BUP AT A GLANCE
1. Introduction
Bangladesh University of Professionals (BUP), one of the public universities of Bangladesh, was established on 05 June 2008. The aim of the University was to facilitate professional degrees and to run undergraduate, graduate and post-graduate degrees through its faculties, affiliated and embodied colleges, institutes, academy or organizations. BUP, with its unique features, is set up in the green landscape of Mirpur Cantonment located in Dhaka Metropolitan City. The University provides a tranquil, pollution-free, and secure campus life, and above all, a congenial academic atmosphere.
BUP deals with not only the education of the armed forces personnel but also the students of the civilian community from home and abroad. It welcomes those students who intend to dedicate their total attention and devotion to serious academic pursuits to build up a better tomorrow for the nation. BUP is committed to providing high-quality education that delivers real benefits for the students. Thus, BUP is the unique academic entity in the country, where blending between the civilian and the armed forces students of diverse skills, experience, exposure, and attitude is possible.
The motto of BUP is "Excellence through Knowledge"
To develop the civil and military human capital through advanced education and research to respond to the knowledge-based society of the contemporary world.
Bangladesh University of Professionals will emerge as a leading university for both professionals and general students through need-based education and research with global perspective.
Integrity : Highest ethical and moral uprightness.
Discipline : Strict discipline in all activities.
Creativity : Creativity in all spheres.
Commitment : High quality academic standards.
Wisdom : Enhanced education and research.
social science, strategy, and security.
BUP offers and regulates degrees in multi-disciplinary dimensions in the field of science, technology, strategy, humanities, liberal education, business, social sciences, medical science, war and security studies, and other fields of knowledge through its following 05 faculties:
English is the medium of Instructions and Examinations in Bangladesh University of Professionals (BUP).
Bangladesh University of Professionals
Mirpur Cantonment, Dhaka- 1216, Bangladesh
Tel:88-02-8000368, PABX 8000261-4
Fax: 88-02-8000443
E-mail: info@bup.edu.bd
Website: www.bup.edu.bd
2. Student Services
2.1 Guidance and Counseling
The guidance and counseling services are available to students on academic and other matters of interest as follows:
2.2 Students Adviser
A Faculty Member is assigned as Student Adviser for each section of a batch, who, as a routine matter, meets the students at least once a week and attends them whenever the students feel it necessary.
2.3 Scholarship and Stipend
It is not applicable for professional master’s programs.
2.4 Internship/Placement (If Applicable)
There is an office in BUP named Counselling and Placement Center (CPC). This center assists students in finding suitable jobs as well as getting an internship. Besides, the CPC is also involved in arranging workshops and seminars to practice resume writing, interview techniques, job search skills, and presentation techniques.
There is a committee to provide the required assistance to the students for placement in different organizations as part of the internship program. The committee comprises the Dean of the Faculty, Chairman of the Department, respective Student Adviser, and Placement Officer. The Dean of the Faculty acts as a convener of this committee.
Respective professional master’s programs may have different internship/placement policies depending upon the requirement of the Department. They may also be a part of BUP Alumni Association.
2.5 Co-Curricular and Club Activities
From its inception, the students of BUP have been spontaneously participating in co-curricular and club activities to enhance their physical, intellectual, moral, and ethical development. The clubs are active and contribute successfully in arranging different university events and ensuring quality/standard. They organize inter-batch/department competitions, inter-university and other competitions. They also organize different important events like cultural programs, sports, debates, etc., and participate in different events and competitions. The students of BUP are also connected with other universities through different clubs. The clubs that are currently functional in BUP are:
The number of clubs may increase to cover other important and interesting events/issues in the coming days. Students of the Professional Master’s programs may participate in the Co-Curricular and club activities.
2.6 Industry/Organization/Field Visits
Different departments of BUP organize visits to various organizations/places according to the requirements of their programs. Students of the professional master’s program will attend Industry/Organization/ Field visits as per their respective curriculum.
2.7 Guest Lectures/Seminars/Symposiums/Workshops/Exercises
Guest Lectures/Seminars/ Symposiums/Workshops/ Exercises on important and contemporary academic issues and lectures/presentations by eminent academicians/professionals/experts are organized throughout the academic year. Students of the professional master’s program may attend such academic activities.
2.8 Admission Procedure
BUP seeks applications from prospective candidates, who fulfill admission qualifications for Masters in Information Systems Security (MISS) as specified in BUP Admission Guideline. The program is offered annually to graduate candidates only. The admission notice is circulated usually in the month of September/October of each year through media advertisement and BUP website notice board. The candidates are asked to apply online. The detailed admission procedure has been spelled out in Admission Guideline, which is available in BUP website (www.bup.edu.bd).
For admission to the program leading to a Masters in Information Systems Security (MISS), an applicant must have:
Every year admission circular is usually published in the month of September/October. Admission test is held in November. Selection of candidates is made based on their standing in the combined merit list in the admission test.
Admission Test Marks includes:
Written Test (MCQ) |
50% |
Communication Test |
15% |
Marks from previous public examinations |
35% |
All candidates are required to take a written admission test of 70 marks (which will be converted into 50%), where he/she will have to qualify. The written test will be of Multiple-Choice Question and will be conducted for 1 hour. The written test will cover the following topics along with marks distribution:
Admission Test Syllabus
Subject Name |
Computer Fundamental |
Software & Hardware |
Quantitative Reasoning- |
Marks |
25 |
25 |
20 |
Total Marks |
70 |
The selected candidates need to appear for a communication test based on their written test result before the panel of communication test consisting of faculty members. 15% of total marks will be allotted. Academic Committee may edit/ fix its percentage time to time.
The results of past public examinations will carry 35% Marks, where 20% is from B.Sc. or equivalent exam and 15% from HSC and SSC exams. The marks are calculated in a simple linear distribution from candidates’ GPA.
2.9 Admission in the Program
The selected candidates from BUP must collect their Admission Form from the Department and complete admission/registration formalities within the given time frame by paying the required fees at the beginning of the academic year. The following rules will apply in this regard:
All civil and military students (where applicable) will be required to pay tuition and other fees as under:
SL. |
Category of fees/charges |
M.Sc. Engg. |
M.Engg. |
Remarks |
1. |
Admission Fee |
10,000.00 |
10,000.00 |
Once |
2 |
Semester Registration Fee |
1000.00 |
1000.00 |
Once |
3 |
Course Registration Fee (100/ Cr) |
3,600.00 |
3,600.00 |
As Per Cr Reg |
4 |
Thesis / Project |
45,000.00 |
22,800.00 |
As Per Cr Reg |
5 |
Library Fee (500 /Sem) |
2,000.00 |
2,000.00 |
Each semester |
6 |
Computer Lab and Training Aid Fee (2000/Sem) |
8,000.00 |
8,000.00 |
Each semester |
7 |
Tuition Fee (2400 / Credit) |
86,400.00 |
86,400.00 |
Each semester |
8 |
Exam Fee/Course Registration Fee (1000/ Theory Credit) |
18,000.00 |
30,000.00 |
Per subject |
9 |
Grade Sheet Fee (500/Sem) |
2,000.00 |
2,000.00 |
Each semester |
10 |
Student Welfare Fee (1000/Sem) |
4,000.00 |
4,000.00 |
Each semester |
11 |
Cultural/Magazine Fee (150/Sem) |
600.00 |
600.00 |
Each semester |
12 |
Dissertation Fee (400 per credit) |
7,200.00 |
2,400.00 |
As Per Cr Reg |
13 |
Center Fee (1500/Sem) |
6,000.00 |
6,000.00 |
Each semester |
14 |
ID Card Fee |
200.00 |
200.00 |
Once |
15 |
Tie/Scraf /Souvenir |
940.00 |
940.00 |
Once |
16 |
BNCC |
60.00 |
60.00 |
Once |
Grand Total |
1,95,000.00 |
1,80,000.00 |
|
Ser |
Subjects |
Amount (Tk.) |
1. |
Re-admission |
10,000.00 |
2. |
Non-Collegiate (Per Subject) |
5,000.00 |
3. |
Late Registration Fee |
1,500.00 |
4. |
Special Final Exam |
15,000.00 |
5. |
Retake Course Fee |
12,000.00 |
6. |
Supplementary Exam Fee |
8000.00 |
Notes: Admission cancellation and refund of admission fee will be executed as per following: No amount of total admission fee will be refunded.
