University of Virginia

School of Continuing and Professional Studies

 

BUS: 5040 – Creating and Conducting a Cyber Security Assessment

Course Syllabus:

Course Number, Title and Credits:

BUS: 5040 – Creating and Conducting a Cyber Security Assessment

Course Start Date: November 1, 2014

(3 Graduate Credits)

 

Instructor:

Randall Sylvertooth

E-mail: Rs7bg@virginia.edu

Mobile: (440) 991-7765

 

Dates:

Fall Semester 2013, (11/01/2014 – 12/03/2014)

Online: https://collab.itc.virginia.edu/portal

Course prerequisite: No course prerequisite is required at this time.

 

Course Description:

The Creating and Conducting a Cyber Security Assessment course was developed based upon the evolving effects of cyber security in today’s world and because of the fast technological pace of never ending resources and technology innovations that makes an adversarial threat more frequent to various types of cyber attacks and risk analysis. This course will assist the student in learning how to assess and evaluate cyber security risks and to conduct computer security audits in the ever changing and fast pace environment of technology.

Students will explore and understand the various methodologies across all industries on how to conduct and manage a cyber security assessment, risk analysis and how to mitigate various cyber security threats. The objective of this course will also enable students to explore current cyber policy issues both in private and the public sectors and their implementation.

The more detailed concepts in Creating and Conducting a Cyber Security Assessment that this course will explore are:

 

1.      Understanding and documenting types of cyber attacks on both U.S. government and

         private industry information technology enterprises.

2.      Analyzing and mitigating collected data after a cyber attack has occurred.

3.      Creating a cyber risk assessment and mitigation Plan.

 

Required Text Book:

Computer Security: Principles and Practice (3rd Edition)

By William Stallings and Lawrie Brown

ISBN-13: 978-0133773927| ISBN-10: 0133773922

 

Course Delivery:

The course will be conducted using a combination of online class discussion posts, case study exercises and individual research projects. The course will be taught via a series of case studies, each of which will introduce an important topic to build upon each student's fundamental building blocks. Many of the case studies and on-line projects will serve as the foundation to the presented subject matter in relation to other courses which compose of the Cyber Security Management Certificate Program. Some of the case studies, discussion posts and on-line projects will also survey the student's knowledge and subject matter that has been gained from other information technology programs. In addition, each of the case studies, discussion posts and online projects will be supported by readings in the assigned textbook, white papers and related current event news articles.

Course activities to meet objectives:

The course will be delivered by instruction through online lecture notes, discussion posts, case studies, online projects and reports by the use of PowerPoint presentations, written white papers and the review and analysis of current news articles. Interaction with online classmates, especially for discussion posts is mandatory and is very much encouraged.

Course Objectives/Outcome:

On successful completion, the student will be able to:

1.      Understand and write reports on cyber threat attack analysis.

2.      Understanding and write cyber security policy based on assessments.

3.      Detect and analyze incidents of action of attacks and threats.

4.      Establish cyber security controls based on established models and frameworks.

5.      Manage attack countermeasures.

6.      Mitigate risks of such threats and attacks.

7.      Cycling of reports and evidence procedures for prosecution after such assessments has

         been produced.

 

Preparation and student expectations:

Reading Assignments: Students are expected to read all assigned readings and case studies before posting discussion posts and case study assignments. Students are also encouraged to read on their own, as much of the suggested readings as possible to enhance their insight into the course subject matter. The instructor will provide additional materials such as related white papers and reprinted articles for online discussion sessions.

As a preliminary preparation for this course, it is necessary that the students effectively review all materials and complete the individual assignments by the due dates. Late assignments will be reflected by a reduction in grade. 

Course Policy:

Class discussion posts online is mandatory. This is an on-site lecture course, if unforeseeable circumstances cause students to miss two or more weeks, that student is expected to discuss the situation in advance with the instructor to make up assignments.

Online participation will be mandatory.  To comply with accreditation standards students must log on and complete the required online discussion posts per week in addition to completing weekly scheduled case study assignments, course projects and exams to in order to maintain the clock hours that are required to receive full graduate credit.

All work done in conjunction with the course must be typed and double space. The instructor reserves the right to impose other formatting instructions as the need arises i.e., footnotes should be included at the end of assignments instead of at the bottom of each page, etc.

