SYLLABUS CYB 605 Principles of Cyber Security Utica College MS in Cyber Security 3 credits Instructor: Joseph J.

Sharkey Utica email: jjsharke@utica.edu Phone: 315-520-8106 Course Description: This course presents the student with foundational concepts and processes to achieve better information security in a modern enterprise. The student will develop an appreciation for the threat and risk of information exposure, as well as risk management and mitigation techniques to limit losses. The essential elements of an information security policy will be presented and explored in class. The importance of incident response, reporting, and containment will be discussed in the context of timely restoration of the information enterprise and notification of appropriate authorities for prosecutorial action. Modern information security technologies will be explored as well as their limitations. Legal, ethical, and privacy issues will be discussed. The course will use hands-on labs and exercises to illustrate the workings of information security technologies. Required Textbooks: Pfleeger, Charles. (2007). Security in Computing. Boston, MA. Prentice Hall. ISBN: 013-239077-9 Carr, Jeffrey. (2010). Inside Cyber Warfare. Sebastopol, CA: OReilly. ISBN: 978-0-59680215-8. Publication Manual of the American Psychological Association. (2010). Sixth edition. ISBN: 978-1-4338-0561-5 Selected readings on cyber security will be provided weekly. General Requirements Students must have access to the Internet, preferably broadband hi-speed, to complete readings, assignments, and communicate with the instructor and other course participants. Learner Outcomes: At the completion of this course, participants will be able to: 1

 Evaluation:

Understand the role of information in a modern organization, corporation, or government. Identify general classes of security threats and vulnerabilities in an organization. Understand how to create and critically evaluate an information security policy to ensure that critical business functions are sustainable while addressing the greatest information security risks. Apply the security management process to mitigate threats of information disclosure for core business processes. Understand the fundamentals behind currently-employed computer security technologies. Understand the legal, ethical, and privacy-related issues pertaining to information security. Know how to develop an incident response and recovery plan for the first responders as well as the entire organization. Realize that there is no such thing as perfect security.

Grade Points and Credit Hours Grade points are awarded on the basis of: 4.0 = A 3.7 = A3.3 = B+ 3.0 = B 2.7 = B2.3 = C+ 2.0 = C 0=F Grading will be on the following system: 93%-100% 90 % 92.9% 87%-89.9% 83%-86.9% 80%-82.9% 77% 79.9% 70%-76.9% Below 70 =A = A= B+ =B = B= C+ =C =F

Points are allotted to the following course components: In-class case analysis/cyber ethics Top 5 security issues paper Initial quiz Cyber security labs (8 @ 10 pts each) Reflective threaded discussions (2 @ 15 pts each) Final research exam TOTAL 10 points 15 points 15 points 80 points 30 points 50 points 200 points

Points earned will be added together. Points earned divided by total points will equal percentage of points earned. See grading percentages above to convert. The instructor reserves the right to adjust individual grades for group projects based on participation, frequency of communication, and feedback from group members. Grade of Incompletes A grade of Incomplete may be granted only if it can be demonstrated that it would be unfair to hold a student to the normal time limits for the course. A Request for Grade of Incomplete Contract must be completed by both the student and the instructor and requires the approval of the appropriate division dean. The amount of time granted to complete the Incomplete will be set by the instructor at the time the contract is submitted. Even though an instructor may require a student to repeat certain elements of a course to finish an Incomplete, students should not register for the course a second time. A grade of "I" will remain on the record until a change of grade is submitted by the instructor. Completing requirements for a course does not remove the Incomplete from the record. The "I" remains a permanent part of the academic record and transcript so that the change from Incomplete to a grade can be clearly identified. An Incomplete may affect a student's financial aid. Please contact the Office of Financial Aid for more information. Make-up Examinations If a student is unable to take any scheduled examination, a make-up examination may be given at the discretion of the instructor. Such examinations must be taken during the same semester in which the examination was missed, unless a grade of Incomplete is given for sufficient reason. Withdrawal Students who withdraw from the college must notify the Office of the Registrar and the Office of Financial Aid. Withdrawal notification must be made in writing. Unless this is done, a student's grade for all current courses will automatically be an "F", and he or she will not be eligible to receive a refund. Students who withdraw from the college up to two weeks after the official midterm date 3