2.11 Review of Fee Structure
All fees will be reviewed as and when necessary, by the university authority, and the students will be liable to pay the fees as per changed/reviewed fees.
2.12 Deadline for Submission of Fees/Dues
The students must clear all the fees during the admission process after the publication of the selected candidates' list by the respective Faculty/Department. For subsequent semester/trimesters, the payment of all fees/dues must be maintained Semester/trimester wise, and the following rules will apply in this regard:
2.13 Course Load to Students
The students must register for the required number of courses per Semester/trimester offered by the respective professional programs. During each Semester/trimester, students are allowed to take/enroll in a maximum of two additional retake course. The students are allowed to retake a course twice and improve a course only once throughout his/her entire registration period. He/she must complete all the Professional Master’s courses within his/her valid registration period.
2.14 Credit Hour
The total time that a teacher must interact with students in a teaching-learning environment for a particular course is defined as credit hour. Precisely, it is the contact hour between the assigned teacher and students. All programs of BUP must consider 01 (One) Credit hour amounting to 14 to 15 contact hours. An ideal contact hour must fulfill the following prerequisites:
2.15 Conduct of Courses
Generally, an individual course teacher is assigned to design and teach a particular course in a semester/trimester. The following guidelines are followed for conducting different courses:
Attendance |
Marks |
85% and above |
10.0 |
75% < 85% |
9.0 |
65% < 75% |
8.0 |
55% < 65% |
7.0 |
50% < 55% |
6.0 |
Less than 50% |
Dis-collegiate |
Note: However, Departments can consider any kind of exceptional cases (Dis-collegiate Policy) subject to the approval of Dean of the respective faculty.
3. Performance Evaluation System
3.1 Distribution of Marks for Evaluation
Letter grades are used to evaluate the performance of a student in a course. The following grading system is followed for performance evaluation of the students:
Remarks |
Distribution |
Final Exam |
50% |
Mid-term |
20% |
Class Test (Best 3 out of 4) (3 Class Test and 01 lab Test Mandatory) |
10% |
Lab Assessment |
10% |
Class attendance |
10% |
Total: |
100% |
The BUP authority reserves the right to review/revise the above grading system. However, depending on the nature of the course, minor modifications can be made by the respective course teacher, provided it is incorporated in the course outline.
3.1.1 Distribution of Marks for Evaluation (Theory Courses)
Letter grades (e.g., A+, A, A-, B+ etc.) are used to evaluate a student's performance in a course. The following mark distribution system can be followed for the performance evaluation of students. However, the respective Department can vary according to their book of the syllabus:
Grading Distribution |
% of Total Grade Allocated |
Class Attendance and Performance |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
Mid Term Exam |
|
Assignment |
|
Term Paper (Book Review / Research Paper Writing) |
|
Semester/trimester Final |
|
Total |
3.1.2 Distribution of Marks for Evaluation (Laboratory Courses)
The marks for the Laboratory courses are distributed according to the type of laboratory course based on the respective Department's requirement. The distribution of the marks for three types of Laboratories is given below:
Category |
Marks Distribution (%) |
Lab test |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
Quiz |
|
Viva |
|
Attendance |
|
Home Assignment/Report |
|
Class Performance/Observation |
|
Total |
|
Category |
Marks Distribution (%) |
Project |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
Quiz |
|
Viva/Presentation |
|
Attendance |
|
Home assignment/report |
|
Class Performance/Observation |
|
Total |
|
Category |
Marks Distribution (%) |
Online Test – 1 |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
Online Test – 2 |
|
Viva |
|
Attendance |
|
Observation |
|
Class Performance |
|
Total |
|
3.1.3 Research Monograph/Thesis/Internship/Project Report
In addition to the theoretical examination of the Research Monograph/Thesis/Internship/ Project Report to be submitted by the students, there shall also be an oral defense of the written work. Three (03) copies of the Thesis/Internship/ Project Report work shall be submitted to the examination committee. The Examination Committee shall appoint the examiners for the Research Monograph/Thesis/Internship/Project Report as per the requirements of their respective professional programs.
Evaluation of Research Monograph/Thesis/ Internship/Project Report (Written Work) |
Oral Defense |
In-Course/Continuous Assessment |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
The weightage of these items will be based on the approved book of the syllabus of the respective programs. |
3.1.4 Resubmission of Research Monograph/Thesis/Internship/Project Report
For valid grounds such as lack of originality or plagiarism, the issue of Thesis/ Internship/ Project Report resubmission will be conducted as per the discretion of examiner(s) concern. In case of resubmitting the Thesis/Internship Report/ Project, the students will be given an additional 02 months to rectify/amend their work. Three (03) copies of the Thesis/Internship/ Project Report should be submitted again. The cost of the examination (e.g. remuneration of supervisors and examiners) will be paid by the student.
3.2 Grading System
Numerical Grade |
Letter Grade |
Grade Point |
|
80% and above |
A+ |
(A Plus) |
4.00 |
75% to < 80% |
A |
(A Regular) |
3.75 |
70% to < 75% |
A- |
(A Minus) |
3.50 |
65% to < 70% |
B+ |
(B Plus) |
3.25 |
60% to < 65% |
B |
(B Regular) |
3.00 |
55% to < 60% |
B- |
(B Minus) |
2.75 |
50% to < 55% |
C+ |
(C Plus) |
2.50 |
45% to < 50% |
C |
(C Regular) |
2.25 |
40% to < 45% |
D |
- |
2.00 |
< 40% |
F |
- |
0.00 |
- |
W |
- |
Withdrawn |
3.3 Calculation of GPA (Grade Point Average) and CGPA (Cumulative Grade Point Average)
Grade Point Average (GPA) is the weighted average of all the grade points obtained in all the courses passed/completed by a student. CGPA (Cumulative Grade Point Average) will be computed after each Semester/trimester to determine the academic standing of the student in the program. The four-step procedure that will be followed to calculate the CGPA of a student is given below:
3.3.1 Calculation of GPA
Grade Point Average (GPA) is the weighted average of the grade points obtained of all the courses passed/completed by a student. For example, if a student passes/completes n courses in a term having credits of С1, С2,.., Cn and his grade points in these courses are G1, G2, ....
Gn respectively, then
|
|
|
∑ Ci Gi
GPA =
∑ Ci
obtained the following grades:
Course Code |
Credit(s) (Ci) |
Grade |
Grade Points (Gi) |
Points Earned (CixGi) |
5101 |
3 |
A+ |
4.00 |
12 |
5102 |
3 |
B |
3.00 |
9 |
5103 |
3 |
A |
3.75 |
11.25 |
5104 |
2 |
B+ |
3.25 |
6.5 |
5105 |
1 |
A- |
3.50 |
3.5 |
Then his/her GPA for the term will be computed as follows:
3x4.00+3x3.00+3x3.75+2x3.25+1x3.50
Grade Point Average (GPA) Calculation =
3+3+3+2+1
= 3.52
3.3.2 Cumulative Grade Point Average (CGPA) Calculation
Cumulative Grade Point Average (GPA) is the weighted average of the grade points obtained of all the courses passed/completed by a student. For example, if a student passes/completes n courses in a term having credits оf С1, С2, Cn and his grade points in these courses are G1, G2, ..Gn respectively, then
3.3.3 Rounding Off the GPA/CGPA
The GPA/CGPA is to be rounded off after two digits of the decimal. For example, to round off 3.465 and above after two decimal digits, it is to be rounded off as 3.47. To round off 3.464 and below after two decimal digits, it is to be rounded off as 3.46.
