CCOG for CIS 284C archive revision 201704
You are viewing an old version of the CCOG. View current version »
- Effective Term:
- Fall 2017 through Winter 2022
- Course Number:
- CIS 284C
- Course Title:
- Cybersecurity Concepts
- Credit Hours:
- 4
- Lecture Hours:
- 30
- Lecture/Lab Hours:
- 0
- Lab Hours:
- 30
Course Description
Intended Outcomes for the course
Upon completion of the course students should be able to:
- Describe how the fundamental concepts of cyber defense can be used to provide system security.
- Identify the elements of a cryptographic system.
- Define threats associated with computers, systems, and network architectures.
- Explain access control methods, techniques and technologies for information systems.
Course Activities and Design
This course will be presented by means of
- on-campus lectures or on-line lessons
- Individual reading assignments
- group discussions
- individual and/or group lab assignments
Outcome Assessment Strategies
Students will be assessed on their mastery of the course learning outcomes via the following instruments:
- Research on malware, DOS and DDOS attacks, and security products.
- Successful cryptographic key exchange
- Demonstrated use of packet sniffers
- Evaluation of physical security at specific location.
- Analysis of access control models in terms of applicability.
- Report of risk assessment on information system.
Course Content (Themes, Concepts, Issues and Skills)
Outcome: Describe how the fundamental concepts of cyber defense can be used to provide system security.
- Threats and Adversaries
- Vulnerabilities and Risks
- Basic Risk Assessment
- Security Life-Cycle
- Intrusion Detection and Prevention Systems
- Cryptography
- Data Security (in transmission, at rest, in processing)
- Security Models
- Confidentiality, Integrity, Availability, Non-Repudiation, Privacy
- Security Mechanisms (e.g., Identification/Authentication, Audit)
Outcome: Identify the elements of a cryptographic system
- Symmetric Cryptography (DES, Twofish)
- Public Key Cryptography
- Public Key Infrastructure
- Certificates
- Hash Functions (MD4, MD5, SHA-1, SHA-2, SHA-3)
- For integrity
- For protecting authentication data
- Collision resistance
- Digital Signatures (Authentication)
- Key Management (creation, exchange/distribution)
- Cryptographic Modes (and their strengths and weaknesses)
- Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
- Common Cryptographic Protocols
- DES -> AES (evolution from DES to AES)
- Security Functions (data protection, data integrity, authentication)
Outcome: Define threats associated with computers, systems, and network architectures.
- Adversaries and targets
- Motivations and Techniques
- Types of Attacks
- Password guessing / cracking
- Backdoors / trojans / viruses / wireless attacks
- Sniffing / spoofing / session hijacking
- Denial of service / distributed DOS / BOTs
- MAC spoofing / web app attacks / 0-day exploits
- Social Engineering
- Events that indicate an attack is/has happened
- Legal Issues
- Attack surfaces / vectors
- Attack trees
- Insider problem
- Threat Information Sources (e.g., CERT)
Outcome: Explain access control methods, techniques and technologies for information systems.
- Identification, Authentication, Authorization.
- Access Control Models (MAC, DAC, RBAC)
- Physical Security.