of the term will receive grades of "WD" (withdrawn). Students who withdraw after that date will receive grades of "WF". Students may be placed on probation by the committee when they return, depending on the conditions surrounding their withdrawals. Class Policies: This is an accelerated eight week course of online learning. Students are expected to post assignments in a timely manner. For discussion threads students are expected to post substantive reactions to others at least three times each week during the discussion. Regular and timely posting is critical to both your learning and that of your fellow students. Specific instructions will be given for each discussion. Academic Honesty. Utica College expects students to adhere to the principles and policies of academic honesty articulated in its Policy on Academic Honesty published in the Graduate Catalog. While collaboration and discussion, both in class and online is encouraged, work submitted as an individual must be only the work of that student. Written or spoken assignments which have been previously prepared or presented for any reason, must have instructor permission to be used in this class. Use of sources of information or the ideas of others must be properly cited and credited. Questions about the application of this expectation and policy should be directed to the instructor for clarification in advance of submission of work. Violation of this policy is grounds for awarding an 'F' for the assignment and/or referral to the College for academic misconduct disciplinary review. Intellectual honesty is necessary for the free exchange of ideas. Plagiarism, a serious form of intellectual dishonesty, is defined as the use of ideas and phrases in the writings of others as one's own without crediting the source. Sources can include books, papers written by anyone else, editorials, opinions, reference articles, or other media, including the Internet. Paraphrasing must be cited and credited as well. Credit must be given either internally in the text or in formal notes. Cheating refers to both the giving and the receiving of unauthorized assistance in the taking of examinations. Students who assist other students in acts of plagiarism and/or cheating, or who otherwise contribute to acts of intellectual dishonesty, such as providing a term paper, lab report, or other assignment paper for unauthorized use, are subject to the appropriate penalties. Utica College faculty are authorized to assign the grade "F" for Cheating as a penalty for dishonesty in examinations or in the writing of themes, term papers, laboratory reports, or other assignments. Students who receive an "F" for cheating forfeit their right to withdraw without penalty. (The phrase "for Cheating" will be removed upon graduation at the student's request.) The vice president for academic affairs and dean of the faculty shall inform the student in writing of the professor's decision and of his or her right to a hearing before the Judicial Committee. Requests for a hearing should be made to the vice president for academic affairs and dean of the faculty. The vice president for academic affairs and dean of the faculty will refer any repeat offense to the Academic Standards Committee, which may recommend a more severe penalty.

Software and Intellectual Rights Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgement, right to privacy, and right to determine the form, manner, and terms of publication and distribution. Because electronic information is so volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. VIOLATIONS OF AUTHORIAL INTEGRITY, INCLUDING PLAGIARISM, INVASION OF PRIVACY, UNAUTHORIZED ACCESS, AND TRADE SECRET AND COPYRIGHT VIOLATIONS MAY BE GROUNDS FOR SANCTIONS AGAINST ANY MEMBER OF THE ACADEMIC COMMUNITY. Non-Discrimination Policy Utica College is an equal opportunity, affirmative action institution and accepts students and employs individuals without regard to race, creed, color, sex, ethnic or national origin, religion, marital status, age, sexual orientation, veteran status, or disability. This nondiscrimination policy covers admissions, employment, and access to and treatment in College programs, services, and activities. Utica College welcomes the physically challenged, and in compliance with Section 504 of the Rehabilitation Act of 1973 (as amended) and the Americans with Disability Act of 1990 (ADA) does not discriminate on the basis of handicap. The coordinator of learning services coordinates the College's efforts to comply with the applicable law and regulations. The director of student development coordinates the College's academic support services to provide reasonable accommodations for students with disabilities. Utica College also welcomes qualified disabled veterans and veterans of the Vietnam Era and, in compliance with section 402 of the Vietnam Era Veterans' Readjustment Assistance Act of 1974, does not discriminate against such individuals. The director of physical education and athletics coordinates the College's efforts to comply with the applicable law and regulations. Utica College supports equal opportunity for both sexes and, in compliance with Title IX of the Education Amendments of 1972, does not discriminate on the basis of sex. In accordance with federal law and regulations, this policy is subject to exceptions with regard to military programs. The College remains strongly opposed to legally discriminatory policies that are contrary to our core values, philosophy of inclusion, and Non-Discrimination Policy. Questions about any of the College's affirmative action policies may be directed to the affirmative action officer in the Office of Human Resources, Utica College, 1600 Burrstone Road, Utica, New York 13502-4892, (315) 792-3276. 5

SCHEDULE Week 1 29 Aug Topic Assessing the Cyber Warfare Problem Non-State Actors Week 2 5 Sept Network Security Responses to Cyber Attacks Cryptography Legal Issues Week 3 12 Sept Intelligence Component to Cyber Warfare Administering Security Week 4 19 Sept Non-State Hackers and the Social Web Application Security Week 5 26 Sept Follow the Money Organized Crime Operating System Security Week 6 3 Oct Attribution Weaponizing Malware Selected Topic of the Week: Botnets Trusted Operating Systems Reflective Discussion #2: Weeks 4 6 Selected Topic of the Week: The Russian Business Network, Intrusion Detection System Strengths and Limitations Readings: Carr Chapters 9 and 10 Pfleeger Pages 242-243 and 264-286 Assignments Readings: Carr Chapters 1 and 2 Pfleeger Chapters 1 and 7 Selected Topic of the Week: Network Security Review, Trusted Computing Group Readings: Carr Chapters 3 and 4 Pfleeger Chapter 2 and also Pages 679-692 Selected Topic of the Week: PBS Frontline Spying on the Home Front, Wiretapping, PATRIOT Act Readings: Carr Chapter 5 Pfleeger Chapter 8 Selected Topic of the Week: PBS Frontline The Man Who Knew, Risk Management Reflective Discussion #1: Weeks 1 3 Readings: Carr Chapter 6 Pfleeger Chapter 3 Selected Topic of the Week: Security Policies and Models, Cloud Computing Security Readings: Carr Chapters 7 and 8 Pfleeger Chapter 4

Week 7 10 Oct

The Role of Cyber in Military Doctrine Cyber Early Warning Policy Makers

Readings: Carr Chapters 11 - 13 Pfleeger Pages 626-638 Selected Topic of the Week: Natl Research Council Cyber Attack Report Chaps 3 5

Week 8 17 Oct

Privacy in Computing Special Topic

Selected Readings of the Week: DHS Build Security In Final Research Exam (Due 22 October at 6pm)