6. Secure Routing and Switching
7. Labs on Access Control List development in Switch, Router, Firewall and Proxy
8. Network Segmentation
9. Secure System Implementation
10. Data Flow Diagram Preparation
11. Zero Trust Architecture Design Lab and POC Case Study
12. Security Solutions Design and Implementation
13. Course Final Project Assignment on Defensive Enterprise Architecture

References:

1. Joseph MiggaKizza, Guide to Computer Network Security.
2. Michael Palmer, Guide to Operating Systems Security 1st Edition.
3. RamezElmasri, Shamkant B. Navathe, Fundamentals of Database Systems, 6th Edition, Addison-Wesley, ISBN 13: 978-0-136-08620-8.
4. Alfred Basta, Melissa Zgola, Database Security, Cenage Learning, ISBN-13: 978-1-4354-5390-5. Himanshu Dwivedi, Securing Storage: A Practical Guide to SAN and NAS Security (paperback), 1st edition, ISBN-13: 978-0321885746.
5. Fei Hu, Big Data Storage, Sharing, and Security, CRC press, ISBN: 9781498734868.

MISS-6201: Information Systems Auditing

Credit Hour: 3.0

Course Objectives:

1. To introduce the terminologies, technologies, and applications of information security audit
2. To plan, execute, report, and follow-up on audits, particularly within information security management systems
3. To discuss the security audit process, including risk assessment, project management, and report generation
4. To introduce the tools, and technologies for information security audit and assessment, such as automated auditing tools and cybersecurity platforms
5. To recognize the competencies required for a world-class information systems auditor, focusing on professional ethics, standards, and best practices
6. To review information security controls and countermeasures, evaluating and recommending improvements
7. To understand the roles and responsibilities of an Information System Auditor, especially in regulatory compliance and organizational governance

Course Outcomes:

Upon completing the course, the students will be able to:

1. Understand the fundamental principles and concepts of information systems auditing.
2. Acquire knowledge of auditing standards and frameworks, such as COBIT, ITIL, and ISO 27001
3. Develop an understanding of the role of internal and external auditors in information systems
4. Learn about common information systems risks and vulnerabilities
5. Gain knowledge of audit techniques and methodologies, including risk assessment, control testing, and evidence gathering
6. Understand the importance of information security controls and their role in mitigating risks
7. Learn about emerging technologies and their impact on information systems auditing
8. Develop an understanding of the legal and regulatory framework related to information systems auditing
9. Develop a professional and ethical approach to information systems auditing

 

Course Content:

Introduction to Security Auditing: Definition and importance of security auditing, Role of security auditors in identifying and mitigating security risks, Evolution of information systems auditing and its significance in today's digital world.

The Process of Auditing Information Systems: IT Audit and Assurance Standards, Guidelines, Tools, and Techniques, Code of Professional Ethics and applicable standards (e.g., ISACA, ISO standards), Phases of the audit process: planning, execution, reporting, and follow-up.

Risk Management and Assessment: Risk assessment concepts, tools, and techniques in an audit context, implementing risk assessment models, with a focus on ISO 27001-based frameworks, Control objectives and controls related to information systems, Identifying and categorizing risks based on likelihood and impact, Understanding risk mitigation and management strategies.

Audit Planning and Project Management: Key elements of audit planning: setting objectives, scope, timelines, and resources, Techniques for audit project management, including follow-up, Importance of clear communication with stakeholders throughout the audit lifecycle.

Governance and Management of IT: IT governance frameworks (e.g., COBIT, ITIL) and their relevance to information systems audits, the relationship between governance, security, and organizational risk management, best practices for managing IT and security-related processes.

Network Security Auditing: Auditing firewall configurations and assessing network architecture for vulnerabilities, Intrusion detection and prevention systems (IDPS) and their role in securing networks, Evaluating network segmentation and access control mechanisms.

Application Security Auditing: Auditing web and mobile applications for security vulnerabilities, Secure coding practices, code reviews, and vulnerability management, Evaluating common vulnerabilities such as SQL injection, cross-site scripting (XSS), and others.

Endpoint Security Auditing: Auditing endpoint protection measures (e.g., antivirus, endpoint detection and response), Assessing the security of end-user devices.

Security Incident Response and Forensics: Developing and auditing incident response plans, Conducting security forensics investigations, Legal and ethical considerations in incident response.

Identity and Access Management Auditing: Auditing user access controls, Assessing identity management and authentication systems.

Cloud Security Auditing: Auditing cloud service providers, Assessing the security of cloud infrastructure and services.

Wireless Security Auditing: Auditing wireless network security, Assessing the security of Wi-Fi networks.

Physical Security Auditing: Auditing physical access controls, Assessing security measures at data centers and facilities.

Security Awareness and Training: Assessing the effectiveness of security awareness programs, Training employees on security best practices.

Security Metrics and Reporting: Developing and using security metrics, Creating comprehensive security audit reports.

Compliance Auditing: Auditing for regulatory compliance (e.g., PCI DSS, SO27001, GDPR, HIPAA), Assessing adherence to industry-specific security standards.

Vulnerability Scanning and Penetration Testing Auditing: Understanding ethical hacking principles, conducting security penetration testing.

Laboratory and Case Study:

1. IS Audit Planning-Develop a comprehensive audit plan for a multinational corporation, covering scope, objectives, resources, timelines, and risk assessment.
2. Systems Auditing-Audit a financial institution’s core banking system for regulatory compliance, focusing on transaction processing and data integrity.
3. Data Center Audit-Perform a data center audit for a global e-commerce company, evaluating physical and environmental security measures.
4. Network Audit-Conduct a network audit for a healthcare provider to identify vulnerabilities and improve security.
5. DBMS Audit-Audit a retail company’s database management system, focusing on data integrity, access controls, and performance optimization.
6. IS Governance and Risk Management Audit-Audit a government agency’s governance and risk management framework, assessing compliance with international standards.
7. Business Application Audit-Audit a manufacturing company’s new supply chain management system, focusing on functionality, accuracy, and security controls.
8. ERP Audit-Audit the effectiveness of an ERP system used by a large enterprise, covering key modules like finance, HR, and inventory.

References:

1. Mike Kegerreis, Mike Schiller, Chris Davis, IT Auditing Using Controls to Protect Information Assets-McGraw-Hill Education (2020).
2. David L. Cannon, Brian T. O'Hara, and Allen Keele, CISA Certified Information Systems Auditor Study Guide, 4th Edition.
3. Hemang Doshi, CISA: Certified Information Systems Auditor Study Guide (2020).
4. Chris Jackson, Network Security Auditing (2020).
5. Sari Greene, Security Program and Policies: Principles and Practices (2020).
6. Chris Davis, Mike Schiller, and Kevin Wheeler, IT Auditing Using Controls to Protect Information Assets, Third Edition.
7. Martin Weiss and Michael G. Solomon, Auditing IT Infrastructures for Compliance, 2nd Edition.
8. A Vladimirov, K. Gavrilenko, and A. Michajlowski, Assessing Information Security Strategies, tactics, logic and framework- IT Governance Publishing (2010).

