Log In / Register

Virtual University of Pakistan

Find Course


Featured Courses


CS205 : Information Security

Course Overview

Course Synopsis

As IT continues to grow at a rapid pace and plays a significant role in automating the functions of the enterprise, Information Security has taken on an unparalleled significance around the world. Yet the understanding and implementation of Information Security in Pakistan remains fundamentally poor. This course is based on 20 years vast experience of the instructor in IT, including 10 years as an Information Security practioner in Pakistan. The instructor has experience of working on security assessment and implementation of a wide variety of organizations in Pakistan ranging from small sized organizations to large ones, and banking organizations to telecoms, enterprise, and government setups. As a result of the valuable experience gained from the security assessment of over 50 organizations of all types and sizes in Pakistan, the conclusion is inevitable that the Information Security posture in the country is deficient. This course is based on a practical and realistic view of how to solve the inherent problems in our organizations and how to achieve a deep, lasting and meaningful security transformation, meeting International best-practices. This course is based on the highly successful model already implemented by the course instructor through his Information Security consulting organization – Delta Tech. Hence the course is based on a real and field-tested security transformation methodology and framework which is unique in Pakistan’s industry. The course instructor is convinced that Pakistan’s Information Security deficiencies require a surgical resolution, and if not solved in a methodical manner at the enterprise level through an Information Security transformation program, the Information Security program will always remain severely deficient. This course is an outstanding opportunity for the students to learn of a highly successful, transformational, practical, pioneering, and unique approach to bring about a security transformation in the organizations that they will work for or are already working for. The course offers knowledge, skills, and information that is distilled from over 20 years of field experience in IT and Information Security and cannot be taught by any textbook. By taking this course, the students will readily become Security Transformation change agents, helping the instructor in his mission to effectively orchestrate the Information Security posture in the country bringing it in line with International thresholds and aligned with International best-practices. The course offers a number of demos of real-world security tools which will quickly equip the students to arm themselves with very valuable knowledge and skills which is unparalleled in every previous course on Information Security in Pakistan. In order to bring about the desired transformation all enterprises and organizations in Pakistan, Nahil Mahmood has founded the Pakistan Cyber Security Association (PCSA) of which he is also Chairman. The purpose of this organization is to fill the gap of security eco-system by bringing together all security professionals, organizations and entities onto a collective and collaborative platform for the good of the country’s Information Security posture.

Course Learning Outcomes

After studying this course, the students will be able to:

  • Define Information security and its different aspects
  • Describe the need of information security
  • List the key players and their roles in information security
  • Describe OSI security architecture
  • Understand the basic mechanism of Information Hardening
  • Identify key challenges in information security implementation
  • Describe the status of information security in Pakistan
  • Draw the diagrams of typical IT network and its architecture
  • Use the techniques of security hardening of IT assets
  • Define vulnerability and vulnerability management
  • Define security engineering and its related concepts
  • Describe the information security governance, its building blocks, and how it is implemented
  • Implement information security testing and validation
  • Understand how a security transformation project may be set up for failure
  • Solve the inherent problems in our organizations and how to achieve a deep, lasting and meaningful security transformation, meeting International best-practices.

Course Calendar

1 INTRODUCTION TO THE COURSE
2 Ch01.WHAT IS INFORMATION SECURITY ?
3 Ch01.WHY IS INFORMATION SECURITY NEEDED ?
4 Ch01.WHO IS INFORMATION SECURITY FOR ?
5 Ch01.HOW IS INFORMATION SECURITY IMPLEMENTED ?
6 Ch01.WHO ARE THE PLAYERS IN INFORMATION SECURITY ?
7 Ch01.WHAT ARE THE FOUR LAYERS OF INFORMATION SECURITY TRANSFORMATION FRAMEWORK ?
8 Ch01.WHAT IS INFORMATION SECURITY HARDENING ?
9 Ch01.WHAT IS INFORMATION SECURITY GOVERNANCE ?
10 Ch01.WHAT IS THE DIFFERENCE BETWEEN AN INFORMATION SECURITY POLICY, SOP, AND GUIDELINE ?
11 Ch01.WHAT IS AN INFORMATION SECURITY PROGRAM ?
12 Ch01.WHAT IS THE ROLE OF PEOPLE, PROCESS, AND TECHNOLOGY IN INFORMATION SECURITY ?
13 Ch01.WHAT IS THE ROLE OF AN INFORMATION SECURITY MANAGER ?
14 Ch01.WHAT IS INFORMATION SECURITY AWARENESS ?
15 Ch01.WHAT ARE THE LEADING INFORMATION SECURITY STANDARDS, AND FRAMEWORKS ?
16 Ch01.WHAT IS INFORMATION SECURITY RISK ?
17 Ch01.WHAT IS MANAGEMENT COMMITMENT ?

