Master Of Science (Information Assurance)
Information Assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form. Information assurance as a field has grown from the practice of information security which in turn grew out of practices and procedures of computer security. Generally, IA is considered more of the strategic risk management of information systems rather than the creation and application of security controls. In addition to defending against malicious hackers and codes (e.g., viruses), IA practitioners consider corporate governance issues such as privacy, regulatory and standards compliance, auditing, business continuity, and disaster recovery as they relate to information systems. Further, while information security draws primarily from computer science, IA is an interdisciplinary field requiring expertise in accounting, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science. Therefore, IA is best thought of as a superset of information security, integrating people, technology and operations to establish security and protection across multiple layers and dimensions.
The MSc (Information Assurance) programme offered by UTM AIS will be the integration of digital forensic science, security engineering, IT risk management of management systems and standard compliance towards a safe and secured Information Society against emerging threats.
This programme is able to produce students be able :
- Integrate and generate in-depth information assurance knowledge in professional practices for the benefit of information assurance discipline.
- Organise, construct and verify a set of activities to solve information problem.
- Evaluate situations and react and display through discussion and communication among peers and others.
- Integrate information assurance professional ethics in the profession, organisation and society.
- Organise and adapt contemporary knowledge independently and manage information effectively and securely.
- Demonstrate managerial and enterprising skills.
Mode of Study
|Mode||Min Semester||Max Semester|
This program will be conducted at Advanced Informatics School (UTM AIS), Universiti Teknologi Malaysia, Kuala Lumpur.
English language is the main medium for teaching & learning activities
Graduates of the programme can work as Information Assurance Analysts, Information Security Officers, Information Assurance Architects, Information Assurance Managers, Academics, Security Analysts, Information Assurance Policy Developers, and Information Assurance Risk Analysts.
Synopsis of Subjects
A. CORE COURSES
MNS 1523 Data Quality Assurance
A data quality assurance program is an explicit combination of organization, methodologies, and activities that exist for the purpose of reaching and maintaining high levels of data quality. The term assurance puts it in the same category as other functions organizations are used to funding and maintaining. Quality assurance, quality control, inspection, and audit are terms applied to other activities that exist for the purpose of maintaining some aspect of the organization’s activities or products at a high level of excellence. Data quality assurance should take place alongside these others, with the same expectations
MNS 1543 Access Control And Perimeter Protection
This course provides students in-depth knowledge on administrative, technical and physical controls to perimeter protection. Perimeter security risks, its threats and counter measures are discussed. At the end of this course students are able to articulate critically and recommend the various perimeter protection and access control systems in aligning administrative strategies and technical capabilities for any type of organization.
MNS 1563 E-crime Investigation And Incident Response Management
This course will discuss on how to conduct computer forensic from acquiring digital evidence to reporting their findings. It includes how to set up a forensics lab, how to acquire the necessary tools and how to conduct an investigation and subsequent digital analysis. The laboratory part of this course will include working with Encase – a suite of digital forensics tools from Guidance Software. In addition there will be labs on network forensics, VoIP (Voice over IP) forensics and video forensics which will give students practical and applied experience with wireless and mobile forensics tools and analysis techniques.
MNS 1513 Information Engineering
Information engineering course focuses on the principles of data models of information in a business enterprise using appropriate software architecture and design methods. The topics include four main components which are (1) Advanced Information System and Information Engineering; (2) Enterprise and Technology Architecture and Organizational Business Strategy; (3) Software Design and Information Retrieval and (4) Managing Digital Data.
MNS 1533 Enterprise Information Assurance
The purpose of enterprise information assurance and management strategy is to protect an organization’s valuable assets and resources, such as information, people and services. Through the selection and application of appropriate safeguards and control helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. This course will examine the elements of information security assurance, employee roles and responsibilities, and common threats. It also examines the need for management controls, policies, procedures, and strategy. Finally, this course will present a comprehensive list of tasks, responsibilities, and objectives that make up a typical information protection program.
