new academic program implementation request

NEW ACADEMIC PROGRAM – IMPLEMENTATION REQUEST

Master’s of Science in Cybersecurity Joint Degree | Eller College of Management | College of Engineering 1

I. PROGRAM NAME, DESCRIPTION AND CIP CODE

A. PROPOSED PROGRAM NAME AND DEGREE(S) TO BE OFFERED Master of Science in Cybersecurity

B. CIP CODE

43.0116 Cyber/Computer Forensics and Counterterrorism

C. DEPARTMENT/UNIT AND COLLEGE

Management Information Systems (MIS) in the Eller College of Management

Electrical and Computer Engineering (ECE) and Systems and Industrial Engineering (SIE) in the College of Engineering

Campus and Location Offering – indicate by highlighting in yellow the campus(es) and location(s) where this program will be offered. UA South Campus UA Main UA Online Sierra Vista Tucson Online Douglas Phoenix Distance Campus Mesa Phoenix Biomedical Campus Chandler Santa Cruz Phoenix Paradise Valley Pima CC East UA Downtown UA Science and Tech Park Campus and location offering explanation: We plan to launch the joint MS program in Cybersecurity within UA Online, in conjunction with the online programs currently delivered by both MIS and Engineering. As the program grows and when the market demands, we will offer the program within our “ground” (“UA Main”) campus.

II. PURPOSE AND NATURE OF PROGRAM

Cybersecurity professionals are the gatekeepers or security guards of information systems or cyber‐physical systems. They plan and execute security measures to shield an organization’s computer systems, networks, and networked devices from infiltration and cyberattacks. They prevent, monitor and respond to data breaches and cyberattacks, which are becoming more common. The purpose of the joint MS program in Cybersecurity is to offer students a high‐quality, flexible program that is in high demand in the U.S. in both private and public sectors.



Charlie Benway, (executive director of the Advanced Cyber Security Center (ACSC), a nonprofit consortium of industry, university, and government organizations) states “Executive management and boards of directors are now recognizing that cybersecurity is not just a tech problem, it’s a business problem. We're starting to see more executive‐level emphasis on cybersecurity, more resources coming into cybersecurity, across all industry sectors. That has definitely increased the demand for cybersecurity folks.”

“The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million,” stated Michael Brown, CEO at Symantec, the world’s largest security software company. Not long before Brown's statement, the Cisco 2014 Annual Security Report warned that the worldwide shortage of information security professionals is at 1 million openings, even as cyberattacks and data breaches increase each year. In short, the demand for qualified cybersecurity professionals is exceeding the supply so much so that organizations report that they have trouble finding qualified individuals to hire. Our new MS in Cybersecurity program will help meet this demand by offering a program in which students can immediately apply the knowledge and skills they learn in the classroom to their job while giving them the flexibility to complete classes while they are still working full‐time. The MS Cybersecurity program will meet working adult students’ needs by offering courses in a format that offers the flexibility to take classes that meet their work/home/life schedule demands. How does our program differ from others? In essence, our program encompasses both a technical and a managerial perspective on cybersecurity and has built in flexibility. Most of the programs we reviewed were not located in or necessarily affiliated with a business school. This managerial dimension is important for addressing cybersecurity concerns within the context of organizations, both public and private. By leveraging strengths in MIS and Engineering, as well as incorporating the potential for new tracks and new electives within the current tracks, our program is adaptable to market demands. The program has also been mapped to a number of certificates that are commercially available in cybersecurity and we will continue to revisit the curriculum as the certification requirements change. We have chosen not to pursue a graduate interdisciplinary program (GIDP). Eller and the College of Engineering have the full slate of courses needed for the tracks within the MS Cybersecurity. Although there are other potential electives across campus, they are typically single course offerings that are not core content for this degree. We welcome those electives as a way of enabling students to customize their degree experience, but they are not core courses for a cybersecurity curriculum. We have included letters of support from these other units. Our program comparison research is explained below.



The MIS programs in the Eller College of Management (both undergraduate and graduate levels) have been top‐five ranked programs for over 27 consecutive years, therefore we started our research among our top‐five graduate peers. Our rankings are within business schools. We found no other MS in Cybersecurity program in our top‐five graduate business school peer group. Thus, we extended our research to the top‐twenty business schools. There were no business schools within the top‐twenty that offered a MS in Cybersecurity or anything comparable. Therefore, we extended our research further to the top‐twenty peer universities (in which the business schools reside) and found several programs within the peer’s College of Graduate Studies, School of Computing, Informatics, & Decision Systems Engineering, Computer Science or Electrical Engineering colleges/departments. Our final comparison research focuses on the programs found within the top‐twenty universities offerings that are in different colleges than ours. The main differences between our program and others are listed in Table 1 below. Table 1: Main differences between our program and others

UA MS Cybersecurity Others

Program’s “home” college/school

Joint between Business School and College of Engineering

Colleges of Arts and Sciences; Behavioral and Community Sciences; Business and Engineering or School of Computing, Informatics, & Decision Systems Engineering or Computer Science or Engineering

Required credits to graduate 33 30‐33

Application requirements 3 years of work experience in IT, Engineering, or a closely related field (IT/Engineering work experience is required so that students are prepared for the technical aspects of the program.)

No work experience needed

Target careers Cybersecurity managers/analysts and/or director positions

Entry or mid‐level programming positions

Please see Addendum A that will reflect the completed program comparison chart.



III. PROGRAM REQUIREMENTS The MS in Cybersecurity program is a 33 credit program designed for the working adult. Students must successfully complete a set of core and elective courses to graduate. The program includes a common core of four courses (two from MIS and two from Engineering). This foundation enables the student to then select one of two tracks. The exact set of courses is determined by the track students select. The list of core and elective courses is noted below for the two initial tracks in the program. Additional electives and tracks may be added over time as the program grows and market conditions change. Our program will not require a practicum or thesis like other programs we researched. The program tracks will include a track‐relevant capstone class as the students’ last class. The exact nature of the capstone will be determined by the track the student selects. This type of class gives students a hands‐on experience in protecting systems while implementing the theory and skills they gained from the program’s courses. No other program in our research offered a Cyber Warfare course, which is a controlled simulated Internet‐based conflict involving politically motivated attacks on information and information systems. It will simulate disabling websites and networks, disrupt or disable essential services, steal or alter classified data, and cripple financial systems ‐‐ among many other possibilities. A similar capstone course may be developed for scenarios involving cyber‐physical systems. The program is designed with a common core consisting of four courses (Table 2). These courses will be taken by all students in the program. Tracks in the program include a set of seven courses – we provide examples of two tracks in Tables 3 and 4. Note that courses listed in either track can fulfill elective requirements within either track. Students will receive advice regarding the electives, depending on their current career and future career aspirations.

Table 2: MS in Cybersecurity Common Core Courses

UA MS in Cybersecurity Course Name Core or Elective

Info Security in Public & Private Sectors (MIS 515) Common Core

Data Mining for Business Intelligence (MIS 545) (Students can take EITHER 586 or 545)

Common Core ‐ a

Big Data Analytics (MIS 586) (Students can take EITHER 586 or 545)

Common Core ‐ a

Fundamentals of Computer Networks (ECE 578) Common Core

Systems Cyber Security Engineering (SIE 571) Common Core



Table 3: MS in Cybersecurity Courses for the <MIS> track.


Info Security Risk Management (MIS 516) Track Core

Systems Security Management (MIS 517) Track Core

Cyber Warfare Capstone (MIS 689) (Pre‐requisites are successful completion of the eight core and two elective courses. This is the last class of program)

Track Core

Penetration Testing: Ethical Hacking and Social Engineering (MIS 566) (Python pre‐requisite)

Track Core

Cyber Threat Intelligence (MIS 562) (MIS 545 or 586 and Python pre‐requisite)

Track Core

Enterprise Data Management (MIS 531) Elective

IT Audit (MIS 514) Elective

Social and Ethical Issues of the Internet (MIS 511) Elective

Table 4: MS in Cybersecurity Courses for the <Engineering> track.


Cyber Security: Concept, Theory, Practice (ECE 509) Elective

Web Development and Internet of Things (ECE 513) Elective

Systems Engineering Process (SIE 554A) Elective

Computer Security (CSC 566) Elective

Introduction to Digital Communications (ECE 535) Elective

Fundamental of Cloud Security (ECE 50A) Elective

Advanced Topics in Computer Networks (ECE 564) Elective

Machine Learning and Data Analytics (ECE 523) Elective

Fundamentals of Information and Network Security (ECE 571) Elective

Engineering Statistics (SIE 530) Elective

A. CURRENT COURSES AND EXISTING PROGRAMS

Nine of the MS in Cybersecurity courses for the <MIS track> are offered in the MIS department’s current MS in MIS and/or the department’s Graduate Enterprise Security or Business Intelligence Certificate programs. The courses are:



MIS 511 Social and Ethical Issues of the Internet MIS 514 Information Technology Audit MIS 515 Information Security in Public & Private Sectors MIS 516 Information Security Risk Management MIS 517 Systems Security Management MIS 531 Enterprise Data Management MIS 543 Business Data Communications and Networking MIS 545 Data Mining for Business Intelligence MIS 586 Big Data Analytics

The ten MS in Cybersecurity courses for the <Engineering track> are offered in the Electrical and Computer Engineering Department, Systems and Industrial Engineering Department, or Computer Science Department. The courses are: ECE 578 Fundamentals of Computer Networks SIE 571 Systems Cyber Security Engineering ECE 509 Cyber Security: Concept, Theory, Practice ECE513 Web Development and Internet of Things SIE 554A Systems Engineering Process CSC 566 Computer Security ECE 535 Introduction to Digital Communications ECE 50A Fundamental of Cloud Security ECE 564 Advanced Topics in Computer Networks SIE 530 Engineering Statistics Courses in each track are available to fulfill elective requirements in the other track. We have also invited electives from other departments on campus. As other units create additional courses, we are happy to incorporate them as appropriate. Students will be advised about electives, depending on their current position or future career aspirations.

B. SPECIAL CONDITIONS FOR ADMISSION TO/DECLARATION OF THIS MAJOR

Admission criteria for the MS Cybersecurity program are noted below.

GPA of 3.0 or higher Any one of the three

Three years of technical work experience

A relevant industry certificate (i.e.: CISSP, CRISC, CISM, etc.)

Recent (within one year of MS Cybersecurity degree application) Undergraduate degree in MIS, ECE, CS, SIE or related field

No GRE/GMAT requirement A MS in Cybersecurity graduate application Be accepted into the program as per Graduate College’s approval Complete 33 credit hours



Courses can be taken in any order (except for the Cyber Warfare Capstone in the MIS track) if they do not have a pre‐requisite associated with them.

The Cyber War Capstone must be the last class taken in the MIS track.

If previous Python coding language experience is non‐existent (as shown by application resume) students must successfully pass (a grade of C or above) a MIS Python skill’s test before they are able to take the courses noted that have Python as a “pre‐requisite.”

C. NEW COURSES NEEDED

For the <MIS track>, there are three new courses and one skills testing mechanism needed for the program as noted below. The proposed syllabi for the courses included as Attachment A, B and C. MIS 562 Cyber Threat Intelligence – 3 units This course is designed to provide students with a hands‐on introduction to the fundamental concepts and tools of modern cyber threat intelligence. Students will become familiar with the cyber threat intelligence lifecycle, identifying, collecting, and integrating intelligence feeds, common intelligence formats, and standard cyber threat intelligence technologies.

This course delivers cutting‐edge cyber threat intelligence education by placing a heavy emphasis on the application and development of state‐of‐the‐art visualization, web mining, and machine learning techniques to bolster common cyber threat intelligence data sources and threat analytics. Students will have the opportunity to develop useful, actionable, and comprehensive cyber threat intelligence by utilizing the aforementioned analytics techniques on traditional intelligence feed data and novel data sets. Upon the successful completion of this course, students will be able to recognize, describe, identify, discuss, explain, and implement cyber threat intelligence concepts and mechanisms from both technical and managerial perspectives within organizations. MIS 566 Penetration Testing: Ethical Hacking and Social Engineering – 3 units This course introduces students to the principles and techniques of the cybersecurity practice known as penetration testing (pen testing) and covers the full pen test life cycle. Ethical hacking, also known as penetration testing, is the act of breaking into a system with the permission and legal consent of the organization or individual who owns and operates the system, with the purpose of identifying vulnerabilities to strengthening the organization’s security. Students will discover how system vulnerabilities can be exploited and learn how to avoid such problems. They will review various tools and methods commonly used to compromise information and control systems. Students will conduct hands‐on penetration tests in a lab environment to practice the concepts presented and tools reviewed in the course. This course is an ethical hacking course and students will learn hacking techniques within a controlled environment for the goal of better securing the IT resources of their rightful owners.



MIS 689 Cyber Warfare Capstone – 3 units The focus of this course is the usage of common tools used during penetration assessments and hardening system defenses. Students will draw from previous Ms in Cybersecurity classes to combine skills in online defense and penetration exercises of systems in a virtual environment. At the end of this course, students will have gained an entry‐level proficiency in the application of techniques used in information security attack and defense. They will be able to recognize, describe, identify, discuss, and explain fundamentals of vulnerability discovery, penetration testing and the art of using these tools in a competitive environment. Students will gain the knowledge of techniques used in detecting and exploiting vulnerabilities in a virtual environment; understand the principles of attack and defense of information systems as well as an awareness of the important principles of ethical hacking and the usage of passive/invasive tools to find holes in security postures; and experience applying different cybersecurity techniques that will be provided in a near‐real experience. Python Skills Testing mechanism – 0 units Only students who do not have previous Python coding experience will need to take this test. Students will be instructed to gain Python skills knowledge by taking a MOOC class from various outside providers (i.e.: via University of Arizona's UACBT or Code Academy offerings.) The department will recommend such courses and develop a skills test that will evaluate the students Python knowledge.