18 Ch01.WHOSE RESPONSIBILITY IS IMPLEMENTATION OF INFORMATION SECURITY ?
19 Ch01.WHAT CAN HAPPEN IF INFORMATION SECURITY IS NOT IMPLEMENTED (CYBER SECURITY BREACHES)?
20 Ch01.WHAT ARE THE CHALLENGES OF INFORMATION SECURITY IMPLEMENTATION ?
21 Ch01.WHAT IS THE ROLE OF A REGULATOR ?
22 Ch01.WHAT IS THE STATUS OF INFORMATION SECURITY IN PAKISTAN ?
23 Ch01.WHAT IS THE SOLUTION FOR IMPROVEMENT OF INFORMATION SECURITY IN PAKISTAN ?
24 Ch02.WHAT DOES THE TYPICAL ENTERPRISE IT NETWORK LOOK LIKE ?
25 Ch02.WHAT ARE THE MAJOR COMPONENTS OF THE ENTERPRISE IT NETWORK ?
26 Ch02.WHAT IS THE OSI SECURITY ARCHITECTURE ?
27 Ch02.THE NEW FRONTIERS OF ENTERPRISE IT: CLOUD, MOBILE, SOCIAL, IOT
28 Ch02.VIRTUALIZATION AND ENTERPRISE SECURITY
29 Ch02.CASE STUDY OF ENTERPRISE - SMALL ORGANIZATION
30 Ch02.CASE STUDY OF ENTERPRISE - MEDIUM SIZED ORGANIZATION
31 Ch02.CASE STUDY OF ENTERPRISE - LARGE SIZED ORGANIZATION
32 Ch02.WHAT IS THE TYPICAL STRUCTURE OF AN IT TEAM ?
33 Ch02.WHAT ARE THE OBJECTIVES AND KPIs OF A CIO AND IT TEAM ?
34 Ch02.HOW DO THE IT TEAM INTERACT WITH OTHER STAKEHOLDERS IN THE ORGANIZATION ?
35 Ch02.SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - I (COMPONENTS)

36 Ch02.SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - II (TRAFFIC FLOWS)
37 Ch02.SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - III (GENERAL SECURITY DESIGN)
38 Ch02.WHAT IS HIGH AVAILABILITY (HA) ?
39 Ch02.HIGH AVAILABILITY DESIGN
40 Ch02.HOW IS SITE REDUNDANCY INCORPORATED INTO ENTERPRISE NETWORK DESIGN ?
41 Ch02.HIGH AVAILABILITY AND REDUNDANCY CASE STUDY
42 Ch02.BACKUP STRATEGIES
43 Ch02.WHAT IS THE ROLE OF SECURITY TOOLS IN SECURING THE ENTERPRISE ARCHITECTURE ?
44 Ch02.TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 1
45 Ch02.TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 2
46 Ch02.WHAT DOES THE TERM "BOX SECURITY" MEAN ?
47 Ch02.WHAT IS THE BEST APPROACH TO SECURE THE IT ENTERPRISE ARCHITECTURE ?
48 Ch02.WHAT IS DISASTER RECOVERY (DR) ?
49 Ch02.WHAT IS BUSINESS CONTINUITY ?
50 Ch02.HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 1?
51 Ch02.HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 2?
52 Ch02.WHAT IS THE ROLE OF AN IT ASSET IN SECURING THE ORGANIZATION ?
53 Ch02.HOW TO DETERMINE SECURITY POSTURE OF AN ORGANIZATION ?
Assignment No. 1

