Information Security Systems

Master Degree in Information security systems
Сipher: 6M100200
Name: Information security systems

Purpose

To provide students with theoretical knowledge and practical skills allowing to master and apply modern knowledge and the scientific principles of research, development and realization of information security systems in different kind of information systems in various areas of human activity and also to have skills of scientific and pedagogical work on training of specialists on information security systems.

Disciplines

State Compulsory Module 

  • History and Philosophy of Science
  • Foreign language (professional)
  • Pedagogy
  • Psychology

Compulsory Professional Modules (14 credits):

Methods and tools of computer information  security

Module 1: Methods and tools of computer information  security

  • Organization and Planning of Scientific Research
  • Methods and tools of computer information security

Mobile and cloudy computer platforms, security and network security

Module 2: Mobile and cloudy computer platforms, security and network security

  • Secure Network Design
  • Mobile and cloudy computer platforms
  • Management of information security

Track 1: Theory of information security

Module 1: Information systems of security 

  •  Analitical  information systems of security  
  •  Web Application security

Module 2: Complex systems of security and cryptographic algorithms

  •  Planning of the complex systems of security
  • Development  and  analysis of cryptographic algorithms

Module 3: Security SOFTWARE and OS

  • Secure software Design
  • Security OS

Module 4: Cryptanalysis and network security

  • Cryptanalysis
  • Analysis of network security 

Track 2: Information  security  audit 

Module 1: Information security and telecommunication systems and informative security

  •  Consulting models of complex estimation of information security and telecommunication systems
  • Web Security 

Module 2: Information and operating systems security

  • Management technologies  information security
  • Security of the operating systems

Module 3: Audit and Attestation of information security

  • Audit of information security
  • Attestation of objects of information security

Module 4: Firewalls and network security

  • Firewalls of networks
  • Systems of network security

Internship

  • Professional
  • Teaching
  • Research Seminar for Graduate Seminar III
  • Research Seminar for Internship III
  • Internship Seminar IV
  • Internship II

Final Certification

Thesis

Employability

The area of professional activity of masters includes: design, research, production and operation of Information Security systems in various branches of national economy; mathematical, information, software and hardware support of Information Security systems, models and methods of research and design of Information Security, technical testing of systems and devices of Information Security. Graduates of the master can work in research institutes, in state or private educational institution as a lecturer, in area of communication and banks, insurance activities. Graduates of the master will have career opportunities in areas such as: digital forensics; network administration; security analyst; security engineering. Can perform on the objects of professional activity of the following functions: design of information security, realization and administration of   information security systems, support systems of information security, information security testing, providing software and hardware protection of information security systems.

Further studies

Master graduates can continue their education at the PhD level in the profession or professions related to this one. They can also continue to research activities in different areas of economics security, in which will directly apply their knowledge. Access to teacher training (educa­tion track); to Research and Pedagogic training.

Learning & Teaching Approaches

Teaching methods include lectures, smaller tutorial groups and seminars, practical workshop sessions, individual assignments and group tasks. Students learn to put theory into practice by completing team-based projects. Most learning is in small groups (up to 10 people) and emphasizes discussion, making research, problem solving, task preparation. In the final year about half time is dedicated to the final thesis, which is also presented and discussed with a discussion group of teachers and peers.

Assessment methods

Assessment methods include coursework, presentations and practical/written exams. The aim is to use the most appropriate assessment strategy for testing the achievement of the learning outcomes. Evidence of the achievement of the theoretical/conceptual type of learning outcome takes the form of verbalized description, explanation, discussion, critical evaluation, etc. of some concept, theory, principle or technique/methodology. Assessment thus typically takes the form of an opportunity to verbalize the knowledge and understanding e.g. written reports, answers to exam questions, etc. Evidence of achievement of the practical and skills oriented type of learning outcome normally takes the form of the expression of the skill concerned through the completion of some of the stages in the process of the solution of a given problem. Students are also assessed on a regular basis doing exercises in the classroom, tests and   individual work.

Programme competences 

GENERIC

— Ability to use a foreign language in the professional sphere.

— Written and oral communication in one’s own language: ability to write and speak correctly according to the various communication registers (informal, formal, scientific).

— Ability to improve and develop their intellectual and cultural level, to achieve moral and physical perfection of his personality.

— Ability to self-learn new research methods, to changes in scientific and industrial profile of their professional activities.

— Ability to practice the skills in the organization of research and design works in the collective management.

— Ability to take initiative, also in situations of risk, assume full responsibility.

— Ability to independently acquire with the help of information technology and to use in practice new knowledge and skills, including in new areas of knowledge that are not directly connected with the sphere of activity.

— Ability to work independently and in a group, to manage people and to subordinate individual interests a common goal.