MNS 1573 Cyber Law and Ethical Issues
With the emergence of the technology the misuse of the technology has also expanded to its optimum level eg cyber fraud, cyber defamation, hacking, etc. The misuse of the technology has created the need of the enactment and implementation of the cyber laws but whether this cyber laws are capable to control the cyber crime activities, the question requires the at most attention. Today in the present era we need to evolve a ‘cyber-jurisprudence’ based on what can be evaluated and criticized ‘cyber-ethics’. Further, there is a dire need for evolving Code of Ethics on the Cyber Space and its discipline through cyber law.
MNS 1014 Project 1
After being assigned problem individually by the supervisor or proposed by student, each student implement his/her own project based on making use of knowledge and skills obtained in previous courses. Student will be guided during the Research Methodology topic provided in this project. Although Information Assurance Project 1 and Information Assurance Project 2 make a set, these are assessed and presented separately at the end of the semester. A complete report must be written and adhere to the UTM Thesis Writing Guideline.
MNS 2026 Project 2
Each student must pursue his/her project by using various methods and ways available or they have in hand. At the end of this course, each student has to make a presentation in the presence of other students and examiners for the final assessment. A complete report must be written and adhere to the UTM Thesis Writing Guideline.
B. ELECTIVE COURSES: SELECT THREE (3) COURSES ONLY
MNS 2633 Information Assurance Architecture and Technologies
Information Assurance and the application of security assurance models involves the theory and application of a variety of network security architectures and technologies. Implementation of a security policy and its testing is crucial to the satisfactory operation of a network and its applications. The firewall (perimeter and internal) provides a range of techniques and tools in support of policy implementation and for protection against penetrations and resulting exploits. This course provides background theory together with a substantial amount of hands-on workshop experience using very recent security technology and covering the following topics:
- packet filters, proxies, stateful packet inspection
- app level security, content security and authentication
- cryptographic tools using AES encryption and MD5 & SHA authentication
- NAT (Network Address Translation)
- SSL/TLS and X.509 digital certificates
- IPSec and SSL security tunnelling
- Virtual Private Network design, implementation & testing
- Monitoring and performance
MNS 2733 Enterprise Risk Management
This course discusses in depth the risk management in organization. Emphasize is given on the risk management model development, control process, risk evaluation and development control. Students will be asked to view the issues related to risk management from the human factor, process and technical perspective. Relevant technical topics will be included as hands-on exercise.
MNS 2833 Penetration Testing and Counter measures
With the exponential growth of the Internet and networked computers, cyber crime has become one of the most important problems in the computer world. Online credit card fraud, compromised computer servers and other privacy enormities have created a cloud of distrust among online customers. We need to find the best way possible to protect our information systems. A single intrusion of a computer network can result in loss, unauthorized utilization or modification of large amount of data, and cause the paralyses of normal usage of the network communications. Intrusion Detection is identifying unauthorized users in a computer system. This subject is aimed at educating the students with various attack types available and the way to countermeasure those attacks using different Intrusion Detection Systems (IDS) types available. In addition, lab exercises will cover the applications of tools in finding the vulnerabilities and securing the infrastructure.
MNS 2433 Critical Infrastructure Security and Cyber threats
This course discusses various aspects of critical infrastructure security. The course will consider why and how the critical infrastructure problems will impact the public agenda, why some solutions can be adopted and the others are rejected. The course will primarily examine the policy making at a national level in Malaysia, but will also analyze examples from different countries available.
MNS 2533 Biometrics in Information Assurance
The course discusses in depth the principles of biometric in the field of Information security.The course emphasizes the technological aspects of Biometrics and multimedia security (Steganography and Watermarking) and the applications while giving importance to state-of-art technology. The course highlights the technological merger of the Biometrics and multimedia Security in industries such as: Fingerprinting, Face recognition, and others biometrics technologies. Relevant technical topics will be included as hands-on exercise. MATLAB software is used to implement some of hands-on exercise application.
MNS2623 Wireless Infrastructure Security
This course will cover the theory and practice of wireless and mobile network technologies and address a range of risks and vulnerabilities which require specific penetration testing techniques. The characteristics of a variety of wireless and mobile personal, local and wide area networks, including Bluetooth, NFC/RFID, Android, IP Camera CCTV streaming will be studied in a laboratory environment. The manner in which these networks can be compromised by attacks on the network (such as, sniffing, spoofing, hijacking, man-in-the-middle , traffic injection, brute force, or denial of service) as well as host-based attacks such as spyware and buffer overflow will be evaluated in the laboratory. A range of equipment will be connected to the Virtual Machines including, Wireless Access Points, Android Mobiles, Bluetooth Mobiles, Contactless Cards, IP Cameras and others. The laboratory part of this course (50%) will illustrate vulnerabilities in security implementations in various types of commonly used networks and demonstrate how penetration testing is carried out in a wireless and mobile environment.
