course syllabus - university of southern maine · course syllabus course description: an...
TRANSCRIPT
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 1 of 8
University of Southern Maine
COS 200 / ITT 200 – Introduction to Cyber Security
College of Science, Technology & Health Fall 2018, COS 200-0001
Department of Technology & ITT 200-0001
Mark Monnin
Course Syllabus
Course Description:
An introduction to the fundamentals of cyber security and information assurance. Students will develop a
knowledge base for defining and recognizing both online threats and potential targets, and develop
intellectual tools for evaluating relative risks within cyberspace. Students will apply theories and best
practices for addressing potential costs of countermeasures for cyber attacks. Prerequisite: COS 160/170
or instructor permission. Offered fall semester only. Lecture and lab. Cr 3.
Outcomes:
1. Explain what is meant by integrity, confidentiality, and authentication.
2. Explain the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and
remediation.
3. Describe legal and ethical considerations related to the handling and management of enterprise information
assets.
4. Give an example of how inside and external attacks are similar and are different.
5. Explain the three key factors involved in authentication and how they are used to verify identity and grant
access to a system.
6. Explain the process and value of two-factor authentication.
7. Explain how cryptosystems offer integrity, confidentiality and authentication.
8. Explain how cryptographic encryption algorithms are used to implement confidentiality in document
transfer.
9. Explain digital signatures and certificates.
10. Explain how public key infrastructure (PKI) works.
11. Explain how one-way functions are used to implement a non-repudiation service.
12. Describe a situation where a forensic investigation would be necessary.
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 2 of 8
13. Explain how a Denial of Service attack works against an organization’s network.
14. Identify and distinguish between the different types of Malware (viruses, Trojan horses, worms).
Text:
CISSP Guide to Security Essentials
Authors: Peter H. Gregory
Edition: 2nd edition
Publisher: Cengage Learning
Meeting time and Location:
This course meets every Monday and Wednesday from 2:00pm until 3:15pm in JMC 242 (Gorham)
Contacting the Instructor:
E-mail: [email protected]
Phone: (207) 780-5619
Office: 208 John Mitchell Center (Gorham)
Office Hours: Monday thru Thursday 12:30pm-1:30pm
& many, many, many other times by appointment
(or just walk-in if I am in my office and the door is open)
Many other times I am available! Use: http://monnin.youcanbook.me to find a
time that works for you!
The most effective way to contact the me (the instructor) is via USM email. Students may
expect a response within 24-36 hours to email sent during normal business hours, possibly
sooner. Emails messages sent at on the weekend or on holidays may not necessarily receive a
response until the next business day. Please keep in mind that your instructor is not sitting at a
computer 24/7 waiting for questions, so sending an e-mail question at night or on a weekend
and expecting an immediate response is not realistic.
Course web site:
This course also has an “online companion website” (also called a “learning management system”).
The companion site is used to enhance the materials in the classroom, not replace them. The
companion site can be accessed by visiting http://bb.courses.maine.edu with a web browser. The
website runs a package called Blackboard Learn that provides a number of class tools. Once logged in, you will
have access to…
Your grades for individual assignments
Electronic copies of all of the course handouts
A way to ask questions to the instructor and discuss topics with other classmates
A list of announcements I make for the class
…and more
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 3 of 8
Course Requirements:
A USB flash drive (aka thumb drive) is required for this class. It doesn’t need to be large or expensive.
Anything 4GB or larger will be fine (just about everything you can find these days is well over 4GB, and will
be fine – just large enough to carry files to and from class). You should be able to get one between $10-$20
(and sometimes cheaper).
Computer access:
University computer accounts are required to access the University computer system. Accounts are
automatically assigned for all registered students. Computers are available in some classrooms in JMC and
in USM computing centers. Additionally, you can also work on assignments on your own computers. All
the software required to complete the course is available at no charge to the students.
This course uses the Blackboard learning system for some of the coursework. Handouts, assignments, and
grades will be available on Blackboard. Additionally, there may be some electronic assignments to be
completed within Blackboard. If you are accessing Blackboard from your own computer, you will need
Internet access and an appropriate computer setup (a modern Windows or OS X system is likely to be fine).
Students also have a University assigned (@maine.edu) e-mail account which are to be used to
communicate with the instructor. If you normally check an e-mail account other than your University
account, be sure to have mail from your University account forwarded to the account you check.
Student Owned Devices:
Class notes: Note taking is encouraged as part of your coursework. Students may also use
tablets and laptops and other electronic devices to type notes as long as this is done quietly
under reasonable circumstance. However, no texting, audio, images, and/or video recording
technologies will be allowed, to be used for capturing lectures, reviews, or labs within the
classroom without the instructor’s specific consent or permission. Typically, recording is granted only for
specific accommodations.
Student owned technologies in the classroom: Students may use their own laptop/notepad computers in
the classroom, but the responsibility of these personal technologies is their own in regards to theft and
damages incurred.
Cell phones: Please remember to be respectful of others and silence your cell phones off during class. If
you need to take or make a call, please exit the classroom first. Repeated disruptions may require a request
to have the phone turned off.
