1 riphah institute of systems engineering Prospectus
2 riphah institute of systems engineering
3 Our Mission Riphah Institute of Systems Engineering (RISE) To create a center of excellence for Information Security. Facilitate the market with the best talent in information security and positively contribute to the academic, public and private sectors. Ingrain the spirit of national competitiveness and be a catalyst for change in the field of Information Security. 01 Riphah International University RISE is a special initiative by Riphah International University to impart quality in education, professional trainings & consultancy in the field of Information Security. With a unique construct this institute out shines all the other educational institutes as it is the first institute that has academia, R&D, training & consulting specializing in information security technology solutions and dedicated to providing information security professionals & delivering cost affective services that span Information Security Management for all industries.
4 Dr. Saad Naeem Zafar (CISA, CISM, CRISC, CGEIT) Director, Riphah Institute of Systems Engineering Chief Information Officer (CIO) 02 Riphah Institute of Systems Engineering Dr. Saad Zafar is currently working as Director, Riphah Institute of Systems Engineering and Dean, Faculty of Computing at Riphah International University (RIU), Islamabad, Pakistan. He has been affiliated with the field of Information Technology for more than twenty years. His area of specialization is Information Security. At Riphah, he is leading a Secure and Dependable Systems research group. He has been teaching Information Security Management, Security Engineering and Application Security, both at the undergraduate and postgraduate level. He has been Director of Information Technology at Riphah International University and has provided Information Technology consultancy to a number of organizations. Dr. Zafar started his career working as a Software Engineer at Phoenix Technologies and Polysar Incorporated in the USA. Since then he has been involved in many projects related to software acquisition, development and implementation as software engineer, project manager and chief information officer. He has received his PhD from Griffith University, Australia. His research is in the area of Information Security. He was affiliated with the Dependable Complex Computer-based System (DCCS) research group which was funded by the Australian Research Council. He was also associated with the Software Quality Institute and the Institute of Integrated and Intelligent Systems at Griffith University. He has received Masters in Software Engineering from Griffith University, Australia. He was awarded Academic Excellence Award for his educational performance at the Griffith University. Khurram Javed (CEI, CEH, CHFI, ECSA, LPT, CCAI) Assistant Director, Riphah Institute of Systems Engineering Master Trainer, Information Security Trainings, PDC Information Security Consultant/Penetration Tester Khurram Javed is currently serving as Assistant Director, Riphah Institute of Systems Engineering (RISE) and Assistant Professor in the Faculty of Computing at Riphah International University. He is primarily responsible for strategic development, planning, analysis and execution of projects under the Professional Trainings and Consultancy wings. He has been attached with academia for over a decade and has served as permanent faculty in many prestigious universities in Pakistan. His areas of specialization are Social Engineering, Wireless and Offensive Security. Beside academic responsibilities, Khurram has been delivering as an Information Security Consultant / Penetration Tester & Master Trainer, Information Security Certification trainings, under the Professional Development Center at Riphah Institute of Systems Engineering (RISE). He is a prolific information security trainer/consultant and has conducted numerous security trainings across Pakistan. He is a Certified EC-Council Instructor (CEI), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), EC-Council Certified Security Analyst (ECSA) and a Licensed Penetration Tester (LPT) from EC-Council Academy, Kuala Lumpur, Malaysia. He leads the Penetration Testing and Digital Forensics teams at RISE.Khurram is also an active speaker at Information Security conferences and seminars and has professional memberships with EC-Council, IEEE, Cisco Network Academy, ISOC, CSTA-ACM and Pakistan Information Security Association (PISA).
5 Creating Knowledge Beyond Chronology RISE Research The objective of research initiatives is to educate future leaders which will enable them to unveil knowledge and generate fresh ideas. Our research groups work in liaison with varied international research consortiums. The key areas of research are : Secure and Dependable Systems Research Group: This research group is led by Dr. Saad Naeem Zafar. Active research areas of this group are: Secure Software Engineering, Information Security Management, Information Security Policies, IT Governance. 03 Riphah International University Offensive Security Research Group: This research group is led by Mr. Khurram Javed. Active Research areas of the group are: Wireless Security, Ethical Hacking, Social Engineering, Penetration Testing, Offensive Security, Digital Forensics etc. Network Security Research Group: This research group is led by Dr. Muhammad Yousaf. Active research areas of this group are: Network Security, Network Forensics, Network Traffic Analysis, Security Protocols Design, etc. Distributed and Cloud Computing Research Group: This research group is led by Dr. Sheheryar Malik. Active research areas of this group are: Cloud Computing, Cloud Scheduling, Cloud Security, Cloud Federation, Cloud Interoperability, Virtual Machine Management and Cost-aware Resource Acquisition.