MISS 6202: Penetration Testing

Credit Hour: 3.0

Course Objectives:

1. To analyze the relationships and dependencies between various penetration testing tools within a comprehensive assessment process
2. To discuss how the tools interrelate with each other in an overall penetration testing process
3. To implement countermeasures for various types of attacks
4. To apply a common ethical hacking methodology to carry out a penetration test
5. To analyze how penetration testing, and ethical hacking fit into a comprehensive enterprise information security program; and demonstrate ethical behavior appropriate to security-related technologies

Course Outcomes:

Upon completing the course, the students will be able to:

1. Have a solid understanding of the fundamental principles, methodologies, and objectives of penetration testing
2. Learn about common ethical hacking frameworks and methodologies (e.g., OSINT, reconnaissance, scanning, enumeration, exploitation)
3. Effectively use a variety of penetration testing tools and techniques
4. Identify and address security vulnerabilities in systems and networks
5. Plan, execute, and report on penetration tests
6. Analyze security risks and make informed recommendations
7. Develop a strong sense of ethical responsibility and adhere to professional standards in their penetration testing activities

Course Content:

Introduction to Cybersecurity Penetration Testing Concepts: Types, and Phases, What is Hacking, Why Ethical Hacking is Necessary, Scope and Limitations of Ethical Hacking, Information Security Controls, Information Assurance (IA), Information Security Management Program, Threat Modeling, Enterprise Information Security Architecture (EISA), Network Security Zoning, Defense in Depth- Information- Security-Policies, Types of Security Policies, What is Vulnerability Assessment?, Types of Vulnerability Assessment, Network Vulnerability Assessment Methodology, Vulnerability Research Websites, Penetration Testing, Comparing Security Audit, Vulnerability Assessment, and Penetration Testing, Blue Teaming/Red Teaming,  Hacking Phases, Scan for Vulnerability, Vulnerability Scanning, Vulnerability Scanning Tool, Nessus, Network Vulnerability Scanners, Vulnerability Scanning Tools for Mobile, Draw Network Diagrams, Drawing Network Diagrams, Network Discovery Tool, Network Topology Mapper and Network View, Network Discovery Tools for Mobile,  Gaining Access, Maintaining Access, Clearing Tracks,  Information at Hand Before System Hacking Stage.

Penetration Testing: Goals, Penetration Testing / Hacking Methodology,  Steps in Penetration Testing, Cracking Passwords, Password Cracking, Types of Password Attacks, Non-Electronic Attacks, Active Online Attack, Dictionary, Brute Forcing and Rule-based Attack, Password Guessing, Default Passwords, Active Online Attack,  Trojan/Spyware/Keylogger, Example of Active Online Attack Using USB Drive, Hash Injection Attack, Passive Online Attack, Wire Sniffing,  Man-in-the-Middle and Replay Attack, Offline Attack, Rainbow Attacks, Tools to Create Rainbow Tables: rtgen and Winrtgen, Distributed Network Attack. Active Directory Penetration Testing, Denial of Service: Introduction, Attacks, Preventing DoS/DDoS; Buffer Overflow: Introduction, Testing vulnerability, Attacks, Countermeasures. Web Application Penetration Testing.

Laboratory and Case Study:

1. Labs on Reconnaissance using different OSINT Tools i.e: google dork, maltego etc.
2. Labs on Scanning Network, Systems, Application, Database using different scanning Tools i.e: Nmap. GFI Langurd, Nessus, Nexpose etc.
3. Labs on Enumeration using different Tools
4. Vulnerability Assessment using different Tools i.e: Nmap. GFI Langurd, Nessus, Nexpose etc.
5. System hacking using different PT tools i.e: Nmap. Metasploit, Burpsuite, core impact, saint etc.
6. Privilege Escalation PT using different PT tools i.e: Nmap. Metasploit, Burpsuite, core impact, saint etc.
7. Script writing and Analysis
8. Course Final Project Assignment on systems and Infrastructure VAPT

References:

1. Georgia Weidman, Penetration Testing: A Hands-On Introduction to Hacking.
2. Wolf Halton, ‎Bo Weaver, ‎Juned Ahmed Ansari, Penetration Testing: A Survival Guide.
3. Lee Allen, ‎Kevin Cardwell, Advanced Penetration Testing for Highly-Secured Environments.
4. Certified Ethical Hacker Version 9 Study Guide, First Edition, 10.1002/9781119419303.

GED 6203: Research Methodology

Credit Hour: 1.0

Course Objectives:

1. To develop a comprehensive understanding of research methodologies and techniques
2. To acquire the skills necessary to design, conduct, and analyze research studies effectively
3. To master data collection methods, such as surveys, interviews, observations, and experiments
4. To develop skills in writing research proposals, literature reviews, and research reports
5. To cultivate critical thinking and problem-solving abilities in the context of research.
6. To interpret and communicate research findings effectively

Course Outcomes:

Upon completing the course, the students will be able to:

1. Gain a deep understanding of research methodologies and techniques, including various research designs, data collection methods, data analysis techniques, and ethical considerations
2. Analyze research questions, design effective research studies, and solve research-related problems
3. conduct research independently, from formulating research questions to interpreting and communicating findings
4. Select appropriate research designs based on research questions and objectives
5. Evaluate research studies, including assessing the validity and reliability of research instruments and methods
6. Effectively use LaTeX software to create professional-quality documents, including research papers, presentations, and theses

Course Content:

Fundamental Concept of Research: Definition, role of research, steps of research, purpose/objectives of research, research questions, research problems, research hypothesis, Bias in Research, characteristics, and types of research, scientific method, Current trends, practices, and professional standards of applied research in different fields.

Basic terminologies and issues in research: Variables, types of variables, properties, and relationships between research, Inductive and deductive research, basic statistical terms used in research, quantitative and qualitative research tools, and research fallacies.

Research process: Problem identification, literature review, research design, measurement and scaling techniques, questionnaire design, data collection, sampling and sample design, and Report writing.

Data and methods of data collection: data, data vs information, types of data, sources of data, primary data collection methods, secondary data collection methods, qualitative and quantitative data collection techniques, Sampling Process stages, sampling distribution, different probability sampling methods, Statistics and Parameters.

Processing and analysis of data: Data processing, univariate analysis, bivariate analysis, multivariate analysis, hypothesis testing, mathematical problems on hypothesis testing, characterization of data, accuracy and precision.

Correlation analysis: Different correlation analysis, Test of hypothesis: mean test, proportion test, variance test, chi-square testing, ANOVA, Cause and effect analysis; regression, simple linear and multiple linear regression, categorical regression, Selection of appropriate statistical tools.