4. Promotion Policy
To be promoted from one semester to another, students must obtain a minimum CGPA (with a maximum number of ‘F’ Grade to be considered in each semester) /as mentioned in the table below:
Serial |
02-years Masters Program |
||
Semester (From & To) |
Required Minimum CGPA (During the mentioned semester) |
Number of ‘F’ Grade to be considered (in each semester) |
|
1 |
1st – 2nd |
2.50 |
* Maximum one (01) ‘F’ Grade |
2 |
2nd – 3rd |
2.50 |
* Maximum one (01) ‘F’ Grade |
3 |
3rd – 4th |
2.50 |
* Maximum one (01) ‘F’ Grade |
Note: Star (*) marked will not be applicable for retake course
If a student gets ‘F’ grade in more than one (01) course in any semesters and/or fails to obtain required CGPA of 2.50 in a semester as mentioned above, he/she will automatically be relegated to the next batch, and such relegation more than twice entire the registration period will warrant permanent withdrawal of the student from the program. However, besides the retaking cources obtaining ‘F’ Grade, the relegated student will also have the option to improve or retake for rest of the courses.
5. Withdrawal Policies
5.1 Temporary Withdrawal
Temporary withdrawal means a student has voluntarily withdrawn himself/herself from a particular semester/trimester. In such case, the following rules will be maintained:
5.2 Permanent Withdrawal
The term 'Permanent Withdrawal' stands for permanent and voluntary discontinuation of the student from the program. The implication of permanent withdrawal includes cancellation of admission and expiry of registration.
5.3 Withdrawal on Poor Performance
Students may be permanently withdrawn from the program because of their poor performance. A student is always advised to maintain a minimum CGPA. Any student failing to obtain the required CGPA as per promotion policy will be relegated to the next immediate batch. However, two (02) times relegation or three times failure in a course at any time throughout the entire valid registration period will warrant permanent withdrawal of the student from the program.
6. Examination Assessment System
BUP follows a single examiner system, and continuous assessment is done to evaluate a student in a semester/trimester. The following rules will apply for all tests and examinations:
Note: Students with physical disabilities will get an extra 10 minutes per hour in the examination.
6.1 Supplementary Examination
As a rule, supplementary examinations of any kind are discouraged. However, if a student fails to appear in the scheduled Semester/trimester Final Examination for unavoidable and valid reasons; he/she may be allowed to appear at such examination based on the following guidelines under the grounds described below:
6.2 Improvement Policy
A student earning lower than 'B' Grade (i.e. lower than Grade Point 3.00) in any course(s), may choose to improve the grade by appearing at the improvement examination. In case of improvement examination, the following rules will be maintained:
6.3 Retaking a Course
In case of retaking of course(s) of the Professional Master’s Program, students must complete the process within the valid registration period. A student will be allowed to retake only one (01) course in any semester/trimester of a particular year. They will be allowed to retake a course twice only throughout their entire registration period. Retaking a course (or grade) will be guided by the following rules:
A student earning an 'F' grade or being Dis-collegiate/Absent/Expelled from the examination will be required to retake the course offered in the immediate next batch or if the situation is considered reasonable/convenient. In this case, a student can continue with the immediate next available batch. Since achieving a passing grade in all courses is mandatory individually as the degree requirement.
6.4 Registration Duration
The duration of registration period of Professional Master’s Program will be ‘Program Duration + 02 Years’. For example, if the LL.M Professional Program duration is 01 (one) year, then its registration period will be ’01 Year + 02 Years i.e. 03 (Three) years. The duration of the registration period may be extended subject to the approval of Academic Council.
7. Awarding Professional Master’s Degree and Requirements
Students must fulfill all degree requirements within the valid registration period for the Professional Master’s program. The requirements are as follows:
8. Dismissals on Disciplinary Grounds
A student may be dismissed or expelled from the program for adopting unfair means (Copying in examinations/ to influence grades), unruly behavior, or any other breach of discipline. The implication of dismissal may include cancellation of admission and termination of registration.
9. Discipline and Code of Conduct
Adherence to strict discipline is considered a core concept of building future leaders. The students must abide by the rules, regulations, and code of conduct of the university. Students are forbidden to be members or organize students' organizations, clubs, society, etc., other than those set up by the University authority. They must maintain a peaceful and congenial atmosphere in the academic building, particularly adjacent to the classroom, library, faculty rooms, etc. The students will not be allowed to enter the classroom if they are contrary to the following rules:
Note: For the details, "The Students' Discipline Rules" is available on BUP website.
10. Other Breaches of Discipline
The Academic Council may dismiss any student on the disciplinary ground if any form of indiscipline or unruly behavior is observed in him/her, disrupting the academic environment or program or being considered detrimental to BUP's image. The Discipline Committee will process the matter. Zero tolerance to drug, violence, and Sexual Exploitation and Abuse (SEA).
11. Students' Redress Measures
12. Executive Decision for Any Arising Situation
If this Academic Guideline does not explicitly or satisfactorily address any arising situation, in that case, the matter will be referred to the Vice Chancellor for a decision. Execution of such a decision will duly be reported to the Academic Council for information only.
13. Amendments
Any of the provisions of this guideline may be changed and/or new provisions added as per the University's Rules.
14. Conclusion
BUP Professional Master’s Academic Guideline-2023 is for the students, and it is to be followed for the best use of student's academic interests. It is the guide for the Faculty Members to assess the overall evaluation system of the students of BUP and acquaint themselves with BUP's rules and regulations.
DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY (ICT)
The Department of Information and Communication Technology (ICT) at Bangladesh University of Professionals (BUP) is committed to excellence in education, research, and innovation. The department aims to develop skilled professionals and researchers by offering programs tailored to meet the challenges of the dynamic ICT landscape. With a curriculum emphasizing hands-on learning, theoretical foundations, and industry-aligned skills, the ICT Department nurtures talents capable of addressing global technological needs.
The department's vision is to advance ICT education through cutting-edge research, innovative teaching methodologies, and industry collaboration. Equipped with state-of-the-art labs and a dedicated faculty team, it strives to foster critical thinking, problem-solving, and leadership in the realm of technology.
The department stands as a beacon for aspiring technologists and researchers, preparing them to excel in academia, industry, and beyond. The department places special emphasis on:
Through these initiatives, the ICT Department at BUP prepares students to excel academically, professionally, and ethically, contributing significantly to both national and global ICT advancements.
2. Current Programs
The Department of ICT is running the following programs:
Programs |
Duration |
Total Courses Theory+ Laboratory |
Credit on Courses |
Industrial Attachment/ Dissertation Credit |
Total Credit |
Remarks |
BICE |
4 Years |
42 +25 |
151 |
3+6 |
160 |
B.Sc. in ICE |
MICE |
1.5 Years |
6/10 |
18/30 |
18/6 |
36 |
M.Sc. Engg. /M.Engg. |
MISS |
2 Years |
8/12 |
22/34 |
18/6 |
40 |
M.Sc.Engg. / M.Engg. |
MICT |
2 Years |
8/12 |
22/34 |
18/6 |
40 |
M.Sc. Engg. /M.Engg. |
3. Faculty Members
All the programs of the Department of ICT are conducted by a group of esteemed and highly qualified faculty members. Details are in www.bup.edu.bd. Besides, experienced adjunct faculties from renowned universities are also engaged in academic activities of this department.