For the <Engineering track>, there are three new courses needed for the program are noted below. The proposed syllabi for the courses are included as Attachment D, E, and F. ECE 513 Web Development and Internet of Things – 3 units The course focuses on the design, integration, and programming of web applications for the Internet of Things (IoT). Course topics include client‐side dynamic web page development with HTML, CSS, JavaScript, and Ajax; server‐side web application development with Node.js, MongoDB, and RESTful interfaces; and IoT device‐side development using formal state‐based programming and publish‐subscribe interfacing. Additional topics include token‐based user authentication, password hashing, responsive design, and relational databases. IoT applications covered in this course include connected cars, connected health, wearables, smart grids, smart homes, and remote measurement, among others. ECE 523 Machine Learning and Data Analytics – 3 units Machine learning and pattern recognition deals with automated classification, identification, and/or characterizations of unknown systems. Virtually unlimited number of applications can benefit from machine learning techniques. Although it employs elegant and sophisticated mathematical and statistical analysis techniques, machine learning is nevertheless a very application driven field. Upon successful completion of this class, you will be able to analyze a given pattern recognition problem, and determine which algorithm to use. You will also be able to modify existing algorithms to engineer new algorithms to solve a particular problem at hand. In the meantime, you will gain a working knowledge of some of the most recent developments in machine learning.



ECE 571 Fundamentals of Information and Network Security – 3 units This course aims at introducing students to the fundamental principles of cryptography and network security. In particular, the course will cover basic cryptographic primitives, protocols, threat models, and security analysis techniques for achieving the primary security properties including authentication, data integrity, confidentiality, data freshness, anonymity, etc. These concepts will be connected with a broad set of relevant areas in networks and communications. Although the course is aimed as an introduction to the subject, a certain degree of formalism will be established, highlighting the central role of formal definitions, assumptions, and proof mechanisms in evaluating the security of various constructions. A detailed tentative list of topics is attached.

D. REQUIREMENTS FOR ACCREDITATION

Once approved, the joint program will fall under the umbrella of accredited offerings in the Eller College and the College of Engineering.

IV. STUDENT LEARNING OUTCOMES AND ASSESSMENT

A. STUDENT OUTCOMES

Student outcomes for the program are:

1. Explain the breadth and scope of security issues on personal, corporate, national, and global levels;

2. Assess, prevent, and manage information or systems security related risks; 3. Understand and apply information or systems security management and post‐

breach best practices from a strategic perspective; 4. Perform system hardening, vulnerability testing, and forensic investigation

procedures; 5. Participate in virtual exploit and defense exercises; 6. Apply data analytics to develop threat intelligence for current and future

information or systems security endeavors. 7. Leverage skills and experiences for career success.

B. STUDENT ASSESSMENT

A variety of assessment activities will be utilized to measure student learning outcomes, including the following. 1. While students are still in the program,

a. Learning outcomes 1‐6 identified above will be connected to a set of assignments, projects, case studies, and exam questions.

b. Learning outcome 7 will be assessed based on placement data and recruiter assessments.



2. After students have completed the degree and have been working for 3 years, we will survey them to be sure that the skills and experiences were sufficient for them to achieve success in their positions.

In both cases, the Cybersecurity Master’s committee will meet regularly to review the results of assessment and modify assessment activities and pedagogy to ensure they are meeting the needs of the students and recruiters.

V. STATE'S NEED FOR THE PROGRAM

A. HOW DOES THIS PROGRAM FULFILL THE NEEDS OF THE STATE OF ARIZONA AND THE REGION? ‐‐ INCLUDE AN EXPLANATION OF THE PROCESS OR SOURCE FOR ARRIVING AT ALL NUMBERS USED IN THIS SECTION

1. Is there sufficient student demand for the program?

Cybersecurity professionals are the gatekeepers or security guards of information systems or cyber‐physical systems. They plan and execute security measures to shield an organization’s computer systems, networks, and networked devices from infiltration and cyberattacks. They prevent, monitor and respond to data breaches and cyberattacks, which are becoming more common. We define our market as adult education in IS/IT management and engineering. Our target audience includes individuals working in the computer, technology, or engineering industries who have a bachelor’s degree and who are looking for an online cybersecurity specialization degree. Since the program will be delivered online, there are no location restrictions. It is important to note that this program is not designed for someone seeking to join the technology and computer industry as the program requires a technical background as a prerequisite for a number of the courses. In addition, our research with recruiters suggests that technical work experience is essential for anyone moving into cybersecurity. Employees need to first understand systems before they can understand how to secure them. Thus, for individuals seeking to enter the computer and technology industry, we would recommend the MS in MIS or other related, generalist, programs. To calculate our market size, we used the volume of Google searches for cybersecurity education related keywords in March 2016. Our criteria was narrowed down to individuals in the United States and we found a very clear indication of a strong demand for graduate level cybersecurity online programs. Please see Addendum B – GoogleAd’s Keyword Volume March 2016 for keywords used.



There were close to 101,600 searches for cybersecurity program related key terms. A rule‐of‐thumb followed by online education vendors considers any number above 50,000 to be reflective of a very strong demand. This strong demand is being driven by corporations and the government. Charlie Benway, (executive director of the Advanced Cyber Security Center (ACSC), a nonprofit consortium of industry, university, and government organizations) states “Executive management and boards of directors are now recognizing that cybersecurity is not just a tech problem, it’s a business problem. We're starting to see more executive‐level emphasis on cybersecurity, more resources coming into cybersecurity, across all industry sectors. That has definitely increased the demand for cybersecurity folks.” Michael Brown, CEO at Symantec, the world’s largest security software company, states “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million even as cyberattacks and data breaches increase each year.” In short, the demand for qualified cybersecurity professionals is exceeding the supply and organizations (including governmental agencies) report that they have trouble finding qualified individuals to hire. Due to the high demand for cyber security professionals, salaries are rising as shown by the U.S. Department of Labor’s O*Net OnLine. The site (http://www.onetonline.org/) reports that the median annual wages for cyber security professionals ranges from $80,000 to $118,000. In addition, the U.S. Bureau of Labor Statistics (BLS) report for 2014‐2024, employment of computer and information technology occupations is projected to grow 13.1% percent during these reporting years, faster than the average for all occupations related to the new MS in Cybersecurity program. These occupations are expected to add 4 million to 4.5 million jobs by 2024.

2. What is the anticipated student enrollment for this program?

As shown from our current successful MS MISonline program, students take an average of two years to complete the program. We expect this to be true for our new MS in Cybersecurity students also. The numbers provided below reflect an attrition rate of 20% between the first and second year in the program. These estimates are based on a combination of (a) the initial enrollments of our online MS program (which were 72, 88, 100); (b) volume of inquiries from prospective students and local organizations.



Table 5: Five year projections

5‐YEAR PROJECTED ANNUAL ENROLLMENT

1st Year 2nd Year 3rd Year 4th Year 5th Year

Number of MS Cybersecurity Majors

45 60 75 90 100

3. What is the local, regional and national need for this program?

As per Burning Glass’ 2015 Cybersecurity Jobs Report “Cybersecurity jobs are in demand and growing across the country. The professional services, finance and manufacturing/defense sectors have the highest demand for cybersecurity jobs. The fastest increases in demand for cybersecurity workers are in companies that manage increasing volumes of consumer data such as finance (+13% over the last five years,) healthcare (+121%) and retails trade (+89%).” This report ranks the top 15 states that have the highest need of qualified cybersecurity workers. Arizona ranks as one of the top 15 states. According to this report, during 2015, there were over 5,502 cybersecurity job related postings in the state of Arizona. This was an increase of 87% over the previous year. The report further explains that Arizona’s location quotation (LQ) and employment needs are 1.18%. “Location quotients” show how concentrated demand is in a particular geography relative to employment in that area. National location quotient equals 1.0, an LQ of 1.2 indicates that the demand is 20% more concentrated than nationally. Results of this report show that the demand for cybersecurity workers is 18% more concentrated in Arizona than the national average. (http://burning‐glass.com/wp‐content/uploads/Cybersecurity_Jobs_Report_2015.pdf)

Cybersecurity professionals currently based in Arizona protect many of America’s top companies. The state includes a unique blend of a high‐tech environment, existing defense contractors, and several Department of Homeland Security hub stations. Companies like Honeywell, Charles Schwab, American Express, Raytheon, Intuit, and Amazon are located in Arizona. In addition, there are many defense installations like Fort Huachuca’s Army’s Intelligence Center of Excellence which trains soldiers in electronic warfare and cyberwarfare, based within the state. There is a current movement within many Arizona governmental and private entities to develop and promote the state as a major cybersecurity hub. Those involved in this movement include Maricopa County’s Office of Enterprise



Technology Cyber Security for Counties, Security Canyon’s Arizona’s Cyber Security Coalition, Arizona’s InfraGard (A Collaboration for National Infrastructure Protection), UA South (in which we have attached a letter of support) among others. As quoted from Rich Davis, CEO for ARTIS Research and the former director of terrorism prevention at the White House for President George W. Bush who promotes the need for Arizona to become a “cybersecurity hub”, “Cybersecurity firms and professionals are in high demand. There is a massive amount of money looking for investments in the security field, especially from venture capital and private equity. As the world continues to technically evolve, the cybersecurity industry will be a job creator for years, perhaps decades, to come. These are high‐earning jobs that, if geographically concentrated in Arizona, could increase the standard of living for all Arizonans. “As the private‐sector talent pool increases, Arizona has a real shot at hosting the nucleus of the industry.” “What we need now is for all our universities to further develop specific degree programs in information security and for a few community leaders, university presidents, local banks, entrepreneurs and industry leaders to come together to make the Cybersecurity Valley a reality.” (http://archive.azcentral.com/opinions/articles/20130708cybersecurity‐valley‐viewpoints.html)

Companies in general, now understand the importance of information security and are beginning to increase their educational and training programs for their employees. This trend is expected to grow and increase student demand even further. Gartner Research Inc.’s Vice President Andrew Wells, indicates that “the security awareness training market exceeds $1 billion in annual revenue (globally), it is growing approximately 13 percent year, and CISOs (Chief Information Security Officers) are increasingly turning to educational security awareness solutions to help improve organizational compliance and expand security knowledge.” Additionally, Steve Morgan, founder and Editor‐In‐Chief at Cybersecurity Ventures, states “(in 2015) J.P. Morgan Chase & Co. doubled its annual cybersecurity budget from $250 million to $500 million. Bank of America has gone on the record stating it has an unlimited budget when it comes to combating cybercrime. The U.S. government has increased its annual cybersecurity budget by 35%, going from $14 billion budgeted in 2016 to $19 billion in 2017. This is a sign of the times and there’s no end in sight. Incremental increases in cybersecurity spending are not enough. We expect



businesses of all sizes and types, and governments globally, to double down on cyber protection.”

4. Beginning with the first year in which degrees will be awarded, what is

the anticipated number of degrees that will be awarded each year for the first five years?

2nd Year 3rd Year 4th Year 5th Year 6th Year

Number of Degrees (online)

35 50 65 80 95

IV. APPROPRIATENESS FOR THE UNIVERSITY

The MS in Cybersecurity program will help enrich the lives of people of Arizona, and potentially the entire United States, by providing high quality, cutting‐edge research based education in a field of utmost importance ‐ cybersecurity. Students will experience an innovative, engaged hands‐on approach to learning about the critical components of cybersecurity that will enable to them to translate their newly acquired skills and theory learned into their workplace.

V. EXISTING PROGRAMS WITHIN THE ARIZONA UNIVERSITY SYSTEM

A. Arizona University System. List all programs with the same CIP code definition at

the same academic level currently offered in the Arizona University System. According to ABOR’s 2014‐15 Degrees and Majors Report.pdf, (https://www.azregents.edu/sites/default/files/public/2014‐

15%20Degrees%20and%20Majors%20Report.pdf) there was only one other program offering in the Arizona University system that has the same CIP code as the new MS in Cybersecurity program. The program is located at Arizona State University. Neither the University of Arizona nor Northern Arizona University offer a program that had a CIP code # of 43.

Table 6: CIP codes

CIP

CODE1

PROGRAM

LOCATION

University & Site

PROGRAM ACCREDITATION?

YES/NO

1 43 Master’s Arizona State Univ. (currently 125+ enrolled and 176 graduated)

Yes



VI. EXPECTED FACULTY AND RESOURCE REQUIREMENTS

A. FACULTY

1. Current Faculty Please see the attached Addendum C for listing

2. Additional Faculty

To completely build out the program, we need to develop six additional classes and one (1) Python skills testing mechanism for the MS in Cybersecurity program.

These courses/skills testing mechanism and faculty members will begin developing and delivering as illustrated on the chart below. Table 7: New course delivery timeframes

Course Name Start Developing Course offered for the 1st time

Python Skills Pre‐requisite testing

Fall 2016 Spring 2017

MIS 566 Penetration Testing: Ethical Hacking and Social Engineering

Fall 2016/Spring 2017 Summer 1, 2017

MIS 562 Cyber Threat Intelligence

Spring/Summer 2017 Fall 1, 2017

MIS 689 Cyber Warfare Capstone

Spring/Summer 2017 Fall 2, 2017

ECE 571 Fundamentals of Information and Network Security

Spring 2017 TBD

ECE 523 Machine Learning and Data Analytics

Spring 2017 TBD

ECE 513 Web Development and Internet of Things

Spring 2017 TBD

3. Current Student and Faculty FTEs According to the Fall 2015 census data, the MIS department had 279 undergraduate MIS FTEs and 27 Operations FTEs, for a total of 306



student FTEs at the undergraduate level. For graduate FTEs, there were 8 students enrolled in certificate programs and 223 FTEs across the graduate platforms for a total of 231 graduate FTEs. In the MIS department, there are 17 tenure track eligible FTEs, 7 non‐tenure track FTEs, and the equivalent of 4 addition non‐tenure track FTEs represented by adjuncts. This results in a total of 28 FTEs for faculty.

According to the Fall 2015 census data, the SIE department had 233 undergraduate students and 103 graduate students. In the SIE department, there are 11.5 tenure track eligible FTEs and 6.5 non‐tenure track FTEs represented by adjuncts. This results in a total of 18 FTEs for faculty. According to the Fall 2016 data, the ECE department had 412 undergraduate students and 286 graduate students. In the ECE department, there are 31 tenure track eligible FTEs and 2 non‐tenure track FTE faculty. This results in a total of 33 FTEs for faculty.