Music players and streaming devices: During computer labs, once the lectures are completed. While
working on assignments, students may use headphones and access their personal audio devices or online
resources.
Using Devices During Exams: No electronic devices are permitted during exams and quizzes unless the
instructor’s specific consent is given. Permission will typically only be granted for special needs cases.
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 4 of 8
Attendance and Late Work:
Attendance: Just like work, regular class attendance is required, and is considered essential for
success. You are expected to attend all scheduled classes, and be ready to start at the beginning of
the class period.
Additionally, not all material covered in this course is in the reading assignments, and exams are more
heavily based on the lectures and hands-on projects than on the textbook.
Just like life, I don’t give regular points for attendance, - just showing up is not enough. Also, just like life
being too absent is problematic. If you miss more than the equivalent of 3 weeks (e.g. 6 classes in a twice a
week class), you will receive an F for the course. (Note: This does mean that anything less is fine, this is just
the absolute limit, please plan to attend all sessions.) I also reserve the right to give extra credit when
someone goes well above and beyond what is asked for, but that is the exception, not the rule.
Being late on occasion is ok, however habitually arriving to class late is considered rude – rude to the
instructor, and rude to your fellow students who are trying to learn. So, just don’t be rude…
Late Work: Homework assignments are due two weeks after they are handed out, unless otherwise
announced in class. All assignments except quizzes and exams can be turned in late until the start
of the last class, but will be penalized 25%. No assignments will be accepted afterwards.
Please plan on taking all quizzes and exams on the date they are scheduled. You are expected to work
around the exam dates. However, exams and quizzes can be taken up to one week late (until the start of the
class) or until the start of the class the last day the class meets (whichever is earlier) with a penalty. The
penalty is 10% for the first late quiz or exam, 25% for any additionally late quizzes or exams. In any case, if
you do not take the exam within a one week period, it is an automatic 0. (This may seem harsh, but I cannot
return exams without all exams being completed, and your will likely have bosses at work that are a stickler
to deadlines). Make up exams will also not necessarily be identical to the original exam, and may be
more difficult.
Talk to me beforehand if you know you will miss a deadline for a non-reschedulable, extenuating,
circumstances (e.g. military service, religious holiday, medically necessitated treatment, court appearance,
trips sponsored by other academic units), so that other, non-penalized, arrangements can be made.
Even if it is late, it is still worth points – so make sure to turn in everything even if it’s late (but try not to be
late to begin with…). Just remember that the last day that we meet as a class is the last day to turn in
anything…
Withdrawal from the Course:
(From the USM website)
“Students may withdraw from classes using the Drop form and receive a W grade if the form is processed
between the beginning of the third week of classes and the end of the day that coincides with sixty percent
of the length of the course, measured in days. The date the Registrar receives written notification of
withdrawal is used when calculating any refunds. Beyond the sixty percent limit, a Course Withdrawal
Form must be used to withdraw from any class. The Course Withdrawal Form must be signed by the
instructor, who has the prerogative to assign the student an F or a W as a course grade. The W option
should only be used when the student has extenuating circumstances, which should be noted on the form.
The W grade must be approved in writing by the Dean or Director of the school, college or program in
which the course is taught. A student receives no tuition refund for a withdrawal processed after the sixty
percent limit. Please visit http://www.usm.maine.edu/reg for the CW Form.”
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 5 of 8
Grading:
Students final grade will be based on the policies and requirements stated in this syllabus and will use the
following criteria:
A All requirements completed at a high level of quality demonstrating an exceptional effort.
B All requirements completed at a high level of quality demonstrating a high level of effort.
C All requirements successfully completed demonstrating acceptable effort.
D Requirements completed at a low level demonstrating a minimum effort.
F Requirements not completed at an acceptable level.
I (Incomplete) Legitimate extraordinary circumstances prevent the student from
completing course requirements.
Students must complete the course requirements by a date specified by the professor within one semester of
receiving an incomplete grade. Procrastination is not considered to be a legitimate extraordinary circumstance.
It is expected that students will request consideration for incomplete grades in writing as early in the course as
possible. The request must include the reason for requesting an incomplete, and a plan for completing the work
required.
Homework 10 points each assignment (unless otherwise stated) Other Assignments/Projects varies (will be announced on the assignment) First Exam 100 points Second Exam 100 points Final Exam 100 points
How your grade is computed: This course is not graded on a
curve. All points are considered equal.
To compute your grade, just add up all of your points and divide
by the total number of points possible (and then multiply the
result by 100 to get a percent).
As an example, if you earned 437 points out of a total 520 points possible, you
would have had earned 84.0% of all points, and earned a B (yea!)
BTW: Just for the record, unlike the photo, there is no A+ grade at USM,
which is fairly common at colleges– sorry folks…
A ≥ 95%
A- ≥ 90%
B+ ≥ 87%
B ≥ 83%
B- ≥ 80%
C+ ≥ 77%
C ≥ 73%
C- ≥ 70%
D+ ≥ 67%
D ≥ 63%
D- ≥ 60%
F < 60%
NOTE: If all requirements are not completed, a course grade of D or F may be assigned regardless of the
overall grade points. If students cheat on course assignments, actions taken may include a failing
assignment grade, a failing course grade, or a failing course grade with additional University action.