6 Programs Offered Master of Science in Information Security (MSIS) The MS Information Security program is designed to fulfill the needs of two distinct classes of individuals: (1) professionals wishing to pursue a professional career in the field of information security, and (2) candidates wishing to prepare themselves for doctoral level study and embark on a research based career. 04 Riphah Institute of Systems Engineering Students enrolled in the MS (Information Security) program are required to complete minimum 33 credit hours of course/research work. Students are recommended to take 12 credit hours (typically 4 courses) of basic courses. Basic courses are carefully designed to cover the breadth of information security theory and practice. Furthermore, students are recommended to take another 12 credit hours (typically 4 courses) of advanced courses. These courses can be selected based on the student s interest and the area of specialization they wish to follow. Additionally, students are required to either complete an industrial project or complete a research thesis of 9 credit hours (typically spanning over two semesters). Generally, students complete their MS (IS) degree requirements in 2 years. However, in some rare cases this duration can last up to maximum 4 years. Students failing to complete their MS (IS) degree requirements in 4 years will be disqualified from the MS (IS) program. Available Seats 25 per semester Duration 2 years Salient Features: Highly skilled faculty members Course work designed to fulfill industry requirements Virtual Learning Environment Recorded Video Lectures Online Discussion Forums Both on-campus as well as off-campus learning facility Course exemptions for relevant information security professional certifications like CEH, CHFI, ECSA, CISSP, CISA, CISM, etc. Eligibility Criteria 16-years of education in science / engineering discipline preferably with 4 years degree program of BS (SE/CS/IT/EE) or equivalent from HEC recognized university or degree awarding institute. (NOTE: candidates may have to complete the deficiency coursework as determined by the admissions committee) Two years of relevant work experience is preferred. Admission Criteria: A valid NTS-GAT (General) score of 50% is required. (optional) Interview Intake Timings Spring & Fall (Twice a year) Monday - Friday (5:30pm - 8:30pm) PROGRAM STRUCTURE Basic Courses Information Systems Security Information Security Management Systems Applied Cryptography Network Security Advanced Information Systems Auditing Risk Management Business Continuity Planning and Disaster Recovery IT Governance Cyber Security Policies Ethical Hacking Penetration Testing Intrusion Detection Systems Wireless Networks Security Network Forensics Distributed and Cloud Computing Secure Software Development Security Requirements Engineering Formal Methods in Information Security Malware Analysis Project Management Data Security and Encryption Advanced Cryptology Data Privacy and Legal Issues Digital Forensics Computer Security Operating System Security Research / Project Thesis: All students enrolled in the MS (IS) program are required to complete either a research or project thesis of 9 credit hours. Students typically complete this requirement in 2 phases. In phase 1, student completes the literature survey / related work and defends his / her synopsis / proposal defense. And in phase 2, student completes his / her research / implementation / performance evaluation and defends his final thesis / defense.
