With the prevalence of data breaches and cyber-attacks, securing intellectual properties and customer’s personally identifiable information has become increasingly challenging in business, government, and academia. It is commonly recognized that a key factor for having a cyber-secured environment and operations is well-trained employees with good cyber hygiene. A small human error may lead to a disastrous cyber incident. The cybersecurity risk management minor is designed for students in non-computing majors who are interested in learning about cybersecurity and developing the knowledge and skills to support organizations in their efforts to protect their computing and informational resources. Students learn the basics of computing and cybersecurity and then gain knowledge and practice in cybersecurity policy and law, risk management, and business continuity plans in the event of a cybersecurity attack.
Notes about this minor:
This minor is closed to students majoring in computing security.
Posting of the minor on the student's academic transcript requires a minimum GPA of 2.0 in the minor.
Notations may appear in the curriculum chart below outlining pre-requisites, co-requisites, and other curriculum requirements (see footnotes).
The program code for Cybersecurity Risk Management Minor is CYBRISK-MN.
Curriculum for Cybersecurity Risk Management Minor
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The
central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws. Lecture 3 (Fall, Spring).
Choose one of the following:
Principles of Computing
This course is designed to introduce students to the central ideas of computing. Students will engage in activities that show how computing changes the world and impacts daily lives. Students will develop step-by-step written solutions to basic problems and implement their solutions using a programming language. Assignments will be completed both individually and in small teams. Students will be required to demonstrate oral and written communication skills through such assignments as short papers, homework, group discussions and debates, and development of a term paper. Computer Science majors may take this course only with department approval, and may not apply these credits toward their degree requirements. Lec/Lab 3 (Fall, Spring).
Principles of Computing
This course is designed to introduce students to the central ideas of computing. Students will engage in activities that show how computing changes the world and impacts daily lives. Students will develop step-by-step written solutions to basic problems and implement their solutions using a programming language. Assignments will be completed both individually and in small teams. Students will be required to demonstrate oral and written communication skills through such assignments as short papers, homeworks, group discussions and debates, and development of a term paper. Lecture 3 (Fall).
Choose one of the following:
Fundamentals of Computing Security
An introduction to the fundamental issues, concepts and tools common to all areas of computing security. Topics include identifying attackers and their motivations. Essential techniques will be introduced covering the areas of anti-virus, monitoring, virtual machines, account control, and access rights management. Various security models will be investigated. Concept areas such as confidentiality, integrity, availability and privacy will be studied. Lecture 3 (Fall, Spring).
Information Assurance and Security
Computer-based information processing is a foundation of contemporary society. As such, the protection of digital information, and the protection of systems that process this information has become a strategic priority for both the public and private sectors. This course provides an overview of information assurance and security concepts, practices, and trends. Topics include computing and networking infrastructures, risk, threats and vulnerabilities, legal and industry requirements for protecting information, access control models, encryption, critical national infrastructure, industrial espionage, enterprise backup, recovery, and business continuity, personal system security, and current trends and futures. Lecture 3 (Fall, Spring).
Introduction to Cybersecurity
This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. Topics will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These topics will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises. Lecture 3 (Fall, Spring).
Choose two of the following:
Cryptography and Authentication
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course introduces encryption techniques and their application to contemporary authentication methods. (Prerequisites: (CSEC-101 or 4050-220) and (MATH-131 or MATH-190 or 1055-265) or equivalent courses.) Lecture 3 (Fall, Spring).
Risk Management for Information Security
The three key elements of risk management will be introduced and explored. These are risk analysis, risk assessment, and vulnerability assessment. Both quantitative and qualitative methodologies will be discussed as well as how security metrics can be modeled, monitored, and controlled. Several case studies will be used to demonstrate the risk management principles featured throughout the course. Students will work in teams to conduct risk assessments on the selected case study scenarios. They will develop mitigation plans and present the results of their analysis both in written reports and oral presentations. (Prerequisites: CSEC-101 or equivalent course and 3rd year standing.) Lecture 3 (Fall).
Disaster Recovery Planning and Business Continuity
Security and network professionals are increasingly being called upon to apply their knowledge to the development of disaster recovery and business continuity plans. This course will explore DRP/BC in depth using current tools and techniques. Business requirements will be analyzed from the budget, business needs and risk management perspective. Experience gained from at least one co-op is required. (Prerequisites: CSEC-101 or equivalent course and 3rd year standing.) Lec/Lab 3 (Spring).