With the prevalence of data breaches and cyber-attacks, securing intellectual properties and customer’s personally identifiable information has become increasingly challenging in business, government, and academia. It is commonly recognized that a key factor for having a cyber-secured environment and operations is well-trained employees with good cyber hygiene. A small human error may lead to a disastrous cyber incident. The cybersecurity risk management minor is designed for students in non-computing majors who are interested in learning about cybersecurity and developing the knowledge and skills to support organizations in their efforts to protect their computing and informational resources. Students learn the basics of computing and cybersecurity and then gain knowledge and practice in cybersecurity policy and law, risk management, and business continuity plans in the event of a cybersecurity attack.
This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. Topics will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These topics will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises. Lecture 3 (Fall, Spring).
Principles of Computing
This course is designed to introduce students to the central ideas of computing. Students will engage in activities that show how computing changes the world and impacts daily lives. Students will develop step-by-step written solutions to basic problems and implement their solutions using a programming language. Assignments will be completed both individually and in small teams. Students will be required to demonstrate oral and written communication skills through such assignments as short papers, homework, group discussions and debates, and development of a term paper. Computer Science majors may take this course only with department approval, and may not apply these credits toward their degree requirements. Lec/Lab 3 (Fall, Spring).
Cyber Security Policy and Law
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The
central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws. Lecture 3 (Fall, Spring).
Choose two of the following:
Cryptography and Authentication
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course introduces encryption techniques and their application to contemporary authentication methods. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and (MATH-131 or MATH-190) or equivalent courses.) Lecture 3 (Fall, Spring).
Risk Management for Information Security
The three key elements of risk management will be introduced and explored. These are risk analysis, risk assessment, and vulnerability assessment. Both quantitative and qualitative methodologies will be discussed as well as how security metrics can be modeled, monitored, and controlled. Several case studies will be used to demonstrate the risk management principles featured throughout the course. Students will work in teams to conduct risk assessments on the selected case study scenarios. They will develop mitigation plans and present the results of their analysis both in written reports and oral presentations. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lecture 3 (Fall).
Disaster Recovery Planning and Business Continuity
Security and network professionals are increasingly being called upon to apply their knowledge to the development of disaster recovery and business continuity plans. This course will explore DRP/BC in depth using current tools and techniques. Business requirements will be analyzed from the budget, business needs and risk management perspective. Experience gained from at least one co-op is required. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lec/Lab 3 (Spring).