4. Mailing Address
Chairman, Department of ICT
Faculty of Science and Technology (FST)
Bangladesh University of Professionals (BUP)
Mirpur Cantonment, Dhaka-1216
Phone: 02-8000485, Fax: 88-02-8000443
E-mail: ict@bup.edu.bd
The department has the following program objectives:
Graduating with MISS degree from BUP will be able to:
Sl. |
Name of the Course |
Theory (Credit) |
Total Contact Hours |
Core Courses |
|
||
|
MISS-6101 Principles of Information Security |
3.0 |
48.00 |
|
MISS-6102 Secure Software Design |
3.0 |
48.00 |
|
MISS-6103 Systems & Network Security |
3.0 |
48.00 |
|
MISS-6201 Information Systems Audit |
3.0 |
48.00 |
|
MISS-6202 Penetration Testing |
3.0 |
48.00 |
|
GED-6203 Research Methodology |
1.0 |
32.00 |
Elective Courses |
|
||
1. |
MISS-6004 Digital Forensics |
3.0 |
48.00 |
2. |
MISS-6005 Cryptography |
3.0 |
48.00 |
3. |
MISS-6006 Threat Hunting & SOC Management |
3.0 |
48.00 |
4. |
MISS-6007 Cloud Computing Security |
3.0 |
48.00 |
5. |
MISS-6008 Cyber Law and Ethics |
3.0 |
48.00 |
6. |
MISS-6009 Block Chain Technology & Fintech Security |
3.0 |
48.00 |
7. |
MISS-6010 Data Privacy Engineering |
3.0 |
48.00 |
8. |
MISS-6011 Malware Analysis & Reverse Engineering |
3.0 |
48.00 |
9. |
MISS-6012 Artificial Intelligence & Machine Learning |
3.0 |
48.00 |
10. |
MISS-6013 Management of Governance, Risks & Compliance |
3.0 |
48.00 |
11. |
MISS-6014 Big Data Analysis & Design |
3.0 |
48.00 |
12. |
18.0 |
--- |
|
13. |
MISS-6001 Project |
6.0 |
--- |
Note: Courses may be added or removed based on by the authority based on the availability of the resources and industry practice
SL |
YEAR |
SEMESTER |
DEGREE |
NO. OF THEORY COURSES |
THEORY (CR.) |
THESIS/ PROJECT |
CREDIT |
1
|
First |
1st |
M.Sc. Engg. |
3 |
9 |
- |
9 |
M. Engg. |
3 |
9 |
- |
9 |
|||
2nd |
M.Sc. Engg. |
4 |
10 |
- |
10 |
||
M. Engg. |
4 |
10 |
- |
10 |
|||
2 |
Second |
1st |
M.Sc. Engg. |
1 |
3 |
9 |
12 |
M. Engg. |
3 |
09 |
- |
09 |
|||
2nd |
M.Sc. Engg. |
- |
- |
9 |
9 |
||
M. Engg. |
2 |
6 |
6 |
12 |
|||
Total |
M.Sc. Engg. |
|
- |
- |
40 |
||
M. Engg. |
|
- |
- |
40 |
Each course is designated by a maximum of four-letter code identifying the department offering the course followed by a three-digit number having the following interpretation:
The course designation system is illustrated as follows:
MISS-6101 |
Principles of Information Security |
|
|
Course Title
|
|
Course Serial Number |
|
(Reserved for departmental use to denote course) |
|
Signifies 1st Semester course Signifies 1st Year course Department identification code
|
Year |
Semester |
Course Code |
Course Name |
Theory (Credit) |
Total Credit Hour |
Total Contact Hour |
1st |
1st |
MISS-6101 |
Principles of Information Security |
3.0 |
3.0 |
48.00 |
MISS-6102 |
Secure Software Design |
3.0 |
3.0 |
48.00 |
||
MISS-6103 |
Systems and Network Security |
3.0 |
3.0 |
48.00 |
||
2nd |
MISS-6201 |
Information Systems Audit |
3.0 |
3.0 |
48.00 |
|
MISS-6202 |
Penetration Testing |
3.0 |
3.0 |
48.00 |
||
GED-6203 |
Research Methodology |
1.0 |
2.0 |
32.00 |
||
MISS-60** |
Elective-I |
3.0 |
3.0 |
48.00 |
||
2nd
|
1st |
MISS-60** |
Elective-II |
3.0 |
3.0 |
48.00 |
MISS-6000 |
Thesis |
9.0 |
-- |
-- |
||
2nd |
MISS-6000 |
Thesis |
9.0 |
-- |
-- |
Note: The distribution of elective courses in different semesters may be changed by the authority based on the availability of the resources and industry practice.
Year |
Semester |
Course Code |
Course Name |
Theory (Credit) |
Total Credit Hour |
Total Contact Hour |
1st |
1st |
MISS-6101 |
Principles of Information Security |
3.0 |
3.0 |
48.00 |
MISS-6102 |
Secure Software Design |
3.0 |
3.0 |
48.00 |
||
MISS-6103 |
Systems and Network Security |
3.0 |
3.0 |
48.00 |
||
2nd |
MISS-6201 |
Information Systems Audit |
3.0 |
3.0 |
48.00 |
|
MISS-6202 |
Penetration Testing |
3.0 |
3.0 |
48.00 |
||
GED-6203 |
Research Methodology |
1.0 |
2.0 |
32.00 |
||
MISS-60** |
Elective-I |
3.0 |
3.0 |
48.00 |
||
2nd
|
1st |
MISS-60** |
Elective-II |
3.0 |
3.0 |
48.00 |
MISS-60** |
Elective-III |
3.0 |
3.0 |
48.00 |
||
MISS-60** |
Elective-IV |
3.0 |
3.0 |
48.00 |
||
2nd
|
MISS-60** |
Elective-V |
3.0 |
3.0 |
48.00 |
|
MISS-60** |
Elective-VI |
3.0 |
3.0 |
48.00 |
||
MISS 6001 |
Project |
6.0 |
-- |
-- |
Note: The distribution of elective courses in different semesters may be changed by the authority based on the availability of the resources and industry practice.
Detail syllabus is attached in Annex A
Students gain knowledge and understanding through practical work that allows the exposure and exploration of underpinning theory and concepts. Guided reading and online content support students in developing their understanding of the subject area. An emphasis on formative feedback and tasks is built into all the first-year modules and may include participation in online activities, in order to practice and explore the topics covered in classes more fully.
Students’ knowledge and understanding is assessed by a range of activities that include both formative (developed to provide feedback on learning) and summative (graded) tasks. A wide range of assessment methods are used. Tasks may involve traditional approaches such as case studies, assignments, presentations and term papers, time constrained tests and exams (Details are given in Article 16.1).
Every student submitting a thesis report in partial fulfillment of the requirement of a degree shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Chairman, Department of ICT and must satisfy the examiners that he/she has gained satisfactory knowledge related to the project work.
|
Chairman |
|
Member |
|
Member |
|
Member |
|
External |
Note: If the Chairman of the department, supervise any thesis work, then senior
faculty member will be designated as an Ex-officio.
9.2 Project
9.2.1 Project Lifecycle
9.2.2 Submission of Project
Every student submitting a project report in partial fulfillment of the requirement of a degree shall be required to appear at an oral examination, on a date or dates fixed by the Supervisor concerned in consultation with the Head of the Department of ICT and must satisfy the examiners that he/she has gained satisfactory knowledge related to the project work.
9.2.3 Examination Board for Project
|
Chairman |
|
Member |
|
Member |
|
Member |
|
External |
Note: If the Chairman of the department, supervise any thesis work, then senior
faculty member will be designated as an Ex-officio.
If any student cannot complete the project in their final semester, he/she can re-defend the project with the next batch. However, this will happen only after paying the re-defense fee and getting the approval of the departmental Chairman.
Annex A
Core Courses
MISS-6101: Principles of Information Security
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, graduates will be able to:
Course Content:
Introduction to Information Security / cyber security; The Need for Security; Information Security Standards and Frameworks, Cyber security models (the CIA triad, the star model), Types of Cyber-attacks; Attack motives that drives an attacker; Methods of cyber-attack & attack vectors; Cybercrime, Cyber harassment, Cyber warfare, Cyber surveillance, Issues making cyber security difficult, Cloud Computing and Distributed Computing, Blockchain Technology for cybersecurity.
Legal, Ethical, Professional Issues in Information Security; Types of Risks and Risk Management Frameworks (RMF); Disaster recovery plan and procedures, National ICT Act & Policy, National Information security policy guideline, government and private sector roles in securing cyberspace, international laws in securing cyberspace.
Access Control & Identity and Access Management: Protection Domains, Access Control Lists, User Privilege in Database Systems; Authentication: Authentication using a physical object, Authentication using biometrics; Control physical and logical access to assets; manage identification and authentication of people, devices, and services; federated identity with a third-party service; implement and manage authorization mechanisms; manage the identity and access provisioning lifecycle; implement authentication systems.
