1. PURPOSE OF PROGRAMME

By the end of the programme a graduate will be able to:

  • Apply knowledge of Information security to solve real-life problems.
  • Demonstrate a sound educational basis to cope with future technological developments.
  • Utilize a wide of range of information security tools available to the software engineer
  • Exhibit a sound knowledge of the current state of Information security technology across a broad spectrum   
  1. ENTRY REQUIREMENTS

2.1 Normal Entry

Minimum of five O level passes including Mathematics and English language and at least two A level passes in Mathematics AND Computer Science (Computing) OR any other science-related subjects.

  • Visiting / Harare Weekend School Programme

To qualify for entry into the Bachelor of Commerce Honours Degree in Information Security Degree (Visiting / Harare Weekend School) programme, a candidate, in addition to satisfying the minimum conditions prescribed under the General Regulations must have the:

either:

A National Diploma/ HND (complete qualification) in Information Technology, or any equivalent tertiary qualification

or:

At least two (2) passes in relevant “A” Level subjects

and:

Confirmation of employment in relevant Information Technology departments.

2.3 Special Entry

Candidates who have successfully completed a Professional Technology Diploma or have obtained equivalent qualifications within three years may apply for direct entry into Level 2 of the degree programme, subject to availability of places. Candidates admitted under the above regulation will normally be exempted from level 1 on a module-by-module-basis. No candidate may complete the degree in less than three academic levels. Successful completion of the Work-Related Learning component at level three is compulsory for all candidates.

  • Mature Entry

Refer to faculty regulations.

  1. PROGRAMME CHARACTERISTICS

Areas of Study: Ethical hacking, Information security, Programming, Network security, Cryptography, Digital forensics, Cyber security, IT Auditing and Assurance.

Specialist Focus: Information security and cyber security.

Orientation: Research and innovation oriented. Teaching and learning are professionally oriented and focused on practical aspects.

Distinctive Features: The programme builds the research-technology-innovation continuum and focuses on knowledge development and application using a student-centred approach.

  1. CAREER OPPORTUNITIES AND FURTHER EDUCATION

 Careers in Information Security include the following: Information Security Analyst, Software Security Engineer, Penetration Tester, Chief Information Security Officer, Information Security Crime Investigator/Forensics Expert. Further studies can include and not limited to Master’s and Doctoral studies in Cloud Computing and Internet of Things or in interdisciplinary programmes related to Cloud Computing and Internet of Things.

  1. PROGRAMME DELIVERY

Teaching and Learning Methods: Lectures, e-learning, tutorials, seminars, group work, computer laboratory classes, industrial visits, Work-Related Learning, research project and individual independent study.

Assessment Methods: Written and oral examinations, tests, computer project, presentations, Work-Related learning reports, mini WRL research project, final year research project report, and continuous assessments.

  1.  LEARNING OUTCOMES

Generic:

  • Multidisciplinary: Ability to draw appropriately from multiple academic disciplines to define and solve problems based on the understanding of complex phenomena in Information Security
  • Quantitative and innovative reasoning: Capability to draw on testing, designing, big data and use analytics for informed decision-making and strive to seek new ways of doing things in the Information Security landscape.
  • Communication skills: Ability to communicate effectively and to present information orally and in writing and using ICTs to both expert and non-expert audiences.
  • Analysis and synthesis: Capacity for analysis and synthesis using logical arguments and proven facts.
  • Ethical commitment: Professional integrity and awareness of the impact of science and technology on society and the environment.
  • Entrepreneurial skills: Capability to identify and create new business ventures based on knowledge and new thinking paradigms.

