Syllabus — Information Systems Security Professionalism

Year II, Part II — MSNCS, IOE Pulchowk, Tribhuvan University. 4 credits.

Chapter 1 — Introduction to Information Security Professionalism (10 marks)

• 1.1 Cybersecurity as a Profession
• 1.2 Roles and Responsibilities
• 1.3 Codes of Ethics — ISACA, ISC², SANS/GIAC, EC-Council
• 1.4 Professional Certifications — CISSP, CISM, CEH, OSCP, CCSP, and the Broader Landscape
• 1.5 Professional Behavior and Governance

Chapter 2 — Legal, Ethical and Regulatory Frameworks (10 marks)

• 2.1 Cybercrime Laws — Nepal Frameworks, GDPR, HIPAA, Cross-jurisdictional Considerations
• 2.2 Intellectual Property and Liability
• 2.3 Privacy Laws and Compliance
• 2.4 Responsible Disclosure and Ethical Dilemmas

Chapter 3 — Professional Standards and Governance (10 marks)

• 3.1 ISO 27001 and the NIST Cybersecurity Framework
• 3.2 COBIT and CIS Benchmarks
• 3.3 Security Governance Models
• 3.4 Compliance Roles and Responsibilities
• 3.5 Control Objectives and Performance Evaluation

Chapter 4 — Risk Management and Compliance Practices (10 marks)

• 4.1 Risk Frameworks — NIST RMF, ISO 27005, FAIR
• 4.2 Risk Assessment and Mitigation Planning
• 4.3 Compliance Audit Planning
• 4.4 Documentation and Professional Reporting

Chapter 5 — Leadership, Communication, and Career Development (10 marks)

• 5.1 Managing Security Teams
• 5.2 Building a Security Culture
• 5.3 Incident Response Leadership
• 5.4 Career Strategy and Continuing Professional Development

Chapter 6 — Professional Trends and Future Outlook (10 marks)

• 6.1 AI in Cybersecurity — Professional Implications
• 6.2 Cloud Governance Trends
• 6.3 Professional Misconduct and Ethics Case Studies
• 6.4 Gender and Diversity in Cybersecurity Professions