Portland Community College | Portland, Oregon

Upon completion of the course students should be able to:

• Make information systems secure by applying fundamental concepts of cyber defense.
• Discuss attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.
• Protect information and information systems using cryptography controls.
• Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.
• Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.

This course will be presented by means of

• on-campus lectures or on-line lessons
• Individual reading assignments
• group discussions
• individual and/or group lab assignments

Students will be assessed on their mastery of the course learning outcomes via the following instruments:

• Research on malware, DOS and DDOS attacks, and security products.
• Successful cryptographic key exchange
• Demonstrated use of packet sniffers
• Evaluation of physical security at specific location.
• Analysis of access control models in terms of applicability.
• Report of risk assessment on information system.

Outcome: Secure information systems by applying fundamental concepts of cyber defense.

• Basic Risk Assessment
• Security Life-Cycle
• Intrusion Detection and Prevention Systems
• Cryptography
• Data Security (in transmission, at rest, in processing)
• Security Models
• Confidentiality, Integrity, Availability, Non-Repudiation, Privacy
• Identification, Authentication, Authorization
• Access Control Models (MAC, DAC, RBAC)
• Physical Security of Information Assets

Outcome: Discuss attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.

• Threats and Adversaries
• Vulnerabilities and Risks
• Motivations and Techniques
• Types of Attacks
  • Password guessing / cracking
  • Backdoors / trojans / viruses / wireless attacks
  • Sniffing / spoofing / session hijacking
  • Denial of service / distributed DOS / BOTs
  • MAC spoofing / web app attacks / 0-day exploits
• Social Engineering
• Events that indicate an attack is/has happened
• Legal Issues
• Attack surfaces / vectors
• Attack trees
• Insider problem 
• Threat Information Sources (e.g., CERT)

Outcome: Protect information and information systems using cryptography controls.

• Symmetric Cryptography (DES, AES, RC4) 
• Public Key Cryptography
  • Public Key Infrastructure
  • Certificates
• Hash Functions (e.g., MD5, SHA-1, SHA-2, SHA-3)
  • For integrity
  • For protecting authentication data
  • Collision resistance
• Digital Signatures
• Key Management (creation, exchange/distribution)
• Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
• Security Functions (data protection, data integrity, authentication)

Outcome: Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.

• Business Impact Analysis
• Business Continuity Management
• Disaster Recovery Planning
• Cybersecurity Risk Management
• Incident Handling
• Security Auditing and Analysis
• Audit Data Collection
• Security Monitoring

Outcome: Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.

• Professional Ethics
• Codes of Ethics (ISSA, (ISC)2 EC-Council, etc.)
• U.S. Compliance Laws Applicable to Information Security (HIPAA, SOX, FERPA, etc.)
• Payment Card Industry Standards