PROGRAMME SPECIFICATIONS
This programme bridges the gap between those cyber security aspects with the industry requirements. The aim of this programme is to support the global need in producing professional, dedicated and ethical cyber security experts who will effectively plan, design, manage and practice reliable cyber security mechanisms and technologies. The programme is benchmarked against cyber security professional certifications such as CISSP (Certified Information Systems Security Professional), Cisco Certified CyberOps Professional, CPT (Certified Penetration Tester), CSAP (Certified Secure Application Professional), CDSP (Certified Data Security Professional), CHFI (Computer Hacking and Forensic Investigation) and Certificate of Cloud Security Knowledge (CCSK).
Further Information
(Academic & Student Affairs)
GENERAL INFORMATION
| 1. Awarding Institution | Universiti Teknologi Malaysia | |||
| 2. Teaching Institution | Universiti Teknologi Malaysia | |||
| 3. Programme Name | Master of Cyber Security | |||
| 4. Final Award | Master of Cyber Security | |||
| 5. Programme Code | MECRA1AJA | |||
| 6. Professional or Statutory Body of Accreditation | Ministry of Higher Education | |||
| 7. Language(s) of Instruction | English | |||
| 8. Mode of Study (Conventional, distance learning, etc) | Conventional, Open Distance Learning (ODL). | |||
| 9. Mode of operation (Franchise, self-govern, etc) | Self-governing | |||
| 10. Study Scheme (Full Time/Part Time) | Full Time | |||
| 11. Study Duration | Minimum: 1.5 years Maximum: 4 years | |||
| Type of Semester | No. of Semesters | No of Weeks/Semester | ||
| Full Time | Part Time | Full Time | Part Time | |
| Normal | 3 | – | 8 | – |
| Short | – | – | – | – |
COURSE CLASSIFICATION
| No. | Classification | Credit Hours | Credit Hours |
|
i. |
University Courses |
3 |
6% |
|
ii |
Core Courses |
6 | 6% |
|
iii |
Research |
18 | 41% |
|
iv |
Elective Courses |
9 | 20% |
|
v |
Research |
12 | 27% |
|
Total |
45 | 100% | |
| Total Credit Hours to Graduate | 45 credit hours | ||
| Additional Courses (for non-Computer Science/IT background) | |
| MECR0013 | Cryptography |
| MECR0023 | Computer Security |
| University Common Elective Courses (Choose 1 only) | |
| UECS6013 | IT Project Management |
| UHIS6013 | Philosophy of Science and Civilization |
| UHLM6013 | Malay Language for Postgraduates |
| UHMS6013 | Seminar on Global Development, Economic and Social Issues |
| UHMZ6023 | Malaysian Society and Culture |
| UBSS6013 | Organization Behavior and Development |
| UBSS6023 | Business Ethics, Responsibility and Sustainability |
| UHIS6013 | Philosophy of Science and Civilization |
| UHPS6013 | Dynamics of Leadership |
| URTS6013 | Environmental Ethics |
| UECS6023 | Introduction to Technopreneurship |
| UMJJ6013 | Basic Japanese Language and Culture |
| Core Faculty Course (Compulsory) | |
| MECR1013 | Research Methodology |
| Core Courses (Compulsory) | |
| MECR1023 | Information Security Governance and Risk Management |
| MECR1033 | Digital Forensics |
| MECR1043 | Cloud Computing Security |
| MECR1053 | Secure Software Engineering |
| MECR1063 | Cryptographic Engineering |
| MECR1073 | Penetration Testing |
| Elective Courses (Choose 3 only) | |
| MECR2113 | Business Continuity Planning |
| MECR2123 | Security Audit & Assessment |
| MECR2213 | Cyber Threat Intelligence |
| MECR2223 | Security Data Exploration |
| MECR2233 | Security Data Analytics & Visualization |
| MECR2313 | Software Exploitation |
| MECR2323 | Malware Analysis |
| Projects (Compulsory) | |
| MECR2415 | Project 1 |
| MECR2427 | Project 2 |
Programme Educational Objectives (PEO)
| Code | Intended Educational Objectives |
| PEO1 | Mastery of knowledge and competency in advanced areas of Computing. |
| PEO2 | Professionalism and high standards of ethical conducts within organization and society. |
| PEO3 | Responsive to changing situations by continuously acquiring new knowledge and skills. |
Programme Learning Outcomes (PLO)
After having completed the programme, graduates should be able to demonstrate the following competencies:
| Code | Intended Learning Outcomes |
| PLO1 | Synthesize, critique, apply, and extend in-depth relevant knowledge independently using innovative techniques, tools, and skills in the field of Computing as a basis for research to produce new ideas and solution. |
| PLO2 | Create new concept/theories/solutions/practice through independent research and originality that satisfies international standards within the field of Computing. using the latest techniques, tools, and skills |