Discipline-specific:

  • Deep knowledge:Ability to analyse security issues in terms of underlying principles and knowledge.
  • Production skills: Ability to design and develop information security models and frameworks for real-world problems.
  • Technology development skills: Ability to develop and implement security models and frameworks.
  • Problem-solving skills: Ability to solve a wide range of problems in the business environment by identifying their fundamental aspects and using both theoretical and experimental methods.
  • Analytical and computational skills: Ability to use data and apply security concepts.
  • Become familiar with fundamentals of various science and technology subjects and thus gain knowledge with a global perspective in Information Security and synthesize new knowledge as well as investigate problems and formulate security requirements with appropriate solutions.
  • Be capable of solving and designing optimal solutions by using various techniques and have the ability to do research through literature work, design, conduct experiments and analyse cyber security problems.
  • Engage in lifelong learning and demonstrate professional, ethical, legal and security issues and responsibilities.
  • Familiarize with the fundamentals of solving and designing optimal solutions by using various techniques.
  • Develop skills to be effective members of a team and be able to work independently with reflective learning.
  • Demonstrate effective professional communication skills.
  • Become equipped with the knowledge and skill necessary for entry-level placement in cyber security industry as well as IT companies.
  • Develop capacity to understand professional and ethical responsibility and will display skills required for continuous and lifelong learning.
  • Become employers rather than jobseekers.
  • Be expected to have knowledge of contemporary issues and modern practices in cyber security.
  1. GENERAL PROVISIONS

Refer to faculty and general regulations.

  1. PROGRAMME ASSESSMENT

8.1 Evaluation of students shall normally be based on continuous assessment as well as formal university examinations that are held at the end of each semester.

8.2 Continuous Assessment will account for 30% of the overall assessment. No continuous assessment shall be carried over to the next semester.

8.3 Final examination accounts for70% of the overall assessment.

9.4 The department shall determine which items will be included in the continuous assessment and shall define the relevant weighting to each item.

8.5To be admitted to the examinations, a candidate must;

8.5.1 be a registered student of the University in accordance with the General Regulations

8.5.2 have satisfactorily attended and completed the approved modules of study.  completion of modules shall require submission of all written assignments and tests that constitute the continuous assessment.

8.5.3 have attended and participated in seminars, tutorials and practical classes, presentations and other activities as required by the Department.

8.5.4 Candidates shall be informed in advance of the deadline of submission of dissertation or project. Unless the Academic Board has granted prior permission for an extension of this deadline any candidate who fails to meet this submission deadline shall normally fail the dissertation or project. In such cases, on the recommendation of the Examiners, candidates may be permitted to resubmit the dissertation or project at a later date, normally within three months of the original submission deadline. Unless otherwise determined by Senate, the maximum mark allowed for such work should be 50%

  1. PROVISION FOR PROGRESSION

Refer to general and faculty regulations for provision for progression:

  1. PROGRAMME STRUCTURE

 

Module Distribution:

Level 1 Semester 1

Module Code and Title Credits

IS131 Introduction to Information Security              12

INFO135 Ethics and Professionalism 12

IS133 Data Structures and Algorithms 12

CS131 Communication Skills 12

IS134 Database Design & Security              12

IS135 Web Technologies 12

IS136 Ethical Hacking and Penetration Testing 12

 

Level 1Semester 2

Module Code and Title Credits

IS137 Introduction to Programming 12

INFO140 Operating Systems 12

IS139 Discrete Mathematics 12

IS140 Cyberspace Ethics and Laws              12

IS141 Research Methods and Statistics              12

IS142 Organizational Behaviour 12                                                                  

 

Level 2 Semester 1

Module Code and Title Credits

IS231 Secure Coding 12

GSB211  Gender Studies 12

ENT205  Entrepreneurship 12

IS234 Network Security 12

INFO234 Data Communications and Networks 12

IS233 Systems Administration & Security              12

 

Level 2 Semester 2

Module Code and Title Credits

IS235 Forensics & Incidence Response 12

IS236 Secure Software Management 12

IS237 Cryptography and Security 12

IS238 Firewall Fundamentals             12

IS240 Group Project 12

 

Level 3 Semester 1

Module Code and Title Credits

IS340 Work-Related Learning Preliminary Report 40

Level Three Semester Two

IS341 Work-Related Learning Continuous Assessment 40

IS342 Work-Related Learning Report 40

Level 4 Semester 1

Module Code and Title Credits

IS431 Cryptanalysis and Development of      Cryptosystems                     12

IS432 Web Security 12

IS433 I T Security Planning Strategies and Project Management                12

IS434 HPC Cluster & Cloud Computing Security                                      12