Cryptography: Symmetric Cryptography, Public Key Cryptography: RSA cryptosystem–Key distribution – Key management –Diffie Hellman key exchange-ElGamal cryptosystem Elliptic curve arithmetic-Elliptic curve cryptography. Symmetric Key Ciphers: DES–Block cypher Principles of DES – Strength of DES – Differential and linear cryptanalysis - Block cypher design principles – Block cypher mode of operation – Evaluation criteria for AES – Advanced Encryption Standard-RC4–Key distribution. Message Authentication and Integrity: Authentication requirement – Authentication function –MAC–Hash function–Security of hash function and MAC – SHA –Digital signature and authentication protocols–DSS- Entity Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication applications - Kerberos, X.509. Security Practice and System Security: Electronic Mail security–PGP, S/MIME –IP security – Web Security - System Security: Intruders–Malicious software – viruses – Firewalls.
Asset Security: Asset Security, Data Management: Determine and Maintain Ownership, Data Standards, Longevity and Use, Classify Information and Supporting Assets, Asset Management, Protect Privacy, Ensure Appropriate Retention, Determine Data Security Controls, Standards Selection.
Security Engineering: Security Engineering, The Engineering Lifecycle Using Security Design Principles, Fundamental Concepts of Security Models, Information Systems Security Evaluation Models, Security Capabilities of Information Systems, Vulnerabilities of Security Architectures, Database Security, Software and System Vulnerabilities and Threats, Vulnerabilities in Mobile Systems, Vulnerabilities in Embedded Devices and Cyber-Physical Systems, The Application and Use of Cryptography, Site and Facility Design Considerations, Site Planning, Implementation and Operation of Facilities Security.
Configuration Management & Systems Hardening: OS, Database Management Systems, Networking Solutions and Devices, Software, Secure Systems, Trusted Computing Base, Firewalls, Antivirus and Anti-Antivirus Techniques, Digital Signatures, Code Signing, Jailing, Model-Based Intrusion Detection Systems, Encapsulating Mobile Code, Java Security.
Laboratory and Case Study:
References:
MISS-6102: Secure Software Design
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Introduction to Secure Software Development: Overview of secure software development principles, Importance of integrating security into the software development life cycle (SDLC).
Security Requirements Engineering: Identifying and defining security requirements, integrating security requirements with functional requirements.
Threat Modelling: Techniques for identifying and assessing potential security threats, creating threat models to analyze and prioritize risks.
Secure Architecture Design: Principles of designing secure software architecture, Security patterns and best practices for system design,
Secure Coding Practices: Writing secure code and common programming vulnerabilities, Code reviews and static code analysis for security.
Authentication and Authorization: Designing secure authentication mechanisms, Implementing proper authorization controls.
Data Security: Secure handling of sensitive data, Encryption and hashing techniques, Database security considerations.
Web Application Security: Common web application vulnerabilities, Secure coding for web applications, Web application firewalls.
Mobile Application Security: Security considerations for mobile app development, Securing data storage and transmission in mobile apps.
Secure DevOps and CI/CD: Integrating security into the DevOps pipeline, Continuous integration and continuous deployment (CI/CD) security.
Security Testing: Types of security testing (e.g., penetration testing, code review), Automated and manual security testing approaches.
Secure Software Development Tools: Introduction to security tools for developers, Code scanning tools, static analyzers, and other security-related tools.
Secure Software Development Frameworks: Overview of secure development frameworks, Integrating security features from established frameworks.
Secure Software Development Standards and Compliance: Overview of security standards (e.g., CMM, OWASP, NIST, PCI SLC, PCI S3), Ensuring compliance with industry-specific security requirements.
Incident Response in Software Development: Preparing for and responding to security incidents during development, Secure rollback and recovery processes.
Secure Software Maintenance: Best practices for maintaining security during software updates, Patch management and vulnerability management.
Legal and Ethical Considerations: Understanding legal and ethical responsibilities in secure software development, Privacy considerations and compliance.
Laboratory and Case Study:
References:
MISS-6103: Systems & Network Security
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Network Security architecture and security: Understanding Computer Network Security; Hostile Scripts; Security Assessment, Analysis and Assurance Cryptography; System Intrusion Detection and Prevention; Standardization and Security Criteria; Computer Network Security Protocols; Securing application layer protocols; Securing Network Layer, Security in Wireless and Sensor Networks; Operating system vulnerability, Securing Network and Computers- Types of Attacks (Malware, DoS, Spoofing, OS and Application exploits), Securing mechanisms – Authentication, Authorization and Encryption - Encryption Methods, Authentication Methods, VLANs and VPNs, Certificates and PKI; Implementing Security Policies - User and Group Account access policies, Securing Passwords, File System Rights, Network Access Control; Network application security – SSL(Email, Web), Authenticated connections for file transfer.
Operating Systems implementation and Security: Kernel, Distributions, Terminals, Manual pages, Command History, Navigation, File Management, Visual Editor, File permissions, Special permissions, Sudoers, Resource limits, Process management and Scheduling, Services, System, and init Logging and Log Rotation, Installing and Running Open Source Software / different Packages, Linux package management, SSH, Tunneling, and Post-Quantum Cryptography, Networking and Firewalls; DNS, DHCP, and LDAP; Monitoring, Auditing, and Network Analysis - Intrusion Detection, Audit Trails and Log Files, Network Traffic Capture and Analysis; Disaster Planning and Recovery - UPS and AC(Power and environmental conditioning), RAID, Hardware Redundancy and Clusters , Vulnerability Assessment - Policy and the Human Component, Firewall Rule configuration, Patch Level detection, Port Scanning, Privileged Accounts.
Storage Security: Database Management Systems, The Relational Model of data, Relational Algebra, Relational operations, Insertion, Deletion, SQL tables, implementing a database schema using SQL, Defining and running transactions using SQL, Oracle database management systems. Introduction to Storage device hardware , File systems, Erasure coding and array coding, RAID array coding techniques, Storage area networks (SAN), Network-attached storage (NAS), Cloud storage and big data, Cloud and big data file systems: Hadoop Distributed File System, (HDFS), GFS, Windows Azure file systems, Amazon S3 file systems, Programming with HDFS, GFS, Azure, and Amazon S3, Das model, Statistical database security, geospatial database security, security through watermarking & Steganography, Relational storage models, Key value stores, Data consistency and availability in the cloud, Cloud data privacy and security, Personal cloud storage systems design and implementation.
Zero Trust Architecture: Addressing the adversaries already in the Network: Zero Trust, Architecture, Credential Rotation, Compromised Internal Assets, Securing the Network, Tripwire and Red Herring Defenses, Patching, Deputizing Endpoints as Hardened Security Sensors
Data-Centric Security: Application (Reverse) Proxies, Full Stack Security Design, Web Application Firewalls, Database Firewalls/Database Activity Monitoring, File Classification, Data Loss Prevention (DLP), Data Governance, Mobile Device Management (MDM) and Mobile Application Management (MAM), Private Cloud Security, Public Cloud Security, Container Security
Laboratory and Case Study:
References:
MISS-6201: Information Systems Auditing
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Introduction to Security Auditing: Definition and importance of security auditing, Role of security auditors in identifying and mitigating security risks, Evolution of information systems auditing and its significance in today's digital world.
The Process of Auditing Information Systems: IT Audit and Assurance Standards, Guidelines, Tools, and Techniques, Code of Professional Ethics and applicable standards (e.g., ISACA, ISO standards), Phases of the audit process: planning, execution, reporting, and follow-up.
Risk Management and Assessment: Risk assessment concepts, tools, and techniques in an audit context, implementing risk assessment models, with a focus on ISO 27001-based frameworks, Control objectives and controls related to information systems, Identifying and categorizing risks based on likelihood and impact, Understanding risk mitigation and management strategies.
Audit Planning and Project Management: Key elements of audit planning: setting objectives, scope, timelines, and resources, Techniques for audit project management, including follow-up, Importance of clear communication with stakeholders throughout the audit lifecycle.