| PLO3 | Integrate highly advanced and specialized research methodologies based on the forefront knowledge and latest development in the field of Computing to solve complex research problems with reasonable degree of originality. |
| PLO4 | Demonstrate decent collaboration with peers, scholarly communities and society at large in the relevant field of expertise and research. |
| PLO5 | Communicate effectively the knowledge, skills, ideas and research findings using appropriate methods to peers, scholarly communities, and societies through various medium. |
| PLO6 | Use, improve existing or develop new appropriate tools or methodologies using a broad range of digital technology, media and software to support and enhance research activities. |
| PLO7 | Demonstrate skills in designing, critical evaluation, and analysing numerical and graphical data using quantitative or qualitative tools to support and enhance research activities. |
| PLO8 | Demonstrate leadership, professionalism and management skills, and take full responsibility for own work, and significantly for others in the research organization. |
| PLO9 | Demonstrate the ability to manage and enhance own self- and if necessary, can be accountable for overall management of one’s research organization and professional development. |
| PLO10 | Develop potential commercialization research output. |
| PLO11 | Demonstrate adherence to legal, professional and contribute to the development of ethical sound codes of practice. |
| Courses | Credit | Grade | Pass | |
| Additional Courses (for Non-CS background) | ||||
| MECR0013 | Cryptography | 3 | ||
| MECR0023 | Computer Security | 3 | ||
| University Common Elective Courses (Choose 1 only) | ||||
| UECS6013 | IT Project Management | 3 | ||
| UHIS6013 | Philosophy of Science and Civilization | 3 | ||
| UHLM6013 | Malay Language for Postgraduates | 3 | ||
| UHMS6013 | Seminar on Global Development, Economic and Social Issues | 3 | ||
| UHMZ6023 | Malaysian Society and Culture | 3 | ||
| UBSS6013 | Organization Behavior and Development | 3 | ||
| UBSS6023 | Business Ethics, Responsibility and Sustainability | 3 | ||
| UHPS6013 | Dynamics of Leadership | 3 | ||
| URTS6013 | Environmental Ethics | 3 | ||
| UECS6023 | Introduction to Technopreneurship | 3 | ||
| UMJJ6013 | Basic Japanese Language and Culture | 3 | ||
| Core Faculty Course (Compulsory) | ||||
| MECR1013 | MECR 1013 | 3 | ||
| Core Courses (Compulsory) | ||||
| MECR1023 | Information Security Governance and Risk Management | 3 | ||
| MECR1033 | Digital Forensics | 3 | ||
| MECR1043 | Cloud Computing Security | 3 | ||
| MECR1053 | Secure Software Engineering | 3 | ||
| MECR1063 | Cryptographic Engineering | 3 | ||
| MECR1073 | Penetration Testing | 3 | ||
| Elective Courses (Choose 3 only) | ||||
| MECR2113 | Business Continuity Planning | 3 | ||
| MECR2123 | Security Audit & Assessment | 3 | ||
| MECR2213 | Cyber Threat Intelligence | 3 | ||
| MECR2223 | Security Data Exploration | 3 | ||
| MECR2233 | Security Data Analytics & Visualization | 3 | ||
| MECR2313 | Software Exploitation | 3 | ||
| MECR2323 | Malware Analysis | 3 | ||
| Projects (Compulsory) | ||||
| MECR2415 | Project 1 | 5 | ||
| MECR2427 | Project 2 | 7 | ||
| TOTAL CREDITS: | 93 | |||
COURSE SYNOPSIS ADDITIONAL
COURSES MECR0013
Cryptography
Cryptography addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity. This course provides the background for the application and implementation of security mechanisms covered in the other courses. It deals with both theoretical and practical aspects of cryptography, to give an insight to the problems that arise in cryptography and the tools used to solve them. It introduces both symmetric key cipher system and public key cryptography, covering methods of obtaining the objectives of CIA (Confidentiality, Integrity and Availability).
MECR0023 Computer Security
This course covers the body of knowledge on technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. The types of computer security that will be covered are application security, network security, internet security, data security, information security and end user security.
CORE FACULTY COURSE
MECR1013 Research Methodology
This course covers the fundamental steps and implementation on developing the initial ideas to formal academic writing accordingly. Students will be given the mechanisms on how to transform and digest the literature reviews that leads to the proposed research title. This course helps students to prepare the research proposal for Projects. The theoretical and practical aspects of implementing the proposal will be the milestone of this course.
