Course Content and Outcomes Guides (CCOG)

CCOG for CIS 284C archive revision 201704

You are viewing an old version of the CCOG. View current version »

Effective Term:
Fall 2017 through Winter 2022

Course Number:
CIS 284C
Course Title:
Cybersecurity Concepts
Credit Hours:
4
Lecture Hours:
30
Lecture/Lab Hours:
0
Lab Hours:
30

Course Description

Provides an introduction to cybersecurity. Explores security trends, vulnerabilities, threats to those vulnerabilities, and current techniques and tools used to fortify network defenses. Examines legal issues associated with information security, as well as how those issues are addressed within the context of an organization. Audit available.

Intended Outcomes for the course

Upon completion of the course students should be able to:

  • Describe how the fundamental concepts of cyber defense can be used to provide system security.
  • Identify the elements of a cryptographic system.
  • Define threats associated with computers, systems, and network architectures.
  • Explain access control methods, techniques and technologies for information systems.

Course Activities and Design

This course will be presented by means of

  • on-campus lectures or on-line lessons
  • Individual reading assignments
  • group discussions
  • individual and/or group lab assignments

Outcome Assessment Strategies

Students will be assessed on their mastery of the course learning outcomes via the following instruments:

  • Research on malware, DOS and DDOS attacks, and security products.
  • Successful cryptographic key exchange
  • Demonstrated use of packet sniffers
  • Evaluation of physical security at specific location.
  • Analysis of access control models in terms of applicability.
  • Report of risk assessment on information system.

Course Content (Themes, Concepts, Issues and Skills)

Outcome: Describe how the fundamental concepts of cyber defense can be used to provide system security.

  • Threats and Adversaries
  •  Vulnerabilities and Risks
  •  Basic Risk Assessment
  •  Security Life-Cycle
  •  Intrusion Detection and Prevention Systems
  •  Cryptography
  •  Data Security (in transmission, at rest, in processing)
  •  Security Models
  •  Confidentiality, Integrity, Availability, Non-Repudiation, Privacy
  •  Security Mechanisms (e.g., Identification/Authentication, Audit)

Outcome: Identify the elements of a cryptographic system

  • Symmetric Cryptography (DES, Twofish)
  • Public Key Cryptography
    • Public Key Infrastructure
    • Certificates
  • Hash Functions (MD4, MD5, SHA-1, SHA-2, SHA-3)
    • For integrity
    • For protecting authentication data
    • Collision resistance
  • Digital Signatures (Authentication)
  • Key Management (creation, exchange/distribution)
  • Cryptographic Modes (and their strengths and weaknesses)
  • Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
  • Common Cryptographic Protocols
  • DES -> AES (evolution from DES to AES)
  • Security Functions (data protection, data integrity, authentication)

Outcome: Define threats associated with computers, systems, and network architectures.

  • Adversaries and targets
  • Motivations and Techniques
  • Types of Attacks
    • Password guessing / cracking
    • Backdoors / trojans / viruses / wireless attacks
    • Sniffing / spoofing / session hijacking
    • Denial of service / distributed DOS / BOTs
    • MAC spoofing / web app attacks / 0-day exploits
  • Social Engineering
  • Events that indicate an attack is/has happened
  • Legal Issues
  • Attack surfaces / vectors
  • Attack trees
  • Insider problem 
  • Threat Information Sources (e.g., CERT)

Outcome: Explain access control methods, techniques and technologies for information systems.

  • Identification, Authentication, Authorization.
  • Access Control Models (MAC, DAC, RBAC)
  • Physical Security.