Governance and Management of IT: IT governance frameworks (e.g., COBIT, ITIL) and their relevance to information systems audits, the relationship between governance, security, and organizational risk management, best practices for managing IT and security-related processes.
Network Security Auditing: Auditing firewall configurations and assessing network architecture for vulnerabilities, Intrusion detection and prevention systems (IDPS) and their role in securing networks, Evaluating network segmentation and access control mechanisms.
Application Security Auditing: Auditing web and mobile applications for security vulnerabilities, Secure coding practices, code reviews, and vulnerability management, Evaluating common vulnerabilities such as SQL injection, cross-site scripting (XSS), and others.
Endpoint Security Auditing: Auditing endpoint protection measures (e.g., antivirus, endpoint detection and response), Assessing the security of end-user devices.
Security Incident Response and Forensics: Developing and auditing incident response plans, Conducting security forensics investigations, Legal and ethical considerations in incident response.
Identity and Access Management Auditing: Auditing user access controls, Assessing identity management and authentication systems.
Cloud Security Auditing: Auditing cloud service providers, Assessing the security of cloud infrastructure and services.
Wireless Security Auditing: Auditing wireless network security, Assessing the security of Wi-Fi networks.
Physical Security Auditing: Auditing physical access controls, Assessing security measures at data centers and facilities.
Security Awareness and Training: Assessing the effectiveness of security awareness programs, Training employees on security best practices.
Security Metrics and Reporting: Developing and using security metrics, Creating comprehensive security audit reports.
Compliance Auditing: Auditing for regulatory compliance (e.g., PCI DSS, SO27001, GDPR, HIPAA), Assessing adherence to industry-specific security standards.
Vulnerability Scanning and Penetration Testing Auditing: Understanding ethical hacking principles, conducting security penetration testing.
Laboratory and Case Study:
References:
MISS 6202: Penetration Testing
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Introduction to Cybersecurity Penetration Testing Concepts: Types, and Phases, What is Hacking, Why Ethical Hacking is Necessary, Scope and Limitations of Ethical Hacking, Information Security Controls, Information Assurance (IA), Information Security Management Program, Threat Modeling, Enterprise Information Security Architecture (EISA), Network Security Zoning, Defense in Depth- Information- Security-Policies, Types of Security Policies, What is Vulnerability Assessment?, Types of Vulnerability Assessment, Network Vulnerability Assessment Methodology, Vulnerability Research Websites, Penetration Testing, Comparing Security Audit, Vulnerability Assessment, and Penetration Testing, Blue Teaming/Red Teaming, Hacking Phases, Scan for Vulnerability, Vulnerability Scanning, Vulnerability Scanning Tool, Nessus, Network Vulnerability Scanners, Vulnerability Scanning Tools for Mobile, Draw Network Diagrams, Drawing Network Diagrams, Network Discovery Tool, Network Topology Mapper and Network View, Network Discovery Tools for Mobile, Gaining Access, Maintaining Access, Clearing Tracks, Information at Hand Before System Hacking Stage.
Penetration Testing: Goals, Penetration Testing / Hacking Methodology, Steps in Penetration Testing, Cracking Passwords, Password Cracking, Types of Password Attacks, Non-Electronic Attacks, Active Online Attack, Dictionary, Brute Forcing and Rule-based Attack, Password Guessing, Default Passwords, Active Online Attack, Trojan/Spyware/Keylogger, Example of Active Online Attack Using USB Drive, Hash Injection Attack, Passive Online Attack, Wire Sniffing, Man-in-the-Middle and Replay Attack, Offline Attack, Rainbow Attacks, Tools to Create Rainbow Tables: rtgen and Winrtgen, Distributed Network Attack. Active Directory Penetration Testing, Denial of Service: Introduction, Attacks, Preventing DoS/DDoS; Buffer Overflow: Introduction, Testing vulnerability, Attacks, Countermeasures. Web Application Penetration Testing.
Laboratory and Case Study:
References:
GED 6203: Research Methodology
Credit Hour: 1.0
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Fundamental Concept of Research: Definition, role of research, steps of research, purpose/objectives of research, research questions, research problems, research hypothesis, Bias in Research, characteristics, and types of research, scientific method, Current trends, practices, and professional standards of applied research in different fields.
Basic terminologies and issues in research: Variables, types of variables, properties, and relationships between research, Inductive and deductive research, basic statistical terms used in research, quantitative and qualitative research tools, and research fallacies.
Research process: Problem identification, literature review, research design, measurement and scaling techniques, questionnaire design, data collection, sampling and sample design, and Report writing.
Data and methods of data collection: data, data vs information, types of data, sources of data, primary data collection methods, secondary data collection methods, qualitative and quantitative data collection techniques, Sampling Process stages, sampling distribution, different probability sampling methods, Statistics and Parameters.
Processing and analysis of data: Data processing, univariate analysis, bivariate analysis, multivariate analysis, hypothesis testing, mathematical problems on hypothesis testing, characterization of data, accuracy and precision.
Correlation analysis: Different correlation analysis, Test of hypothesis: mean test, proportion test, variance test, chi-square testing, ANOVA, Cause and effect analysis; regression, simple linear and multiple linear regression, categorical regression, Selection of appropriate statistical tools.
Ethics in Research: Code and Policies of Research, Ethical Principles, Plagiarism in Research, Ethical Decision Making in Research, Conduct of Ethical Research.
Research report/proposal writing: Research report/proposal writing and segments of a research report.
Laboratory and Case Study:
References:
Elective Courses
MISS-6004: Digital Forensic
Credit Hour: 3.0
Course Objectives:
Upon completing the course, students will be able to:
Course Content:
Introduction to Digital Forensics; Investigation Guidelines and Process; Identification & Seizure; Understanding Electronic Data; Physical and Logical Disks; File Systems and Data Storage; Dates, Times and Metadata; Forensic Analysis Techniques; Windows Artifacts; Forensic Challenges; Reporting; Electronic data; Investigating Windows artifacts; Malicious Software; Network Analysis; Methods of Deception; Introduction to Memory analysis; Partitions and core directories of Major Operating Systems; Introduction to Memory analysis; Imaging using Linux tools and forensic distributions; Reporting.
Laboratory and Case Study:
References:
MISS-6005: Cryptography
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Basics of cryptography; Symmetric encryption-Replacement cipher; Basic cryptanalysis ; Modular arithmetic-The ring of integers modulo n; Stream ciphers; Random numbers-Random number, generators, The one-time pad; Encryption using block ciphers-Modes of operation; The Advanced Encryption Standard(AES)-Galois fields, Structure of the AES, AES decryption; Public-key cryptography-Principles-One-way functions-Applications:(key establishment, nonrepudiation, identification, encryption), The Euclidean and extended Euclidean algorithms, Euler’s φ function, Fermat’s little theorem and Euler’s theorem; The RSA cryptosystem; Key exchange-Diffie-Hellman key exchange, Basic group theory (cyclic groups and their subgroups) (optional), The discrete logarithm problem (optional), Security of Diffie-Hellman key exchange (optional); Digital signatures - Basic digital signature protocol 2, The RSA signature scheme ; Hash functions-The purpose of hash functions-Hash function security requirements and properties-Hash function algorithms; Message authentication-Properties of message authentication codes, Building a message authentication code from a hash function; Public Key Infrastructure, Trusted Computing.
Laboratory and Case Study:
References:
MISS-6006: Threat Hunting & SOC Management
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Security Operations Architecture: Cyber Security Operations Management, Investigations, Provisioning of Resources through, Configuration Management, Resource Protection, Preventative Measures against Attacks, Patch and Vulnerability Management, Change and Configuration Management, The Disaster Recovery Process, Test Plan Review, Business Continuity and Other Risk Areas, Access Control, Personnel Safety.
Cyber security Operation Center Analysis and Threat Hunting Module: Analyze and Management of Incidents, Events, and Logging, Incident Detection with Security Information and Event Management (SIEM), Enhanced Incident Detection with Threat Intelligence, Incident Response Management.
