BUS: 5040-701 – Creating and Conducting a Cyber Security Assessment

Course Syllabus

 

Course Number, Title and Credits:

BUS: 5040-701 – Creating and Conducting a Cyber Security Assessment

Course Start Date: October 19, 2015

(3 Graduate Credits)

 

Instructor:

Randall Sylvertooth

E-mail: Rs7bg@virginia.edu

Mobile: (440) 991-7765

 

Semester, Dates, Format:

Fall Semester 2015, (10/19/2015 – 12/07/2015)

Online: https://collab.itc.virginia.edu/portal

Course prerequisite: No course prerequisite is required at this time.

 

Course Description:

 

The Creating and Conducting a Cyber Security Assessment course was developed based upon the evolving affects of cyber-security in today’s world. The world is forever at a fast technological pace of never ending resources and technology innovations. Therefore, it makes an adversarial threat more frequent and able to conduct many and various types of cyber attacks. The course will prepare students by demonstrating and instructing them how to assess and evaluate various cyber-security risks and how to conduct computer cyber-security audits in this ever changing and fast pace environment of technology. Students will explore and understand the various methodologies that exist across all industries on how to conduct and manage a cyber security assessment, risk analysis and how to mitigate the various cyber security threats. Students will also explore current cyber-security policy issues that exist in both the private and public sectors.

 

The more detailed concepts in Creating and Conducting a Cyber Security Assessment that this course will explore are:

 

1. Understanding and documenting the different types of cyber attacks on both U.S.

government and private industry enterprise systems.

2.      Analyzing and mitigating collected data after a cyber attack has occurred.

3.      Creating a cyber risk assessment and mitigation Plan.

 

 

 

Required Text Book:

Computer Security: Principles and Practice (3rd Edition)

By William Stallings and Lawrie Brown

ISBN-13: 978-0133773927| ISBN-10: 0133773922

 

Course Delivery:

 

The course will be conducted using a combination of online class discussion posts, case study exercises and individual research projects. The course will be taught via a series of case studies, each of which will introduce an important topic to build upon each student's fundamental building blocks. Many of the case studies and on-line projects will serve as the foundation to the presented subject matter in relation to other courses which compose of the Cyber Security Management Certificate Program. Some of the case studies, discussion posts and on-line projects will also survey the student's knowledge and subject matter that has been gained from other information technology programs. In addition, each of the case studies, discussion posts and online projects will be supported by readings in the assigned textbook, white papers and related current event news articles.

 

Course activities to meet objectives:

 

The course will be delivered by instruction through online lecture notes, discussion posts, case studies, online projects and reports by the use of PowerPoint presentations, written white papers and the review and analysis of current news articles. Interaction with online classmates, especially for discussion posts is mandatory and is very much encouraged.

 

Course Objectives/Outcome:

On successful completion, the student will be able to:

1.      Understand and write reports on cyber threat attack analysis.

2.      Understanding and write cyber security policy based on assessments.

3.      Detect and analyze incidents of action of attacks and threats.

4.      Establish cyber security controls based on established models and frameworks.

5.      Manage attack countermeasures.

6.      Mitigate risks of such threats and attacks.

7.      Cycling of reports and evidence procedures for prosecution after such assessments has

         been produced.

 

Preparation and student expectations:

 

Reading Assignments: Students are expected to read all assigned readings and case studies before posting discussion posts and case study assignments. Students are also encouraged to read on their own, as much of the suggested readings as possible to enhance their insight into the course subject matter. The instructor will provide additional materials such as related white papers and reprinted articles for online discussion sessions.

 

As a preliminary preparation for this course, it is necessary that the students effectively review all materials and complete the individual assignments by the due dates. Late assignments will be reflected by a reduction in grade. 

 

 

 

Course Policy:

 

Class discussion posts online is mandatory. This is an on-site lecture course, if unforeseeable circumstances cause students to miss two or more weeks, that student is expected to discuss the situation in advance with the instructor to make up assignments.

 

Online participation is mandatory.  To comply with accreditation standards students must log on and complete the required online discussion posts per week in addition to completing weekly scheduled case study assignments, course projects and exams to in order to maintain the clock hours that are required to receive full graduate credit.

 

All work done in conjunction with the course must be typed and double space. The instructor reserves the right to impose other formatting instructions as the need arises i.e., footnotes should be included at the end of assignments instead of at the bottom of each page, etc.