54 Ch03.HOW DO YOU DRIVE A SUCCESSFUL INFORMATION SECURITY TRANSFORMATION ?
55 Ch03.DIFFERENCE BETWEEN SECURITY HARDENING & PATCHING
56 Ch03.SECURITY HARDENING STRATEGY
57 Ch03.PREREQUISITES FOR THE SECURITY HARDENING PROGRAM
58 Ch03.WHO WILL CONDUCT THE SECURITY HARDENING ?
59 Ch03.WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 1)
60 Ch03.WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 2)
61 Ch03.WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 3)
62 Ch03.A LOOK AT CIS SECURITY BENCHMARKS-PART 1
63 Ch03.A LOOK AT CIS SECURITY BENCHMARKS-PART 2
64 Ch03.A LOOK AT CIS SECURITY BENCHMARKS-PART 3
65 Ch03.A LOOK AT CIS SECURITY BENCHMARKS-PART 4
66 Ch03.A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 1
67 Ch03.A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 2
68 Ch03.A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 3
69 Ch03.A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 4
70 Ch03.COMPARISON OF CIS SECURITY BENCHMARKS VERSUS DISA STIGS
Quiz No. 1

71 Ch03.CASE STUDY - SECURITY HARDENING - WINDOWS SERVER 2012 R2
72 Ch03.CASE STUDY - SECURITY HARDENING - LINUX SERVER
73 Ch03.CASE STUDY - SECURITY HARDENING - SOLARIS SERVER
74 Ch03.CASE STUDY - SECURITY HARDENING - APACHE SERVER
75 Ch03.CASE STUDY - SECURITY HARDENING - ORACLE SOLARIS SERVER
76 Ch03.CASE STUDY - SECURITY HARDENING - MS SQL SERVER
77 Ch03.CASE STUDY - SECURITY HARDENING - ORACLE DB SERVER
78 Ch03.CASE STUDY SECURITY HARDENING - WINDOWS 8 WORKSTATION
79 Ch03.CASE STUDY SECURITY HARDENING - WINDOWS 10 WORKSTATION
80 Ch03.CASE STUDY SECURITY HARDENING - MS EXCHANGE
81 Ch03.CASE STUDY SECURITY HARDENING ACTIVE DIRECTORY (AD)
82 Ch03.CASE STUDY SECURITY HARDENING - MS INTERNET EXPLORER BROWSER
83 Ch03.CASE STUDY SECURITY HARDENING - GOOGLE BROWSER
84 Ch03.CASE STUDY SECURITY HARDENING - MOZILLA FIREFOX
85 Ch03.CASE STUDY SECURITY HARDENING - NETWORK FW
87 Ch03.CASE STUDY SECURITY HARDENING - NETWORK ROUTERS
86 Ch03.CASE STUDY SECURITY HARDENING - NETWORK SWITCHES LAYER 2
88 Ch03.CASE STUDY SECURITY HARDENING - NETWORK WLAN CONTROLLER

89 Ch03.CASE STUDY SECURITY HARDENING - NETWORK LAYER 3 SWITCH
90 Ch03.CASE STUDY SECURITY HARDENING - VMWARE
91 Ch03.CASE STUDY SECURITY HARDENING - CLOUD - AMAZON WEB SERVICES
92 Ch03.SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-1
93 Ch03.SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-2
94 Ch03.SECURITY HARDENING OF SOFTWARE APPLICATIONS - INTRODUCTION
95 Ch03.CASE STUDY SECURITY HARDENING - ASP.NET VERSION 4
96 Ch03.CASE STUDY SECURITY HARDENING - PHP VERSION X
97 Ch03.CASE STUDY SECURITY HARDENING - ASP.NET MVC FRAMEWORK
98 Ch03.CASE STUDY SECURITY HARDENING SHAREPOINT APPLICATIONS
99 Ch03.CASE STUDY SECURITY HARDENING - C APPLICATIONS
100 Ch03.CASE STUDY SECURITY HARDENING - C++ APPLICATIONS
101 Ch03.CASE STUDY SECURITY HARDENING - JAVA APPLICATIONS
102 Ch03.CASE STUDY SECURITY HARDENING PERL APPLICATIONS
103 Ch03.CASE STUDY SECURITY HARDENING - MOBILE DEVICES - ANDROID
104 Ch03.CASE STUDY SECURITY HARDENING - MOBILE DEVICES - IOS
105 Ch03.SECURITY HARDENING OF ASTERISK VOIP - PART 1
Graded Discussion