4. Projected Student and Faculty FTEs In the MIS department, we anticipate steady state at the undergraduate level over the next 3 years – resulting in an estimated 300 FTEs. We anticipate some growth in our other graduate offerings over the next three years of approximately 20 FTEs per year. In addition, we anticipate 45, 60, and 75 students each year for the new program. In the SIE department, we anticipate some growth in our undergraduate enrollments over the next three years of approximately 10 students per year. Also, we anticipate some growth in our other graduate offerings over the next three years of 10 students per year. In addition, we anticipate 45, 60, and 75 students each year for the new program. In the ECE department, we anticipate some growth in our other graduate offerings over the next three years of about 10 students per year. In addition, we anticipate 45, 60, and 75 students each year for the new program.



Tables 8, 9, 10, 11: Three year FTE projections

3‐YEAR PROJECTED STUDENT FTEs (MIS)

1st Year 2nd Year 3rd Year

Existing MS programs 250 270 290

New MS Cyber program 45 60 75

Total Student FTEs 295 330 365

3‐YEAR PROJECTED FACULTY FTEs (MIS)


TTE 19 20 21

NTE (incl. adjuncts) 11 12 12

Total Faculty FTEs 30 32 33

3‐YEAR PROJECTED STUDENT FTEs (SIE)





3‐YEAR PROJECTED FACULTY FTEs (SIE)


TTE 11.5 13.5 14.5

NTE (incl. adjuncts) 6.5 6.5 6.5


3‐YEAR PROJECTED STUDENT FTEs (ECE)





3‐YEAR PROJECTED FACULTY FTEs (ECE)


TTE 31 32 33

NTE (incl. adjuncts) 2 3 4




B. LIBRARY

1. Acquisitions Needed Not applicable. No additional library acquisitions will be needed for the program in the next three years.

C. PHYSICAL FACILITIES AND EQUIPMENT

1. Existing Physical Facilities

The MS in Cybersecurity program will be delivered online using the present delivery system (D2L) used for current online programs. Faculty and staff will use the existing physical facilities. In addition, we are working with the faculty at UA South to coordinate sharing of some of their cybersecurity infrastructure for key courses, such as penetration testing and cyberwarfare capstone. A letter of support is attached.

2. Additional Facilities Required or Anticipated

None.

D. OTHER SUPPORT

1. Other Support Currently Available

Currently, there is one full‐time and one half‐time support staff members and an average of two 20 hour a week GTA’s supporting the Master’s in MISonline program. In addition, there are two staff members and GTAs supporting the online MS programs in ECE and SIE. These individuals will also support the new MS in Cybersecurity program.

2. Other Support Needed, Next Three Years

When the MS in Cybersecurity program reaches an enrollment of 45‐50 students, the MIS department and the College of Engineering will hire additional support staff, starting with half time and culminating in a full time position when enrollment reaches 100. In addition, we anticipate additional GTAs will be hired for program and class support.



VII. FINANCING

A. SUPPORTING FUNDS FROM OUTSIDE SOURCES The MIS department will use funds from the current MISonline program revenues to build the new courses for their track in this program. Similarly, the College of Engineering and ECE/SIE departments will use funds from their online MS programs to build new courses for their track in this program. In addition, the Vice President for Research and the Eller College Dean have collaborated on a TRIF hire for academic year 17/18. Similarly, the Vice President for Research and the College of Engineering Dean have collaborated on a TRIF hire for academic year 17/18. These people will specialize in cybersecurity.

B. BUDGET PROJECTIONS FORM

Attached in Addendum D are two financial models that present the expenses and revenues associated with the program if it is taught off load or on load. The assumptions in this budget are as follows: 1. Build pay for a new course is $10,000 2. Teaching pay for a course is:

a. 300 * the number of new students for a course in an existing online program. b. $6,000 + 300 * the number of students for a new course / off load c. 1/3rd of the entire salary for a tenure track instructor for a new course / on

load d. 1/6th of the entire salary for a lecturer/professor of practice for a new course

/ on load. 3. Money will follow the students such that a course taught in MIS will receive 100% of the

SCH revenue; a course taught in ENGR will receive 100% of the SCH revenue. Note that, over time, the amounts allocated for building and delivering courses may change.

VIII. OTHER RELEVANT INFORMATION



Addendum A – Program Comparison Chart

Program Name UA Master of Science in Cybersecurity (Joint between Eller College business school and

College of Engineering)

Univ. of So. Fl.* (within the Colleges of Arts and Sciences; Behavioral and Community Sciences; Business and

Engineering)

Arizona State University** (within School of Computing,

Informatics, & Decision Systems Engineering )

Currently enrolled students

0 400 (+/‐) actual 125 (+/‐) estimate

Focus Technical/Managerial Technical Technical with emphasis on student research and/or

engineering

Starting framework A logical, methodical approach using

creative/lateral/critical thinking skills that will help students identify long‐term and strategic technical solutions.

“To gain knowledge through an interdisciplinary set of core courses and then take a deep

dive into one of four concentrations: cyber

intelligence, digital forensics, information assurance or

computer security fundamentals.”

“To train hybrid engineering‐arts graduates who get their inspiration from the arts and their methodology from computer science and

engineering.”

Methodological Approaches

Applying analytical and critical thinking skills to

evaluate current problems and to make decisions. In addition,

applying creativity and/or lateral thinking skills to devise innovative fresh approaches to future

problems.

Applying analytical and critical thinking skills to evaluate

current problems and make decisions.

Applying analytical and critical thinking skills to evaluate

current problems and make decisions.

Exemplary Question How will cybersecurity threats grow, expand, impact and affect the

configuration and training needed by individuals, institutions and the

government?

How do current cybersecurity threats affect the configuration

and training needed by individuals, institutions and the

government?

How do current cybersecurity threats affect the configuration

and training needed by individuals, institutions and the

government?

Sample Course Information Security Risk Management; Systems

Cybersecurity Engineering

Core Concepts in Intelligence Distributed and Multi‐Processor Operating Systems

Target Careers Mid to upper level cybersecurity analyst managers positions

Entry or mid‐level programming positions

Entry or mid‐level programming positions.

Total Units 33 30 ‐ 33 30

Upper ‐division Units 33 30 ‐ 33 30

Foundation courses N/A N/A N/A

English Composition N/A N/A N/A

Foreign Language N/A N/A N/A

Math N/A N/A N/A

Tier 1 GE Requirements N/A N/A N/A

INDV N/A N/A N/A

NATS N/A N/A N/A

TRAD N/A N/A N/A



Tier 2 GE Requirements N/A N/A N/A

Arts N/A N/A N/A

Humanities N/A N/A N/A

INDV N/A N/A N/A

NATS N/A N/A N/A

Diversity Emphasis N/A N/A N/A

# of Units required in major

33 30 ‐ 33 30

# of Upper‐division Units required in the major

33 30 ‐ 33 30

Supporting Coursework to be Completed Prior to Admission and/or Declaration of the Major

Knowledge of Python programming

recommended for admission.

Undergraduate degree in computer science, computer engineering, MIS, or IT is


Successful completion of a calculus course

Introductory 1st level Core Courses in the Major

N/A 12 credits per concentration 9 core credits

2nd level Core Courses in the Major

N/A 12 – 18 credits per concertation 12 concentration credits

Research Methods, Data Analysis, and Methodology Requirements

Cyber Warfare Capstone N/A The M.S in computer science concentration program is

researched based

Internship, Practicum, Applied Course Requirements. (Yes/no. If yes, please describe.)

No Yes – 3 units of Practicum as Directed Independent Study or

Supervised Field Work or Independent Study or IT Graduate Practicum

Yes for the Master of Computer Science concentration

Senior Thesis or Senior Project Required (Yes/No)

No No Yes for the Master of Science in computer science

concentration program

Additional Requirements (Please Describe.)

Three years of work in a technical field.

An undergraduate degree in computer science, computer engineering, MIS, or IT is


None

# of Elective Units in the Major.

3 Only one of the concentrations requires 3 units of electives. All the other concentrations require a combination of core and concentration courses plus

the practicum.

3 – 6 credits of elective courses

Minor (Optional or Required)

N/A N/A

*http://www.usf.edu/innovative‐education/cybersecurity/masters‐degree/index.aspx ** http://cidse.engineering.asu.edu/forstudent/graduate/computer‐science/



Addendum B – GoogleAd’s Keyword Volume March 2016

Keyword Avg. Monthly Searches (exact match only)

cyber security 74,000

cybersecurity 22,200

it security courses 1,000

cyber security awareness training 480

masters in cybersecurity 480

masters in cyber security 390

cyber security degrees 390

computer security programs 260

cybersecurity education 260

cyber security management 260

cyber security education 210

ms in cybersecurity 170

ms cyber security 170

ms in cyber security 140

internet security course 110

cyber security curriculum 110

cyber security online course 110

it security certificate 90

cybersecurity degrees 90

masters in computer security 70

cybersecurity awareness training 70

ms cybersecurity 50

cyber security lessons 50

computer security online course 40

cybersecurity management 40

master in it security 40

ms in information assurance 40

computer security masters degree 30

school for cyber security 30

degree in computer security 30

master in computer security 30

network security masters 20

cybersecurity online course 20

computer security university courses 20

information security graduate 20

information technology security courses 20

cybersecurity curriculum 20



information technology security training 20

certificate it security 10

master of science in cybersecurity and information assurance 10



Addendum C ‐ Current Faculty

Name: Hsinchun Chen, Ph.D. Course: MIS 562 Cyber Threat Intelligence Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 28 Brief Vita: Dr. Hsinchun Chen is University of Arizona Regents’ Professor and Thomas R. Brown Chair in Management and Technology in UofA’s MIS department. He has recently been named UA’s Director, Cyber Security Initiative (CSI) for the Defense and Security Research Institute (DSRI.) He is one of the leading data scientists in security and health informatics. He founded, and is the current director, of the Artificial Intelligence Lab (AI Lab) and has served as a UA MIS faculty member since 1989. His AI Lab has received more than $40M in research funding from NSF, NIH, NLM, DOD, DOJ, CIA, DHS, and other agencies (90 grants, 40 from NSF). His awards are numerous and include the IEEE Computer Society 2006 Technical Achievement Award, the 2008 INFORMS Design Science Award, the MIS Quarterly 2010 Best Paper Award, the IEEE 2011 Research Achievement and Leadership Award in Intelligence and Security Informatics, and UofA's 2013 and 2015 Technology Innovation Awards. He is author/editor of over 20 books, 25 book chapters, 280 SCI journal articles, 150 refereed conference articles covering security informatics, digital library, data/text/web mining, business analytics, and health informatics. Dr. Chen is a Fellow of IEEE and AAAS. He is Editor in Chief (EIC) emeritus of the ACM Transactions on Management Information Systems (ACM TMIS) and EIC of Springer Security Informatics (SI) Journal. He is the founding chair of International Conferences of Asian Digital Libraries (ICADL) and IEEE International Conferences on Intelligence and Security Informatics (IEEE ISI), two premiere meetings in digital library and security informatics. Recently, Dr. Chen received additional NSF Secure and Trustworthy Cyperspace (SaTC) program and Data Infrastructure Building Blocks (DIBBs) funding ($8M) for his Hacker Web research and AZSecure SFS Fellowship program. Dr. Chen is also a successful entrepreneur. He is the founder of the Knowledge Computing Corporation (KCC), an UofA university spin‐off IT company and a market leader in law enforcement and intelligence information sharing and data mining. KCC merged with i2, the industry leader in intelligence analytics, in 2009. The combined i2/KCC company was acquired by IBM in 2011 for $500M.



In 2010, Dr. Chen founded another UofA spin‐off company, Caduceus Intelligence. Caduceus is developing health big data analytics systems for global clinical decision support and patient empowerment for chronic diseases. Its first product, named DiabeticLink , provides diabetes patient intelligence and services in US, Taiwan, China, and Denmark. Dr. Chen has served as Distinguished/Honorary Professor of several major universities in Asia. He was named the Distinguished University Chair Professor of the National Taiwan University in 2010 and was elected as China National 1000 Elite Chair Professor with the Tsinghua University in 2013. Visit Dr. Chen and his lab at https://ai.arizona.edu/ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Paulo Goes, Ph.D. Course: MIS 545 Data Mining for Business Intelligence Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 22 Brief Vita: Dr. Goes is the Dean and Halle Chair in Leadership at the University of Arizona’s Eller College of Management. Before taking that role in March 2016, he served nearly eight years as Head of the Department of Management Information Systems and the Salter Distinguished Professor of Management and Technology. He received his Ph.D. in from the University of Rochester. Dr. Goes’ research interests are in the areas of design and evaluation of IT‐enabled business models, big data analytics, innovation exploration, emerging technologies, ecommerce and online auctions, database technology and systems, and technology infrastructure. His research has appeared in several top academic journals including Management Science, Management Information Systems Quarterly, Information Systems Research, Journal of MIS, Operations Research, IEEE Transactions on Communications, IEEE Transactions on Computers and many others. He routinely presents his work and delivers keynotes in top conferences of the field of information systems. Dr. Goes has just finished his term as the Editor‐in‐Chief of Management Information Systems Quarterly, the most prestigious journal in the field of information systems. He has also been recognized with the 2014 INFORMS Information Systems Society Distinguished Fellow Award. As MIS department head at the UA, he was actively involved in developing high level educational and research programs and partnerships in cybersecurity and big data analytics. He co‐founded and directs INSITE – Center for Business Intelligence and Analytics and is the co‐principal investigator of the multi‐million dollar grant from the National Science Foundation intended to educate the next generation of cybersecurity specialists. Visit Dr. Goes at https://www.eller.arizona.edu/people/paulo‐goes

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Sudha Ram, Ph.D. Course: MIS 586: Big Data Analytics Rank: Anheuser‐Busch Chair in MIS, Entrepreneurship, and Innovation



