HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

Transcription

1 HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level: 3 RD /4 TH year Degree Program: : BSIT with Area of Specialization in Network Administration Course Description: Cyber introduces students to the interdisciplinary field of cyber by discussing the evolution of information into cyber, cyber theory, and the relationship of cyber to nations, businesses, society, and people. Students will be exposed to multiple cyber technologies, processes, and procedures, learn how to analyze the threats, vulnerabilities and risks present in these environments, and develop appropriate strategies to mitigate potential cyber problems. Students will be able to explore foundational cyber principles, architecture, risk management, attacks, incidents, and emerging IT and IS technologies. At the end of the course, students will be able to: Course Outcomes Graduate Outcomes aligned to 1 Produce a Case Report on current setup being used BSIT 2. Understand best practices and standards and their applications in the industry 2 Perform analysis of a program 3 Develop a Security System Design 4 Perform analysis of an system 5 Author a Security Policy BSIT 4. Identify and analyze user needs and take them into account in the selection, creation, evaluation and administration of computer-based systems. BSIT 11. Analyze the local and global impact of computing information technology on individuals, organizations, and society BSIT 12. Understand professional, ethical, moral, legal, and social issues and Page 1 of 15

2 responsibilities in the utilization of information technology. Learning Evidences As evidence of attaining the above learning outcomes, the student has to do and submit the following: LE1 Security Analysis Research 1, 2, 4 LE2 Security Policy 4 LE3 Security System Design 3 RUBRIC TO ASSESS LEARNING EVIDENCES: Measurement System To assess the level of performance in the learning evidences, the following rubrics will be used: LE1: Security Analysis Research Area to Assess Beyond Expected Satisfactory Acceptable Unacceptable Expectation Case Background (full detail of case issue) Security Problems Identified Security Measures Recognized The case background was completely explained and all items were very clear All the problems All the The case background was 75% complete, and explained well 75% of the problems were 75% of the measures and The case background was 50% complete explained well 50% of problems 50% of the measures and There was around 25% detail to understand the case background Only 25% of problems were Only 25% of the measures and The case background lacks detail, making it difficult to follow There were no problems There were no measures recognized properly Page 2 of 15

3 LE2: Security Policy Area to Assess Beyond Expected Satisfactory Acceptable Unacceptable Expectation General Security Policies ICT Security Policies Security Measures in case of Breach Recovery Measures All the general policies : *physical,*natural and *man-made All the ICT policies : *data, *device and *user All the All the recovery 75% of the general policies were 75% of the ICT policies 75% of the 75% of the recovery 50% of the general policies were 50% of the ICT policies 50% of the 50% of the recovery Only 25% of the general policies were Only 25% of the ICT policies were Only 25% of the Only 25% of the recovery General policies are incomplete ICT policies were incomplete There were no measures recognized properly There were no recovery measures in place Page 3 of 15

4 LE3: Security System Design Area to Assess Security Policies Security Personnel Security Appliance (identification and placement) Configuration Beyond Expectation All the policies were needed were All required manpower for were The design exceeds the expectation of appliances needed The design exceeds the expectation in the deployment of configuration Expected Satisfactory Acceptable Unacceptable 75% of the policies were needed 75% of the problems were The design meets the expectation of appliances needed The design meets the expectation in the deployment of configuration 50% of the policies were needed 50% of problems The design has only gained 50% of the expected of appliances needed The design only has 50% of the configuration Only 25% of the policies were needed Only 25% of problems were Only 25 % of the design was made of appliances needed Only 25% of configuration was seen in the design Security policies are incomplete There were no problems There were no appliances The design did not have configuration Page 4 of 15

5 Other Requirements and Assessments Aside from the final output, the student will be assessed at other times during the term by the following: Assessment Description Course Outcomes Activity AA1 Prelim Quiz 1, 2, 4 AA2 Prelim 1, 2, 4 AA3 Locale Proposal 1, 2, 4 AA4 Midterm Quiz 1, 4 AA5 Midterm 1, 2, 4 AA6 Case Report 2, 3, 5 AA7 Strategic Plan 2, 3, 4 AA8 Final Quiz 2, 3, 5 AA9 Final Seatwork 2, 3, 4 AA10 Final 2, 3, 4 Page 5 of 15