106 Ch03.SECURITY HARDENING OF ASTERISK VOIP - PART 2
107 Ch03.VERSION CONTROL FOR IT ASSETS
108 Ch03.SOFTWARE VERSION CONTROL BEST PRACTICES
109 Ch03.SECURITY HARDENING - SECURE SOFTWARE IMAGES
110 Ch03.MANUAL AND AUTOMATED WORK IN SECURITY HARDENING
111 Ch03.QUALYS DEMO - SECURITY HARDENING
112 Ch03.QUALYS DEMO - SECURITY HARDENING II
113 Ch03.SECURITY HARDENING LIFECYCLE - MAINTAINING AN INTEGRATED AND CURRENT PROGRAM
114 Ch03.HOW TO SECURITY HARDEN IT ASSETS FOR WHICH BENCHMARK OR STIG IS NOT AVAILABLE
115 Ch04.QUALYS POLICY LIBRARIES
116 Ch04.SECURITY HARDENING FOR OUTSOURCED IT ASSETS
117 Ch04.WHAT IS VULNERABILITY MANAGEMENT (VM) ?
118 Ch04.WHAT ARE THE STEPS IN A VULNERABILITY MANAGEMENT LIFECYCLE ?
119 Ch04.WHY IS SOFTWARE INSECURE ?
120 Ch04.WHY IS A VULNERABILITY MANAGEMENT PROGRAM REQUIRED ?
121 Ch04.WHAT IS CVE, AND VULNERABILITY BULLETIN ?
122 Ch04.WHAT IS AN EXPLOIT ?
123 Ch04.IMPORTANCE OF AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM AT STAGE 2
Quiz No. 2

124 Ch04.CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 1)
125 Ch04.CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 2)
126 Ch04.BEST PRACTICES FOR APPLYING SECURITY PATCHES
127 Ch04.WHO CONDUCTS THE VULNERABILITY MANAGEMENT ?
128 Ch04.VULNERABILITY SCANNING TOOLS - NESSUS FEATURES
129 Ch04.VULNERABILITY SCANNING TOOLS - QUALYS FEATURES
130 Ch04.CASE STUDY - NESSUS DEMO - PART 1
131 Ch04.CASE STUDY - NESSUS DEMO - PART 2
132 Ch04.CASE STUDY - NESSUS DEMO - PART 3
133 Ch04.CASE STUDY - QUALYS DEMO - PART 1
134 Ch04.CASE STUDY - QUALYS DEMO - PART 2
135 Ch04.CASE STUDY - QUALYS DEMO - PART 3
136 Ch04.HOW DO VULNERABILITY MANAGEMENT SCANNERS WORK ?
137 Ch04.QUALYS WEB APPLICATION SCANNING
138 Ch04.QUALYS ADDITIONAL FEATURES
139 Ch04.OPENVAS OPEN SOURCE VULNERABILITY SCANNER
140 Ch04.SUGGESTED FREQUENCY FOR THE VULNERABILITY MANAGEMENT PROGRAM
141 Ch04.POTENTIAL CHALLENGES AND PITFALLS IN THE VULNERABILITY MANAGEMENT PROGRAM
142 Ch04.ASSET MANAGEMENT - MAINTAINING THE ENTERPRISE ASSETS - CHALLENGES
Midterm Examination

143 Ch05.ASSET MANAGEMENT THROUGH QUALYS
144 Ch05.ASSET MANAGEMENT TOOLS FOR SECURITY FUNCTIONS
145 Ch05.WHAT IS SECURITY ENGINEERING ?
146 Ch05.WHAT IS THE OBJECTIVE OF SECURITY ENGINEERING ?
147 Ch05.WHOSE RESPONSIBILITY IS SECURITY ENGINEERING ?
148 Ch05.CIS 20 CRITICAL SECURITY CONTROLS
149 Ch05.CSC1: INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
150 Ch05.CSC2: INVENTORY OF AUTHORIZED AND UNAUTHORIZED SOFTWARE
151 Ch05.CSC3-I: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE
152 Ch05.CSC3-II: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE
153 Ch05.CSC4-I: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION
154 Ch05.CSC4-II: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION
155 Ch05.CSC5-I: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES
156 Ch05.CSC5-II: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES
157 Ch05.CSC6-I: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS
Quiz No. 3