Threat Hunting: Threat Intelligence Foundation, Understanding Cyber Threats, IoCs, and Attack Methodology, Cyber Threats and Kill Chain Methodology, Requirements, Planning, Direction, and Review of Threat Intelligence, Data Collection and Processing, Data Analysis, Intelligence Reporting and Dissemination.
Crisis Management: Managing a crisis when management structures don't work; making a drama out of a crisis; the value of simulation and practice of the unforeseen.
Business Continuity and Disaster Recovery: Supporting the business requirements; bridging the link between technology and business; incident Management in context; business impact assessment and strategies for disaster recovery and work area recovery.
Laboratory and Case Study:
References:
MISS-6007: Cloud Computing Security
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completion of this course, students will be able to:
Course Content:
Overview of Cloud computing: Architectural and Technological Influences of Cloud Computing, Cloud deployment models: Public, Private, Community and Hybrid models, Scope of Control, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Cloud Computing Roles, Risks and Security Concerns.
Security Design and Architecture for Cloud Computing: Guiding Security design principles for Cloud Computing Secure Isolation, Comprehensive data protection, End-to-end access control, Monitoring and auditing, Quick look at CSA, NIST and ENISA guidelines for Cloud Security, Common attack vectors and threats.
Secure Isolation of Physical & Logical Infrastructure: Compute, Network and Storage, Common attack vectors and threats, Secure Isolation Strategies, Multitenancy, Virtualization strategies, Inter-tenant network segmentation strategies, Storage isolation strategies.
Data Protection for Cloud Infrastructure and Services: Cloud based Information Life Cycle, Data protection for Confidentiality and Integrity, Common attack vectors and threats, Encryption, Data Redaction, Tokenization, Obfuscation, PKI and Key, Management, Assuring data deletion, Data retention, deletion and archiving procedures for tenant data, Data Protection Strategies.
Enforcing Access Control for Cloud Infrastructure based Services: Access control requirements for Cloud infrastructure, Common attack vectors and threats, Enforcing Access Control Strategies, Compute, Network and Storage, Authentication and Authorization, Roles-based Access Control, Multi-factor authentication, Host, storage and network access control options, OS Hardening and minimization, securing remote access, Verified and measured boot, Firewalls, IDS, IPS and honeypots.
Monitoring, Auditing and Management: Proactive activity monitoring, Incident Response, Monitoring for unauthorized access, malicious traffic, abuse of system privileges, intrusion detection, events and alerts, Auditing – Record generation, Reporting and Management, Tamper-proofing audit logs, Quality of Services, Secure Management, User management, Identity management, Security Information and Event Management.
Introduction to Cloud Design Patterns: Introduction to Design Patterns, Understanding Design Patterns Template, Architectural patterns for Cloud Computing, Platform-to-Virtualization & Virtualization-to-Cloud, Cloud bursting.
Introduction to Identity Management in Cloud Computing: User Identification, Authentication, and Authorization in Cloud Infrastructure, Concepts of Identity & Access Management, Single Sign-on, Identity Federation, Identity providers and service consumers, The role of Identity provisioning.
Cloud Computing Security Design Patterns - I: Security Patterns for Cloud Computing, Trusted Platform, Geo-tagging, Cloud VM Platform Encryption, Trusted Cloud Resource Pools, Secure Cloud Interfaces, Cloud Resource Access Control, Cloud Data Breach Protection, Permanent Data Loss Protection, In-Transit Cloud Data Encryption.
Cloud Computing Security Design Patterns – II: Security Patterns for Cloud Computing – Network Security, Identity & Access Management & Trust, Secure On-Premises Internet Access, Secure External Cloud Connection, Cloud Denial-of-Service Protection, Cloud Traffic Hijacking Protection, Automatically Defined Perimeter, Cloud Authentication Gateway, Federated Cloud Authentication, Cloud Key Management, Trust Attestation Service, Collaborative Monitoring and Logging, Independent Cloud Auditing.
Policy, Compliance & Risk Management in Cloud Computing: Legal, security, forensics, personal & data privacy issues within Cloud environment, Cloud security assessment & audit reports, Laws & regulatory mandates, Personal Identifiable Information & Data Privacy, Privacy requirements for Cloud computing (ISO 27018), Metrics for Service Level Agreements (SLA), Metrics for Risk Management.
Cloud Compliance Assessment & Reporting - Case Study: PCI DSS 3.0 Compliant Cloud Tenant - Case Study, HIPAA compliance Case Study - Protecting PHI in Cloud, Discussions.
Cloud Service Providers – Technology Review: OpenStack Platform, Docker, Amazon Web Services, Wrap Up & Final Projects Review: Course outcomes review, Real-world Compliance Case Study Review.
Laboratory and Case Study:
References:
MISS-6008: Cyber Laws & Ethics
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Security and Trust in Cyber Space and Introduction Cyber Laws and Ethics; Network Neutrality; Online Business and the Law; Intellectual Property; Limitations on Online Speech; Freedom of Speech in an Online World; Methodology and Development of Hypotheses and Data Collection and Empirical Results; Differentiate between laws and ethics, Types of Law - Civil law -Private law; Cybercrime Scenarios in Bangladesh and Digital Security Act 2018 in Bangladesh; New and emerging threats of cyber-crime and terrorism and Terrorist use of the internet; Drug and Human Trafficking in Cyber Crime; Cyber terrorism: Case studies; Cyber Laws: Case studies; Survey of Criminal Justice Theory and Research.
Laboratory and Case Study:
References:
MISS-6009: Block Chain Technology & Fintech Security
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Discover Blockchain Technology: Blockchain, Growth of blockchain technology, Distributed systems, History of blockchain and Bitcoin, Types of blockchain, Blockchain: Architecture, Versions, Variants, Use cases, Life use cases of blockchain, Blockchain vs shared Database, Introduction to cryptocurrencies, Types, Applications.
Decentralization: Methods of decentralization, Routes of decentralization, Blockchain and full ecosystem decentralization, Smart contracts, Decentralized organizations and platforms for decentralization.
Bitcoins: Introducing Bitcoin, Bitcoin digital keys and addresses, Transactions, Blockchain mining. Alternative Coins. Limitations of Bitcoin.
Concept of Double Spending, Hashing, Proof of work: Bitcoin Network and payments, Bitcoin network, Wallets, Bitcoin payments, Innovation in Bitcoin, Bitcoin Clients and APIs.
Introduction to Blockchain Platforms: Ethereum, Hyperledger, IOTA, EOS, Multichain, Big chain, etc. Advantages and Disadvantages, Ethereum vs Bitcoin, Design a new blockchain, Potential for disruption, Design a distributed application, Blockchain applications.
Cryptography and Technical Foundations: Cryptographic primitives, Asymmetric cryptography, Public and private keys. Cryptocurrency: History, Distributed Ledger, Bitcoin protocols - Mining strategy and rewards, Ethereum - Construction, DAO, Smart Contract, GHOST, Vulnerability, Attacks, Sidechain, Namecoin.
Cryptocurrency Regulation: Stakeholders, Roots of Bit coin, Legal Aspects-Crypto currency Exchange, Black Market and Global Economy. Applications: Internet of Things, Medical Record Management System, Domain Name Service and future of Blockchain. Decentralization and Cryptography, Double-Spend Problem, Blockchain and Digital Currency, Transactional Blocks, Impact of Blockchain Technology on Cryptocurrency.
Blockchain and the role of money: blockchain explorer, Introduction to bitcoin (history, distributed P2P network, immutable ledger, forks and Byzantine Fault Tolerance, History and the role of money.
Laboratory and Case Study:
References:
MISS-6010: Data Privacy Engineering
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Understanding Data and Privacy; Understanding Privacy Engineering; Data Inventory and Data Classification; Privacy Governance (Governance, Management and Risk Management); Privacy Architecture (Infrastructure, Applications/Software and Technical Privacy Controls); Data Lifecycle (Data Purpose and Data Persistence); Data Collection, Data Use, and Data Reuse; Privacy Law and Data Protection; Identify privacy objectives; Spot privacy risks in software; Apply privacy design patterns; Distinguish security incidents from breaches; Detect, investigate, report on and recover from data privacy breaches.
