CCOG for CIS 284C Fall 2024
- Course Number:
- CIS 284C
- Course Title:
- Cybersecurity Concepts
- Credit Hours:
- 4
- Lecture Hours:
- 30
- Lecture/Lab Hours:
- 0
- Lab Hours:
- 30
Course Description
Intended Outcomes for the course
Upon successful completion of the course students should be able to:
1. Apply fundamental concepts of cyber defense to make information systems secure.
2. Assess attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.
3. Employ cryptography controls to protect information and information systems.
4. Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.
5. Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.
Course Activities and Design
This course will be presented by means of
- on-campus lectures or on-line lessons
- Individual reading assignments
- group discussions
- individual and/or group lab assignments
Outcome Assessment Strategies
Students will be assessed on their mastery of the course learning outcomes via the following instruments:
- Research on malware, DOS and DDOS attacks, and security products.
- Successful cryptographic key exchange
- Demonstrated use of packet sniffers
- Evaluation of physical security at specific location.
- Analysis of access control models in terms of applicability.
- Report of risk assessment on information system.
Course Content (Themes, Concepts, Issues and Skills)
Outcome: Secure information systems by applying fundamental concepts of cyber defense.
- Basic Risk Assessment
- Security Life-Cycle
- Intrusion Detection and Prevention Systems
- Cryptography
- Data Security (in transmission, at rest, in processing)
- Security Models
- Confidentiality, Integrity, Availability, Non-Repudiation, Privacy
- Identification, Authentication, Authorization
- Access Control Models (MAC, DAC, RBAC)
- Physical Security of Information Assets
Outcome: Discuss attacks, threats, and vulnerabilities associated with computers, systems, and network architectures.
- Threats and Adversaries
- Vulnerabilities and Risks
- Motivations and Techniques
- Types of Attacks
- Password guessing / cracking
- Backdoors / trojans / viruses / wireless attacks
- Sniffing / spoofing / session hijacking
- Denial of service / distributed DOS / BOTs
- MAC spoofing / web app attacks / 0-day exploits
- Social Engineering
- Events that indicate an attack is/has happened
- Legal Issues
- Attack surfaces / vectors
- Attack trees
- Insider problem
- Threat Information Sources (e.g., CERT)
Outcome: Protect information and information systems using cryptography controls.
- Symmetric Cryptography (DES, AES, RC4)
- Public Key Cryptography
- Public Key Infrastructure
- Certificates
- Hash Functions (e.g., MD5, SHA-1, SHA-2, SHA-3)
- For integrity
- For protecting authentication data
- Collision resistance
- Digital Signatures
- Key Management (creation, exchange/distribution)
- Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
- Security Functions (data protection, data integrity, authentication)
Outcome: Explain the role of risk management, auditing, and BCDR (business continuity and disaster recovery) planning in securing information systems.
- Business Impact Analysis
- Business Continuity Management
- Disaster Recovery Planning
- Cybersecurity Risk Management
- Incident Handling
- Security Auditing and Analysis
- Audit Data Collection
- Security Monitoring
Outcome: Analyze a cybersecurity scenario based on professional and ethical principles and applicable laws.
- Professional Ethics
- Codes of Ethics (ISSA, (ISC)2 EC-Council, etc.)
- U.S. Compliance Laws Applicable to Information Security (HIPAA, SOX, FERPA, etc.)
- Payment Card Industry Standards