158 Ch05.CSC6-II: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS
159 Ch05.CSC7-I: EMAIL AND WEB BROWSER PROTECTIONS
160 Ch05.CSC7-II: EMAIL AND WEB BROWSER PROTECTIONS
161 Ch05.CSC8-I: MALWARE DEFENSES
162 Ch05.CSC8-II: MALWARE DEFENSES
163 Ch05.CIS CONTROL 9: Limitation and Control of Network Ports, Protocols, and Services
164 Ch05.CIS Control 10: Data Recovery Capabilities
165 Ch05.CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES
166 Ch05.CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES-II
167 Ch05.CIS CONTROL 12: BOUNDARY DEFENSE-I
168 Ch05.CIS CONTROL 12: BOUNDARY DEFENSE-II
169 Ch05.CIS CONTROL 12: BOUNDARY DEFENSE-III
170 Ch05.CIS CONTROL 13: DATA PROTECTION-I
171 Ch05.CIS CONTROL 13: DATA PROTECTION-II
172 Ch05.CIS CONTROL 13: DATA PROTECTION-III
173 Ch05.CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-I
174 Ch05.CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-II
175 Ch05.CIS CONTROL 15: WIRELESS ACCESS CONTROL-I
Assignment No. 2

176 Ch05.CIS CONTROL 15: WIRELESS ACCESS CONTROL-II
177 Ch05.CIS CONTROL 15: WIRELESS ACCESS CONTROL-III
178 Ch05.CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-I
179 Ch05.CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-II
180 Ch05.CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-III
181 Ch05.CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-I
182 Ch05.CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-II
183 Ch05.CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-I
184 Ch05.CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-II
185 Ch05.CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-III
186 Ch05.CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-I
187 Ch05.CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-II
188 Ch06.CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-I
189 Ch06.CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-II
190 Ch06.WHAT IS IT GOVERNANCE ?
191 Ch06.WHAT IS INFORMATION SECURITY GOVERNANCE ?
192 Ch06.WHY INFORMATION SECURITY GOVERNANCE IS AT STAGE 4 OF THE SECURITY TRANSFORMATION ?
193 Ch06.CAN INFORMATION SECURITY GOVERNANCE BE IMPLEMENTED SOONER THAN STAGE 4 ?

194 Ch06.ANOTHER LOOK AT PAKISTAN'S INFORMATION SECURITY POSTURE AND CHALLENGES
195 Ch06.WHAT ARE THE INFORMATION SECURITY GOVERNANCE BUILDING BLOCKS ?
196 Ch06.WHOSE RESPONSIBILITY IS INFORMATION SECURITY GOVERNANCE ?
197 Ch06.HOW IS INFORMATION SECURITY GOVERNANCE IMPLEMENTED ?
198 Ch06.HOW CAN YOU BUILD AN EFFECTIVE INFORMATION SECURITY GOVERNANCE PROGRAM ?
199 Ch06.WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (LARGE ORGANIZATION)
200 Ch06.WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (MID-SIZED ORGANIZATION)
201 Ch06.WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (SMALL ORGANIZATION)
202 Ch06.ROLE OF THE CISO IN DRIVING THE INFOSEC PROGRAM
203 Ch06.WHAT ARE KEY INHIBITORS WHICH WILL LEAD TO FAILURE OF THE INFORMATION SECURITY PROGRAM ?
204 Ch06.INFORMATION SECURITY STRATEGY FOR SMALLER ORGANIZATIONS
205 Ch06.COMMON CHALLENGES WITH SECURITY GOVERNANCE DOCUMENTATION
206 Ch06.SECURITY DOCUMENTATION: POLICIES
207 Ch06.SECURITY DOCUMENTATION: STANDARDS
208 Ch06.SECURITY DOCUMENTATION: PROCEDURES
209 Ch06.SECURITY DOCUMENTATION: GUIDELINES
210 Ch06.HOW TO DEVELOP EFFECTIVE SECURITY POLICIES & DOCUMENTS
211 Ch06.WORLD'S LEADING INFORMATION SECURITY GOVERNANCE FRAMEWORK - ISO27001:2013 (ISMS)
Quiz No. 4

212 Ch06.THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 4-6
213 Ch06.THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 7-10
214 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 1
215 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 2
216 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 3
217 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 4
218 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 5
219 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 6
220 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 7
221 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 8
222 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 9
223 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 10
224 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 11
225 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 12
226 Ch06.THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 13
227 Ch06.HOW TO USE ISO27002:2013
228 Ch06.OTHER INFORMATION SECURITY FRAMEWORKS: PCI DSS V3
229 Ch06.OTHER INFORMATION SECURITY FRAMEWORKS: SANS TOP 20 CRITICAL SECURITY CONTROLS