— Knowledge of legal and ethical standards and the use of their professional activities

— Ability to quickly find, analyze and competently handle the context of scientific and technical, natural scientific and general scientific information.

— Ability for written and oral communication in the Kazakh and Russian languages.

— Knowledge of foreign language.

 

SUBJECT SPECIFIC

— Ability to understand and analyze the direction of the development of information and communication technologies to protect objects, to predict the efficiency of the information security systems, to assess the cost and risk, to form a strategy for the creation of information security systems in line with the strategy of the organization.

— Ability to design complex systems and information security management systems allowing for the protection of objects.

— Ability to generate detailed and justify the choice of structure, organization principles, complex tools and technology information security protection facilities.

— Ability independently develop and adapt modern methods of information security to the protected objects and also develop and adapt newly introduced domestic and international standards.

— Ability develop programs and test methods, organize the testing and debugging of software and hardware, cryptographic and technical systems and information security.

— Able to analyze the fundamental and applied problems of information security in the conditions of modern information society.

— Able to analyze facilities threats of information security and develop methods to counteract them.

— Able to carry out the collection, processing, analysis and systematization of scientific and technical information by theme research, able to choice methods and means of solving the problem and able to develop plans and research programs and technological developments.

— Able to conduct experimental studies of security objects using modern mathematical methods, hardware and software for the processing of the experimental results.

— Able to perform cryptographic analysis of modern encryption algorithms.

— Able to execute the scientific and technical reports, reviews, prepare publications and scientific reports of the research results.

— Able to execute educational work in secondary and higher education as a teacher and an assistant under the direction of master teacher and professor (docent) in the disciplines direction.

— Able to develop learning materials which used by students in the learning process.

— Able to organize group work of performers, to make management decisions in conditions of the opinions spectrum to determine the order of execution of works.

— Able to organize the work on improvement, modernization and unification of systems, tools, and information security technology in accordance with legal regulations and normative methodological documents of the Republic of Kazakhstan.

— Able to develop projects of methodical and regulatory documents, technical documents, and proposals and activities for the implementation of projects and programs developed.

— Able to organize and execute out work on the manufacture, installation, commissioning, testing and commissioning of systems and information security.

Program learning outcomes

A graduate of the Information Security Systems MSc program must possess the following knowledge, skills, and competences:

Understanding the importance of information security and its impact on the rapidly changing world;

-   know current   problems of Information Security and Safety Systems;

-   know analytical, qualitative and numerical research methods necessary for independent research work;   methods of creation   and use of   mathematical models to   describe and forecast   various processes and phenomena related to security systems;

-   be able to apply the theoretical knowledge received in the fundamental fields of Information Security Systems to solve   theoretical, scientific practical   and information search-related tasks;   solve complex interdisciplinary problems; carry out qualitative and quantitative analysis of obtained results; construct standard mathematical and computer models of physical, technical, economic and other processes; teaching general mathematical modules; computer-based search, collection, preparation and processing of information used in his/her professional activity;

-   have skills   of properly formulating   goals and objectives   of scientific research   as well as   the concept of scientific   search; performing a   patent search and applying   for an invention; presenting results of studies (in the form of articles, reports, papers etc.); organizing work on a scientific basis; acquiring new knowledge using modern information technologies;

-   The student uses risk control and risk optimization analytics and strategies to maximize returns relative to risk for organizations.

-   The student develops and assesses enterprise risk management programs for organizations and incorporates industry best practices in risk management processes and programs.

-   The student applies international standards to company operations and assesses and recommends strategies for maintaining organizational stability and continuity in the global marketplace.

-   The student makes ethical decisions for the use of information technology and creates processes to maintain the security of data in information technology systems

-   The student develops strategies to protect a threatened network using appropriate federal standards, international standards, or industry best practices.

-   The student examines fundamental concepts of secure software.

-   The student evaluates systemic threats and vulnerabilities within the entire software development lifecycle.

-   The student interprets the appropriate roles, related practices and processes, and supporting tools for each phase of   the Software Development Lifecycle (SDLC).

-   The student analyzes enterprise continuity plans and the continuity planning process to ensure the inclusion of essential elements, processes, and stakeholder roles.

-   The student analyzes risks and values and uses a variety of decision analysis tools and decision theory to evaluate   alternatives during decision-making processes.

-   The student examines the fundamental concepts of secure network design, security threats and vulnerabilities, and their impact on network security.

-   The student determines network security implementation strategies, and the role each element of that strategy plays within the security life cycle.

-   The student evaluates the capabilities of firewall and VPN technologies, and assesses their role in protecting and defending a network

-   The student identifies and discusses the Information Assurance certification and accreditation (C&A) process.