Cybersecurity Risk Management Minor - Curriculum

This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. Topics will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These topics will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises. Lecture 3 (Fall, Spring).

This course is designed to introduce students to the central ideas of computing. Students will engage in activities that show how computing changes the world and impacts daily lives. Students will develop step-by-step written solutions to basic problems and implement their solutions using a programming language. Assignments will be completed both individually and in small teams. Students will be required to demonstrate oral and written communication skills through such assignments as short papers, homework, group discussions and debates, and development of a term paper. Computer Science majors may take this course only with department approval, and may not apply these credits toward their degree requirements. Lec/Lab 3 (Fall, Spring).

Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws. Lecture 3 (Fall, Spring).

As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course introduces encryption techniques and their application to contemporary authentication methods. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and (MATH-131 or MATH-190) or equivalent courses.) Lecture 3 (Fall, Spring).

The three key elements of risk management will be introduced and explored. These are risk analysis, risk assessment, and vulnerability assessment. Both quantitative and qualitative methodologies will be discussed as well as how security metrics can be modeled, monitored, and controlled. Several case studies will be used to demonstrate the risk management principles featured throughout the course. Students will work in teams to conduct risk assessments on the selected case study scenarios. They will develop mitigation plans and present the results of their analysis both in written reports and oral presentations. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lecture 3 (Fall).

Security and network professionals are increasingly being called upon to apply their knowledge to the development of disaster recovery and business continuity plans. This course will explore DRP/BC in depth using current tools and techniques. Business requirements will be analyzed from the budget, business needs and risk management perspective. Experience gained from at least one co-op is required. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lec/Lab 3 (Spring).