230 Ch06.OTHER INFORMATION SECURITY FRAMEWORKS: NIST
231 Ch06.OTHER IT GOVERNANCE FRAMEWORKS: COBIT
232 Ch06.OTHER IT GOVERNANCE FRAMEWORKS: CMMI
233 Ch06.ISO31000:2018 - RISK MANAGEMENT - AN INTRODUCTION
234 Ch06.ISO31000:2018 - RISK MANAGEMENT - 8 PRINCIPLES
235 Ch06.ISO31000:2018 - RISK MANAGEMENT - FRAMEWORK
236 Ch06.ISO31000:2018 - RISK MANAGEMENT - PROCESS
237 Ch06.ISO31000:2018 - RISK MANAGEMENT - HOW TO IMPLEMENT
238 Ch06.INCIDENT MANAGEMENT-I
239 Ch06.INCIDENT MANAGEMENT-II
240 Ch06.CHANGE MANAGEMENT-I
241 Ch06.CHANGE MANAGEMENT-II
242 Ch06.CHANGE MANAGEMENT-III
243 Ch06.PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 1 (IMPORTANCE)
244 Ch06.PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 2 (STRUCTURE)
245 Ch06.PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 3 (REPORTING)
246 Ch06.PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 4 (LEADERSHIP)
247 Ch06.CAPACITY MANAGEMENT - PART 1

248 Ch06.CAPACITY MANAGEMENT - PART 2
249 Ch06.RISK MANAGEMENT & INTERNAL AUDIT-I
250 Ch06.RISK MANAGEMENT & INTERNAL AUDIT-II
251 Ch06.MANAGEMENT REVIEW
252 Ch06.HUMAN RESOURCE SECURITY
253 Ch06.CIRCULAR NO. 5, 2017, SBP, TECHNOLOGY GOVERNANCE FRAMEWORK
254 Ch06.CYBER SECURITY MATURITY MATRIX (CSMM) - OVERVIEW
255 Ch06.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 1: FOUNDATION
256 Ch06.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 2: FUNDAMENTALS
257 Ch06.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 3: HARDENED
258 Ch06.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 4: PROTECTED
259 Ch07.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 5: MONITORED
260 Ch07.CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 6: SECURED
261 Ch07.ANOTHER LOOK AT THE INFORMATION SECURITY LIFECYCLE
262 Ch07.WHAT IS SECURITY VALIDATION ?
263 Ch07.HOW IS SECURITY VALIDATION PERFORMED ?
264 Ch07.WHAT IS SECURITY TESTING ?
265 Ch07.WHAT IS SECURITY ACCREDITATION ?

266 Ch07.WHAT IS SECURITY ACCREDITATION PART 2 ?
267 Ch07.EMBEDDING INFORMATION SECURITY INTO THE SDLC
268 Ch07.SOFTWARE SECURITY TESTING & VALIDATION - PART 1
269 Ch07.SOFTWARE SECURITY TESTING & VALIDATION - PART 2
270 Ch07.EMBEDDING INFORMATION SECURITY INTO PROJECT MANAGEMENT
271 Ch07.HOW TO CONDUCT AN INTERNAL SECURITY ASSESSMENT ?
272 Ch07.WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS ?
273 Ch07.WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 2?
274 Ch07.WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 3?
275 Ch08.WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 4?
276 Ch08.WHAT ARE THE STAGES OF A THIRD PARTY PENETRATION TEST ?
277 Ch08.HOW TO FAIL IN IMPLEMENTING A SUCCESSFUL SECURITY TRANSFORMATION ?
278 Ch08.BENEFITS OF THE SECURITY TRANSFORMATION
279 Ch08.SECURITY TRANSFORMATION TIMELINE
280 Ch08.WHOSE RESPONSIBILITY IS THE SECURITY TRANSFORMATION ?
281 Ch08.RAISING MANAGEMENT SUPPORT FOR SECURITY TRANSFORMATION PROJECT
282 Ch08.KEY QUESTIONS TO ASSESS SECURITY POSTURE OF THE ORGANIZATION
283 Ch08.KEY LEADERSHIP QUALITIES OF THE SECURITY TRANSFORMATION HEAD
284 COURSE WRAP UP
Final Term Examination

facebook        facebook        facebook
  

© 2011 Virtual University of Pakistan.
Developed by IT Department, Virtual University of Pakistan.