6 The final grade in this course will be composed of the following items and their weights in the final grade computation: Assessment Grade Source (Score or Rubric Grade) Percentage of Final Grade Item AI1 (LE1) Security Analysis Research 11.67% AI2 (LE2) Security Policy 11.67% AI3 (LE3) Security System Design 11.67% AI4 Prelim Class Standing (AA1-AA3) 21.67% AI5 Midterm Class Standing (AA4-AA7) 21.67% AI6 Finals Class Standing (AA1-AA3) 21.67% Learning Plan: Intended Learning Outcome Unit # Co urs e Out co me Topic Learning Activities Assessment Activity Student Output Define the different concepts of Cyber Security Differentiate the different facets of the Cyber Security Industry We ek 1, Presentations of course outline, course requirements, grading system and regulations. CyberSecurity Introduction Definition of Terms The Cloud and Cyberspace Security Principles The Cyber Industry Classroom/ Laboratory Mediated and gapped Lecture with insertion of Video presentations Quiz AA1 Page 6 of 15

7 Evaluate threats and vulnerabilities and discuss their differences 1-2 2, 4 Goals for Security Cyber Security Professionals E-commerce Security Computer Forensics Steganography Security Engineering Security Threats and vulnerabilities Overview of Security threats Insecure Network connections Programming Bugs Cybercrime and Cyber terrorism Information Warfare and Surveillance Locale Identification Activity Prelim Quiz AA3 - Locale Proposal Page 7 of 15

8 Explore vulnerabilities and be able to assess an organization s policy by testing for vulnerability using online tools Recognize and examine Denial of Service Attacks and observe its behavior in the network. Examine and Demonstrate simple hacking techniques using password cracking Examine differences among Malwares Evaluate and demonstrate the use of anti-virus and anti-malware programs Differentiate the attacks and what they affect in your computer system or network Wee k 3-5 1, 2, 4 1, 2, 4 Vulnerability assessment Basic Reconnaissance Scanning Port Monitoring/ Managing In-Depth Searches Introduction to DoS Attacks Distributed Denial of Service Defending DoS Attacks Denial of Service Attack examples Hacking Techniques Passwords Password Cracking Password Cracking Tools Securing Passwords through o applications o devices o policies Mitigating Measures Identifying Malware and How to Protect Yourself Malicious Code Viruses Trojan Horses Buffer Overflow Attack Sasser Virus Spyware Other Forms of Malware Detecting and Eliminating Demonstration of Cyber space of an organization through the use of domain and vulnerability assessment tools Demonstration of Denial of Service Attack Examples Video Presentations for demonstration Mediated and gapped Lecture with insertion of Video presentations Denial of Service Attack Hacking AA2 - Prelim Page 8 of 15

9 Perform a research on the analysis of an organization s measures Wee k 6 Viruses and Spyware Anti-virus and anti-malware programs Organization Security Evaluation Are the people in the organization aware of what Cyber Security is? Does the organization have a policy? What is essential to be secured? Are there measures both for Information Systems and general? Are there sanctions for breach? Demonstration of Anti-virus and anti-malware software examples Discuss how an organization is evaluated, then let the class research on states of an organization Malware Cleaning Evaluation of an Organization s current state through research and data gathering AA2 - Prelim LE1 - Security Analysis Research Appreciate the ways of assessing a system Wee k 7-9 1, 2, Basics of Assessing a System Securing Computer Systems Safe Web Surfing History of Encryption Modern Methods Mediated and gapped Lecture with insertion of Video presentations Quiz AA4 Midterm Quiz Page 9 of 15