IS435 Penetration Testing and Vulnerability Assessment 12

IS 436 Industrial Control Systems Security   12

 

Level Four Semester Two

Module Code and Title Credits

IS437 Digital Forensics     12

IS438 IT Auditing and Assurance     12

IS439 Information Systems Risk Management        12

IS 440 Cybercrime Investigations      12

IS441 Research Project/Dissertation      24

MODULE SYNOPSES

IS131 Introduction to Information Security

This module covers the security systems development life cycle, and critical characteristics of information (CIA). Legal, ethical, and professional issues in Information Security. Risk Management: an overview of risk management (know yourself/the enemy), Risk identification, Risk assessment, Risk control strategies, and Selecting a risk control strategy (feasibility studies). Benchmarking and best practices, Baselining, Residual risk. Information security policy, standards, and practices. EISP, ISSP, SysSP,

INFO 135 Ethics and Professionalism

This module covers ethical and social issues related to the development and use of computer technology. Topics include ethical theory, social, political, intellectual property (IP) and other legal considerations. Scenarios in problem areas: privacy, reliability and risks of complex systems, responsibility of professionals for applications and consequences of their work.

1S133 Data Structures and Algorithms

This module teaches the concepts skills for effective problem-solving skills using algorithmic techniques such as the greedy algorithm, brute force algorithm etc. It focuses on data structures such as arrays, stacks, queues/priority, linked lists, trees, graphs, hash tables and strings to solve programming challenges. Algorithms for searching and sorting, including common algorithm design techniques, are introduced.

IS134 Database Design and Security

This module introduces students to a basic understanding of databases and their management systems. The following topics will be covered Database system architecture, normal forms, query system (SQL) and database security, Information Storage security, data integrity and data authenticity as well as data masking. The assignments are implemented using SQL Server 2000 or Oracle.

IS135 Web Technologies

Students will cover Web design fundamentals and internet technologies. They will have an appreciation of Web communication protocols and methods. They will learn how to use Scripting languages, interface design tools, Application Programming Interface (API),Web Services and design patterns in Web Application Development

IS136 Ethical Hacking and Penetration Testing

This module teaches the latest trends and advances in ethical hacking and penetration testing. Securing information systems against cyber-attacks. Application of concepts learned in previous classes to both defend and compromise e-system. Various advanced tools form an aging and compromising system, safeguarding ancillary systems to prevent collateral damage during testing procedures. Legal and ethical issues associated with penetration testing.

CS131 Communication Skills

Refer to Communication Skills Department.

IS136 Introduction to Programming

This module introduces students to elementary computer algorithms. Topics to be covered include the following introduction to Programming using procedural paradigm: introduction to hardware, software, and application software: solving problems using programming; Program development process. Flow charts, algorithms and pseudocode. Compiling and running programs.

INFO140 Operating Systems

This module explores the design and implementation of computer operating systems. Topics include historical aspects of operating systems development; systems programming; process scheduling; synchronisation of concurrent processes; deadlocks; virtual machines; memory management; virtual memory and paging; I/O and file systems; system security; OS/architecture interaction; and distributed operating systems.

IS137 Discrete Mathematics

The module teaches fundamentals of algebraic, logical and combinatorial concepts. Set, relational algebra, algorithmic closure. Boolean algebra and prepositional logic, Mathematics related to computing. It will cover elements of calculus and discrete mathematics necessary to the field of computing. Integers, well-ordering principle, induction, Fibonacci numbers; Divisibility; prime numbers and distribution of primes.

IS138 Cyberspace Ethics and Laws

This module’s focus is on the need for suitable legislation, and appropriate resourcing of law enforcers to address cybercrime. Students learn about the global nature of computer crime and examine national and international laws, regulations and agreements that govern computer crime, including computer investigations, prosecution and defence. The module encourages analytical thinking and reasoning about computer crime topics and relevant legal issues.

IS139 Research Methods and Statistics

The module introduces the fundamentals of research. The module is intended to prepare students to find research topics formulate a hypothesis, perform the data collection and perform the required statistical analysis on the data using various software packages. This creates the research basis for students produce survey and research papers. Simple statistics for data analysis will be also covered.