CORE COURSES
MECR1023 Information Security Governance and Risk Management
The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an information system. This course covers issues related to administration, management and governance of security of information systems. Topics include auditing and data management, risk management (risk identification, risk analysis, risk control), contingency planning, incident handling and risk governance. The course will study in detail principles and tools related to these topics. The course will also cover security standards, evaluation and certification process, security planning, ethical and legal issues in information and privacy.
MECR1033 Digital Forensics
This course takes a detailed approach to the use of computers and computer technology in the investigation of incidents, both criminal and civil, in which computer technology play a significant or interesting role. Students completing this course will be familiar with the core computer science theory and practical skills necessary to perform elementary computer/digital forensic investigations, understand the role of technology in investigating computer-based crime, and be prepared to deal with investigative bodies at an elementary level.
MECR1043 Cloud Computing Security
In this course, we are going to learn about common cloud misconfigurations, how to perform a risk assessment and verify compliance for various Cloud Services. Further, we will delve deeper into identifying security risks in these cloud services and to implement best practices to mitigate the common cloud misconfigurations. Other topics include topics of data ownership, privacy protections, data mobility, quality of service and service levels, bandwidth costs, data protection, and support.
MECR1053 Secure Software Engineering
This course provides the principles of Secure Software Engineering and practical methods to secure requirements, design, implementation, testing, deployment and maintenance in software development. Students will also review policy specific requirements necessary to implement a secure development program within enterprise organizations. The students will also be able to understand software vulnerability, and how to evaluate, and address security risks to software.
MECR1063 Cryptographic Engineering
This course is a continuation from the introductory cryptography. All networked computers and devices must have cryptographic layers implemented and must be able to access to cryptographic functions to provide security features. In this context, efficient (in terms of time, area, and power consumption) hardware and software structures will have to be designed, implemented, and deployed. Discussion and analysis on how to resist cryptanalytic attacks by protecting access to primary (communication) and secondary (power, electromagnetic, acoustic) channels. Learn the algorithms, methods, and techniques to create latest cryptographic embedded software and hardware using common platforms and technologies. In addition to that, ethical issues in cryptography are discussed as well.
MECR1073 Penetration Testing
This course will discuss issues pertaining to penetration testing which covers areas like finding vulnerabilities in various computer systems, exploiting them in an ethical manner. Emphasis is given on the fundamental theory and as well as hands on practice. Topics covered include information reconnaissance, web application pentesting, wireless pentesting, network pentesting, and current issues in pentesting.
ELECTIVE COURSES
MECR2113 Business Continuity Planning
The course is aimed at imparting knowledge and skill sets required to prepare to respond to a disaster and restore normal operations afterward. This subject covers issues related to administration and management of disaster recovery program. The important plan for disaster recovery includes the contingency plans: i) the Incident Response Planning (IRP), ii) Disaster Recovery Planning (DRP), iii) Business Impact Analysis (BIA) and iv) Business Continuity Planning (BCP). Topics include preparing to develop disaster recovery plan, assessing risk, prioritizing system and functions for recovery, developing plans and procedure and organizational relationships in disaster recovery. The subject will study in detail principles and tools related to these topics. The subject will also cover procedures to response to attacks on computer, implementing disaster recovery plans, testing and rehearsal, assessment of needs, threats and solutions and living through a disaster.
MECR2123 Security Audit & Assessment
The aim of this course is to provide students with knowledge of how security audits and assessment are being performed against company’s information security system. Security audits are often used to determine regulatory compliance, in the wake of legislation (such as HIPAA, the Sarbanes-Oxley Act or etc.) that specifies how organizations must deal with information. The purpose is to evaluate, assess and measure how well the security conforms to a set of established criteria. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits. Most commonly the controls being audited can be categorized to technical, physical (e.g. system’s physical configuration) and administrative (e.g. information handling processes and user practices). Also, auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
MECR2213 Cyber Threat Intelligence
With the rapid increase of cyber-attacks, accurate security information is becoming more difficult to obtain. This course exposes the students to a complete cycle of CTI which includes hunting, behavioral patterns extraction, clustering and correlation, threat actor attribution until taking it down. Besides, it also explains the Cyber Kill Chain process in launching an attack. Understanding CKC is important in detecting cyberthreat. CTI will be explained in 3 different levels; strategic, tactical and operational.
