CCOG for CIS 284C Fall 2024


Course Number:
CIS 284C
Course Title:
Cybersecurity Concepts
Credit Hours:
4
Lecture Hours:
30
Lecture/Lab Hours:
0
Lab Hours:
30

Course Description

Explores security trends, vulnerabilities, and threats to those vulnerabilities. Provides hands-on experience with current techniques and tools used to implement cybersecurity controls. Examines legal, ethical, and privacy issues associated with information security, as well as how those issues are addressed within the context of an organization. Prerequisites: CIS 184C and (CIS 140M or CIS 140L) or instructor permission. Audit available.

Intended Outcomes for the course

Upon successful completion of the course students should be able to:

1. Apply fundamental concepts of cyber defense to make information systems secure.

2. Assess attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.

3. Employ cryptography controls to protect information and information systems. 

4. Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.

5. Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.

Course Activities and Design

This course will be presented by means of

  • on-campus lectures or on-line lessons
  • Individual reading assignments
  • group discussions
  • individual and/or group lab assignments

Outcome Assessment Strategies

Students will be assessed on their mastery of the course learning outcomes via the following instruments:

  • Research on malware, DOS and DDOS attacks, and security products.
  • Successful cryptographic key exchange
  • Demonstrated use of packet sniffers
  • Evaluation of physical security at specific location.
  • Analysis of access control models in terms of applicability.
  • Report of risk assessment on information system.

Course Content (Themes, Concepts, Issues and Skills)

Outcome: Secure information systems by applying fundamental concepts of cyber defense.

  • Basic Risk Assessment
  • Security Life-Cycle
  • Intrusion Detection and Prevention Systems
  • Cryptography
  • Data Security (in transmission, at rest, in processing)
  • Security Models
  • Confidentiality, Integrity, Availability, Non-Repudiation, Privacy
  • Identification, Authentication, Authorization
  • Access Control Models (MAC, DAC, RBAC)
  • Physical Security of Information Assets

Outcome: Discuss attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.

  • Threats and Adversaries
  • Vulnerabilities and Risks
  • Motivations and Techniques
  • Types of Attacks
    • Password guessing / cracking
    • Backdoors / trojans / viruses / wireless attacks
    • Sniffing / spoofing / session hijacking
    • Denial of service / distributed DOS / BOTs
    • MAC spoofing / web app attacks / 0-day exploits
  • Social Engineering
  • Events that indicate an attack is/has happened
  • Legal Issues
  • Attack surfaces / vectors
  • Attack trees
  • Insider problem 
  • Threat Information Sources (e.g., CERT)

Outcome: Protect information and information systems using cryptography controls.

  • Symmetric Cryptography (DES, AES, RC4) 
  • Public Key Cryptography
    • Public Key Infrastructure
    • Certificates
  • Hash Functions (e.g., MD5, SHA-1, SHA-2, SHA-3)
    • For integrity
    • For protecting authentication data
    • Collision resistance
  • Digital Signatures
  • Key Management (creation, exchange/distribution)
  • Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
  • Security Functions (data protection, data integrity, authentication)

Outcome: Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.

  • Business Impact Analysis
  • Business Continuity Management
  • Disaster Recovery Planning
  • Cybersecurity Risk Management
  • Incident Handling
  • Security Auditing and Analysis
  • Audit Data Collection
  • Security Monitoring

Outcome: Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.

  • Professional Ethics
  • Codes of Ethics (ISSA, (ISC)2 EC-Council, etc.)
  • U.S. Compliance Laws Applicable to Information Security (HIPAA, SOX, FERPA, etc.)
  • Payment Card Industry Standards