IS140 Organisational Behaviour

This module will teach concepts of organizational behaviour. Individual Differences at work: Personality, attitude and intelligence. Motivation: Importance of motivation in work behaviour, approaches to motivation, content theories, and process theories. Job analysis and Design: Approaches, job rotation, job enlargement, job design models. Communication: Types, transaction analysis, Johari windows. Training and Development: Training needs assessment, training techniques and training evaluation.

IS231 Secure Coding

This module provides a detailed explanation of common programming errors in programming languages and describes how these errors can lead to software systems that are vulnerable to exploitation. The module will also cover defensive programming and identify its benefits and challenges. The module will also address the best practices for creating secure code, how to include defensive programming techniques into your software development process.

INFO 234 Data Communications and Networks

The  objective  of  this  book  is  to  introduce  students  of computer  engineering,  computer  sciences  and  pure  and applied  sciences  to  basic  concepts,  principles, and  practice of data communication and network.

This module explores the principles underlying the design of computer networks. Topics covered include: Computer network technologies and applications, Transmission Media, Signaling, Communication protocols, Communication architectures, Network connections, Network types, Routing and routing algorithms, spanning tree protocol and IP addressing.

IS233 Systems Administration and Security

This module introduces concepts of systems administration on servers such as Unix/Linux and Microsoft amongst other. As well making sure these servers are secured. It covers systems security, component security and organizational security are covered with a focus on system thinking, management, access and control as well as testing and retirement. System architectures are also covered.

IS234 Network Security

This module teaches network security fundamentals. Topics to be covered include Network trace route and packet filtering project. Protocol designs, Security Concepts and Terminology, TCP/IP and OSI Network Security, Access Control Issues (Packet Filters, Firewalls), Communication Security (OSI Layer Security Protocols), Security Tools, Cryptography, System Security – Intruders and Viruses, E-mail and Web Security. Implementation will be done using Appropriate Networking Programming.

ENT205 Entrepreneurship

Refer to the Entrepreneurship Department.

GS211 Gender Studies for Business

Refer to the Gender Studies Department.

IS235 Forensics and Incidence Response

This module explores forensic analysis of data from computer systems and response after an incident. It also covers Incident Response Overview, Incident Response Phases, Digital Forensics Overview, Digital Forensics Evidence Acquisition, Digital Forensics Evidence Analysis, and Digital Forensics Reporting. Societal security, organizational security and human security are also covered.

IS236 Secure Software Management

The module involves learning principles of designing and implementing secure software, sufficiently to be able to apply those principles. Focus is also on requirements, testing, evaluation, and development processes, and their impact on implementing secure software. Prerequisites for this module are knowledge of software engineering principles, software development processes, design, programming techniques, computer technology. Human security and organizational security are also covered.

IS237 Cryptography and Security

This module introduces students to the nature, purposes and history of cryptography; Classical cryptography: transposition ciphers, substitution ciphers, Affine cipher, the Vigenère cipher. Entropy and equivocation; Perfect secrecy and one-time pads, Unicity distance. Fields: Field extensions, Finite fields, Fields over irreducible polynomials. Modern encryption algorithms will be covered also.

IS238 Firewall Fundamentals                                                                              

The module highlights firewall theory and architecture, technology and the implementation in routed IPv4based TCP/IPnetworks.IPv6basedprotocolsinrelationto IPv4. Firewall fundamentals: firewall network architecture, the firewall’s role in a network, firewall types, firewall performance attributes, and firewall protection. Firewall installation will also be covered.  

IS239 Group Project

The students working a group to produce a working Product including a Project Proposal, a Project Plan, a System Specification, User Documentation and perform Project Management Activities to ensure the product is delivered on time.

IS331 and 332 Work-Related Learning

The internship programme exposes students to a real-life work environment and facilitates a structured and integrated learning programme for them. Students apply the knowledge and skills that they have acquired to work practice and new skills acquired in industry and come up with a consolidated report. This helps them to deepen their relevant skills for them to be well-placed to pursue a career in their chosen discipline.