7 PhD Computing (Information Security) Students enrolled in the PhD Computing (Information Security) program are required to complete minimum 48 credit hours of course/research work. Students are required to take minimum 18 credit hours (typically 6 courses) as part of their course work. Objective of these 6 courses is to cover the breadth as well as depth of the knowledge of their interest area. At the completion of these 6 courses, students are expected to cover the issues, best practices, standards, research gaps and challenges of their interest area. On the completion of the course work, students are required to pass the comprehensive / doctoral qualifying exam as well. Furthermore, students are required to take minimum of 30 credit hours as part of their research work. During this phase, students initially are required to defend their PhD synopsis / proposal defense. Students are required to publish their research work in ISI indexed impact factor journals. Minimum of 1 ISI indexed impact factor journal paper and 2 conference papers in high quality international research conferences are required as part of the PhD degree program. However, this number can be increased by the concerned research supervisor. Later on, student is required to defend his/her PhD pre-final defense. Student s research thesis is also evaluated by 2 foreign experts from technologically developed countries. Finally, student is required to defend his/her PhD final public defense. Generally, students complete their PhD (IS) degree requirements in 3 years. However, in some rare cases this duration can last up to maximum 6 years. Students failing to complete their PhD (IS) degree requirements in 6 years will be disqualified. 05 Riphah International University Eligibility Criteria 18 years of education in science / engineering discipline preferably with MS/MPhil (IS/SE/CS/IT/EE) or equivalent from HEC recognized university or degree awarding institute. (NOTE: candidates may have to complete the deficiency coursework as determined by the admissions committee.) CGPA of 3.0/4.0 or above in MS/MPhill degree. Research Thesis in MS/MPhill degree. Two years of relevant work experience is recommended. Intake Spring & Fall (Twice a year) Timings Evening Classes Active Research Areas: Cyber Security Policies Penetration Testing Network Forensics Network Security Malware Analysis Biometric Devices Duration 4 years Admission Criteria: A valid NTS-GAT (Subject) score of 60% is required. (optional) Interview Program Compliance and Accreditation The program is structured to meet the requirements of Higher Education Commission (HEC), Pakistan for Master of Science (MS) degree program. The program is offered by Riphah International University, which is a Federally Chartered University based in Islamabad, Pakistan. The program is approved by the relevant university authorities.
8 Services 06 Riphah Institute of Systems Engineering Penetration Testing (Pen Testing) Penetration testing (aka pen testing) and timely identification of network vulnerabilities is something every organization needs done before hackers or disgruntled insiders exploit the weaknesses. The process of identifying vulnerabilities, evaluating the risk, remediation, and reporting is called vulnerability management. By running penetration tests, organizations are able to more efficiently find and fix security vulnerabilities within their network. Digital Forensics What would you do if you find out that a hacker has invaded your company's application or system without detection and has been stealing information or money from you? Pure Hacking's on-demand forensic and incident response team should be your first port of call in this kind of emergency. If you find you have been hacked, or are in the process of being hacked, we will move immediately to provide you with the following services: ISM Audit The objective of information security management audit/assurance review will: Provide management with an assessment of the effectiveness of the information security management function Evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively GAP Analysis A gap analysis can be broken down into four major areas: policy and procedure, auditing, technical review and findings / prioritization summary. Each of those four phases is reviewed below. Information Security Gap Analysis Step 1 : Policy and procedure Step 2 : Auditing Step 3 : Technical review Step 4 : Findings and a prioritization summary Social Engineering Businesses use security policies and network device configurations to protect against malicious attacks, the contribution of other factors such as physical security and employees' personal security awareness are often overlooked when the risk and vulnerability of IT systems are assessed. Pure Hacking can expose vulnerabilities in your system using baiting, phishing and other social engineering techniques to determine whether crucial security information can or has been obtained. Network Profiling Network Profiling and Analysis We use the most innovative, state-of-the-art tools to analyze your complete network and profile short-term or long-term usage, to enable you to: determine top error sources, top talkers, and a traffic matrix; maintain peak performance and avoid costly network downtime; map the network for planning purposes; use statistics as a basis for accounting and billing; Network Planning and Design Once deficiencies in your network installation have been determined, GTI recommends the most effective and cost efficient solutions to successfully handle anticipated requirements: topologies (Ethernet, Token Ring, FDDI) protocols (TCP/IP, IPX, NetBEUI) interconnecting equipment (hubs, routers, bridges, switches) WAN interconnection (Frame Relay, X.25, PPP, SLIP, ISDN)