 

The Academic Honor System

 

The University of Virginia academic honor system embodies many of Mr. Jefferson's principles.  The purpose of the Honor System is to sustain and protect a community of trust in which students can enjoy the freedom to develop their intellectual and personal potential.  The concept of an honor system implies that students commit themselves to the pursuit of truth.  At the Division of Continuing Education, course is conducted in the spirit of the Honor System.  The instructor will indicate which assignments and activities are to be done individually or which permit collaboration.  The following pledge should be written out at the end of all quizzes, examinations, individual assignments and papers:  "I pledge that I have neither given nor received help on this examination (quiz, assignment, etc.)"  The pledge should be signed by the student.  If you have any questions about the Honor System, you may contact the Honor Committee in Charlottesville, VA at 434-924-3452.

 

 Evaluation and Grading Criteria: Student grades will be determined by online discussion posts, course case study assignments, individual course project reports and course examinations.

A final examination will be given in order to cover the fundamental concepts and their application within Cyber Security Management, which will be practiced in conjunction with completing the case studies. The examination will be used to ensure the concepts and principles of the course are mastered so that the student realizes a satisfactory grade. The examination will also assure the development of a workable knowledge base in information security management and the proficiency in applying the concepts to address real world requirements and situations.

The instructor will assign various case studies that will draw upon student’s knowledge and proficiency with security concepts and principles. The case studies should challenge your ability to implement practical cost-effective solutions and collaboration as a team.

 

The following table features the percentage breakdown of each assignment area towards the final grade:

 

Quality of Online Discussion Posts - Participation	25 %
Weekly Case Studies	25%
Individual Research Project and Report	50%
Total	100%

 

Grading Scale:

 

A	95-100
A-	90-94
B+	86-89
B	82-85
B-	79-81
C+	75-78
C	71-74
C-	68-70
F	67 AND BELOW

 

Schedule of Assignments

 

Fall-2014	Topic Discussion	Weekly Text-based Assignments
1 - 9 Nov.	Course Introduction Security Requirements	Case Study Due Wed - 5 Nov
	Vulnerability Sources Security Risks	Case Study Due 9 Nov (1) Class Post Due Sun - 9 Nov
10 - 16 Nov.	Skype Session - Set up accounts Security Gap Assessments Risk Assessment Basics	Case Study Due Wed - 12 Nov
	Risk Analysis and Methodologies Risk Management Plans	Case Study Due 16 Nov (2) Class Posts Due Sun - 16 Nov
17 - 23 Nov.	First Full Skype Session - Synchronous Class Monday-11-17 Research on Project	Project Due Sun - 23 Nov
	Mid-Term Research Project	Project Due Sun - 23 Nov (2) Class Posts Due Sun - 23 Nov
24 - 30 Nov.	Risk Assessment Mitigation Role of Security Manager in Developing a Security Assessment	Case Study Due Wed - 26 Nov (2) Class Posts Due Sun - 30 Nov
	2nd Full Skype Session - Synchronous Class Monday -11/24 Continue on Mid Term for Final Research Project	Project Due - 30 Nov Sunday
3 Dec.	Research Project Feedback and Grades	Last Day - 3 Dec.

 

Research Project:

Course Research Project and Report: Each student must select and complete a course research capstone project. The instructor will approve the topic. The format of the course research paper will use the standards of the IEEE format. In addition, special review sessions will be conducted in an agreed upon time to assist students to focus on the subject matter to be researched. As well, a twenty (20) minimum slide deck summary of the research conducted will be due as a final presentation of your course research project.

 

Suggested course research paper - (5 pages in IEEE Format and Twenty (20) Slides PowerPoint):

·         Table of contents with detailed sub headings (maximum of 4 levels)

·         Executive summary of the topic/subject and what was accomplished

·         Introduction (purpose, methodology, structure)

·         Formulation of the problem and elaboration

·         A brief literature review and discussion of possible operations management

·         Management, measures and techniques relevant to the topic

·         Approach methodology/presentation/body of discussion

·         Conclusions and/or requirements

·         References and bibliography

·         Appendices

 

Case Study Analysis:

For case analysis, consider the following proposed process:

 

·         Read the case carefully and consider the key issues.

·         Determine which aspects are the most important to consider. For each aspect/area of importance identified, do the following:

 

·         Identify key/relevant/critical items and compile facts, identify problems, elements for more in depth analysis and record in comparative matrices. Use tables to support suppositions, insight, observations and conclusions.

·         Consider and document the actions that should be taken to correct the particular negative impacts into positive or negligible outcomes.

·         Determine the positive or negative impact that each item will have against one and another by evaluating the effect of these collective impacts. Be sure to discuss the positive and negative influences caused by their collective interactions. For negative influences, recommend a solution(s) to alleviate the potentially detrimental effects.