MECR2223 Security Data Exploration
This course is essential to help the CTI analyst to dissect data to find clues in detecting the cyberthreats. It covers techniques commonly used to explore and understand data obtained from various sources. Exploratory Data Analysis in general is an approach to analyzing data sets to summarize their main characteristics, usually visual methods are used. Primarily, data is explored to see what the data can tell us beyond the formal modeling or hypothesis testing task. It ranges from pre-processing techniques for detection, validation, error correction, and filling up of missing or incorrect data. Emphasis on finding the relationship among variables and Clustering to find patterns and associations among groups of data is also covered.
MECR2233 Security Data Analytics & Visualization
This course consists of security analytics and visual analytics. Security analytics is an approach to cyber security focused on the analysis of data to produce proactive security measures. For example, monitored network traffic could be used to identify indicators of compromise before an actual threat occurs. Classification, regression and clustering we will be explored in analyzing security data. Model evaluation is also covered. Data visualization is the only approach that scales to the ever-changing threat landscape and infrastructure configurations. Using data visualization techniques, we can gain a far deeper understanding of what’s happening on our network. We can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. Visual analytics and its concept and design will be covered. Security data will be visualized using selected visualization tool.
MECR2313 Software Exploitation
This course will discuss issues pertaining to software exploitation, finding vulnerabilities in various computer programs and exploiting them in an ethical manner. Topics covered include vulnerability discovery, stack overflow exploitation, format string exploitation, head overflow exploitation, shell coding, and current issues in exploitation.
MECR2323 Malware Analysis
This course will discuss issues pertaining to analysis of malicious software code. Emphasis is given on the fundamental theory and as well as hands on practice. Topics covered include static analysis, dynamic analysis, defensive mechanism of malware, and some topics on malware research.
MECR2213 Cyber Threat Intelligence
With the rapid increase of cyber-attacks, accurate security information is becoming more difficult to obtain. This course exposes the students to a complete cycle of CTI which includes hunting, behavioral patterns extraction, clustering and correlation, threat actor attribution until taking it down. Besides, it also explains the Cyber Kill Chain process in launching an attack. Understanding CKC is important in detecting cyberthreat. CTI will be explained in 3 different levels; strategic, tactical and operational.
MECR2223 Security Data Exploration
This course is essential to help the CTI analyst to dissect data to find clues in detecting the cyberthreats. It covers techniques commonly used to explore and understand data obtained from various sources. Exploratory Data Analysis in general is an approach to analyzing data sets to summarize their main characteristics, usually visual methods are used. Primarily, data is explored to see what the data can tell us beyond the formal modeling or hypothesis testing task. It ranges from pre-processing techniques for detection, validation, error correction, and filling up of missing or incorrect data. Emphasis on finding the relationship among variables and Clustering to find patterns and associations among groups of data is also covered.
MECR2233 Security Data Analytics & Visualization
This course consists of security analytics and visual analytics. Security analytics is an approach to cyber security focused on the analysis of data to produce proactive security measures. For example, monitored network traffic could be used to identify indicators of compromise before an actual threat occurs. Classification, regression and clustering we will be explored in analyzing security data. Model evaluation is also covered. Data visualization is the only approach that scales to the ever-changing threat landscape and infrastructure configurations. Using data visualization techniques, we can gain a far deeper understanding of what’s happening on our network. We can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. Visual analytics and its concept and design will be covered. Security data will be visualized using selected visualization tool.
MECR2313 Software Exploitation
This course will discuss issues pertaining to software exploitation, finding vulnerabilities in various computer programs and exploiting them in an ethical manner. Topics covered include vulnerability discovery, stack overflow exploitation, format string exploitation, head overflow exploitation, shell coding, and current issues in exploitation.
MECR2323 Malware Analysis
This course will discuss issues pertaining to analysis of malicious software code. Emphasis is given on the fundamental theory and as well as hands on practice. Topics covered include static analysis, dynamic analysis, defensive mechanism of malware, and some topics on malware research.
UHLM6013 Malay Language for Postgraduates
This course is offered to international students of the Masters and PhD programmes, from Indonesia, Brunei, Southern Thailand and Singapore. In this course students are given exposure on how to write scientific works (in Malay). The focus of this course is the spelling aspect, punctuation, sentence variety, language adjustment, paragraph writing and writing style. In addition, students will be exposed on writing formats such as literature writing, citations, bibliographies, abstracts and editing.
UHMS6013 Seminar on Global Development, Economic and Social Issues
This course focuses on different approaches to economic development with reference to economic growth. Discussion on this course also includes issues related to globalization, technology and digital divides as well as the social crisis that has become a global concern. It aims in developing skills in understanding and analyzing global issues and recommending relevant solutions. Issues will be discussed in detail.