 

The Academic Honor System

 

The University of Virginia academic honor system embodies many of Mr. Jefferson's principles.  The purpose of the Honor System is to sustain and protect a community of trust in which students can enjoy the freedom to develop their intellectual and personal potential.  The concept of an honor system implies that students commit themselves to the pursuit of truth.  At the Division of Continuing Education, course is conducted in the spirit of the Honor System.  The instructor will indicate which assignments and activities are to be done individually or which permit collaboration.  The following pledge should be written out at the end of all quizzes, examinations, individual assignments and papers:  "I pledge that I have neither given nor received help on this examination (quiz, assignment, etc.)"  The pledge should be signed by the student.  If you have any questions about the Honor System, you may contact the Honor Committee in Charlottesville, VA at 434-924-3452.

 

 Evaluation and Grading Criteria: Student grades will be determined by online discussion posts, course case study assignments, individual course project reports and course examinations.

 A final examination will be given in order to cover the fundamental concepts and their application within Cyber Security Management, which will be practiced in conjunction with completing the case studies. The examination will be used to ensure the concepts and principles of the course are mastered so that the student realizes a satisfactory grade. The examination will also assure the development of a workable knowledge base in information security management and the proficiency in applying the concepts to address real world requirements and situations.

The instructor will assign various case studies that will draw upon student’s knowledge and proficiency with security concepts and principles. The case studies should challenge your ability to implement practical cost-effective solutions and collaboration as a team.

 

The following table features the percentage breakdown of each assignment area towards the final grade:

 

Quality Discussion Posts - Participation	20 %
Weekly Case Studies	20%
Mid-Term Exam	30%
Individual Research Project and Report	30%
Total	100%

 

Grading Scale:

 

A	95-100
A-	90-94
B+	86-89
B	82-85
B-	79-81
C+	75-78
C	71-74
C-	68-70
F	67 AND BELOW

 

Schedule of Assignments

 

Fall-2015	Topic Discussion	Weekly Text-based Assignments
	Course Introduction Security Compliance	Case Study Due
	Vulnerability Sources Security Risks	Case Study Due (1) Class Post Due
	Security Gap Assessments Risk Assessment Basics	Case Study Due
	Risk Analysis and Methodologies Risk Management Plans	Case Study Due (2) Class Posts Due
	Research on Project	Project Due
	Mid-Term Research Project	Project Due (2) Class Posts Due
	Risk Assessment Mitigation Role of Security Manager in Developing a Security Assessment	Case Study Due  (2) Class Posts Due
	Continue on Mid Term for Final Research Project	Project Sunday
	Research Project Feedback and Grades	Last Day

 

Course Research Project and Report: Each student must select and complete a course research capstone project. The instructor will approve the topic. The format of the course research paper will use the standards of the IEEE format. In addition, special review sessions will be conducted in an agreed upon time to assist students to focus on the subject matter to be researched. As well, a twenty (20) minimum slide deck summary of the research conducted will be due as a final presentation of your course research project.

 

Research Project -  (5 pages written IEEE Format w/ 20 Presentation Powerpoint Slides)

·         Table of contents with detailed sub headings (maximum of 4 levels)

·         Executive summary of the topic/subject and what was accomplished

·         Introduction (purpose, methodology, structure)

·         Formulation of the problem and elaboration

·         A brief literature review and discussion of possible operations management

·         Management, measures and techniques relevant to the topic

·         Approach methodology/presentation/body of discussion

·         Conclusions and/or requirements

·         References and bibliography

·         Appendices

 

Case Study Analysis:

For case analysis, consider the following proposed process:

 

·         Read the case carefully and consider the key issues.

·         Determine which aspects are the most important to consider. For each aspect/area of importance identified, do the following:

 

·         Identify key/relevant/critical items and compile facts, identify problems, elements for more in depth analysis and record in comparative matrices. Use tables to support suppositions, insight, observations and conclusions.

·         Consider and document the actions that should be taken to correct the particular negative impacts into positive or negligible outcomes.

·         Determine the positive or negative impact that each item will have against one and another by evaluating the effect of these collective impacts. Be sure to discuss the positive and negative influences caused by their collective interactions. For negative influences, recommend a solution(s) to alleviate the potentially detrimental effects.