Professor of Management Information Systems, Director, INSITE: Center for Business Intelligence and Analytics Highest Degree: Ph.D. Primary Department: Eller College Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 25 Brief Vita: Sudha Ram has joint faculty appointments as Professor of MIS and Computer Science, she is a member of the BIO5 Institute, and Institute for Environment. She is co‐director of INSITE: Center for Business Intelligence and Analytics at the UofA. Her research is in the areas of enterprise data management, Business Intelligence, large scale networks and data analytics. Her work uses different methods such as machine learning, statistical approaches, ontologies and conceptual modeling. Dr. Ram has published more than 200 research articles in refereed journals, conferences and book chapters. She has received research funding for more than $60 million from organizations such as, IBM, Intel Corporation, SAP, Ford, Raytheon Missile Systems, US ARMY, NIST, NSF, NASA, and Office of Research and Development of the CIA. Dr. Ram served as the senior editor for Information Systems Research, and is on the editorial board for many leading Information Systems journal and currently a co‐editor in chief of the Journal on Data Semantics. She is a cofounder of the Workshop on Information Technology and Systems (WITS) and serves on the steering committee of many workshops and conferences including the Entity Relationship Conference (ER). Dr. Ram has published articles in such journals as Communications of the ACM, IEEE Expert, IEEE Transactions on Knowledge and Data Engineering, Information Systems, Information Systems Research, Management Science, and MIS Quarterly. Dr. Ram serves as a consultant to several global companies on Business Intelligence, enterprise data management and social media analytics. She received the IBM faculty Development Award and UA Leading Edge Innovator in Research Award in 2007 and 2012. Her research has been highlighted in several media outlets including Arizona Alumni Magazine, International Journalism Festival, and NPR news. She was a speaker for a TED talk in December 2013 on “Creating a Smarter World with Big Data”. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Lance Hoopes Course: MIS 515: Info Security in Public & Private Sectors and MIS 689 Cyber Warfare Capstone Rank: Director, Eller Information Technology, Adjunct Lecturer in MIS Associate Director, Information Assurance and Security Education Center Eller IT Highest Degree: Master’s Primary Department: Eller College Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: Mr. Hoopes received his B.S. and M.S. degrees in Management Information Systems from the University of Arizona. Currently, he is Director of Security and Information Technology for Eller College and Associate Director of the Information Assurance and Security Education



Center within the MIS department. He is an adjunct professor in the MIS department and teaches courses with emphasis in information security as acknowledged by the Committee on National Security System, NSA and DHS. Mr. Hoopes has taught courses in MIS at the University of Fortaleza, Brazil, and the University of Belgrano, Argentina. He is certified in Risk and Information Systems Control (CRISC) and is a Certified Information Security Manager (CISM). He is a member of the Information Systems Audit and Control Association. Visit Mr. Hoopes at https://it.eller.arizona.edu/people/lance‐hoopes

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Eric Case Courses: MIS 516 – Information Security Risk Management and MIS 566 Penetration Testing: Ethical Hacking and Social Engineering Highest Degree: Master’s Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: his certifications and activity in associations Mr. Case holds the positions Lecturer and Information Security Evangelist in the MIS department. He is responsible for teaching MIS courses at graduate and undergraduate levels as well as engaging in community outreach for educating K‐12 and others about MIS‐related topics. He has over 30 years work experience in computer‐related areas which has given him a unique set of “real‐world” tools to address problems in information security and network management. His service to the cybersecurity industry include President, (ISC)² Tucson Chapter; Founding Treasurer, ISACA Tucson Chapter; and Member, CatNet Core Governance Committee among others. In addition, he holds several industry certificates inlcuding Certified Information Systems Security Professional (CISSP), ITIL version 3 Foundation Certificate, CompTIA Security+, Microsoft Certified Systems Engineering (MCSE), and Microsoft Certified Professional plus Internet (MCP+I).

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Anthony Fortunato Course: MIS 517 Systems Security Management Highest Degree: Master’s Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: Anthony Fortunato is the Director of Information Systems and HIPAA Security Officer for the Arizona Community Physicians (ACP), Arizona’s largest independent physician group. He leverages more than 20 years of experience in data center infrastructure, virtualization, and information security leadership to meet the ever‐changing technological needs of the organization. In his current role, he is responsible for supporting and advancing the technical needs of over 150 providers in more than 50 clinics including various ancillary services such as a laboratory, imaging centers, and a testing center. His team includes help desk, technical infrastructure, information security, training, and applications support. Anthony’s role of HIPAA Security Officer highlights policy development, systems and process auditing, and overall system



and network security for the organization. In taking on this role, Anthony has helped transform the organization from one that saw IT as something that was required, but not desired, to viewing IT as a strategic business partner. Additionally, he serves as an information security program adjunct lecturer for the Department of Management Information Systems at the Eller College of Management at the University of Arizona. Anthony has developed and taught graduate and senior‐level undergraduate coursework in systems security and information assurance. He uses VMware as a platform to engage students and provide real‐world technical experiences with virtualization and information security. Prior to his role with ACP, Anthony worked as a Technical Infrastructure Center Manager for the Pima County Government in Tucson, AZ. Here he delivered expert guidance on infrastructure implementation and agile methodologies with his in‐depth knowledge of system architecture, policy development, and operational overhead, shaping the future of Pima County. In this role, Anthony led the implementation of server and storage hardware platform standardization to allow Pima County to formally observe hardware life‐cycle management for system replacements. Before coming to Pima County, Anthony worked his way up the ranks in the IT department of the Eller College of Management, from help desk technician all the way to assistant director of the department. It is here where he gained valuable experience by implementing VMware virtualization technology, leading security initiatives, and building resiliency for the organization. Visit Mr. Fortunato at https://mis.eller.arizona.edu/people/anthony‐fortunato

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Faiz Currim Course: MIS 531 Enterprise Data Management Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: Faiz Currim is a Senior Lecturer within the department of Management Information Systems and an Assistant Director of INSITE: Center for Business Intelligence and Analytics, a research center with the MIS department. Prior to arriving at the UofA, he was on the faculty at University of Iowa. His research interests include applications in data analytics, database design and management, conceptual data modeling and data privacy and security. He has taught classes at both the undergraduate and graduate level, and in both “on ground” and online modalities. Visit Dr. Currim at https://mis.eller.arizona.edu/people/faiz‐currim

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Mark Patton, Ph.D. Course: MIS 514 Information Technology (IT) Audit Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0



Brief Vita: Dr. Patton received his Ph.D. from the University of Arizona in 2009. He is a Lecturer in Management Information Systems and is the co‐PI and Program Administrator for the MIS department’s AZSecure Cybersecurity Fellowship Program funded by NSF. His areas of research focus on cybersecurity, IT strategy, risk management, and IT audit. Dr. Patton also supports the Artificial Intelligence Lab (within the MIS department) through his work on various project teams. He is currently assigned to the Community Resource Development project funded by NSF, titled, "Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences.” Visit Dr. Patton at https://mis.eller.arizona.edu/people/mark‐patton

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Wei Chen, Ph.D. Course: MIS 543 Business Data Communications and Networking Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: Wei Chen is an Assistant Professor of Management Information Systems at the University of Arizona. His research interests include crowdsourcing, crowdfunding, and digital marketing. He received his Ph.D. Innovation, Technology and Operations from Rady School of Management, University of California in 2015 and has won numerous awards for his research. Visit Dr. Chen at https://mis.eller.arizona.edu/people/wei‐chen

‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Name: Laura Brandimarte, Ph.D. Course: MIS 511 Social and Ethical Issues of the Internet Highest Degree: Ph.D. Primary Department: MIS Level of Involvement: 20% No. of Master’s Theses: 0 No. of Doctoral Dissertations: 0 Brief Vita: Laura Brandimarte is an Assistant Professor in the Management Information Systems Department at the Eller College of Management, University of Arizona. After completing undergraduate studies in Economics at La Sapienza University in Rome, Italy, she obtained her Master in Economics at the London School of Economics and Political Science, and her PhD in Public Policy and Management at the H. John Heinz III College, Carnegie Mellon University, where she also completed a two‐year Post‐doc. Her research focuses on the behavioral aspects of privacy, including how people make decisions on what to disclose and what not to disclose, what factors, both normative and non‐normative, affect privacy decision making, and what are the consequences of disclosing personal information, especially on social media. She has published in academic journals such as Science and Social Psychological and Personality Science, and her work was covered by several media outlets, including the New York Times and the Pacific Standard Magazine. Prior to joining academia, she worked at the European Investment Bank in Luxembourg and the Deposits Guarantee Fund for Cooperative Banks in Rome, Italy. Visit Dr. Brandimarte at https://mis.eller.arizona.edu/people/laura‐brandimarte ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐



Name: Sharon L. O'Neal Course: SIE 571 Systems Cybersecurity Engineering Highest Degree: Ph.D. Primary Department: SIE Level of Involvement: 20% Brief Vita: Sharon has taught various courses within the Systems Engineering Master’s Degree program that was co‐developed by John Hopkins University professors and Raytheon senior technical leaders. She teamed with another John Hopkins University lecturer to provide relevant real‐life background and learning to students from an industry leader’s experience and perspective. The classes co‐taught included Program Management and Software Engineering. Until recently, she was the Software Engineering Director I at Raytheon Missile Systems, reporting directly to the VP of Engineering and provide technical, programmatic, and functional leadership for more than 500 Software engineers, including more than 40 senior engineers (E07 / E44s and above), across all of Raytheon Missile Systems. Functional leadership duties included in depth technical oversight for more than 50 programs/products, hiring and staffing, career development, ensuring the software engineering organization meets its commitments to programs and capture efforts. Also, she was responsible for setting the strategic vision for the SW Engineering Center (SEC) and leading a core leadership team that consists of 7 department managers and other support staff to handle the day to day business operations of the organization. Also, she was responsible for meeting the SW engineering directorate budgets allocated each year. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Ricardo Valerdi, Ph.D. Course: SIE 554A Systems Engineering Process Highest Degree: Ph.D. Primary Department: SIE Level of Involvement: 20% Brief Vita: Dr. Ricardo Valerdi is an Associate Professor at the University of Arizona in the Department of Systems and Industrial Engineering. His research focuses on systems engineering and cost estimation. He was the Founder and co‐Editor‐in‐Chief of the Journal of Enterprise Transformation and is the current Editor‐in‐Chief of the Journal of Cost Analysis and Parametrics. He served on the Board of Directors of the International Council on Systems Engineering (INCOSE) and is a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). He received a Ph.D. in Industrial & Systems Engineering from the University of Southern California. Visit Dr. Valerdi at http://sie.arizona.edu/ricardo‐valerdi ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Jian Liu, Ph.D. Course: SIE 530 Engineering Statistics Highest Degree: Ph.D. Primary Department: SIE Level of Involvement: 20% Brief Vita: Dr. Jian Liu is an associate professor in the Department of Systems and Industrial Engineering at the University of Arizona. He received the B.S. and M.S. degrees in Precision



Instruments & Mechanology from the Tsinghua University, China in 1999 and 2002, respectively; the M.S. degree in Industrial Engineering, the M.S. degree in Statistics and the Ph.D. in Mechanical Engineering and Industrial and Operation Engineering, all from the University of Michigan in 2005, 2006 and 2008, respectively. Dr Liu's research is in the integration of manufacturing engineering knowledge, control theory and advanced statistics for product quality and productivity improvement. His recent research focuses on data analytics for system prognostic/diagnostic modeling and analysis and risk management. Visit Dr. Liu at http://sie.arizona.edu/jian‐liu ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Salim Hariri, Ph.D. Course: ECE 506 Cyber Security ‐ Concept, Theory, Practice; ECE 50A: Fundamentals of Cloud Security; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: Dr. Salim Hariri is a professor and University of Arizona site director of the NSF‐funded Center for Cloud and Autonomic Computing. He founded the IEEE/ACM International Symposium on High Performance Distributed Computing (HPDC) and is the co‐founder of the IEEE/ACM International Conference on Cloud and Autonomic Computing. Professor Hariri serves as editor‐in‐chief of the scientific journal Cluster Computing, which presents 'research and applications in parallel processing, distributed computing systems and computer networks." Additionally, he co‐authored and three books on autonomic computing, parallel and distributed computing (highlighted above), and edited Active Middleware Services, a collection of papers from the second annual AMS workshop published by Kluwer in 2000. Visit Dr. Hariri at http://www.ece.arizona.edu/salim‐hariri ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Loukas Lazos, Ph.D. Course: ECE 571 Fundamentals of Information and Network Security; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: Dr. Loukas Lazos joined the University of Arizona's Department of Electrical and Computer Engineering in August 2007, following receipt of his PhD from University of Washington. His research interests are in the areas of network security, wireless security, user privacy, wireless communications, and protocol design. In 2009 associate professor Lazos received the NSF CAREER Award for his research on the security and fairness of multi‐channel wireless networks. He was the general co‐chair for the ACM WiSec 2012 Conference and served as the TPC co‐chair for the Communication and Information System Security Symposium at GLOBECOM 2013 and



the 4th IEEE International Workshop on Data Security and Privacy in Wireless Networks (DSPAN) 2013. He has served on organizing and technical program committees of numerous international conferences and on panels for several funding agencies. Visit Dr. Lazos at http://www.ece.arizona.edu/loukas‐lazos ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Gregory Ditzler, Ph.D. Course: ECE 523 Machine Learning and Data Analysis for Engineering Concepts; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: An assistant professor in electrical and computer engineering, Dr. Gregory Ditzler performs research in data mining and applied machine learning. In 2015, he received his PhD from Drexel University and, in the same year, was named recipient of the Drexel Graduate Research Excellence Award. Two years prior, during summer 2013, Ditzler worked at AT&T Research in a language modeling group. He is the recipient of the 2014 IEEE/INNS International Joint Conference on Neural Network Best Student Paper. Most recently, he was awarded a US Air Force Research Lab Summer Faculty Fellowship for 2016. Ditzler is a graduate of both Rowan University (2011) and Pennsylvania College of Technology (2008), and a member of the Institute of Electrical and Electronics Engineers, Society for Industrial and Applied Mathematics, and Association for Computing Machinery. Visit Dr. Ditzler at http://www.ece.arizona.edu/gregory‐ditzler ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Ming Li, Ph.D. Course: ECE 578 Fundamentals of Computer Networks; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: Dr. Ming Li is an Associate Professor in the Department of Electrical and Computer Engineering at the University of Arizona. Prior to joining the University of Arizona, he was an Assistant professor in the Department of Computer Science at Utah State University from 2011 to 2015. He received a Ph.D. in Electrical and Computer Engineering from Worcester Polytechnic Institute, an M.E. and a B.E. degree in Electronic and Information Engineering from Beihang University in China. Prof. Li’s primary research interests are in general areas of Wireless and Cyber Security, with current emphases on wireless network modeling and optimization, wireless and spectrum security, privacy‐preserving data analytics, and cyber‐physical system security. He is particularly interested in exploring new performance limits and increasing security of wireless networks by exploiting advances at the physical layer, and designing novel cryptographic protocols to protect people’s privacy in the big data era. He is always interested in problems that have potential real‐



world impact, solutions that are simple but based on solid mathematical foundations, and tries to bridge theory and practice. Visit Dr. Li at http://www.ece.arizona.edu/ming‐li ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Bane Vasic, Ph.D. Course: ECE 535 Digital Communications Systems; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: Dr. Bane Vasic is a professor of electrical and computer engineering and mathematics at the University of Arizona and a director of the Error Correction Laboratory. He is one of the inventors of the soft error‐event decoding algorithm, and the key architect of a detector/decoder for Bell Labs' read‐channel chips regarded as the best in industry. Low‐complexity iterative decoder implementations are possible due to professor Vasic's pioneering work on structured low‐density parity check (LDPC) error correcting codes, and further invention of codes. Structured LDPC codes are today used in a number of communications standards, and are now considered in nonvolatile memories and optical communications systems. He was involved in the Digital Versatile Disc (DVD) Standardization Group and IEEE Working Group on Error Correction Coding for Non‐Volatile Memories. He is known for his theoretical work in error correction coding theory and codes on graphs that have led to codes and decoders for binary symmetric channel with the best error‐floor performance known today. Professor Vasic is a co‐founder of Codelucida, a startup company developing advanced error correction solutions for communications and data storage. He is an IEEE Fellow, a UA College of Engineering da Vinci Fellow, and chair of the IEEE Data Storage Technical Committee. Visit Dr. Vasic at http://www.ece.arizona.edu/bane‐vasic ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐

Name: Marwan Krunz, Ph.D. Course: ECE 564 Advanced Topics in Computer Networks; Highest Degree: Ph.D. Primary Department: ECE Level of Involvement: 20% Brief Vita: Dr. Marwan Krunz is the Kenneth VonBehren Endowed Professor in the Department of Electrical and Computer Engineering at the University of Arizona (UA). He also holds a joint (courtesy) appointment as a Professor in the Department of Computer Science. From 2008 to 2013, he was the UA site director of "Connection One", an NSF Industry/University Cooperative Research Center (I/UCRC) that focuses on RF and wireless communication systems and networks. During that period, the center consisted of five participating sites (ASU, UA, OSU, RPI, and the University of Hawaii) and 26+ industrial affiliates. Currently, Dr. Krunz is the UA site co‐director of BWAC (Broadband Wireless Access and Applications Center), a recently inaugurated



NSF I/UCRC that includes UA (lead site), Virginia Tech, University of Virginia, and Auburn University. Dr. Krunz received the Ph.D. degree in electrical engineering from Michigan State University in July 1995. He joined the University of Arizona in January 1997, after a brief postdoctoral stint at the University of Maryland, College Park. In 2010, he was a Visiting Chair of Excellence ("Catedra de Excelencia") at the University of Carlos III de Madrid (Spain), and concurrently a visiting researcher at Institute IMDEA Networks. In summer 2011, he was a Fulbright Senior Specialist, visiting with the University of Jordan, King Abdullah II School of Information Technology. He previously held other visiting research positions at INRIA‐Sophia Antipolis, France (2003, 2008, 2011), HP Labs, Palo Alto (2003), University of Paris VI (LIP6 Group, 2006), University of Paris V (LEPADE Group, 2013), and US West Advanced Technologies (1997). Visit Dr. Krunz at http://www.ece.arizona.edu/marwan‐krunz



Addendum D – Financial Models

Financial Summary ‐ Offload ModelCybersecurity

Updated: 11/1/2016

ProForma ProForma ProForma ProForma ProForma

Fiscal Year 2018 2019 2020 2021 2022

Enrollment 45 60 75 90 100

Sources of Funds to UAGross RCM Revenue ‐ SCH 1,178,775 1,563,762 1,976,532 2,301,985 2,381,364

Less AISS Share (353,633) (469,129) (592,960) (690,596) (714,409)

Sources of Funds to Program

Net RCM Revenue ‐ SCH 825,143 1,094,634 1,383,572 1,611,390 1,666,955

Less Unrealized Net RCM Revenue ‐ ‐ ‐ ‐ ‐

Other Sources?

Total Sources of Funds to Program 825,143 1,094,634 1,383,572 1,611,390 1,666,955

Uses of Funds

Course Development 61,200 27,400 27,600 27,800 28,000

Course Instruction 198,696 235,914 280,692 316,920 327,600

MS Student 27,648 28,068 28,499 28,942 29,395

Teaching Assistant 27,648 28,068 28,499 28,942 29,395

PhD Student 38,572 41,520 43,476 44,769 45,383

Program Coordinator 34,418 34,671 36,671 36,936 74,404

Advertising 25,000 25,000 25,000 25,000 25,000

Student Events ‐ ‐ ‐ ‐ ‐

ASC on Expenses 4,132 4,206 4,704 5,093 5,592

Other Expenses?

Total Uses of Funds 417,313 397,448 447,542 486,602 536,769

Net proceeds (deficit) 407,829 697,186 936,030 1,124,788 1,130,186

Rate of Return 49% 64% 68% 70% 68%



Financial Summary ‐ Onload ModelCybersecurity

Updated: 11/1/2016

ProForma ProForma ProForma ProForma ProForma

Fiscal Year 2018 2019 2020 2021 2022

Enrollment 45 60 75 90 100

Sources of Funds to UAGross RCM Revenue ‐ SCH 1,178,775 1,563,762 1,976,532 2,301,985 2,381,364

Less AISS Share (353,633) (469,129) (592,960) (690,596) (714,409)

Sources of Funds to Program

Net RCM Revenue ‐ SCH 825,143 1,094,634 1,383,572 1,611,390 1,666,955

Less Unrealized Net RCM Revenue ‐ ‐ ‐ ‐ ‐

Other Sources?

Total Sources of Funds to Program 825,143 1,094,634 1,383,572 1,611,390 1,666,955

Uses of Funds

Course Development 20,400 13,700 13,800 13,900 14,000

Course Instruction 684,831 683,107 712,106 643,869 653,541

MS Student 27,648 28,068 28,499 28,942 29,395

Teaching Assistant 27,648 28,068 28,499 28,942 29,395

PhD Student 38,572 41,520 43,476 44,769 45,383

Program Coordinator 34,418 34,671 36,671 36,936 74,404

Advertising 25,000 25,000 25,000 25,000 25,000

Student Events ‐ ‐ ‐ ‐ ‐

ASC on Expenses 8,585 8,541 8,881 8,224 8,711

Other Expenses?

Total Uses of Funds 867,101 848,976 883,132 816,681 865,829

Net proceeds (deficit) (41,958) 245,658 500,440 794,709 801,126

Rate of Return ‐5% 22% 36% 49% 48%


Master’s of Science in Cybersecurity Joint Degree | Eller College of Management | College of Engineering

Attachment A – MIS 562 Cyber Threat Intelligence Syllabus

Copyright © Arizona Board of Regents MIS 562

Page 1 of 6

Cyber Threat Intelligence

Course Syllabus

Instructor: Hsinchun Chen, Ph.D. Email: [email protected] Phone: 520.621.2748

Course Description

Cyber‐attacks cost the global economy $445 billion annually and affect a variety of domains such as healthcare, government, academia, and industry. Recent years has seen an unfortunate and disruptive growth in the number of cyber‐attacks. Cyber threat intelligence (CTI) or “threat intelligence related to computers, networks, and information technology” aims to provide valuable intelligence to help organizations be aware of and protect against cyber‐attacks. Many premier cybersecurity companies (e.g., TrendMicro, Cyveillance, FireEye) carefully craft CTI reports and feeds designed to aid organizations in the development of their own cyber‐defenses. This course is designed to provide students with a hands‐on introduction to the fundamental concepts and tools of modern cyber threat intelligence. Students will become familiar with the cyber threat intelligence lifecycle, identifying, collecting, and integrating intelligence feeds, common intelligence formats, and standard cyber threat intelligence technologies (e.g., CIF servers, TAXII servers, SIEM’s etc.).

Course Rationale This course delivers cutting edge cyber threat intelligence education by placing a heavy emphasis on the application and development of state‐of‐the‐art visualization, web mining, and machine learning techniques to bolster common cyber threat intelligence data sources and threat analytics. Students will have the opportunity to develop useful, actionable, and comprehensive cyber threat intelligence by utilizing the aforementioned analytics techniques on traditional intelligence feed data and novel data sets (e.g., DarkNet marketplaces, Hacker Forums, IRC channels, etc.). Each student will be provided with the infrastructure to collect and analyze data for their assignments. Upon the successful completion of this course, students will be able to recognize, describe, identify, discuss, explain, and implement cyber threat intelligence concepts and mechanisms from both technical and managerial perspectives within organizations.

Course Objectives

Upon the successful completion of this course, students will be able to recognize, describe, identify, discuss,

explain, and implement cyber threat intelligence concepts and mechanisms from both technical and managerial

perspectives within organizations.


Page 2 of 6

Topics covered by this class include:

The history of Cyber Threat Intelligence

The need for an intelligence strategy

Intelligence collection, aggregation and capabilities

Threat analytics and reporting

Operational intelligence

Prerequisite Requirements

MIS 545 or an equivalent data mining course

Programming in Python

Course Reading Material

Texts and materials will be provided through the course management system.

Course Workload Expectations

This course is structured around 8 weeks. Given this condensed time‐frame, you should expect a heavier than normal workload. This averages to approximately 20‐25 hours/week. These estimates will vary depending upon your existing knowledge level and/or time commitment. Preparing for exams will require additional time.

Course Schedule

The expected weekly progress and deliverables are outlined in the course schedule. Please see the course schedule as posted on D2L. There is a considerable amount of material covered in this class. It is essential that you stay current with all reading and assignments. Note DUE Dates on course deliverables.

Course Operation

This course is structured around weekly progress. The expected weekly progress is outlined in the course schedule. At a minimum it is recommended that students keep up with coursework by following the outlined course schedule.

Course Time Zone: All dates and times mentioned in this course represent Mountain Standard Time (Arizona), which is UTC‐7 hours. Arizona does not observe Daylight Savings Time. You can use the following link to get the current local time in Tucson, Arizona: http://www.timeanddate.com/worldclock/city.html?n=393

Working Ahead of Schedule: To maintain the integrity of the group learning environment, this course is not structured to allow students to work

ahead.


Page 3 of 6

Office Hours and Communications: Please use the Ask the Instructor discussion forum on D2L to contact me for content related questions. All students can then benefit from my response. Under normal circumstances, I will respond within 24 hours of your post Monday through Friday and 48 hours on Saturday and Sunday. If you have a question regarding your personal performance in the course, please email me directly using the address above. I will provide feedback on course work that needs to be manually graded (e.g., essay papers, projects) within 72 hours of submission. You will be able to see results for automatically graded course work (online quizzes and exams) after the specified deadline.

Desire 2 Learn (D2L) Course Management System: This course uses the Eller D2L course management system. You are required to use D2L with this class and are encouraged to check our D2L class course space daily. You are also encouraged to have D2L email forwarded to your primary University of Arizona email account. I will use D2L for course assignments, quizzes, exams, content distribution, and important announcements. The Eller College D2L system is available at: https://d2l.arizona.edu/.

Course Grading

Course grades will be determined by the following criteria.

Assignment (category) Percent of Grade

Exams (2) 30%

Weekly quizzes 10%

Topic assignments 50%

Class participation 10%

Total 100% The final course grade breakdown is as follows:

Points Letter Grade

895‐1000 A 795‐894 B 695‐794 C 595‐694 D 0‐594 F

Incomplete Policy: If you experience extraordinary circumstances beyond your control, which prevent you from completing the course within the scheduled 8‐week timeframe, you must request an incomplete by emailing me before the end of the course. Please clearly explain the reasons for the request and provide relevant documentation. Please be aware that you must be receiving a passing grade at the time of the request. If granted an incomplete, you should review the related policy stipulations at http://registrar.arizona.edu/gradepolicy/incomplete.htm.

Assignments and Assessments

Quizzes:

There will be 13 quizzes in this course. These quizzes are designed to help you review course content and prepare


Page 4 of 6

for the exams. Each quiz will have 4‐6 questions. Students can use as much time as needed to complete the quiz. Your lowest three quiz scores will be dropped.

Exams: Exams help test your knowledge of course content. There will be two exams in this course; one midterm, and one final. Each exam is worth 15% of your final grade. Each exam will have 10‐12 questions. Questions will be a combination of multiple choice, fill‐in‐the‐blank, and short essay. Students will be timed and students have 90 minutes to complete each exam. Barring a documented and verifiable medical or family emergency, there will be no other options to take a make‐up exam. Specific instructions on how to access exams and how to submit your answers will be provided on D2L before the exam dates.

Assignments: All assignments will be submitted through the D2L environment. Each assignment will have its own submission instructions based on the nature of the assignment. Please carefully adhere to the submission instructions. Not doing so may result in a loss of points. Late assignments will not receive points. Computer issues are not a valid excuses.

Class Participation: There will be a variety of ways to earn class participation points throughout the class including participating in discussion forums. Detailed instructions and class participation opportunities will be presented weekly in the D2L environment.

Turning in Assignments All graded assignments and assessment will be submitted electronically through D2L. Specific submission

instructions are provided for each assignment in the Learning Modules area of D2L.

Late Assignment Policy

Please note that all exams, lab exercises and assignments are conducted online and are available for a minimum of one full week, so missing any of them should not be necessary. However, the following are possible acceptable excuses for rescheduling. In all cases, the student is required to contact the instructor via email and related phone call. In some cases the instructor may request documentation as proof of the need to reschedule taking the exam. In all cases, the rescheduling will not exceed the University’s last day of scheduled exam days (if applicable.)

The student is aware of a scheduling conflict that can be identify at least two weeks prior to the exam due date.

An emergency that comes up before the exam. For example, a family emergency that requires the student to be away from a computer for a period of time or the student has a serious illness.

Academic Policies and Institutional Resources

Academic Policies and Procedures: As a University of Arizona student, you are expected to become familiar with and abide by the university‐wide policies and procedures. You can find complete, up‐to‐date information http://catalog.arizona.edu/2015‐16/policies/aaindex.html

Academic Integrity:


Page 5 of 6

Upon accepting admission to the University of Arizona, you immediately assumed a commitment to uphold the Code

of Academic Integrity. You can review these rules at

http://deanofstudents.arizona.edu/codeofacademicintegrity. Any instances of academic dishonesty will result in a

grade of E for the course.