Ethics in Research: Code and Policies of Research, Ethical Principles, Plagiarism in Research, Ethical Decision Making in Research, Conduct of Ethical Research.

Research report/proposal writing: Research report/proposal writing and segments of a research report.

Laboratory and Case Study:

1. Quartiles Journal and Predatory Journals: To get ideas Standards and Predatory journals, impact factor, indexing, citation etc.
2. Reference management software (Mendeley Software, Zotero Software etc.): Papers download form online and offline, library form, Keeping notes, citations and references in the manuscript with different styles
3. Latex software:  Use Latex software in writing manuscripts through Overleaf
4. Online data collection, Processing, Presentation and Analysis: Sources of data sets, download of data from reliable sources, Reliability check, Data processing in Google Colab (Data Reading, Cleaning, Integration, Transformation, Reduction, Discretization), Data Presentation (Quantitative, Qualitative, Univariate table, Bi-variate table, Multivariate table etc.) and data analysis.
5. Writing of Research Report and Proposal:  Writing a journal/ conference paper /poster presentation/research report using latex, writing of synopsis

References:

1. Writing Successful Science Proposals by Andrew J. Friedland, Carol L. Folt, Publisher: Yale University Press; 2 edition (June 9, 2009).
2. The Myths of Innovation (Hardcover) by Scott Berkun, Publisher: O'Reilly Media (August 30, 2010).
3. Pedhazur, E. J. and Schmelkin, L. P. Measurement, Design and Analysis: An Integrated Appoach, Psychology Press (2013).

Elective Courses

MISS-6004: Digital Forensic

Credit Hour: 3.0

Course Objectives:

1. To perform the steps included in a digital forensic and investigation Process
2. To examine the legal framework that governs digital forensics, including relevant rules, laws, policies, and procedures
3. To identify different systems file format
4. To perform a forensic investigation on a forensic image, using various tools to recover evidence, resulting in a report documenting the investigation
5. To understand cybercrimes and their investigation procedures
6. To understand the role of various processes and technologies in computer forensics
7. To identify the roles and responsibilities of a forensic investigator
8. To understand anti-forensics techniques and network forensics
9. To detect and investigate wireless network attacks
10. To write professional quality reports that include both a summary report and a notes section, which describes the technical procedures used in the investigation

Course Outcomes:

Upon completing the course, students will be able to:

1. Identify, collect, and preserve digital evidence in a legally acceptable manner
2. Mastery of tools like EnCase, FTK, and Autopsy, used for extracting and analyzing data from digital devices
3. Understanding different types of cybercrimes, the legal frameworks that govern them, and the ethical responsibilities in digital investigations
4. Ability to respond to security breaches, analyze attack vectors, and contain cybersecurity incidents
5. Learning how to recover lost or deleted data from computers, mobile devices, and networks
6. Understanding file systems like FAT, NTFS, and EXT to examine data structures and uncover hidden or encrypted files
7. Gaining skills to trace and interpret network traffic, logs, and communications to uncover malicious activities
8. Developing skills to create detailed forensic reports and to present findings in court as an expert witness
9. Exposure to steganography detection, malware analysis, and reverse engineering
10. Working with law enforcement, legal teams, and other professionals in complex cases involving digital evidence

Course Content:

Introduction to Digital Forensics; Investigation Guidelines and Process; Identification & Seizure; Understanding Electronic Data; Physical and Logical Disks; File Systems and Data Storage; Dates, Times and Metadata; Forensic Analysis Techniques; Windows Artifacts; Forensic Challenges; Reporting; Electronic data; Investigating Windows artifacts; Malicious Software; Network Analysis; Methods of Deception; Introduction to Memory analysis; Partitions and core directories of Major Operating Systems; Introduction to Memory analysis; Imaging using Linux tools and forensic distributions; Reporting.

Laboratory and Case Study:

1. Case study on hacking and forensic investigation
2. Evidence collection using autopsy, encase etc.
3. Discover use and practices forensic lab
4. Windows investigation
5. Linux systems investigation
6. Network investigation
7. Dark web forensics
8. Database forensics
9. Investigating email crimes
10. Malware forensics, report writing

References:

1. Joakim Kävrestad, Fundamentals of Digital Forensics Theory, Methods, and Real-Life Applications, 2^nd edition, 2020.
2. Andy Jones, Andrew Jones, Craig Valli, Building a Digital Forensic Laboratory Establishing and Managing a Successful Facility, 1^st edition, Syngress, 2018.
3. Greg Gogolin, Digital Forensics Explained, 2^nd edition, CRC press, 2021.

MISS-6005: Cryptography
Credit Hour: 3.0

Course Objectives:

1. To understand the fundamentals of Cryptography
2. To acquire knowledge on standard algorithms used to provide confidentiality, integrity and authenticity
3. To understand the various key distribution and management schemes
4. To understand how to deploy encryption techniques to secure data in transit across data networks
5. To design security applications in the field of Information technology

Course Outcomes:

Upon completing the course, students will be able to:

1. Analyze the vulnerabilities in any computing system and hence be able to design a security solution
2. Identify the security issues in the network and resolve it
3. Evaluate security mechanisms using rigorous approaches, including theoretical
4. Compare and contrast different IEEE standards and electronic mail security

Course Content:

Basics of cryptography; Symmetric encryption-Replacement cipher; Basic cryptanalysis ; Modular arithmetic-The ring of integers modulo n; Stream ciphers; Random numbers-Random number, generators, The one-time pad; Encryption using block ciphers-Modes of operation; The Advanced Encryption Standard(AES)-Galois fields, Structure of the AES, AES decryption; Public-key cryptography-Principles-One-way functions-Applications:(key establishment, nonrepudiation, identification, encryption), The Euclidean and extended Euclidean algorithms, Euler’s φ function, Fermat’s little theorem and Euler’s theorem; The RSA cryptosystem; Key exchange-Diffie-Hellman key exchange, Basic group theory (cyclic groups and their subgroups) (optional), The discrete logarithm problem (optional), Security of Diffie-Hellman key exchange (optional); Digital signatures - Basic digital signature protocol 2, The RSA signature scheme ; Hash functions-The purpose of hash functions-Hash function security requirements and properties-Hash function algorithms; Message authentication-Properties of message authentication codes, Building a message authentication code from a hash function; Public Key Infrastructure, Trusted Computing.

Laboratory and Case Study:

1. Implement the AES (Advanced Encryption Standard) algorithm or use cryptographic libraries to encrypt and decrypt data (OpenSSL, Python)
2. Implement the RSA algorithm from scratch, including key generation, encryption, and decryption (Python or Java)
3. Use cryptographic libraries to sign and verify messages using digital signatures (OpenSSL, Python)
4. Implement and explore the use of hash functions and MACs for ensuring data integrity (Python or Java)
5. Case study on ransomware and cryptography

References:

1. Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, John Wiley & Sons, 2^nd edition, 1996.
2. Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, 2^nd edition, Chapman & Hall/CRC Cryptography and Network Security Series, Chapman and Hall/CRC, 2014.