9 Trainings World's most advanced trainings delivered by Professional Certified Instructors. Certified Ethical Hacker CEHv8 provides a comprehensive ethical hacking and network security hands-on training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEHv8 courseware. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community. Computer Hacking Forensic INVESTIGATOR Computer forensics include the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. CHFIv8 enables trainees to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to prosecution of perpetrators. E C S A EC-Council Certified Security Analyst Introduction to the Premier Pen Testing Information Security Certification (Advanced Ethical Hacking) EC Council Certified Security Analyst, ECSA is an advanced ethical hacking training certification that complements the Certified Ethical Hacker, CEH certification by exploring the analytical phase of ethical hacking and latest tools & technologies. C S C U Certified Secure Computer User In addition to protect the information assets, computer and network security threats such as identity theft, credit card & online banking frauds, virus and backdoors, s hoaxes, loss of information, hacking attacks and social engineering are covered in this program. CISMs understand the business. Its assists to know how to manage and adapt technology to the enterprise and industry. The uniquely management - focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise s Information Security. This course is designed to prepare the participants for the CISA examination. It covers the unique aspects of managing an audit and the knowledge necessary to complete the task. The course focuses on the design and implementation of general computer control, application level control auditing as well as introducing the risk based management approach. While disseminating information about Information Systems auditing standards, this course enables the trainee to perform Information System audits. EUCS End-User Computer Security training is to provide the End-User with the essential awareness and skills to protect their information assets. It is the basic need of this era to aware every user of the organization about InfoSec, attacks and their countermeasures as humans are the weakest links in an organization`s security. The course is an ONLINE training comprising of 10 Modules, giving the trainee a complete 360 overview of secure usage of their systems. EUCS user will have a clear understanding about the security threats such as Viruses, Worms, Malwares, Social Engineering, Identity theft, Phishing scams, Malicious s and Cyber Bullying. There is an option of custom module which can be tailored to the organization s business type, policies/procedures and any other needs. 07 Riphah International University
10 Team Members 08 Riphah Institute of Systems Engineering Names Dr. Saad Naeem Zafar PhD - Software Engineering (Griffith University, Australia) Specialization in Information Security Management. MS - Software Engineering (Griffith University, Australia) Certified Information Systems Auditing (CISA) Certified Information Security Management Systems (CISM) Certified in Risk and Information Systems Control (CRISC) Member IEEE, ISACA Leader: Secure and Dependable Systems Research Group Mr. Khurram Javed PhD Scholar - Wireless Security (UTM, Malaysia) MS - Computer Networks (IIUI, Islamabad) Certified EC-Council Instructor (CEI) Certified Ethical Hacker (CEH) Certified Hacking Forensics Investigator (CHFI) EC-Council Certified Security Analyst (ECSA) Licensed Penetration Tester (LPT) Virtualization Security Network Analysis & Forensics CCAI & CCNA 4.0 discovery Leader: Offensive Security Research Group Dr. Muhammad Yousaf PhD - Computer Engineering (CASE, Islamabad) MS - Computer Engineering (CASE, Islamabad) Member IEEE, ISOC Leader: Network Security Research Group Dr. Naveed Ikram PhD - Computer Science (University of Salford, UK) M.Sc - Computer Science (University of Salford, UK) Chartered IT Professional Senior Member ACM, Member IEEE, AIS, CSP Leader: Empirical Software Engineering Research Group Dr. Sheheryar Malik PhD (CS) - Distributed & Cloud Computing (INRIA / University of Nice Sophia Antipolis, France) MS (CS) - Software Systems & Engineering (MAJU) MSc - Computer Science (MAJU, Islamabad) Professional Member ACM, Member IEEE, ACF, ISOC, CSA Leader: Center for Research in Distributed & Supercomputing Designation Director, RISE Dean, Faculty of Computing HEC Approved Supervisor Assistant Director, RISE Assistant Professor Information Security Consultant/Analyst Academic Advisor, RISE Assistant Professor Associate Dean, Graduate Program Associate Professor Assistant Professor HEC Approved Supervisor