Online Collaboration/Netiquette: In MISonline courses, you will primarily communicate with instructors and peers virtually through a variety of tools such as discussion forums, email, and web conferencing. The following guidelines will enable everyone in the course to participate and collaborate in a productive, safe environment.

Be professional, courteous, and respectful as you would in a physical classroom.

Online communication lacks the nonverbal cues that provide much of the meaning and nuances in face‐ to‐face conversations. Choose your words carefully, phrase your sentences clearly, and stay on topic.

It is expected that students may disagree with the research presented or the opinions of their fellow classmates. To disagree is fine but to disparage others’ views is unacceptable. All comments should be kept civil and thoughtful. Remember that this course abides by university policies regarding disruptive behavior: http://policy.arizona.edu/education‐and‐student‐affairs/disruptive‐behavior‐instructional‐setting

Compose your messages and posts in a word processing tool, and check your spelling and grammar before submitting your post / email.

Statement of Copyrighted Materials: All lecture notes, lectures, study guides and other course materials disseminated by the instructor to the students, whether in class or online, are original materials and reflect intellectual property of the instructor or author of those works. All readings, study guides, lecture notes and handouts are intended for individual use by students. You may not distribute or reproduce these materials for commercial purposes without the express written consent of the instructor. Students who sell or distribute these materials for any use other than their own are in violation of the University’s Intellectual Property Policy (available at http://ogc.arizona.edu/node/16). Violations of the instructors copyright may result in course sanctions and violate the Code of Academic Integrity.

UA MISonline Student Support: I am available to assist with content‐related issues. You may, at any time, email me. This course also provides an Ask the Instructor discussion forum. You are encouraged to post content‐related questions to this forum at any time. The instructor monitors this forum on a regular basis and will respond in a timely fashion. It is common for other students to participate in answering questions posted in the Ask the Instructor forum. You should feel free to contribute to the solution if you can provide knowledge or guidance related to the question. The following are guidelines for requesting support:

General Course Questions: Use the Ask the Instructor discussion forum for questions regarding course

materials or policy.

Personal Course Questions: Email the instructor to discuss grades or personal concerns.

Course Registration: Email [email protected].

D2L Support Questions: Email [email protected].

Disability Accommodations: Students needing special accommodations or special services should contact the Disability Resources Center, 1224 East Lowell Street, Tucson AZ 85721, (520)621‐3268, FAX (520)621‐9423, email: drc‐[email protected], http://drc.arizona.edu/. You must register and request that the center or DRC send the instructor official notification of your needs as soon as possible.


Page 6 of 6

Please contact the instructor to discuss accommodations and how this course’s requirements may impact your ability to fully participate. The need for accommodations must be documented by the Disability Resources Center.

Library Support: The University of Arizona Libraries is dedicated to providing the research tools you need at any time. For an abbreviated list of resources directly related to a specific course, select the Business Research / Library Tools link (located in the Course Menu on the left of the screen). If you need any assistance, please contact Jason Dewland at [email protected] and include your University of Arizona NetID.

Course Grievance Policy: In case of grievances with a course component or grading, students are encouraged to first try and resolve the issue with me. If you feel the issue is not resolved satisfactorily, please send an email to [email protected].

Course Surveys and Evaluations: There are two online surveys associated with this course:

MIS course specific survey ‐ assists course designers with refining elements of the course. This survey is conducted by the MISonline team prior to the end of the course.

UA Teacher Course Evaluation – standard course evaluation conducted by the University of Arizona. This will appear be made available through https://tce.oirps.arizona.edu/TCEOnline

at the appropriate time during the course. Please participate in these online surveys!

Errata: The instructor reserves the right to revise the syllabus as necessary to correct typographical errors, factual errors, omissions, or other material as needed to correctly reflect the requirements of the course. Changes made are documented.



Attachment B ‐ MIS 566 Penetration Testing: Ethical Hacking and Social Engineering Syllabus


Page 1 of 6

Penetration Testing: Ethical Hacking and Social Engineering

Course Syllabus

Instructor: Eric Case, MS MIS, CISSP Email: [email protected] Phone: 520.621.2748

Course Description

This course introduces students to the principles and techniques of the cybersecurity practice known as

penetration testing (pen testing), or ethical hacking, and covers the full pen test life cycle:

Planning (consent and scoping),

Reconnaissance (passive and active),

Vulnerability assessment,

Exploitation (technical and nontechnical (social)),

Post‐exploitation and pivoting, and

Report writing.

Students discover how system vulnerabilities can be exploited and learn how to avoid such problems.

Students will review various tools and methods commonly used to compromise information and control

systems. Ethical hacking, also known as penetration testing, is the act of breaking into a system with the

permission and legal consent of the organization or individual who owns and operates the system, with the

purpose of identifying vulnerabilities to strengthening the organization’s security. Students will conduct

hands‐on penetration tests in a lab environment to practice the concepts presented and tools reviewed in the

course. This course is an ethical hacking course and students will learn hacking techniques within a controlled

environment for the goal of better securing the IT resources of their rightful owners.

Prerequisite Requirements: This is an intro course without specific prerequisites and with the general prerequisites. Students must have a

working understanding of the following:

TCP/IP and its underlying protocols including o Routing and other basic networking knowledge (DNS, ICMP, etc.)

HTTP Protocol including verbs, status codes and parameters

Various encoding formats used in a web environment

Windows / Linux command line knowledge

Basic scripting (Bash, batch file, Python or PowerShell)


Page 2 of 6

Course Objectives

Upon completion of this course, students will be able to:

explain the basic principles and techniques of how attackers can enter computer systems,

put acquired knowledge into practice by performing ethical penetration tests,

evaluate the strengths and weaknesses of various IT solutions in terms of data security,

independently present and perform demonstrations of penetration tests for educational purposes, and

evaluate the societal role of hacking from a social, ethical, and economic standpoint After completing the course, students should be able to pass an industry‐recognized certification like:

1. Certified Ethical Hacking (CEH) from EC‐Council 2. Penetration Tester (GPEN) from GIAC

Course Reading Material

Texts and materials will be provided through the course management system.

Course Material A computer that can run VMWare Workstation (v11+), Fusion (7+)

(https://www.microagelab.arizona.edu/software‐licensing/vmware‐academic‐program‐mis) or VirtualBox (5+)

(https://www.virtualbox.org) with 6 GB RAM minimum.

Course Workload Expectations

This course is structured around 8 weeks. Given this condensed time‐frame, you should expect a heavier than normal workload. This averages to approximately 20‐25 hours/week. These estimates will vary depending upon your existing knowledge level and/or time commitment. Preparing for exams will require additional time.

Course Schedule

The expected weekly progress and deliverables are outlined in the course schedule. Please see the course schedule as posted on D2L. There is a considerable amount of material covered in this class. It is essential that you stay current with all reading and assignments. Note DUE Dates on course deliverables.

Course Operation

This course is structured around weekly progress. The expected weekly progress is outlined in the course schedule. At a minimum it is recommended that students keep up with coursework by following the

outlined course schedule. Note the DUE DATES on course deliverables. Some items are due at specific dates

while other items (i.e., quizzes and exams) are ultimately due on a single specified date.



Page 3 of 6

Working Ahead of Schedule: To maintain the integrity of the group learning environment, this course is not structured to allow students to

work ahead.


Desire 2 Learn (D2L) Course Management System: This course uses the Eller D2L course management system. You are required to use D2l with this class and are encouraged to check our D2L class course space daily. You are also encouraged to have D2L email forwarded to your primary University of Arizona email account. I will use D2L for course assignments, quizzes, exams, content distribution, and important announcements. The Eller College D2L system is available at: https://d2l.arizona.edu/.

Course Grading


Percent of Grade

Midterm 25%

Final 25%

Labs 30%

Quizzes 20%

100%

The approximate final course grade breakdown will be as follows:

Points Letter Grade

90‐100 A

80‐89 B

70‐79 C

60‐69 D

Less than 60 E

Incomplete Policy: If you experience extraordinary circumstances beyond your control, which prevent you from completing the course within the scheduled 8‐week timeframe, you must request an incomplete by emailing me before the end of the course. Please clearly explain the reasons for the request and provide relevant documentation. Please be aware that you must be receiving a passing grade at the time of the request. If granted an incomplete, you should review the related policy stipulations at http://registrar.arizona.edu/gradepolicy/incomplete.htm.


Page 4 of 6

Assignments and Assessments

Quizzes: You are required to complete quizzes for this course. These are based on the lectures and assigned readings. These are timed and you are required to complete each of them in one sitting.

Exams: Both exams are conducted online. Each exam will cover specified weeks of student. Specific instructions on how to access exams and how to submit your answers will be provided on D2L before the exam dates.

Assignments: You are required to complete Lab assignments for this class. More details will be provided on the Lab assignments during the term. All Labs assignments will be posted on D2L along with their due dates. It is the student’s responsibility to check for these homework assignments by regularly logging into D2L.

Turning in Assignments

All graded assignments and assessment will be submitted electronically through D2L. Specific submission

instructions are provided for each assignment in the Learning Modules area of D2L.

Late Assignment Policy

Please note that all exams, lab exercises and assignments are conducted online and are available for a minimum of one full week, so missing any of them should not be necessary. However, the following are possible acceptable excuses for rescheduling. In all cases, the student is required to contact the instructor via email and related phone call. In some cases the instructor may request documentation as proof of the need to reschedule taking the exam. In all cases, the rescheduling will not exceed the University’s last day of scheduled exam days (if applicable.)

The student is aware of a scheduling conflict that can be identify at least two weeks prior to the exam due date.

An emergency that comes up before the exam. For example, a family emergency that requires the student to be away from a computer for a period of time or the student has a serious illness.

Academic Policies and Institutional Resources

Academic Policies and Procedures: As a University of Arizona student, you are expected to become familiar with and abide by the university‐wide policies and procedures. You can find complete, up‐to‐date information http://catalog.arizona.edu/2015‐16/policies/aaindex.html

Academic Integrity: Upon accepting admission to the University of Arizona, you immediately assumed a commitment to uphold the Code of Academic Integrity. You can review these rules at http://deanofstudents.arizona.edu/codeofacademicintegrity. Any instances of academic dishonesty will result in a grade of E for the course.

Online Collaboration/Netiquette: In MISonline courses, you will primarily communicate with instructors and peers virtually through a variety of tools such as discussion forums, email, and web conferencing. The following guidelines will enable everyone


Page 5 of 6

in the course to participate and collaborate in a productive, safe environment.


Online communication lacks the nonverbal cues that provide much of the meaning and nuances in face‐ to‐face conversations. Choose your words carefully, phrase your sentences clearly, and stay on topic.



Statement of copyrighted materials: All lecture notes, lectures, study guides and other course materials disseminated by the instructor to the students, whether in class or online, are original materials and reflect intellectual property of the instructor or author of those works. All readings, study guides, lecture notes and handouts are intended for individual use by students. You may not distribute or reproduce these materials for commercial purposes without the express written consent of the instructor. Students who sell or distribute these materials for any use other than their own are in violation of the University’s Intellectual Property Policy (available at http://ogc.arizona.edu/node/16). Violations of the instructors copyright may result in course sanctions and violate the Code of Academic Integrity.

UA MISonline Student Support: I am available to assist with content‐related issues. You may, at any time, email me. This course also provides an Ask the Instructor discussion forum. You are encouraged to post content‐related questions to this forum at any time. The instructor monitors this forum on a regular basis and will respond in a timely fashion. It is common for other students to participate in answering questions posted in the Ask the Instructor forum. You should feel free to contribute to the solution if you can provide knowledge or guidance related to the question. The following are guidelines for requesting support:




Course Registration: Email [email protected].


Disability Accommodations: Students needing special accommodations or special services should contact the Disability Resources Center, 1224 East Lowell Street, Tucson AZ 85721, (520)621‐3268, FAX (520)621‐9423, email: drc‐[email protected], http://drc.arizona.edu/. You must register and request that the center or DRC send the instructor official notification of your needs as soon as possible. Please contact the instructor to discuss accommodations and how this course’s requirements may impact your ability to fully participate. The need for accommodations must be documented by the Disability Resources Center.

Library Support:


Page 6 of 6

The University of Arizona Libraries is dedicated to providing the research tools you need at any time. For an abbreviated list of resources directly related to a specific course, select the Business Research / Library Tools link (located in the Course Menu on the left of the screen). If you need any assistance, please contact Jason Dewland at [email protected] and include your University of Arizona NetID.

Course Grievance Policy: In case of grievances with a course component or grading, students are encouraged to first try and resolve the issue with me. If you feel the issue is not resolved satisfactorily, please send an email to [email protected].

Course Surveys and Evaluations: There are two online surveys associated with this course:


UA Teacher Course Evaluation – standard course evaluation conducted by the University of Arizona. This will appear be made available through

https://tce.oirps.arizona.edu/TCEOnline at the appropriate time during the course.

Please participate in these online surveys!

Errata: The instructor reserves the right to revise the syllabus as necessary to correct typographical errors, factual errors, omissions, or other material as needed to correctly reflect the requirements of the course. Changes made are documented.



Attachment C ‐ MIS 689 Cyber Warfare Capstone Syllabus

of 10

Copyright © Arizona Board of Regents Cyber Forensics

Cyber Warfare Capstone

Course Syllabus

Instructor: Lance Hoopes, MS MIS, CISM, CRISC Email: [email protected] Phone: 520.621.5321

Course Description and Rationale While many learn security principles and techniques, few have the opportunity to put such learning into a simulated practice. Proactivity in assessing vulnerabilities on existing systems while defending against active threats is challenging. The focus of this course is the usage of common tools used during penetration assessments and hardening system defenses. Students will draw from previous classes to combine skills in online defense and penetration exercises of systems in a virtual environment. Along with course labs, this course will apply theory and techniques to provide the following learning base:

Knowledge – of techniques used in detecting and exploiting vulnerabilities in a virtual environment;

Comprehension – understanding of the principles of attack and defense of information systems as well as an awareness of the important principles of ethical hacking and the usage of passive/invasive tools to find holes in security postures;

Application – hands‐on application of techniques provide the learning with near‐real experience. You are expected to obtain an entry level proficiency in the application of techniques used in information security attack and defense. Prerequisite Requirements This course should be taken towards or at the end of your series of security courses. Elements and techniques discussed in previous courses will come in handy for this course. Be aware that this course is technical in nature.

of 7

Copyright © Arizona Board of Regents Cyber Security Experience

Course Objectives Upon successful completion of this course, you will be able to: Recognize, Describe, Identify, Discuss, and Explain fundamentals of vulnerability discovery, penetration testing and the art of using these tools in a competitive environment.

Course Reading Materials The following book is required for this course.

Professional Penetration Testing, 2nd Edition 2016 Available as E‐Book

Authors: Thomas Wilhelm ISBN: 978‐1‐59749‐993‐4 Online ISBN: 978‐1‐59749‐425‐0 Publisher: British Library Cataloguing‐in‐Publication Data

Additional materials will provided as required or supplementary readings throughout the course and will be available as downloadable documents from the D2L learning space.

Course Workload Expectations This course is structured around 7.5 weeks. Given this condensed time‐frame, you should expect a heavier than normal workload. The course workload is estimated as follows:

Course Item Estimated Hours

Learning Modules 4‐5 hrs. / Week

Additional Readings 2‐3 hrs. / Week

Labs 3 hr. /Lab

Quizzes 1 hr. / Quiz

Project 10 hours total

This averages to approximately 10‐15 hours/week. These estimates will vary depending upon your existing knowledge level and/or time commitment. Preparing for exams will require additional time.

of 7


Course Schedule The expected weekly progress and deliverables are outlined in the course schedule. Please see the course schedule as posted on the D2L learning environment. There is a considerable amount of material covered in this class. It is essential that you stay current with all reading and assignments. Note DUE Dates on course deliverables will be noted in the D2L environment. Topics covered each week are noted below.

Week Topics Covered

Week 1 Vulnerabilities and Exploits

Review and discuss typical vulnerabilities and methods and techniques often used to exploit them.

Week 2 Building your incident response plans

Choosing tools that help detect and protect systems and vulnerabilities

Week 3 Building your penetration plans

Choosing tools that help e‐discover and penetrate vulnerabilities

Week 4 Preparing for encounter – War Games

Exploring virtual environments of simulated war games

Week 5 War Games

War game discussions

Week 6 War Games

War game discussions

Week 7 Capture the Flag

Instruction and discussions of capture the flag.

Week 8 (half week) Course Review

Review of project results

Course Operation This course is structured around weekly progress. The expected weekly progress is outlined in the course schedule. At a minimum it is recommended that students keep up with coursework by following the outlined course schedule. Note the DUE DATES on course deliverables. Some items are due at specific dates while other items (i.e., quizzes and exams) are ultimately due on a single specified date. Although items like Labs might open up simultaneously, each lab has a specific designated due date.


Working Ahead of Schedule: This course is designed to allow the student to work ahead of the normal course schedule. A student can, in theory, complete all course requirements prior to the stated course schedule. The exception is if course projects are assigned by groups. If course projects are assigned by groups, course completion will depend on the progress of the assigned group.

of 7


Labs While all labs open at the start of the course, they each have a specific due date. The student can work ahead of the normal course schedule by completing the labs early.

Quizzes If the student completes Quiz‐3 ahead of schedule, Exam‐1 opens up for the student to take early, if desired. If the student completes Exam‐1 ahead of schedule, materials for weeks 4‐7 (and corresponding quizzes) are made available. If the student completes Quiz‐7 ahead of schedule, Exam‐2 becomes available to the student. In all cases, quizzes and exams will become available as dictated by the course schedule. However, the student may work ahead of the course schedule as desired.


Learning Management System: This course uses the Desire‐2‐Learn (D2L) Learning Management System (LMS). You are required to use the LMS with this class and are encouraged to check the course space daily. The instructor will use the LMS for course assignments, quizzes, exams, content distribution, and important announcements. The LMS is available at: https://D2L.arizona.edu.

Course Grading


Percent of

Grade

Points Available

Weekly Quizzes 20% 100 Labs (5 online Labs) 30% 150 Project 50% 250

100% 500

The approximate final course grade breakdown will be as follows:

Points Letter Grade

450‐500 A 400‐449 B

of 7


350‐399 C 300‐349 D 0‐299 F

Incomplete Policy: If you experience extraordinary circumstances beyond your control, which prevent you from completing the course within the scheduled 7.5‐week timeframe, you must request an incomplete by emailing the Instructor before the end of the course. Please clearly explain the reasons for the request and provide relevant documentation. Please be aware that you must be receiving a passing grade at the time of the request. If granted an incomplete, you should review the related policy stipulations at http://registrar.arizona.edu/gradepolicy/incomplete.htm

Assignments and Assessments Quizzes There are seven quizzes in this course. Each quiz covers learning materials related to a specific week. Quizzes are due as listed in the course schedule. The following additional information pertains to quizzes:

Quiz attempts are timed for one hour;

Quizzes are administered online and can contain up to 30 questions;

You have two attempts at any given quiz. The highest score is recorded. Late quiz attempt rules apply;

Quiz questions are randomized with each quiz attempt. You may not see the same questions on subsequent quiz attempts.

Labs There are three (5) labs required for this course. Each lab has specific deliverables. For more information on the labs, refer to the Lab Overview document under the Assignments folder in the course space.

Project This course has one project. The purpose of the course project is to stimulate the students into thinking about how they test the defenses of an organization and produce a meaningful report on vulnerabilities. Depending on the class size, the instructor may form project teams instead of individual project assignments. Each individual (or project team) will be given a particular assignment. The objective is to develop a compelling analysis that informs stakeholders of the particular issue and findings surrounding found vulnerabilities. If teams are formed, they will be announced as early as possible in the course session. Teams will range from 3 to 5 students per team. Full details, including submission instructions, are available in the Assignments area of the course space (located in the Course Menu on the left of the screen).

Turning in Assignments All graded assignments and assessment will be submitted electronically through D2L course space. Specific submission instructions are provided for each assignment in the Learning Modules area of the course space.

of 7


Late Assignment Policy Late assignments will not receive points. Please allow yourself time to mitigate any computer glitches. In order to earn a passing grade in the course you will need to complete and submit every assigned assessment by the end of the course, even if this implies submitting an assignment late and earning no points toward the final grade.

Academic Policies and Institutional Resources Academic Policies and Procedures: As a University of Arizona student, you are expected to become familiar with and abide by the university‐wide policies and procedures. You can find complete, up‐to‐date information http://catalog.arizona.edu/2015‐16/policies/aaindex.html Academic Integrity: Upon accepting admission to the University of Arizona, you immediately assumed a commitment to uphold the Code of Academic Integrity. You can review these rules at http://deanofstudents.arizona.edu/codeofacademicintegrity. Any instances of academic dishonesty will result in a grade of E for the course. Online Collaboration/Netiquette: In MISonline courses, you will primarily communicate with instructors and peers virtually through a variety of tools such as discussion forums, email, and web conferencing. The following guidelines will enable everyone in the course to participate and collaborate in a productive, safe environment.


Online communication lacks the nonverbal cues that provide much of the meaning and nuances in face‐to‐face conversations. Choose your words carefully, phrase your sentences clearly, and stay on topic.



Statement of copyrighted materials: All lecture notes, lectures, study guides and other course materials disseminated by the instructor to the students, whether in class or online, are original materials and reflect intellectual property of the instructor or author of those works. All readings, study guides, lecture notes and handouts are intended for individual use by students. You may not distribute or reproduce these materials for commercial purposes without the express written consent of the instructor. Students who sell or distribute these materials for any use other than their own are in violation of the University’s Intellectual Property Policy (available at http://ogc.arizona.edu/node/16). Violations of the instructors copyright may result in course sanctions and violate the Code of Academic Integrity.

UA MISonline Student Support: The instructor is available to assist with content‐related issues. You may, at any time, email the instructor. This course also provides an Ask the Instructor discussion forum. You are encouraged to post content‐related questions to this forum at any time. The instructor monitors this forum on a regular basis and will respond in a timely fashion. It is common for other students to participate in answering questions posted in the Ask the Instructor forum. You should feel free to contribute to the solution if you can provide knowledge or guidance related to the question.

of 7


The following are guidelines for requesting support:




Course Registration & Curriculum Questions: Email [email protected].


Disability Accommodations: Students needing special accommodations or special services should contact the Disability Resources Center, 1224 East Lowell Street, Tucson AZ 85721, (520)621‐3268, FAX (520)621‐9423, email: drc‐[email protected], http://drc.arizona.edu/. Resources/CDRR (621‐5227). You must register and request that the center or DRC send the instructor official notification of your needs as soon as possible. Please contact us to discuss accommodations and how this course’s requirements may impact your ability to fully participate. The need for accommodations must be documented by the Disability Resources Center. Library Support: The University of Arizona Libraries is dedicated to providing the research tools you need at any time. For an abbreviated list of resources directly related to a specific course, select the Business Research / Library Tools link (located in the Course Menu on the left of the screen). If you need any assistance, please contact Jason Dewland at [email protected] and include your University of Arizona NetID. Course Grievance Policy In case of grievances with a course component or grading, students are encouraged to first try and resolve the issue with the instructor. If the student feels the issue is not resolved satisfactorily, please send Email to [email protected]. Course Surveys and Evaluations There are two online surveys associated with this course:


UA Teacher Course Evaluation – standard course evaluation conducted by the University of Arizona. This will appear be made available through https://tce.oirps.arizona.edu/TCEOnline at the appropriate time during the course.

Please participate in these online surveys!



Attachment D – ECE 513 Web Development and Internet of Things

ECE 413/513 Web Development and Internet of Things Credits: 3.00 Prerequisite(s): ECE 275 Course Schedule: Lecture: 150 minutes/week Course Assessment: Homework: 4-5 assignments Entrepreneurship Project: 1 Project (5 Components) Exams: 2 Exams Grading Policy: Typically: 25% Exams

20% Homework 40% Entrepreneurship Project 5% Reading 5% Attendance, Participation, Quizzes Letter grades will be assigned using a strict 10% scale: 90% and above corresponds to an A, 80% and above to a B, 70% and above to a C, 60% and above to a D, and less than 60% to an E.

Course Summary: The course focuses on the design, integration, and programming of

web applications for the Internet of Things (IoT). Course topics include client-side dynamic web page development with HTML, CSS, JavaScript, and Ajax; server-side web application development with Node.js, MongoDB, and RESTful interfaces; and IoT device-side development using formal state-based programming and publish-subscribe interfacing. Additional topics include token-based user authentication, password hashing, responsive design, and relational databases. IoT applications covered in this course include connected cars, connected health, wearables, smart grids, smart homes, and remote measurement, among others.

Textbook: Web Programming, zyBooks, 2016. ($48) Required Device: Particle Photon ($19 - $49)

Entrepreneurship Project:

An 8-week long course project is a central component of the course and integrates aspects of collaborative development and entrepreneurism. Initially, teams (2-3 students) will compete to propose the course project topic as part of a pitch event around the fourth week. Instructor, students, and mock investors will choose one team’s project to serve as the course project. All teams will work on competing implementations of the course project, but a centralized database will be used for integrating data collected across all teams

IoT devices. The project will culminate in a second pitch event in which teams present their respective implementations and compete for awards.

Topics Covered: 1. HTML a. Document structure b. Basic HTML (lists, tables, images, links, etc.) c. Containers d. Forms e. HTML5

2. CSS a. Basic styling and selectors b. Properties, position, and effects c. Box model

3. JavaScript a. Basic language overview b. Arrays, objects, and classes c. Regular expressions d. jQuery

4. JavaScript in the Browser a. Document Object Model (DOM) b. Ajax c. Event-driven programming d. JSON e. Polyfills

5. Server-side Development with Node.js a. Node.js, Express, Jade b. Document database (MongoDB/Mongoose) c. RESTful APIs d. Authentication e. Password hashing

6. IoT Device Programming a. Synchronous state machines b. Event-based programming c. Publish-subscribe interfaces d. IFTTT Integration e. Guidelines for secure programs f. Remote measurement

Course outcomes: 1. Create dynamic webpages using HTML5 compliant HTML, CSS, and JavaScript.

2. Setup and manage a web server using Node.js and MongoDB. 3. Develop web APIs using RESTful interfaces, and interface to

web APIs from the browser using Ajax. 4. Program network connected IoT devices using state-based

synchronous programming models. 5. Interface between IoT devices and web servers using publish-

subscribe interfaces. Relationship to Student Outcomes:

ECE 4xx/5xx contributes directly to the following specific Electrical Engineering and Computer Engineering Student Outcomes of the ECE Department:

a) an ability to apply knowledge of mathematics, science, and engineering (High)

c) an ability to design a system, component, or process to meet desired needs within realistic constraints such as economic, environmental, social, political, ethical, health and safety, manufacturability, and sustainability (Medium)

e) an ability to identify, formulate, and solve engineering problems (Medium)

i) a recognition of the need for, and an ability to engage in life-long learning (Medium)



Attachment E – ECE 523 Machine Learning and

Data Analysis for Engineering Concepts

Gregory Ditzler Dept. of ECE The University of Arizona

ECE6XX: Machine Learning and Data Analysis for Engineering Concepts

§ Course DetailsInstructor Gregory Ditzler, Ph.D. (Dept. of ECE)Instructor Email [email protected]

Course Websites https://d2l.arizona.edu

https://piazza.com/arizona

Lecture Times TBDLecture Room TBDInstructor Office Hour ECE Bldg 556D

All other times are by appointment only.

§ DescriptionMachine learning and pattern recognition deals with automated classification, identification, and /or characterizations of unknown systems. Virtually unlimited number of applications can benefitfrom machine learning techniques. Although it employs elegant and sophisticated mathematicaland statistical analysis techniques, machine learning is nevertheless a very application driven field.Upon successful completion of this class, you will be able to analyze a given pattern recognitionproblem, and determine which algorithm to use. You will also be able to modify existing algorithmsto engineer new algorithms to solve a particular problem at hand. In the mean time, you will gaina working knowledge of some of the most recent developments in machine learning.

§ TextbookRequired

• “Machine Learning: A Probabilistic Perspective,” K. Murphy, MIT Press, 2012.

Recommend (and reference)

• “Elements of Statistical Learning Theory,” T. Hastie, R. Tibshirani, and J. Friedman, Springer,2008.

• “Pattern Classification,” R. Duda, P. Hart, and D. Stork, Wiley-Interscience, 2000.

• “Pattern Recognition and Machine Learning,” C. Bishop, Springer, 2007.

§ GradingYour final numerical grade will be computed as follows.

Homework (5) 25 pointsMid-term Exams (2) 30 pointsProject 55 points

Total 100 pointsYour course letter grade will be assigned based on your final numerical grade as follows.

90 100 A

80 89 B

70 79 C

60 69 D

0 59 E

The above scale represents a minimum guarantee. Exams missed by the students cannot be madeup unless prior arrangements have been made with the instructor. Make-up exams are evaluatedon a case-by-case basis.

www.arizona.edu 1 February 26, 2016

[email protected]

https://d2l.arizona.edu

https://piazza.com/arizona

www.arizona.edu


§ Course ExpectationsThis course is a fast-paced, mathematically and computationally intensive graduate level course.You will be learning a substantial amount of cutting edge material, and you will be writing simula-tion Python code to test them. Expertise (not just familiarity) some other programming languageis absolutely essential. Because this is a graduate level course, you will also be expected to doa substantial amount of reading – not only from the text but also from scientific magazines andjournals. Successful completion of this course will demand significant amount of time commitmentfrom you, a good portion of which may be spent on reading and algorithm implementation. As arule of thumb, expect to spend three-four hours for each hour we spend in class, i.e. 9-12 hours aweek on top of class meetings. Please budget your time accordingly.

§ Topics

Week Topic Assignment

#0 Linear Algebra & Probability Refresher / Pythonhttps://developers.google.com/edu/python/

#1 Introduction / Foundations HW 1 Assigned#2 Bayes Decision Theory / Discriminate Functions#3 Logistic Regression / Density Estimation HW 2 Assigned

HW 1 Due#4 Dimensionality Reduction / Feature Selection#5 Optimization / Multi-Layer Perceptrons HW 3 Assigned

HW 2 Due#6 Neural Networks / Deep Learning#7 Support Vector Machines / Risk Minimization HW 4 Assigned

HW 3 Due#8 Exam / Mixture Models Project Proposal#9 Clustering / Unsupervised Learning HW 5 Assigned

HW 4 Due#10 Decision Trees / Ensemble Classifiers#11 Boosting / PAC Models HW 5 Due#12 Online Learning / Multi-Arm Bandits#13 Exam / Applications#14 Big Data & Map-Reduce / Graphical Models#15 Convolutional & Recurrent Neural Networks#16 Advanced Topics & The Future of ML Final Report

§ Course ProjectA final project to help you put all course-developed skills to work will be assigned. You will havea minimum of one month to work. All project ideas must be pre-approved by the instructor forappropriate scope and depth. Groups of two are welcome.

Graduate students are expected develop a novel technique, either from scratch, or by suitablymodifying an existing technique for a specific problem of your interest; test it on at least fivestandard benchmark databases available at the UCI Machine Learning Repository or Kaggle. Ifthis is an application specific project, then it should be tested on the data generated by thatapplication. Many data sets are available through a link in this paper: http://jmlr.org/papers/v15/delgado14a.html.


https://developers.google.com/edu/python/

http://jmlr.org/papers/v15/delgado14a.html

http://jmlr.org/papers/v15/delgado14a.html

www.arizona.edu


Projects are expected to be of conference submission quality. Many machine learning relatedconferences have deadlines after the semester ends and you’re encouraged to submit your work withyour advisor.


www.arizona.edu



Attachment F – ECE 571 Fundamentals of Information and Network Security

6

ECE471FundamentalsofInformationandNetworkSecuritySpring2017

Designation: CEandEEElective2016-17CatalogData: Description:3units.IntroductiontoinformationSecurity.Shannon’sapproachto

cryptography.Symmetrickeycryptography,cryptographichashfunctions,andpublickeycryptosystems.Authentication,keymanagementandkeydistribution.Wirelessandnetworksecurity.Grading:Regulargradesareawardedforthiscourse:ABCDE.Maybeconvenedwith:ECE571.Usuallyoffered:Spring(3Units)IntroductiontoInformationSecurity.Shannon’sapproachtocryptography.Symmetrickeycryptography,cryptographichashfunctions,andpublickeycryptosystems.Authentication,keymanagementandkeydistribution.Wirelessandnetworksecurity.

Prerequisite: ECE275,ECE310.Textbook(s)and/orotherrequiredmaterial:

Cryptography:TheoryandPracticeDouglasStinson,3rdEdition,PrenticeHall,2005References:IntroductiontoModernCryptography,J.KatzandY.Lindell,Chapman&Hall/CRC,2014.CryptographyandNetworkSecurity:PrinciplesandPractice,7thEdition,W.Stallings,Pearson,2016

CourseLearningOutcomes: Bytheendofthiscourse,thestudentwillbeableto:

1. Identifythebasicnotionsofinformationsecurity2. Describethecryptographicprimitivesforachievingconfidentialityinaprivatekeysetting.3. Applycryptographicmechanismsforachievinginformationintegrity4. Describethecryptographicprimitivesforachievingconfidentialityinapublickeysetting5. Contrastthesecurity/computation/communicationtradeoffsbetweenpublickeyandprivate

keycryptography6. Describecryptographicprimitivesforachievingsenderauthentication.7. Applypublickeycryptographicprimitivestobuildingmutualauthenticationprotocols8. Outlinekeyagreementandkeydistributionprotocolsandanalyzetheiroverhead9. Explaintheapplicationofcryptographicprimitivesandprotocolsinthecontextofwireless

security10. Explaintheapplicationofcryptographicprimitivesandprotocolsinthecontextofnetwork

security

CourseTopics: 1. Introduction to Information Security – Classical cryptosystemsand cryptanalysis, information

security objectives, schematic of a secure communication system, formal definition of acryptosystemandbasicprinciples,theshiftcipher,thesubstitutioncipher,theaffinecipher,thepermutation cipher, theHill cipher, the Vigenere cipher, stream ciphers, cryptanalysis, attackmodels,attacksondifferentciphers.

2. Shannon’s Approach to Cryptography – Measures of security, perfect secrecy, definition ofentropy,one-timepad,

3. Symmetric key cryptography – the notion of a symmetric key cryptography, definition ofcomputational security, pseudorandomness, secure private key encryption schemes,

7

substitution-permutation networks, the Data Encryption Standard (DES) and differentialcryptanalysis,theAdvancedEncryptionStandard(AES).

4. Cryptographic Hash Functions – Definition of hash functions and properties, the birthdayproblem,unkeyedandkeyedhashfunctions,MessageAuthenticationCodes(MAC),theRandomOracleModel(ROM)

5. Authentication – Definition of authentication, strong password protocols, Encrypted KeyExchange (EKE), Key Distribution Centers (KDC), certification authorities and certificaterevocation,KDCbasedauthenticationprotocols

6. PublicKeyCryptosystems–Fundamentalsofpublic-keycryptography,backgroundonnumbertheory,theRSApublickeycryptosystem,theElGamalpublickeycryptosystemanddiscretelogs,EllipticCurveCryptosystems(ECC).

7. DigitalSignatures–AnRSAbasedsignaturescheme,theElGamalbasedsignaturescheme,theSchnorr signature scheme, the Digital Signature Algorithm (DSA), the Elliptic Curve DigitalSignatureAlgorithm(ECDSA)

8. Key Distribution and Key Agreement Protocols – Key predistribution, Diffie-Hellman keyexchange,Diffie-Hellmankeyexchangewithellipticcurves,theMTIkeyexchange,secretsharing

9. NetworkSecurity–TCP/IPthreats,theIPSEC,SSLandTLSprotocols,firewallsandVirtualPrivateNetworks(VPNs),electronicmailsecurity,worms,DDoSattacks,BGBandsecurityconsiderations

10. WirelessSecurity–establishmentofsecurityassociationsinwirelessnetworks,secureneighbordiscovery,misbehaviorinchannelaccess,securerouting,privacyprotectioninmobilenetworks

Class/LaboratorySchedule(i.e.,numberosessionseachweekanddurationofeachsession): Two75-minutelecturesessionsperweek.Approximatelytenhomeworkproblemsetsduringsemester.Midtermexaminationplusafinalexamination.

RelationshiptoStudentOutcomes:ECE471contributesdirectlytothefollowingspecificElectricalandComputerEngineeringStudentOutcomesoftheECEDepartment:

a) anabilitytoapplyknowledgeofmathematics,science,andengineering(High).

e) anabilitytoidentify,formulate,andsolveengineeringproblems(High).f)anunderstandingofprofessionalandethicalresponsibility(Medium).g)anabilitytocommunicateeffectively(Medium).h)thebroadeducationnecessarytounderstandtheimpactofengineeringsolutionsina

globalandsocietalcontext(High).j)aknowledgeofcontemporaryissues(Medium)k) anabilitytousethetechniques,skills,andmodernengineeringtoolsnecessaryforengineering

practice(High).

Preparedby: L.Lazos Date: 4/04/16

8

CSE 466/566 – List of Topics Fall 2014

• Communication security: cryptography and cryptographic protocols, including encryption, message authentication codes, hash functions, one-way functions, public-key cryptography, digital signatures, cryptographic protocols.

• Software security: secure software engineering, defensive programming, control-flow hijacking attacks (buffer overflows, format string bugs, integer overflows, heap attacks), exploitation techniques (string analysis, fuzzing, bug finding), analysis of code for security errors, safe languages, sandboxing techniques, and tools for writing secure code.

• Operating system security: memory protection, access control, authorization, authenticating users (something you know, something you have, something you are, password cracking.

• Network security: firewalls, port scanning attacks, intrusion detection systems, denial of service attack and defense, VPNs.

• Malware: worms, spyware, rootkits, botnets, key-loggers, and defenses against them. Web security: same-origin policy, cross-site scripting attacks, SQL injection attacks.

• Hardware-based security: The trusted computing architecture and its applications. Intellectual property protection: digital rights management, copy protection, software tamper-resistance.

• Advanced topics: privacy, mobile code, electronic voting, phishing, cybercrime, cyber-terrorism, financial security, spam, covert channels.

Math 445 – List of Topics Spring 2016

• Overview of Cryptography • Division and congruence, shift ciphers, GCD-Inverse modular, and affine ciphers,

Vigenere ciphers, inverting matrices and Block ciphers • Binary numbers, One-time Pads, and LFSR sequences • Chinese Remainder Theorem • Modular exponentiation, Fermat’s and Euler’s formulas • RSA algorithm, Attacks on RSA, Factoring • Public key concept • Computing Discrete Logs • Diffie-Hellman Key Exchange • ElGamal Public Key cryptosystem • Hash functions, Birthday attacks • RSA, ElGamal signatures; Digital signature Algorithm • Secret splitting, Threshold schemes • Error Correcting codes: Linear codes, Hamming codes, McEliece cryptosystem • Digital cash and games



Attachment G – Letters of Support

Harvill Building, 4th Floor 1103 E 2nd St. Tucson, AZ 85721 520.621.3565 520.621.3279 si.arizona.edu

Arizona’s First University – Since 1885

October 17, 2016 Sue Brown, McClelland Professor of MIS Interim Department Head Department of Management Information Systems Eller College of Management 430L McClelland Hall University of Arizona Dear Dr. Brown, This is a letter of support for the proposed Eller College of Management proposal for a Master’s in Cybersecurity. I have reviewed the New Academic Program – Implementation Request for the new program and I believe that the program is both timely and would provide an excellent education for the students. Cybersecurity is a critical issue internationally and all private and public institutions needs improved security but the workforce is lacking. There is no conflict with School of Information programs. We have one course in cybersecurity that address a different market within the context of the other School of Information degrees. We hope there would be an opportunity for some of our students to be able to enroll in classes in the Eller Cybersecurity program. We look forward to future collaboration to identify possible electives that could be offered in the program. Sincerely, P. Bryan Heidorn Director, School of Information

To: Sue Brown, McClelland Professor of MIS

Interim Department Head Department of Management Information Systems Eller College of Management

From: Paulette Kurzer, Professor of Political Science School of Government and Public Policy

Date: October 10, 2016 Dear Sue, I am the director of the online M.A. degree in International Security Studies in the School of Government and Public Policy (in the College of Social and Behavioral Sciences). I am excited to hear that MIS at the Eller College of Management is proposing an online Master’s program in Cybersecurity. Currently, the ISS program offers a few online courses in Cybersecurity though the focus is mostly on the political process and the regulatory framework governing cyber conflict and cyber ware. We would therefore welcome future collaboration with the online M.S. degree in Cyber Security. We support MIS’s plans to launch this degree and we are looking forward to being able to offer ‘electives’ to future MIS cybersecurity students. Cordially,

Paulette

School of Government & Public Policy

315 Social Science

P.O. Box 210027

Tucson, AZ 85721-0027

Tel: (520) 621-7600

Fax: (520) 621-5051

http://sgpp.arizona.edu

617 N. Santa Rita Avenue

Tucson, Arizona 85721

TEL (520) 621.2868

FAX (520) 621.8322

www.math.arizona.edu

October 18, 2016

Sue Brown, McCelland Professor of MIS Interim Department Head Department of Management Information Systems Eller College of Management Dear Sue, I am writing on behalf of the Mathematics Department as Interim Head. The online Master's degree that the MIS department in Eller is proposing looks very interesting and I expect there will be high demand for it. This degree does not duplicate any existing degree programs offered by the Mathematics Department, and we support its creation. As for possible electives in the Mathematics Department for this new degree, we have an undergraduate course in cryptography, MATH 445 Introduction to Cryptography, which is offered every other year. For students who want to emphasize the data analytics, some of statistics courses taught by the math department could be useful. The most relevant one is probably: MATH 574M - Statistical Machine Learning and Data Mining. Unfortunately, neither of these courses are currently offered on-line, but our department is actively working on expanding our on-line offering. I welcome future discussion of what courses in our department might serve as useful electives for the students in this new degree and how they might be offered. With best wishes,

Professor and Interim Head Department of Mathematics

new academic program implementation request

Documents