MISS-6006: Threat Hunting & SOC Management
Credit Hour: 3.0

Course Objectives:

1. To understand the key themes and principles of security incident management
2. To recognize the importance of well-defined processes, policies, and procedures of incident management
3. To apply these principles in designing systems and models for managing security incidents
4. To understand how to apply the principles of incident management in a variety of contexts
5. To have an appreciation of the wider context of security incident management, and of the relationship with business continuity and crisis management disciplines
6. To explore the challenges in information sharing and some initiatives that look to address those challenges

Course Outcomes:

Upon completing the course, students will be able to:

1. Understand and identify different types and causes of incidents

1. Design the response and feedback to incidents
2. Manage the incidents to ensure security of systems
3. Understand the management of incidents of the relationship with business continuity and crisis management disciplines

Course Content:

Security Operations Architecture: Cyber Security Operations Management, Investigations, Provisioning of Resources through, Configuration Management, Resource Protection, Preventative Measures against Attacks, Patch and Vulnerability Management, Change and Configuration Management, The Disaster Recovery Process, Test Plan Review, Business Continuity and Other Risk Areas, Access Control, Personnel Safety.

Cyber security Operation Center Analysis and Threat Hunting Module: Analyze and Management of Incidents, Events, and Logging, Incident Detection with Security Information and Event Management (SIEM), Enhanced Incident Detection with Threat Intelligence, Incident Response Management.

Threat Hunting: Threat Intelligence Foundation, Understanding Cyber Threats, IoCs, and Attack Methodology, Cyber Threats and Kill Chain Methodology, Requirements, Planning, Direction, and Review of Threat Intelligence, Data Collection and Processing, Data Analysis, Intelligence Reporting and Dissemination.

Crisis Management: Managing a crisis when management structures don't work; making a drama out of a crisis; the value of simulation and practice of the unforeseen.

Business Continuity and Disaster Recovery: Supporting the business requirements; bridging the link between technology and business; incident Management in context; business impact assessment and strategies for disaster recovery and work area recovery.

Laboratory and Case Study:

1. Labs on logs and log analysis
2. Introduction to incident response and management
3. Introduction to detection engineering
4. Introduction to cyber threat intelligence
5. Threat intelligence tools for SOC
6. MITRE attack
7. Threat hunting introduction and preparation
8. Threat intel and containment
9. Introduction to threat emulation and modelling
10. Traffic analysis essential
11. Final lab assignment on SOC

References:

1. Colby A Clark (Author), Ireland J Clark (Illustrator), Cyber Security Incident Management Volume 1: Preparation, Threat Response & Post-Incident Activity, 2020.
2. Colby A Clark (Author), Ireland J Clark (Illustrator), Cyber Security Incident Management Volume 2: Program Assessment & Development, 2024.
3. Thompson, Eric C., Cybersecurity Incident Response How to Contain, Eradicate, and Recover from Incidents, 1^st edition, Apress, 2021.
4. Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone, Computer Security Incident Handling Guide, Special Publication 800-61, Revision 2, 2012.
5. By Gregory Jarpey Scott Mccoy, Security Operations Center Guidebook: A Practical Guide for a Successful SOC, 1^st Edition, Butterworth-Heinemann, 2017.
6. David Nathans, Designing and Building Security Operations Center, 1^st, Edition, Syngress, 2014.
7. Arun E Thomas, Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices, 2017.
8. Jeffrey Crump, Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience, 2019.
9. Ethne Swartz, Dominic Elliott, Brahim Herbane, Business Continuity Management, A Crisis Management Approach, 2010.

MISS-6007: Cloud Computing Security

Credit Hour: 3.0

Course Objectives:

1. To gain a deep understanding of the fundamental principles of cloud computing and the specific security challenges associated with cloud environments
2. To develop skills to design and implement secure cloud architectures
3. To learn how to integrate security into cloud services and infrastructures
4. To understand techniques for protecting data in cloud environments, such as encryption, data masking, and secure data lifecycle management
5. To learn about cloud-specific identity and access management protocols and strategies to ensure proper authentication, authorization, and auditing
6. To learn about risk assessment methodologies and how to manage security risks in cloud environments.
7. To understand compliance requirements such as GDPR, HIPAA, and PCI-DSS in relation to cloud storage and services.

Course Outcomes:

Upon completion of this course, students will be able to:

1. Demonstrate a clear understanding of cloud computing models, architectures, and their respective security implications
2. Formulate and implement cloud security policies and controls that align with organizational risk and compliance requirements
3. Secure data at rest, in transit, and in use within cloud environments using encryption, tokenization, and other methods
4. Capable of conducting risk assessments and implementing security measures to mitigate risks in cloud environments
5. Design and deploy secure cloud infrastructures, applying best practices for securing virtual machines, storage, and networks
6. Knowledge of relevant legal, regulatory, and compliance frameworks and will be able to apply them in cloud security settings
7. Adapt cloud security measures to evolving technologies, including multi-cloud and hybrid cloud environments

Course Content:

Overview of Cloud computing: Architectural and Technological Influences of Cloud Computing, Cloud deployment models: Public, Private, Community and Hybrid models, Scope of Control, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Cloud Computing Roles, Risks and Security Concerns.

Security Design and Architecture for Cloud Computing: Guiding Security design principles for Cloud Computing Secure Isolation, Comprehensive data protection, End-to-end access control, Monitoring and auditing, Quick look at CSA, NIST and ENISA guidelines for Cloud Security, Common attack vectors and threats.

Secure Isolation of Physical & Logical Infrastructure: Compute, Network and Storage, Common attack vectors and threats, Secure Isolation Strategies, Multitenancy, Virtualization strategies, Inter-tenant network segmentation strategies, Storage isolation strategies.

Data Protection for Cloud Infrastructure and Services: Cloud based Information Life Cycle, Data protection for Confidentiality and Integrity, Common attack vectors and threats, Encryption, Data Redaction, Tokenization, Obfuscation, PKI and Key, Management, Assuring data deletion, Data retention, deletion and archiving procedures for tenant data, Data Protection Strategies.

Enforcing Access Control for Cloud Infrastructure based Services: Access control requirements for Cloud infrastructure, Common attack vectors and threats, Enforcing Access Control Strategies, Compute, Network and Storage, Authentication and Authorization, Roles-based Access Control, Multi-factor authentication, Host, storage and network access control options, OS Hardening and minimization, securing remote access, Verified and measured boot, Firewalls, IDS, IPS and honeypots.

Monitoring, Auditing and Management:  Proactive activity monitoring, Incident Response, Monitoring for unauthorized access, malicious traffic, abuse of system privileges, intrusion detection, events and alerts, Auditing – Record generation, Reporting and Management, Tamper-proofing audit logs, Quality of Services, Secure Management, User management, Identity management, Security Information and Event Management.

Introduction to Cloud Design Patterns: Introduction to Design Patterns, Understanding Design Patterns Template, Architectural patterns for Cloud Computing, Platform-to-Virtualization & Virtualization-to-Cloud, Cloud bursting.

Introduction to Identity Management in Cloud Computing: User Identification, Authentication, and Authorization in Cloud Infrastructure, Concepts of Identity & Access Management, Single Sign-on, Identity Federation, Identity providers and service consumers, The role of Identity provisioning.

Cloud Computing Security Design Patterns - I:  Security Patterns for Cloud Computing, Trusted Platform, Geo-tagging, Cloud VM Platform Encryption, Trusted Cloud Resource Pools, Secure Cloud Interfaces, Cloud Resource Access Control, Cloud Data Breach Protection, Permanent Data Loss Protection, In-Transit Cloud Data Encryption.

Cloud Computing Security Design Patterns – II: Security Patterns for Cloud Computing – Network Security, Identity & Access Management & Trust, Secure On-Premises Internet Access, Secure External Cloud Connection, Cloud Denial-of-Service Protection, Cloud Traffic Hijacking Protection, Automatically Defined Perimeter, Cloud Authentication Gateway, Federated Cloud Authentication, Cloud Key Management, Trust Attestation Service, Collaborative Monitoring and Logging, Independent Cloud Auditing.

Policy, Compliance & Risk Management in Cloud Computing:  Legal, security, forensics, personal & data privacy issues within Cloud environment, Cloud security assessment & audit reports, Laws & regulatory mandates, Personal Identifiable Information & Data Privacy, Privacy requirements for Cloud computing (ISO 27018), Metrics for Service Level Agreements (SLA), Metrics for Risk Management.

Cloud Compliance Assessment & Reporting - Case Study: PCI DSS 3.0 Compliant Cloud Tenant - Case Study, HIPAA compliance Case Study - Protecting PHI in Cloud, Discussions.

Cloud Service Providers – Technology Review: OpenStack Platform, Docker, Amazon Web Services, Wrap Up & Final Projects Review:  Course outcomes review, Real-world Compliance Case Study Review.

Laboratory and Case Study:

1. Case study on Traditional, Virtualization and Cloud Computing with Business Requirements Analysis
2. Select a Cloud Solutions
3. Install and configure Cloud Environment
4. Cloud Service Plan and Design
5. Labs on different AWS/Azure Cloud Service
6. Final Assignment of Cloud Environment Setup

References:

1. Vic Winkler, Securing the Cloud: Cloud Computing Security Techniques and Tactics, 1st edition, Syngress, 2011.
2. Thomas Erl, Robert Cope, Amit Bhatnagar, Cloud Computing Design Patterns, 1st edition,
3. Prentice Hall, 2015.
4. Cloud Computing: From Beginning to End, Ray J. Rafaels, 1st edition, CreateSpace Independent Publishing Platform, 2017.

MISS-6008: Cyber Laws & Ethics

Credit Hour: 3.0

Course Objectives:

1. To introduce the cyber world and cyber law in general
2. To explain about the various facets of cybercrimes
3. To enhance the understanding of problems arising out of online transactions and provoke them to find solutions
4. To clarify the Intellectual Property issues in the cyber space and the growth and development of the law in this regard
5. To educate about the regulation of cyber space at national and international level

Course Outcomes:

Upon completing the course, students will be able to:

1. Gain a comprehensive understanding of global and national cyber laws, including data protection laws, intellectual property rights, cybercrime laws, and digital transaction regulations
2. Protect intellectual property in the digital space, including copyrights, patents, trademarks, and licensing laws that pertain to software, digital content, and online services
3. Apply legal standards for protecting personal information, ensuring adherence to privacy regulations while balancing the needs for data usage in business and governance
4. develop an ethical framework for their professional practice in cybersecurity and IT fields, ensuring responsible use of technology and awareness of the social impacts of their work

Course Content:

Security and Trust in Cyber Space and Introduction Cyber Laws and Ethics; Network Neutrality; Online Business and the Law; Intellectual Property; Limitations on Online Speech; Freedom of Speech in an Online World; Methodology and Development of Hypotheses and Data Collection and Empirical Results; Differentiate between laws and ethics, Types of Law - Civil law -Private law; Cybercrime Scenarios in Bangladesh and Digital Security Act 2018 in Bangladesh; New and emerging threats of cyber-crime and terrorism and Terrorist use of the internet; Drug and Human Trafficking in Cyber Crime; Cyber terrorism: Case studies; Cyber Laws: Case studies; Survey of Criminal Justice Theory and Research.

Laboratory and Case Study:

1. Case Study on Cyber Law of Bangladesh
2. Policies and Procedures of Regulatory Frameworks of Bangladesh for Cyber Security
3. Case Study on Different Standard PCIDSS, ISO 27001, CMMI etc.

References:

1. Zeinab Karake, Sheikha Lubna Al Qasimi, Cyber Law and Cyber Security in Developing and Emerging Economies, 1^st edition, Routledge, 2020.
2. World Mark Grabowski, Eric P. Robinson, Cyber Law and Ethics, Regulation of the Connected, 1^st edition, Routledge, 2022.
3. Kirwan, Gráinne, The Psychology of Cyber Crime: Concepts and Principles: Concepts and Principles, 1^st edition, Routledge, 2013.
4. Mangai Natarajan, International and Transnational Crime and Justice, 1^st edition, Cambridge University Press, 2011.

MISS-6009: Block Chain Technology & Fintech Security

Credit Hour: 3.0

Course Objectives:

1. To explore the fundamental concepts, architecture, and consensus mechanisms of blockchain
2. To analyze the security challenges and potential vulnerabilities associated with blockchain systems
3. To provide a comprehensive understanding of blockchain technology and its applications in the financial technology (fintech) sector
4. To evaluate the impact of blockchain on various fintech domains, including payments, lending, and asset management
5. To investigate the regulatory landscape surrounding blockchain and fintech, including compliance requirements and emerging standards
6. To develop practical skills in designing, implementing, and analyzing blockchain-based solutions for fintech applications

Course Outcomes:

Upon completing the course, students will be able to:

1. Understand the underlying principles, consensus mechanisms, use cases., benefits and limitations of block chains
2. Explore block chain decentralization and cryptography concepts
3. Identify the key security challenges and vulnerabilities associated with blockchain systems and propose effective mitigation strategies
4. Enumerate the Bitcoin features and its alternative options
5. Design, implement, and analyze blockchain-based solutions for fintech applications, considering security, scalability, and performance factors.
6. Describe and deploy the smart contracts and summarize the block chain features outside of currencies

Course Content:

Discover Blockchain Technology: Blockchain, Growth of blockchain technology, Distributed systems, History of blockchain and Bitcoin, Types of blockchain, Blockchain: Architecture, Versions, Variants, Use cases, Life use cases of blockchain, Blockchain vs shared Database, Introduction to cryptocurrencies, Types, Applications.

Decentralization: Methods of decentralization, Routes of decentralization, Blockchain and full ecosystem decentralization, Smart contracts, Decentralized organizations and platforms for decentralization.

Bitcoins: Introducing Bitcoin, Bitcoin digital keys and addresses, Transactions, Blockchain mining. Alternative Coins. Limitations of Bitcoin.

Concept of Double Spending, Hashing, Proof of work: Bitcoin Network and payments, Bitcoin network, Wallets, Bitcoin payments, Innovation in Bitcoin, Bitcoin Clients and APIs.

Introduction to Blockchain Platforms: Ethereum, Hyperledger, IOTA, EOS, Multichain, Big chain, etc. Advantages and Disadvantages, Ethereum vs Bitcoin, Design a new blockchain, Potential for disruption, Design a distributed application, Blockchain applications.

Cryptography and Technical Foundations: Cryptographic primitives, Asymmetric cryptography, Public and private keys. Cryptocurrency: History, Distributed Ledger, Bitcoin protocols - Mining strategy and rewards, Ethereum - Construction, DAO, Smart Contract, GHOST, Vulnerability, Attacks, Sidechain, Namecoin.

Cryptocurrency Regulation: Stakeholders, Roots of Bit coin, Legal Aspects-Crypto currency Exchange, Black Market and Global Economy. Applications: Internet of Things, Medical Record Management System, Domain Name Service and future of Blockchain. Decentralization and Cryptography, Double-Spend Problem, Blockchain and Digital Currency, Transactional Blocks, Impact of Blockchain Technology on Cryptocurrency.

Blockchain and the role of money: blockchain explorer, Introduction to bitcoin (history, distributed P2P network, immutable ledger, forks and Byzantine Fault Tolerance, History and the role of money.

Laboratory and Case Study:

1. Set up a simple Bitcoin node. Explore the Bitcoin scripting language and create custom transactions.
2. Develop and deploy a simple, smart contract on Ethereum blockchain.
3. Simulate and analyze potential attacks on a blockchain network.
4. Case study on preventing double spending in cryptocurrencies through hashing and proof of work
5. Identity Theft and Fraud: Highlight the challenges fintech faces in identity verification, KYC, and fraud prevention.
6. Payment Fraud: Discuss vulnerabilities related to payment systems and transaction integrity.
7. Case study on Regulatory Approaches by Different Countries.

References:

1. Imran Bashir, Mastering Block chain - Distributed ledgers, decentralization and smart contracts explained, Packt Publishing Ltd, 2^nd edition, ISBN 978-1- 78712-544-5, 2017.
2. Daniel Drescher, Blockchain Basics: A Non-Technical Introduction in 25 Steps, Apress, 1^st edition, 2017
3. Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder, Bitcoin and Cryptocurrency Technologies, Princeton University, 2016
4. Manav Gupta, Blockchain for dummies, 2^nd IBM limited edition, 2018, John Wiley & Sons.

MISS-6010: Data Privacy Engineering

Credit Hour: 3.0

Course Objectives:

1. To gain knowledge about data classifications
2. To know about data governance
3. To learn about uses of technologies for ensuring Data Privacy
4. To know about data privacy framework and Regulatory requirements

Course Outcomes:

Upon completing the course, students will be able to:

1. Understand privacy laws and regulations, global data privacy frameworks, and how they impact the engineering and development of systems.
2. Privacy risk assessments, identifying and mitigating risks associated with the collection, storage, processing, and sharing of personal data.
3. Integrate privacy by design principles into the software development lifecycle, ensuring that privacy features are embedded into systems from the initial stages of
4. Graduates will be able to enforce data minimization and access control principles, ensuring that only necessary data is collected and that access to personal data is limited to authorized personnel.
5. Design and implement data breach response plans, including detecting, mitigating, and reporting privacy breaches in compliance with legal obligations.
6. Implement privacy monitoring systems that ensure ongoing compliance with privacy regulations and enable the detection of potential privacy issues in real-time.

Course Content:

Understanding Data and Privacy; Understanding Privacy Engineering; Data Inventory and Data Classification; Privacy Governance (Governance, Management and Risk Management); Privacy Architecture (Infrastructure, Applications/Software and Technical Privacy Controls); Data Lifecycle (Data Purpose and Data Persistence); Data Collection, Data Use, and Data Reuse; Privacy Law and Data Protection; Identify privacy objectives; Spot privacy risks in software; Apply privacy design patterns; Distinguish security incidents from breaches; Detect, investigate, report on and recover from data privacy breaches.

Laboratory and Case Study:

1. Case Study on Data Classification
2. System Architecture Design considering Data Privacy
3. Data Flow Chart Design for ensuring Data Privacy
4. Software Development Strategies
5. Table Design and Access control for ensuring Data Privacy

References:

1. D. D. Johnson, Data Privacy: A Runbook for Engineers, O'Reilly Media, 2022.
2. Bhajaria, Data Privacy: A Runbook for Engineers, 1^st edition, O'Reilly Media, 2022.
3. Kevin Mitnick, The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data, Hardcover edition, Little, Brown and Company, 2017.
4. Gwen Kennedy, Data Privacy Law: A Practical Guide to the GDPR, 1^st edition, Routledge, 2020.

MISS-6011: Malware Analysis & Reverse Engineering
Credit Hour: 3.0

Course Objectives:

1. To strengthen the good features of a product based on long-term usage of the product
2. To explore new avenues to improve product performance and features
3. To understand and apply the fundamentals of assembly language in software reverse engineering
4. To understand the ways of application cracking
5. To understand the application of reverse engineering in different applications
6. To apply and experiment the analysis of malwares

Course Outcomes:

Upon completing the course, students will be able to:

1. Select obsolete materials or antiquated manufacturing processes with more current, less-expensive technologies
2. Apply the fundamentals of assembly language in software reverse engineering
3. Identify the ways an application is cracked
4. Apply different tools for reverse engineering in different applications such as VB and DotNet.
5. Apply and experiment static and dynamic malwares.
6. Identify advance malwares

Course Content:

Introduction to Reverse Engineering: Definition of Reverse Engineering; Importance of Reversing an application; Basic Perquisite for learning Reverse Engineering; The responsibility of Reverse Engineer.

Windows Architecture: User and Kernel mode fundamentals; Memory management; Process and Threads; File Systems; Windows I/O.

Assembly Language Fundamentals: Definition of Assembly Language; Difference between Assembly Language and other high-level language; Fundamentals of different registers; Instructions of Assembly Language; "Hello World" in Assembly Language; Assembly Language in Reverse Engineering; Windows PE Format Analysis; Basic structure of PE; The DOS Header; The PE Header; The Section Table; Virtual address (VA) and Relative Virtual Address (RVA); Offset.