MNS 2123 Issues in Information Assurance
The objective of this course is to expose students with issues in information assurance (IA) and the solutions to these problems from the case study, industrial visits and experts view. This course will focus on the IA technology as well as IA policy and management aspects in Malaysia.
MNS 2723 Software Development and Vulnerability Analysis
This course discusses in depth the principles of developing software in a secure manner. Emphasize is given on the process of developing the software, covering software development requirement analysis, design, implementation, testing, and deployment. Students will be asked to view the issues related to secure software development from the management perspective. Relevant technical topics such as source code vulnerabilities will be included as hands-on exercise.
MNS 2223 Applied Cryptography
The main aims of this course are to discuss:
- the need for different types of security services
- the main types of cryptographic mechanism
- various cryptographic mechanisms provide different services
- some of the issues relating to the management of these services.
MNS 2133 Principles of Business Continuity Management
This course discusses in depth the principles of business continuity planning. Emphasize is given on the business continuity planning model, disaster recovery, backup system and planning and securing online document. Students will be asked to view the issues related to business continuity planning from the management and technical perspective. Relevant technical topics will be included as hands-on exercise.
C. UNIVERSITY COURSES
UHAP 6013 Seminar on Global Development, Economic and Social Issues
Discussion on this subject includes issues related to globalization and development, economic and social crisis that has become a global concern. It aims in developing skills in understanding and analyzing global issues and recommending relevant solutions. Issues will be discussed in details.
UHAZ 6123 Malaysian Society and Culture
This course is designed for international postgraduates from countries of non-Malay origins. Students will be exposed to various aspects of the Malaysian culture such as belief system, religious festivals, customs and etiquettes of different ethnic groups in Malaysia. Emphasis will be given to the Malay culture as it makes the core for the Dasar Kebudayaan Kebangsaan. Students will also be briefly introduced to basics of Malay language as the national language of Malaysia.
ULAM 6323 Malay Language for Postgraduates
This course is designed for international Master and Doctor of Philosophy students from countries of Malay origins such as Indonesia, Brunei, Singapore and South Thailand. Students will be exposed to scientific paper writing. In this course, students are given an overview of scientific writing. They are also taught about the scientific paper writing method, particularly academic writing style. Furthermore, students are also thought about writing formats such as collections, bibliographies and editing to fit the format described academic writing UTM.
Fees and Entry Requirements
Bachelor degree in any major e.g. B.A, B.Sc, B.Eng, etc
UTM Undergraduates with CGPA 3.00 or others (accredited by LAN) CGPA 3.00
Prior learning experience with these requirements:
- B.Sc holder in IT and Non- IT Degree
- Full-filled pre-requisite subjects (refer to table curriculum structure)
- Relevant working experience (if CGPA less than 3.0)
- Transferred credit (based on UTM transferred credit regulation)
International Student English Requirements
Upon being accepted into the program, all international candidates are required to produce their English Qualification in the form of IELTS (min 6.0) or TOEFL (min 550).
All international students applying to UTM must have a valid two-year old TOEFL or IELTS certificate.
For exempted from the UTM English language requirement, click here.
|Mode of Study||Local (RM)||International (RM)|
- All tuition fee must be paid at the beginning of each semester
- The personal bond (RM1,500) do not include in the tuition fees for International students only.
- Total tuition fee for both programs are subject to normal duration
- Any extra semester will be charge according to university charges
- Personal bond is refundable after full settlement of the tuition fees.
- All payments should be made to “Bendahari UTM” via bank draft and addressed directly to Finance Office, Advanced Informatics School (UTM AIS), Universiti Teknologi Malaysia, Jalan Semarak, 54100 Kuala Lumpur, MALAYSIA.
*Personal bond may vary to countries and refundable after full settlement of the tuition fee
** Reimbursable upon graduation