IS302 Academic Supervisor and Employer’s Assessment Report

A consolidated report with weighting of 60% from the Lecturer and 40% from the Industry supervisor will be made during the period of work-related learning. The academic supervisor produces a WRL Report for the student on Work-Related learning. The same applies, the employer periodically assesses the student on Work-Related learning and produce a report. Students are posed to an environment of being innovative.

IS431 Cryptanalysis and Development of Cryptosystems

This module introduces students on how to break codes, explicitly describe the real-world constraints and realities of Cryptanalysis, critic, design, and build secure cryptographic systems, explicitly the real-world constraints and realities of cryptography, critic, design, and build secure cryptographic systems, understand current implementations of cryptography algorithms and protocols in real life and teach emerging technologies.

IS432 Web Security and Secure E-Commerce

The module explores the browser security model including same-origin policy and threat models in web security and understand security related issues in Web-based systems and applications.  The module will also cover web sessions, secure communication channels such as TLS and importance of secure certificates, authentication including single sign-on such as OAuth and SAML.  The module will also examine the common types of vulnerabilities and attacks in web applications.

IS433 IT Security Planning Strategies and Project Management

This module allows students to have knowledge of Advances in Project Management strategies: project planning, resources, costs, as well as project execution and progress tracking. The IT security project management process; project management methodologies and tools; IT project management standards; change management; Case studies: current issues in IT security project management; Disaster management and business continuity.

IS434 HPC Cluster and Cloud Computing Security

This module examines advances in High Performance Computing (HPC)technology: Virtualization, HPC Cluster, and Cloud Computing and security of data on the cloud. Virtualization technology: building HPC Cluster mimicking supercomputers. Design and build private and public cloud computing solutions using Ubuntu Enterprise Cloud Computing, Eucalyptus Cloud Systems and Open Nebula Cloud Computing solutions.

IS435 Penetration Testing and Vulnerability Assessment

This module covers concepts of penetration testing and vulnerability assessment, Footprinting and social engineering tools and methods, methods of ensuring and countering attacks on data security, network protection systems and security against attacks on the web, ethical hacking, laws and methodologies and emerging technologies in the field of penetration testing. Data, software, systems and human security are key in this module.

IS436 Industrial Control Systems Security

This module explores aspects of component security including component design, component fabrication, component procurement, component testing and reverse engineering. The module also covers understand the working of ICS, learning about SCADA ICS Vulnerabilities and emerging techniques to defend SCADA systems. Data, component, software and connection security are covered.

IS437 Digital Forensics

This module introduces students to mobile phone security and forensics, investigating wireless and web attacks, network-based forensics, anti-forensics methods, tools and techniques emerging technologies in the field of digital forensics. The module will also involve the reconstruction of web browsing history from web artifacts, capture and interpret network traffic, discuss the challenges associated with mobile device forensics, malware identification.   

IS438 IT Auditing and Assurance

The module will introduce the fundamentals of IT auditing and assurance services, core reasons why IT auditing is a specialized area of auditing, evolution of IT assurance, and the principles objectives of IT auditing and assurance services. The module will emphasize business management issues regarding the security and control of IT and the achievement of value through managed IT processes.

IS439 Information Systems Risk Management Disaster Recovery Planning and Business Continuity/

This module is designed to teach best practices for conducting vulnerability assessments and countermeasures techniques. Advances in risk assessment tools; Establish cost-benefit analysis for specific safeguards to organization’s assets, confidentiality, availability and integrity of data and network resources. Trends and latest advances in risk management plan and incidence response techniques via capstone research.

IS440 Cybercrime Investigations                                              

The module explores the advances in Cybercrimes investigations: unauthorized access, mischief to data, possession of hacking tools, illegal drug trades; money laundry, human trafficking. The module will also cover the Legal aspects, Investigation process, Reporting process, and case studies with a hands-on capstone research project on cybercrime activities.

IS441 Research Project/Dissertation

The Research project involves supervision. This project is intended for the student to demonstrate skills acquired to develop systems for an organization of their choice. Candidates must be able to demonstrate the highest level of innovation.  A level of research is expected to ensure some level of originality and critical thinking in the project design and implementation.