Application Cracking: Definition of Application Cracking; Different kinds of Patching; Serial Fishing; License Key; Manual Unpacking; Key-genning; Obfuscation; Unpacking Packed/Protected Executables.

Tools for Reverse Engineering: Introduction to Ollydbg; Various Plugins in Ollydbg; "Hello World" Application Reversing with Ollydbg; Application Key-genning with Ollydbg; Anti-Debugging Technique Bypass with Ollydbg; Live Demonstration with various tools.

Reversing Technique of VB Application: Basic of Visual Basic; Tools for Reverse VB Application; Detailed Analysis of VB Application.

Reversing Technique of DotNet Application: Basic of DotNet Framework; Tools for Reverse DotNet Application; Detailed Analysis of DotNet Application

World of Malwares: What is Malware? Kinds of Malware; Why Malware is being created; Various Terminology about Malware.

Malware Analysis Lab Setup: Creating your own Virtual World; A Copy of Windows XP / 7; Tools for analysis of Windows Malware; Prohibition on Connection Between Virtual System and Host System.

Basic Static Analysis of Malware: Anti-Virus Scanning; Hashing: Fingerprint of Malware; Detecting Packers; Analysing PE file Headers and Sections.

Basic Dynamic Analysis of Malware: Running Malware using Sandboxing, Analyzing the Process of Malware, Monitoring Registry Changes, Network Traffic Analysis.

Advanced Malware Analysis: Patterns of common Malware Characteristics at the Windows API level, Unpacking Malware, recovering concealed malicious code and data, Bypassing anti-analysis defenses.

Laboratory and Case Study:

1. Set up a safe virtual environment to analyze malware
2. Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
3. Environment setup using CUKOO, REMNUX
4. Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
5. Use your newfound knowledge of Windows internals for malware analysis
6. Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
7. Static Code Analysis
8. Dynamic Code Analysis

References:

1. Chee Kai Chua, Kah Fai Leong, Chu Sing Lim; Rapid Prototyping: Principles and Applications, 3^rd edition,World Scientific, 2010, ISBN: 978-981-277-898-7.
2. J. Slota, M. Mantič, and I. Gajdoš, Rapid Prototyping a Reverse Engineering, Technická univerzita v Košiciach, ISBN:978-80-553-0548-6, 2010.

MISS 6012: Artificial Intelligence & Machine Learning

Credit Hour: 3.0

Course Objectives:

1. To master the various techniques of Artificial Intelligence and Machine Learning.
2. To formulate security problems and to select appropriate AL and ML strategies to solve them.
3. To analyze the applicability of AL and ML tools for different security problems. 
4. To design solutions for small to medium scale problems.

Course Outcomes:

Upon completing the course, graduates will be able to:

1. Demonstrate the understanding of the concepts of AL and ML including supervised, unsupervised and reinforcement learnings.
2. Apply AL and ML tools and techniques to security problems.
3. Compare the benefits, limitations and tradeoff between different algorithms and select the appropriate measure.         
4. Develop defense solutions for various kinds of cybersecurity applications

Course Content:

Artificial Intelligence: Stages of designing an AI-based product with a focus on specifics such as the cost metrics and technical requirements of an AI software development plan; A brief Introduction Artificial intelligence (AI) and its applications in cyber security; Impact and challenges of AI in cyber security; Intelligent agents, Uninformed search, Informed search, Constraint satisfaction, Game-playing, Logical agents, Propositional logic, First-order logic, Inference in first-order logic, Resolution, Logic programming, Planning, Plan execution, Uncertainty, Probability theory, Probabilistic inference, Bayesian networks and associated inference algorithms, Optimal decisions under uncertainty, optimal sequential decisions, Learning agents, Inductive learning, Decision trees.

Machine Learning: Supervised Learning: Linear regression and classification, Model assessment and cross-validation, Introduction to optimization, Nonlinear regression (neural nets and Gaussian processes), Boosting and feature selection. Neural Network, Back-propagation algorithm and other training algorithms. Regularizations. Practical aspects of Neural Network.; Unsupervised Learning: Nearest neighbors and K-means, Hierarchical Clustering and Density based Clustering. The EM algorithm, Mixture models for discrete and continuous data, Temporal methods: Hidden Markov models; Boltzmann machines and Random field; Reinforcement Learning: Basic of Sequential Decision Making, Markov Decision Process, Dynamic Programming, Monte Carlo method, Bellman Equations, Q-learning; Deep Learning: Introduction to Deep Learning, Convolutional Neural Network, Residual Network, Adversarial Network, Deep Q-learning. 

Laboratory and Case Study:

1. Malware threat detection with machine learning models (K-means, Decision Tree, Random Forest)
2. Phishing attack detection with Logistic Regression, Decision Tree
3. Automatic Intrusion Detection using ML models.
4. Email Spam Detection using AI techniques.
5. DDos network traffic Analysis
6. Anomaly or Fruad Detection, e.g. Network Anomaly Detection,
7. Breaking Captchas with Convolutional Neural Network

References:

1. Stuart Russell and Peter Norvig, Artificial Intelligence: A Modern Approach (4^th Edition).
2. C. Bishop, Pattern Recognition and Machine Learning, (1st Ed.), 2006.
3. Ian Goodfellow, Y. Bengio and Aaron Courville, Deep Learning, MIT Press, 2016.
4. Richard S. Sutton and Andrew Barto, Reinforcement Learning: An Introduction (2^nd Edition).
5. Michael I. Jordan, An Introduction to Probabilistic Graphical Models.
6. David L. Poole and Alan K. Mackworth, Artificial Intelligence: Foundations of Computational Agents.
7. R.O. Duda, P. E. Hard, and D. G. Stork, Pattern Classification, 2nd Ed., 2001.
8. Soma Halder and Sinan Ozdemir, Hands-On Machine Learning for Cybersecurity, Packt Publisher.

MISS-6013: Management of Governance, Risks & Compliance

Credit Hour: 3.0

Course Objectives:

1. To understand Information Systems Governance
2. To understand Information Systems Risks Management
3. To understand Information Systems Compliance
4. To understand Information Systems Benefits Realizations and Risk Optimizations

Course Outcomes:

Upon completing the course, students will be able to:

1. Understand the concepts of governance, risk management and compliance (GRC)
2. Understand the regulatory environment
3. Identify reason for being governance is essential for effective regulatory compliance risk management
4. Apply Risk-based Approach and Identify high-risk areas and compliance in your organization
5. Develop and implement a governance, risk management and compliance strategic plan
6. Understand, define, and enhance organizational culture as it relates to performance, risk, and compliance
7. Implement governance, risk management and compliance processes that are effective and efficient

Course Content:

Policies, Standards, and Guidelines; Information Systems Risk Management; Information Systems Risk Identification, Analysis and Evaluation; Information Systems Risk Assessment; Information Systems Risk Response and Reporting; Enterprise IT Governance & Compliance; Information Systems Governance Benefits Realization; Management Risk Optimization; Internal Stakeholder Partnership in Governance and Compliance.

