Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio.

CYB 2001 - Introduction to Cybersecurity Principles

3 lecture hours 0 lab hours 3 credits
Course Description
This course will provide students with an introduction to the principles and core concepts of cybersecurity engineering. The intent is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high-level introduction or familiarization of the topics, not a deep dive into specifics. The course begins with an overview of cybersecurity, including the CIA Triad and uses it to relate with policy and the need for protection mechanisms for data during processing, when in transit, and when at rest.  The course then moves into coverage of the fundamental security design principles upon which security mechanisms (e.g., access control) can be reliably built. When followed, the first principles enable the implementation of sound security mechanisms and systems.  The course then concludes with a discussion of the legal and ethical issues related to cybersecurity and career opportunities within the field.
Prereq: CSC 1120  or instructor consent
Note: None
This course meets the following Raider Core CLO Requirement: None
Course Learning Outcomes
Upon successful completion of this course, the student will be able to:
  • Explain the concept of the CIA triad
  • Explain the concept of the McCumber cube and classify mitigation techniques using the method
  • Explain the key concepts behind basic cybersecurity attacks
  • Explore how email phishing attacks, fake social media accounts, ransomware, and identity theft can violate the cybersecurity goals of confidentiality, integrity, and availability
  • Describe security controls that can be used to protect computing resources
  • Explain the general fundamentals for design 
    •     Simplicity 
    •     Open design
    •     Design for iteration
    •     Least astonishment
  • Explain the general fundamentals for security
    •     Minimize secrets
    •     Complete mediation
    •     Fail-safe defaults
    •     Least privilege
    •     Economy of mechanism
    •     Minimize common mechanism
    •     Isolation
    •     Separation
    •     Encapsulation
  • List the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data
  • Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues
  • Describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it
  • Explain at a high level the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology, and data
  • Evaluate the relationship between ethics and law, describe civil disobedience and its relation to ethical hacking, describe criminal penalties related to unethical hacking, and apply the notion of grey areas to describing situations where law has not yet caught up to technological innovation
  • Describe steps for carrying out ethical penetration testing
  • Describe "ethical hacking" principles and conditions
  • Distinguish between ethical and unethical hacking
  • Distinguish between nuisance hacking, activist hacking, criminal hacking, and acts of war
Prerequisites by Topic
  • Computer programming experience
Course Topics
  • McCumber cube and the CIA triad
  • The adversary model (resources, capabilities, intent, motivation, risk aversion, access)
  • Overview of types of attacks (and vulnerabilities that enable them)
    •     Password guessing/cracking 
    •     Backdoors/trojans/viruses/wireless attacks
    •     Sniffing/spoofing/session hijacking
    •     Denial of service/distributed
    •     DOS/BOTs
    •     web app attacks/0-day exploits 
    •     Covert channels
    •     Social engineering
    •     Insider problem
    •     Man in the middle attack.
  • General fundamental design principles including:
    •     Simplicity
    •     Open design
    •     Design for iteration
    •     Least astonishment
  • Security design principles including:
    •     Minimize secrets
    •     Complete mediation
    •     Fail-safe defaults
    •     Least privilege
    •     Economy of mechanism
    •     Minimize common mechanism
    •     Isolation, separation, and encapsulation
  • Methods for reducing complexity including:
    •     Abstraction
    •     Modularity
    •     Layering
    •     Hierarchy
  • U.S. Laws
    •     Title 18 (Crimes)
    •     18 SC 1030 (Computer Fraud and Abuse Act)
    •     18 SC 2510-22 Electronic Communications Privacy Act
    •     18 SC 2701-12 Stored Communications Act
    •     18 USC 1831-32 Economic Espionage Acts 
    •     Computer Security Act
    •     Sarbanes - Oxley
    •     Gramm - Leach - Bliley
    •     Privacy (COPPA) HIPAA / FERPA
    •     USA Patriot Act
    •     Americans with Disabilities Act, Section 508 
  • International cybersecurity laws
  • Industry standards
    •     Payment Card Industry Data Security Standard (PCI DSS)
    •     UL 2900
    •     ETSI EN 303 645
    •     BSIMM
    •     NIST
  • Cyber ethics
    •     Professional ethics and codes of conduct
    •     Social responsibility
    •     Ethical hacking
  • Emerging topics
Coordinator
Dr. Walter Schilling

Print-Friendly Page (opens a new window)
Add to Portfolio.
Close Window