 

Technical Specifications: Computer Hardware

• Minimum Operating System
  • Windows 7 SP1 (Professional preferred)
  • Mac OS X 10.8 or 10.9 
• Minimum Processor Speed: Equivalent to an Intel Core 2 Duo (1.5 GHz)

• Minimum RAM: 4 GB
• Minimum Hard Disk Space: 150 GB of free hard disk space (after all programs are loaded)
• Networking Capability: Wireless networking (802.11g or n) and an Ethernet port
• Strongly Recommended Accessories:
  •  An Ethernet cable (Even if you will primarily use wireless, a wired connection is faster and more reliable for video-streaming, live online meetings and large file uploads and downloads.)
  • CD/DVD drive and/or “thumb” or flash drive(s), plus a backup storage mechanism

Technical Support Contacts

• Login/Password: scpshelpdesk@virginia.edu
• UVaCollab: collab-support@virginia.edu
• BbCollaborate Support: http://www.tinyurl.com/uvabbc

 

UVa Policies SCPS Grading Policies: Courses carrying a School of Continuing and Professional Studies subject area use the following grading system: A+, A, A-; B+, B, B-; C+, C, C-; D+, D, D-; F.  S (satisfactory) and U (unsatisfactory) are used for some course offerings. For noncredit courses, the grade notation is N (no credit). Students who audit courses receive the designation AU (audit). The symbol W is used when a student officially drops a course before its completion or if the student withdraws from an academic program of the University. Please visit www.scps.virginia.edu/audience/students/grades for more information.

 

• : Students are expected to attend all class sessions. Instructors establish attendance and participation requirements for each of their courses. Class requirements, regardless of delivery mode, are not waived due to a student's absence from class. Instructors will require students to make up any missed coursework and may deny credit to any student whose absences are excessive. Instructors must keep an attendance record for each student enrolled in the course to document attendance and participation in the class.

 

University Email Policies: Students are expected to check their official UVa email addresses on a frequent and consistent basis to remain informed of University communications, as certain communications may be time sensitive. Students who fail to check their email on a regular basis are responsible for any resulting consequences.

 

End-of-Class Evaluations:Students are expected to complete the online end-of-class evaluation. As the semester comes to a close, students will receive an email with instructions for completing this. Student feedback will be very valuable to the school, the instructor, and future students. We ask that all students please complete these evaluations in a timely manner. Please be assured that the information you submit online will be anonymous and kept confidential.

 

University of Virginia Honor System:All work should be pledged in the spirit of the Honor System at the University of Virginia. The instructor will indicate which assignments and activities are to be done individually and which permit collaboration. The following pledge should be written out at the end of all quizzes, examinations, individual assignments and papers:  “I pledge that I have neither given nor received help on this examination (quiz, assignment, etc.)”.  The pledge must be signed by the student. For more information, visit www.virginia.edu/honor.

 

Special Needs: It is the policy of the University of Virginia to accommodate students with disabilities in accordance with federal and state laws. Any SCPS student with a disability who needs accommodation (e.g., in arrangements for seating, extended time for examinations, or note-taking, etc.), should contact the Student Disability Access Center (SDAC) and provide them with appropriate medical or psychological documentation of his/her condition. Once accommodations are approved, it is the student’s responsibility to follow up with the instructor about logistics and implementation of accommodations. Accommodations for test taking should be arranged at least 14 business days in advance of the date of the test(s). Students with disabilities are encouraged to contact the SDAC: 434-243-5180/Voice, 434-465-6579/Video Phone, 434-243-5188/Fax. Further policies and statements are available at www.virginia.edu/studenthealth/sdac/sdac.html

For further policies and statements about student rights and responsibilities, please visit www.scps.virginia.edu/audience/students

The Creating and Conducting a Cyber Security Assessment course was developed based upon the evolving affects of cyber-security in today’s world. The world is forever at a fast technological pace of never ending resources and technology innovations. Therefore, it makes an adversarial threat more frequent and able to conduct many and various types of cyber attacks. The course will prepare students by demonstrating and instructing them how to assess and evaluate various cyber-security risks and how to conduct computer cyber-security audits in this ever changing and fast pace environment of technology. Students will explore and understand the various methodologies that exist across all industries on how to conduct and manage a cyber security assessment, risk analysis and how to mitigate the various cyber security threats. Students will also explore current cyber-security policy issues that exist in both the private and public sectors.