Laboratory and Case Study:

1. Case Study on IT Governance
2. Case Study and Remediation based on ISO 27001:2022, CIS 18 Critical Controls and PCI DSSS
3. Case Study on Compliance
4. Case Study on Risk Assessment
5. Case Study on Risk Register preparation
6. Case Study on Controls Development
7. Case Study on Countermeasures for Cyber Attack
8. Case Study on BCP and DRP Preparations

References:

1. Krag Brotby, Information Security Governance: A Practical Development and Implementation Approach, 1^st edition, CRC Press, 2013.
2. Daniel C. Schmoldt, David G. Schwartz, Risk Management for Computer Security: Protecting Your Network and Information Assets, Auerbach Public, 1^st edition, 2007
3. Michael E. Whitman and Herbert J. Mattord, Management of Information Security, 6^th edition, Cengage Learning, 2022.
4. David L. Sutton, Managing Risk and Information Security: Protect to Enable, 1^st edition, Apress, 2015.
5. Peter Trim, Yang-Im Lee, Cyber Security Management A Governance, Risk and Compliance Framework, Routledge, 2018.
6. Krag Brotby, Information Security Governance: A Practical Development and Implementation Approach, 1^st edition, Wiley, 2009.

MISS 6014: Big Data Analytics & Design

Credit Hour: 3.0

Course Objectives:

1. To obtain an overview of Big Data & Hadoop including HDFS and YARN (Yet Another Resource Negotiator)
2. To gain comprehensive knowledge of various tools that fall in the Spark ecosystem
3. To understand how to ingest data in HDFS using Sqoop & Flume
4. To program Spark using Pyspark, and identify the computational trade-offs in a Spark application
5. To model data through statistical and machine learning methods
6. To use the power of handling real-time data feeds through a publish-subscribe messaging system like Kafka
7. To gain exposure to many real-life industry-based projects, like banking, telecommunication, social media, and in the government field

Course Outcomes:

Upon completing the course, the students will be able to:

1. Apply data wrangling, cleaning, and preprocessing techniques to manage large datasets
2. Demonstrate proficiency in big data frameworks (Hadoop, Spark) and NoSQL databases (Cassandra, MongoDB) for storing and processing large volumes of data
3. Implement security measures such as encryption, access control, and anonymization to protect big data systems
4. Understand and address ethical issues, including privacy concerns and algorithmic biases, in the context of big data analytics
5. Demonstrate the ability to tackle real-world big data problems by designing a comprehensive solution

Course Content:

Introduction to Big Data Processing: What is Big Data? What is Hadoop? How Hadoop Solves the Big Data Problem? Hadoop’s Key Characteristics; Hadoop Ecosystem and HDFS; MapReduce and its Advantage; Rack Awareness and Block Replication; YARN and its Advantage; Hadoop Cluster and its Architecture; What is Spark? Why Spark is needed?  How Spark differs from other frameworks?

Large-Scale Data Processing With PySpark: Spark - RDDs, DataFrames, Spark SQL; PySpark + NumPy + SciPy, Code Optimization, Cluster Configurations; Linear Algebra Computation in Large Scale; Distributed File Storage Systems.

Data Modeling and Optimization Problems: Introduction to modeling: numerical vs. probabilistic vs. Bayesian; Introduction to Optimization Problems; Batch and stochastic Gradient Descent; Newton’s Method; Expectation-Maximization, Markov Chain Monte Carlo (MCMC).

Large-Scale Supervised Learning: Introduction to Supervised learning; Generalized Linear Models and Logistic Regression; Regularization; Support Vector Machine (SVM) and the kernel trick; Outlier Detection; Spark ML library.

Large-Scale Unsupervised Learning: Introduction to Unsupervised learning; K-means / K-medoids; Gaussian Mixture Models; Dimensionality Reduction; Spark MLlib for Unsupervised Learning.

Large Scale Text Mining: Latent Semantic Indexing; Topic models; Latent Dirichlet Allocation; Spark ML library for NLP.

Understanding Apache Kafka and Apache Flume: Basic Flume Architecture; Flume Sources; Flume Sinks; Flume Channels; Flume Configuration; Core Concepts of Kafka; Kafka Architecture; Understanding the Components of Kafka Cluster; Configuring Kafka Cluster; Integrating Apache Flume and Apache Kafka.

Apache Spark Streaming: Why Streaming is Necessary? Drawbacks in Existing Computing Methods; What is Spark Streaming? Spark Streaming Features; Spark Streaming Workflow; Streaming Context & Dstreams; Transformations on Dstreams; Slice, Window and ReduceByWindow Operators; Stateful Operators.

Spark GraphX: Key concepts of Spark GraphX; GraphX algorithms and their implementations.

Laboratory and Case Study:

1. Explore techniques for data extraction from various sources. Use tools like Apache Flume or Apache Sqoop to ingest data into the big data platform.
2. Integrate big data with traditional relational databases. Explore methods for connecting and querying data across different storage systems.
3. Implement storage solutions for big data using NoSQL databases. Create key-value, graph, document, and column-family data models.
4. Set up a Hadoop cluster and explore HDFS. Upload, download, and manipulate data within the distributed file system.
5. Execute Hadoop MapReduce jobs on a cluster. Monitor and analyze the progress of job flows using Hadoop tools.
6. Run a Big Data Processing pipeline on Google Cloud (or Amazon AWS).
7. Implement Big Data code in Apache Spark (in PySpark).
8. Run Supervised and Unsupervised machine learning on Large-Scale Data
9. Flume Commands and Setting up Flume Agent
10. Case study on Big Data in i) Healthcare-Predictive analytics for patient care, genomics, and epidemiology; or ii) Finance-Fraud detection, risk analysis, and high-frequency trading; or iii) Retail and Marketing-Customer segmentation, personalization, and recommendation engines.

References:

1. Balamarugan Balusamy, Nandhini Abirami R, Seifedine Kadry and Amir Gandomi, Big Data: Concepts, Technology and Architecture,Wiley.
2. Bill Chambers and Matei Zaharia, Spark: The Definitive Guide: Big Data Processing Made Simple; O'Reilly.
3. Ramcharan, K., Sundar, K., Alla, S, Applied data science using PySpark: Learn the end-to-end predictive model-building cycle, Apress.
4. Han, J., Kamber, M., Pei, J., Data mining: Concepts and techniques.
5. Michael Minelli, Big Data, Big Analytics: Emerging Business Intelligence and Analytics Trends for Today’s Businesses; Wiley.

MISS-6000 Thesis

Credit Hour: 18.0

MISS-6001 Project

Credit Hour: 6.0