UHMZ6023 Malaysian Society and Culture
This course is designed for international postgraduates. This course discusses on the various aspects of the Malaysian culture and society. Topics on belief system, religious festivals, customs and etiquettes of different ethnic groups in Malaysia will be introduced to the students. In addition, students will also been introduced to the Malay Language. At the end of the course students should be able to understand the cultures practiced among Malaysians and adapt themselves to these new cultures.
UHPS6013 Dynamics of Leadership
This course is intended to encourage students to discover and develop their personal leadership qualities. Students will be exposed to leadership theories so that they could develop an insight that leadership itself is a dynamic relationship based on mutual influence and common purpose between leaders and followers. Topics covered include Introduction to Leadership, Leadership Traits & Ethics, Leadership Behaviour and Motivation, Influencing: Power, Politics, Networking and Negotiation, Contingency Leadership Theories, Communication, Coaching, and Conflict Skills, The Leader Follower Relationship, Team Leadership, Leading Self-Managed Teams, Transformational and Level 5 Leadership. Students will be evaluated based on their class leadership role, short talk and personal learning portfolios.
URTS6013 Environmental Ethics
Environmental ethics is the discipline in philosophy that studies the moral relationship of human beings to, and also the value and moral status of, the environment and its nonhuman contents. It covers the challenge of environmental ethics to the anthropocentrism (i.e., humancenteredness) embedded in traditional western ethical thinking; the early development of the discipline in the 1960s and 1970s; the connection of deep ecology, feminist environmental ethics, and social ecology to politics; and the attempt to apply traditional ethical theories, and virtue ethics, to support contemporary environmental concerns. It focuses on environmental literature on wilderness, and possible future developments of the discipline.
UMJJ6013 Basic Japanese Language and Culture
At this course, students will be introduced to a simple yet useful familiar everyday expressions and very basic phrases using basic grammars to develop oral communication skills for social purposes. This course is suitable for beginners who wish to develop basic conversational skills in a short period. E-learning will be introduced and students must complete some Kana and communication courses within the time frame by self-learning. After this course, students are expected to speak common phrases in different situations and make simple conversation in Japanese language.
UECS6023 Introduction to Technopreneurship
This course provides an overview of the basic concepts on entrepreneurship focusing on the nature, environment, and risks of new venture formation and building of businesses with IT in the Malaysian context. Students will learn on how to analyse and evaluate the business opportunities using knowledge and skills taught in this course and suggest innovative business ideas, business planning, self-assessment and operating strategies required to start a new small business. Students will also be exposed to current case studies of existing companies involved in the IT business. Active participation by students during class discussions and activities is encouraged & expected so that students can gain hands on experience with conducting research, develop, write, evaluate, presenting and defending segments of a business plan.
UBSS6023 Business Ethics, Responsibility and Sustainability
Business plays a significant role in societal and environmental well-being. Private and public organizations are no longer responsible to shareholders and those inside the organizations, but to external parties including consumers, politicians, regulators, communities and ordinary citizens. To fulfil the conflicting needs of these stakeholders, business leaders and managers often encounter complex situations that require them to make difficult decisions whereby the lines between right and wrong are blurry. This course aims to provide students the fundamental knowledge about the role of organizations in a society and to develop their skills to sustainably manage organizations that integrate legal, ethical, economic, environmental, and social dimensions into their decision-making. The course intends to develop responsible managers who have high integrity, professionalism and interpersonal skills. The course will also teach strategies on how managers can promote responsible conducts in their companies. The course objectives will be achieved through various teaching and learning methods specifically through critical examination of case studies involving ethical issues and dilemmas on complex and controversial business problems. This course is integrative in nature built upon the understanding and reflection of the main disciplines covered in the core courses in the MBA program.
UBSS6013 Organization Behavior and Development
This course helps students integrate behavioural science theories, tools, concepts, and techniques learned in the lab to an OB application in a “real” organization. Students are expected to conceptualize and apply Organization Behaviour three-level of analysis and synthesize it with the theory and practice of Planned Change for individuals, groups and organizations. Throughout the course, participants are exposed to the important topics central to behaviours of organization and its holistic process for development and change. Some of the topics include multiple views of organizations that influence organizational change, the evolution of organizational development and its challenges. The course also covers the nature of planned change, theories and types of change, the role of values and ethics in organizational change, and the concept of emergent change to enable participants to have an overall view of how available approaches to planned change management can be applied in organizational settings.