Master of Science in Information Systems Security (MSISS)

Admission open for Spring 2011

The Master of Science in Information Systems Security (MSISS) program is designed to provide the student with expertise in the management of information systems security for the real world. They will be ready to apply best practices for implementing new technologies, dealing with current and evolving threats, incorporating new security tools and strategies, and managing all security aspects that will serve them well into their career. Graduates will also be well prepared for the CISSP certification, the first information security credential accredited by ANSI ISO/IEC Standard 17024:2003. This 27-SCH program is designed to be completed in one and a half calendar year.

The requirements of the MSISS program consist of eight courses and a one semester MS Project (3 SCH). The eight courses are divided into 7 major courses and one elective course.

All the courses include strong hands on labs and projects. The MS Project should be undertaken after finishing at least two courses in the major.

The pre-requisites required for the MSISS are the equivalent of CSC 3352 (Computer Communications), CSC 3353 (Computer Networks), and 3355 (Cryptography).

MSISS COURSES: 27 SCH

Students can select any of the following courses for the elective:

• Computer Project Management
• Wireless communications
• Broadband communications
• Quality management
• Artificial Intelligence
• Advanced Computer Networks
• Design and Analysis of Algorithms
• Management Electives

MSISS DEGREE REQUIREMENTS

In order to earn an MSISS degree, a student must:

1. Fulfill the major (21 SCH) and elective (3 SCH) course requirements for the MSISS, in addition to any undergraduate pre- requisite courses that may be needed;
2. Complete and defend the MS Thesis (CSC 5333: 3 SCH) successfully;
3. Have a CGPA of at least 3.00;
4. Earn a grade of B or better in all courses counting towards the MSISS

COURSE DESCRIPTIONS

CSC 5333 Final Project 3(3-0) 

Pre-requisite: Approval of Graduate Advisor

Students pursuing the professional program must register for and complete this course.

CSC 5366 IP Networks 3(3-0) 

Pre-requisite: CSC3353 

This course aims at teaching students the architecture of IP networks, including encapsulation, routing, multicasting, and QoS provisioning. It also covers congestion handling in TCP, and extends to cover the transport of media over the Internet, mobile IP, IPv6, and some key application layer protocols and standard IP services.

CSC 5381 Information Security and Risk Management  (3SCH)

Security management entails the identification of an organization's information assets, development of documentation, and implementation of policies with supporting standards, procedures, and guidelines. Topics include: information security objectives; information security management governance (policies, guidelines, standards, and procedures, audit frameworks for compliance – COBIT, COSO, …); organizational behavior; security awareness, training and education; data classification; operations security; physical security; risk management (emphasis on OCTAVE as a standard for risk-based information security strategic assessment and planning).

CSC 5383 Security Architecture, Design and Models (3SCH)

The Security Architecture, Design and Models domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality. Topics include: principles and benefits; hardware (PDAs, CPUs, IO devices, …); software (OS, application software, processes and threads); firmware; trusted systems and computing base; system and enterprise architecture; security design models (DoD and NIST).

CSC 5385 Telecommunications, Network, and Internet Security (3SCH)

The telecommunications, network, and Internet security domain is a very large technical area. Network security concepts and risks will be covered in detail. AUI network will be presented as a case study. Topics include: security threats to networks. Overview of security controls, mechanisms & services for networks. Case study: AUI network; network attacks on IP protocol stacks (spoofing, poisoning, sniffing, scanning, etc.); PKI, PKCS, PKCS10/11; IP layer security mechanisms, standards and technologies (IPSec, VPN); transport layer security mechanisms and standards (SSL,TLS); TLS-PSK, SRP; firewalls; intrusion and Intrusion detection/avoidance systems; network access controls and 802.1X; malicious software, viruses; security in wireless networks.

CSC 5387 Application Security (3SCH)

This domain identifies application software development flaws and threats, and addresses the related security concepts and countermeasures. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security. A special attention is given to web and mobile applications. Topics include: software flaws (buffer and stack overrun) and exploits; viruses, malware and shell code; web applications flaws and exploits: XSS and SQL Injection; mobile applications security issues; user and application authentication: Kerberos, X509 authentication service, web authentication (CAS) and SSO, strong authentication, authentication delegation; application access control methods; electronic Mail Security: SMIME, PGP; PKI and PKCS 7/11; programming with encryption (JCE APIs); biometrics, and strong authentication; software configuration management; secure software development lifecycle and principles.

GBU 5380 Business Continuity and Disaster Recovery Planning (3SCH)

The Business Continuity and Disaster Recovery Planning domain addresses the preservation and recovery of business operations in the event of outages. Topics include: IT disaster planning; statistical risk analysis models; business operation resumption outside of IT; risk, cost, and justification.

LAW 5301 Law, Investigations, and Ethics  (3SCH)

The Law, Investigations, and Ethics domain addresses the sprit, intent, concept, and purposes of significant legal functions in the industry. It is important to understand which laws impact use of computers, jurisdiction, legal protocols, and proper forensic procedures. Topics include: computer crime laws and regulations; federal statutes and application to industry; measures, methods and technologies used to investigate computer crime incidents

For more information or to apply, please visit www.aui.ma/admissions. email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Al Akhawayn University in Ifrane

P.O. Box 104, Hassan II Avenue, 53000 Ifrane, Morocco

Tel: (212) (0) 535 86 20 00