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 6 of 8
Cancellations and Emergencies:
Cancellations due to inclement weather are announced on the radio or may be obtained by calling
the University of Southern Maine’s hotline: 780-4800.
Emergency Response: http://www.usm.maine.edu/emergency/
Sign up for Emergency Response Alerts: http://usm.maine.edu/usmalert/
Course Evaluations:
End of the semester course evaluations are administered electronically. During the last week of classes,
students will receive an email notice that asks them to complete a course evaluation online. That email will
include a direct link to the course evaluation, and students will log in by using their MaineStreet ID and
password. Student ratings on the evaluation are very important to instructors and it is important that
students answer thoughtfully and honestly. The responses are confidential and will be collected by the
Office of Academic Assessment. After the final grades are posted, instructors will receive a summary
report of the student responses. All student feedback is valued and will be used for course and program
improvement purposes.
Academic Integrity Policy:
Everyone associated with the University of Southern Maine is expected to adhere to the
principles of academic integrity central to the academic function of the University. Any breach
of academic integrity represents a serious offense. Each student has a responsibility to know the
standards of conduct and expectations of academic integrity that apply to academic tasks.
Violations of student academic integrity include any actions that attempt to promote or enhance the
academic standing of any student by dishonest means. Cheating on an examination, stealing the words or
ideas of another (i.e., plagiarism), making statements known to be false or misleading, falsifying the results
of one’s research, improperly using library materials or computer files, or altering or forging academic
records are examples of violations of this policy which are contrary to the academic purposes for which the
University exists. Acts that violate academic integrity disrupt the educational process and are not
acceptable. Evidence of a violation of the academic integrity policy will normally result in disciplinary
action. A copy of the complete policy may be obtained from the Office of Community Standards (780-
5242).
Students with Disabilities:
The university is committed to providing students with documented disabilities equal access to all
university programs and services. If you think you have a disability and would like to request
accommodations, you must register with the Disability Services Center. Timely notification is essential.
The Disability Services Center can be reached by calling 207-780-4706 or by email at dsc-
[email protected]. If you have already received a faculty accommodation letter from the Disability Services
Center, please provide me with that information as soon as possible. Please make a private appointment so
that we can review your accommodations.
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 7 of 8
Course Schedule:
Week # Date Topics Readings
1 Mon Sep 3 No Class - Labor Day
Wed Sep 5 Intro Chapter 1
Administrivia Information Security and Risk Management
2 Mon Sep 10 Information Security and Risk Management (cont.)
Wed Sep 12 Information Security and Risk Management (cont.)
3 Mon Sep 17 Access Control Chapter 2
Wed Sep 19 Access Control (cont.)
4 Mon Sep 24 Business Continuity Planning and Disaster Recovery Chapter 4
Wed Sep 26 Business Continuity Planning and Disaster Recovery
(cont.)
5 Mon Oct 1 Cryptography Chapter 5
Wed Oct 3 Cryptography (cont.)
6 Mon Oct 8 No Class - Fall Break
Wed Oct 10 Exam 1
7 Mon Oct 15 Legal, Regulations, Investigations, and Compliance Chapter 6
Wed Oct 17 Legal, Regulations, Investigations, and Compliance
(cont.)
8 Mon Oct 22 Legal, Regulations, Investigations, and Compliance Chapter 7
(cont.) Security Operations
Wed Oct 24 Security Operations (cont.)
9 Mon Oct 29 Security Operations (cont.) Chapter 8
Physical and Environmental Security
Wed Oct 31 Physical and Environmental Security (cont.)
10 Mon Nov 5 Security Architecture and Design Chapter 9
Wed Nov 7 Exam 2
11 Mon Nov 12 No Class - Veteran's Day (observed)
Wed Nov 14 Security Architecture and Design (cont.)
12 Mon Nov 19 Security Architecture and Design (cont.)
Wed Nov 21 No Class - Thanksgiving Break
Copyright 2018 Mark Monnin
DRAFT
COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 8 of 8
Week # Date Topics Readings
13 Mon Nov 26 Telecommunications and Network Security Chapter 10
Wed Nov 28 Telecommunications and Network Security (cont.)
14 Mon Dec 3 Telecommunications and Network Security (cont.)
Wed Dec 5 Additional Threats and Attacks
15 Mon Dec 10 Cyber Security Advanced Topics
Wed Dec 12 Cyber Security Advanced Topics (cont.)
16 Wed Dec 19 Final Exam - 12/19 @ 1:30pm
This calendar is a tentative schedule. The course schedule may be altered during the semester to meet the needs of this
particular class. Students will be notified by the instructor when adjustments to this syllabus are required.
Thanks to Professors Zaner and Wilson who provide wording for some sections of this syllabus.
Copyright 2018 Mark Monnin