11 Dr. Rizwan Bin Faiz PhD - Computer Science (Loughborough University, UK) MSc - Computer Science (MAJU, Islamabad) Leader: Automated Software Engineering Research Group Assistant Professor HEC Approved Supervisor Dr. Mahmood Niazi PhD Software Engineering (University of Technology Sydney, Australia) MPhil Software Engineering (The University of Manchester, UK) Dr. Zeeshan-ul-Hassan Usmani PhD - Computer Science (Florida Institute of Technology, USA) MS - Computer Science (Florida Institute of Technology, USA) Mr. Musharif Ahmed PhD Scholar - Computing (RIU, Islamabad) MS - Systems and Software Engineering (MAJU) Associate Professor Adjunct Faculty Member Industrial Professor HEC Approved Supervisor Assistant Professor 09 Riphah International University Mr. Umair Sadiq MBA - IT and Finance (Minnesota State University, USA) BES - Accounting and Information Systems (Minnesota State University, USA) Management and IS Consultant/Auditor Certified Information System Auditor (CISA) Certified Internal Auditor (CIA) Certified Project Management Professional (PMP) Certified Public Accountant (CPA) Dr. Muhammad Hassan Islam PhD - Computer Engineering (CASE, Islamabad) Certified Information System Auditor (CISA) Certified Information Security Management Systems (CISM) Dr. Imran Baig PhD - Electrical and Electronic Engineering (University Teknologi PETRONAS, Malaysia) MSc - Computer Engineering (UET, Taxila) Dr. Muhammad Saleem PhD - Computer Engineering (CASE, Islamabad) MS - Computer Engineering (CASE, Islamabad) Mr. Obaid ur Rehman Certified Ethical Hacker (CEH) CSOC - SIEM Installation, Configuration and Administration CCNA, VMWare 3.5 ESX, ITIL v3 Foundation PANDA GateDefender Performa V3.02 & Panda Security for Business PANDA GateDefender Intergartion Assistant Professor Associate Professor Visiting Faculty Associate Professor Visiting Faculty Associate Professor Visiting Faculty Manager Security and Compliance
12 10 Mr. Sohaib Saleem MS - Engineering Management CASE, Islamabad BS - Computer Science Mr. Muhammad Babar Tiwana MS In-Progress - Information Security (Riphah International University, Islamabad) BS - Software Engineering Business Development Manager Research Associate Riphah Institute of Systems Engineering Mr. Ahmed Iftikhar BS - Computer Engineering (COMSATS, Wah Cantt) (CCNA, CCNP, MCSE, MCSA, MTA) RISE National & International Events CSP 2013: CEO Outlook 2013, Cyber Security Trends, Challenges, and Possible Solutions, Cyber Secure Pakistan, March 2013, Islamabad, Pakistan. GISEC 2013: Dr. Saad Naeem Zafar and Khurram Javed from RISE visited U.A.E for GISEC 2013 (Gulf Information Security Expo and Conference) in June, ICME 2013: A Systematic Review, International Conference on Medical Education (ICME 2013), Oct , Balaclava, Mauritius. ICET 2013: International Conference on Emerging Technologies (ICET 2013), 9-10 December, 2013, Islamabad, Pakistan. CISO Summit ME 2014: Anatomy of Botnets, 6th Annual Summit & Roundtable Chief Information Security Officer Middle East, February, 2014, Dubai, United Arab Emirates. NISC 2014: RISE and Pakistan Navy Engineering College PNEC- NUST jointly organized the first ever National Information Security Conference (NISC-2014) on 28th March 2014 at PNS Karachi. Online Seminar 2014: Attended Enterprise Architecture online seminar organized on 14th April, The resource person was Dr. Asif Gill; a TOGAF 9 Certified Enterprise Architect and Lecturer at the School of Software at the University of Technology, Sydney. CIACS 2014: Role of Academia in Information Security, Conference on Information Assurance and Cyber Security 2014, Military College of Signals, National University of Science and Technology, Rawalpindi, June, Support Instructor Abdulla FayazChattha, Regional Manager (PERN) HEC, Islamabad Pakistan (CEH Trainee) "Its a very productive effort and will be considered as a gigantic contribution to information security in the region. The training revealed that our defense policies and strategies are always towards more sophisticated attacks but the fact is that the hackers usually not rather attacking exploits users minors mistakes / kiddies code weaknesses and get the control of system." NughmmanMasud Butt, Manager DSS/NMS, Warid Telecom, Lahore Pakistan (CEH Trainee) "I experienced firsthand just how dangerous the Cyber world is. If the labs don t scare you, nothing will. Coupled with the excellent and knowledgeable instructor and class interaction, the course exceeded my expectations and has armed me with a wealth of knowledge that I can use to improve the security posture of my organization."
13 RISE Above The Rest Evacuee Trust Complex, Agha Khan Road, Sector F-5/1, Near Marriott Hotel, Islamabad.
14 Rawalpindi Campus: Al-Mizan IIMCT Complex, 274-Peshawar Road, Rawalpindi. UAN: Tel: Islamabad Main Campus: Sector I-14, Islamabad. Tel: Islamabad City Campus-I: IIMC, 7th Avenue, G-7/4, Islamabad. Tel: Islamabad City Campus-II: Ground Floor, Evacuee Trust Complex, Agha Khan Road, Sector F-5/1, Near Marriott Hotel, Islamabad. Tel: