This course is the first of a two-course series that introduces the interdisciplinary field of cyberspace security. The technical foundation for the cybersecurity defender is a particular combination of network, operating system, hardware (mobile/desktop/server) and software engineering skills, all of which are required to protect and defend modern systems, networks and information assets. Students will explore in-depth technical foundations which underpin cybersecurity threats and corresponding defenses. Through hands-on training students will gain necessary skills to begin supporting and implementing cyberspace security. This course will cover the following topics: Security and Risk Management (security governance principles, compliance, legal and regulatory issues, professional ethic, and security policies), Asset Security (information and asset classification and ownership, data security controls and handling requirements), Security Engineering (secure Engineering processes, security models, security evaluation model, security architectures and designs, cryptography, and physical security), and Communications and Network Security (secure network architecture design, secure network components, secure communication channels, and network attacks)
- Explain the basic concepts of confidentiality, integrity, and availability, including how they differ and how they interact with each other.
- Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
- Apply secure design principles to network architecture, design and establish secure communication channels, and understand how to secure network components.
- Demonstrate expertise in reading peer-reviewed papers in cyberspace security, and explain them in writing.
- Apply security governance principles using different control frameworks.
- Recognize the best practices and guidelines for developing and verifying effective security policies and procedures, security goals, threats and vulnerabilities, standards and security policy development, forensics, privacy implications, and ethics.
- Understand and apply risk management concepts
- Understand business continuity requirements and planning
- Understand legal and regulatory issues that pertain to information security in a global context
- Classify information assets, determine and maintain their ownership, ensure appropriate retention, and determine appropriate data controls
- Evaluate severity levels and possible fixes to remediate the uncovered issues and be able to provide comprehensive solutions.
- Use common confidentiality and integrity models (e.g., Bell-LaPadula, Lipner, Chinese Wall) to model of a simple system, and to prove results concerning system confidentiality and integrity.