Laboratory and Case Study:
References:
MISS-6011: Malware Analysis & Reverse Engineering
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Introduction to Reverse Engineering: Definition of Reverse Engineering; Importance of Reversing an application; Basic Perquisite for learning Reverse Engineering; The responsibility of Reverse Engineer.
Windows Architecture: User and Kernel mode fundamentals; Memory management; Process and Threads; File Systems; Windows I/O.
Assembly Language Fundamentals: Definition of Assembly Language; Difference between Assembly Language and other high-level language; Fundamentals of different registers; Instructions of Assembly Language; "Hello World" in Assembly Language; Assembly Language in Reverse Engineering; Windows PE Format Analysis; Basic structure of PE; The DOS Header; The PE Header; The Section Table; Virtual address (VA) and Relative Virtual Address (RVA); Offset.
Application Cracking: Definition of Application Cracking; Different kinds of Patching; Serial Fishing; License Key; Manual Unpacking; Key-genning; Obfuscation; Unpacking Packed/Protected Executables.
Tools for Reverse Engineering: Introduction to Ollydbg; Various Plugins in Ollydbg; "Hello World" Application Reversing with Ollydbg; Application Key-genning with Ollydbg; Anti-Debugging Technique Bypass with Ollydbg; Live Demonstration with various tools.
Reversing Technique of VB Application: Basic of Visual Basic; Tools for Reverse VB Application; Detailed Analysis of VB Application.
Reversing Technique of DotNet Application: Basic of DotNet Framework; Tools for Reverse DotNet Application; Detailed Analysis of DotNet Application
World of Malwares: What is Malware? Kinds of Malware; Why Malware is being created; Various Terminology about Malware.
Malware Analysis Lab Setup: Creating your own Virtual World; A Copy of Windows XP / 7; Tools for analysis of Windows Malware; Prohibition on Connection Between Virtual System and Host System.
Basic Static Analysis of Malware: Anti-Virus Scanning; Hashing: Fingerprint of Malware; Detecting Packers; Analysing PE file Headers and Sections.
Basic Dynamic Analysis of Malware: Running Malware using Sandboxing, Analyzing the Process of Malware, Monitoring Registry Changes, Network Traffic Analysis.
Advanced Malware Analysis: Patterns of common Malware Characteristics at the Windows API level, Unpacking Malware, recovering concealed malicious code and data, Bypassing anti-analysis defenses.
Laboratory and Case Study:
References:
MISS 6012: Artificial Intelligence & Machine Learning
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, graduates will be able to:
Course Content:
Artificial Intelligence: Stages of designing an AI-based product with a focus on specifics such as the cost metrics and technical requirements of an AI software development plan; A brief Introduction Artificial intelligence (AI) and its applications in cyber security; Impact and challenges of AI in cyber security; Intelligent agents, Uninformed search, Informed search, Constraint satisfaction, Game-playing, Logical agents, Propositional logic, First-order logic, Inference in first-order logic, Resolution, Logic programming, Planning, Plan execution, Uncertainty, Probability theory, Probabilistic inference, Bayesian networks and associated inference algorithms, Optimal decisions under uncertainty, optimal sequential decisions, Learning agents, Inductive learning, Decision trees.
Machine Learning: Supervised Learning: Linear regression and classification, Model assessment and cross-validation, Introduction to optimization, Nonlinear regression (neural nets and Gaussian processes), Boosting and feature selection. Neural Network, Back-propagation algorithm and other training algorithms. Regularizations. Practical aspects of Neural Network.; Unsupervised Learning: Nearest neighbors and K-means, Hierarchical Clustering and Density based Clustering. The EM algorithm, Mixture models for discrete and continuous data, Temporal methods: Hidden Markov models; Boltzmann machines and Random field; Reinforcement Learning: Basic of Sequential Decision Making, Markov Decision Process, Dynamic Programming, Monte Carlo method, Bellman Equations, Q-learning; Deep Learning: Introduction to Deep Learning, Convolutional Neural Network, Residual Network, Adversarial Network, Deep Q-learning.
Laboratory and Case Study:
References:
MISS-6013: Management of Governance, Risks & Compliance
Credit Hour: 3.0
Course Objectives:
Course Outcomes:
Upon completing the course, students will be able to:
Course Content:
Policies, Standards, and Guidelines; Information Systems Risk Management; Information Systems Risk Identification, Analysis and Evaluation; Information Systems Risk Assessment; Information Systems Risk Response and Reporting; Enterprise IT Governance & Compliance; Information Systems Governance Benefits Realization; Management Risk Optimization; Internal Stakeholder Partnership in Governance and Compliance.
Laboratory and Case Study:
References:
MISS 6014: Big Data Analytics & Design
Course Objectives:
Course Outcomes:
Upon completing the course, the students will be able to:
Course Content:
Introduction to Big Data Processing: What is Big Data? What is Hadoop? How Hadoop Solves the Big Data Problem? Hadoop’s Key Characteristics; Hadoop Ecosystem and HDFS; MapReduce and its Advantage; Rack Awareness and Block Replication; YARN and its Advantage; Hadoop Cluster and its Architecture; What is Spark? Why Spark is needed? How Spark differs from other frameworks?
Large-Scale Data Processing With PySpark: Spark - RDDs, DataFrames, Spark SQL; PySpark + NumPy + SciPy, Code Optimization, Cluster Configurations; Linear Algebra Computation in Large Scale; Distributed File Storage Systems.
Data Modeling and Optimization Problems: Introduction to modeling: numerical vs. probabilistic vs. Bayesian; Introduction to Optimization Problems; Batch and stochastic Gradient Descent; Newton’s Method; Expectation-Maximization, Markov Chain Monte Carlo (MCMC).
Large-Scale Supervised Learning: Introduction to Supervised learning; Generalized Linear Models and Logistic Regression; Regularization; Support Vector Machine (SVM) and the kernel trick; Outlier Detection; Spark ML library.
Large-Scale Unsupervised Learning: Introduction to Unsupervised learning; K-means / K-medoids; Gaussian Mixture Models; Dimensionality Reduction; Spark MLlib for Unsupervised Learning.
Large Scale Text Mining: Latent Semantic Indexing; Topic models; Latent Dirichlet Allocation; Spark ML library for NLP.
Understanding Apache Kafka and Apache Flume: Basic Flume Architecture; Flume Sources; Flume Sinks; Flume Channels; Flume Configuration; Core Concepts of Kafka; Kafka Architecture; Understanding the Components of Kafka Cluster; Configuring Kafka Cluster; Integrating Apache Flume and Apache Kafka.
Apache Spark Streaming: Why Streaming is Necessary? Drawbacks in Existing Computing Methods; What is Spark Streaming? Spark Streaming Features; Spark Streaming Workflow; Streaming Context & Dstreams; Transformations on Dstreams; Slice, Window and ReduceByWindow Operators; Stateful Operators.
Spark GraphX: Key concepts of Spark GraphX; GraphX algorithms and their implementations.
Laboratory and Case Study:
References:
MISS-6000 Thesis
Credit Hour: 18.0
MISS-6001 Project
Credit Hour: 6.0
General Info
1. For admission to the courses leading to the degree of M.Sc. Engg. /M. Engg.in Information Systems Security (MISS), an applicant must have obtained a bachelor degree in CSE, EEE, ICT, EECE, ETE, ECE, ICE, IT, Software Engineering or relevant engineering background from any recognized university from home and abroad.
.
2.A minimum GPA of 3.50 out of 5.00 or a first division or equivalent in any one of SSC and HSC or in equivalent examinations and must not have a GPA less than 2.50 out of 5.00 or a third division or equivalent in any of the aforementioned examinations.
(3) At least 50% marks or a minimum GPA of 2.50 out of 4.0 or its equivalent in B. Sc. Engineering or equivalent in the relevant discipline.
Weightage
Others Information
--
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
1st Semester
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
2nd Semester
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
3rd Semester
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
4th Semester
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References
Objectives
Outcomes
References