10 Demonstrate and understand cryptography and virtual private network functions Evaluate and explain Internet Fraud, Cyber Stalking and Laws of Cyber Crime Evaluate and identify how fraudulent websites, advertisements and documents differ from actual and authentic ones Describe and discuss Industrial Espionage and be able to evaluate how espionage is evident and exhibited in a computer system/network Examine and understand attacks to Finance and Telecommunications Demonstrate and evaluate the attacks to be able to differentiate and predict them for planning of design Examine the steps to strategic Wee k , 2, 4 Cryptographic Basics Virtual Private Networks Internet Fraud Fraudulent Websites Fraudulent Advertisements Fraudulent Documents Cyber Stalking Laws of Cyber Crime What Is Industrial Espionage Information as an Asset How Does Espionage Occur? Protecting Against Espionage Real World Examples Espionage Cases Overview of Cyber in Finance and Telecommunications Economic Attacks Military Operations Attacks General Attacks Examples of Actual Attacks to Finance and Telecommunications systems Demonstration of fraudulent websites, documents and advertisements Mediated and gapped Lecture with insertion of Video presentations Mediated and gapped Lecture with insertion of Video presentations Activity: Identifying fraud in websites, advertisement s and websites Case Analysis AA5 Midterm Hands- Page 10 of 15

11 and architectural planning and be able to apply to a simple strategic plan Defending Against Global Threats Information Warfare Actual Cases Future Trends Defense Against Cyber Terrorism Strategic and Architectural Cyber Planning 1. Pursue consistent approaches based on industry standards 2. Restrict access to sensitive information and systems 3. Layer to improve defenses and contain breaches 4. Employ authentication to verify identity and policy compliance 5. Encrypt storage to protect secrets 6. Automate to rapidly identify threats, and block and intermediate attacks Demonstration of actual cases of terrorism in a computer system Mediated and gapped Lecture with insertion of Video presentations Activity Creating a strategic plan AA6 - Case Report AA7 - Strategic Plan Page 11 of 15

12 Create a design assessment and evaluate the design through the development of a policy Demonstrate configuration of appliance based on assessment and design Demonstrate a simple strategic plan Evaluate vulnerabilities and solutions to a computer system or network by incident detection and prevention Wee k 13 Wee k Security Solutions 3 Security design assessment Posture assessment Planning and Build Services Migration Service for Adaptive Security Appliance Co5 Configuration of Security Appliance Co5 1, 2, 4 Simple Firewall, Router, Switch configuration based on a policy plan Vulnerabilities and Solutions 1. Incident Detection 2. Incident Prevention Present examples of solutions through policies Demonstration of Security Appliance Configuration Demonstration of basic strategic plans in device configuration Mediated and gapped Lecture Create Security Policies for the design created Hands on activity: Simple Security appliance configuration Hands on activity: Configure the simple strategic plan Seatwork Quiz Security Policy AA10 Finals AA9 Finals Seatwork AA8 Finals Quiz Page 12 of 15

13 Create a design for Incident Detection and prevention through configuration of access lists and appliance Lecture and Lab Evaluate the new Security Trends and create a design for on a certain organization Wee k 18 5 ASA Configuration for Detection and prevention Security System Trends and Designs Demonstrate a simple strategy to secure a network Designing of the Security System of an Organization Hands on activity: Configure the simple strategy Presentation of Security System Design AA8 Finals Security System Design Course Requirements: Skills activity, quizzes, seatwork, recitation, and required output submissions. Course References: A. Books Bosworth, Seymour. Computer handbook 6th ed Boyle, Randall (et al) Corporate computer 3rd ed Newman, Robert Computer : protecting digital resources Solomon, Michael. Security strategies in Windows platforms and applications 2nd ed Szor, Peter. The Art of computer virus research and defense Trappe, Wade. Introduction to cryptography with coding theory 2nd ed Vacca, John. Cyber and IT infrastructure protection B. Web References CYBERSECURITY: Cyber Fundamentals: Page 13 of 15

14 Introduction to Cyber Security Grading System Class Standing Includes: SKILLS 30% QUIZZES 25% RECITATION 10% Exams (Learning Evidences) 35% Grade (100%) =( Lecture (Class Standing(70%) + Exam (30%)) + Lab (Class Standing(60%) + Exam (40%)))/2 FINAL GRADE = (Prelim Grade + Midterm Grade + Finals Grade)/3 PASSING AVERAGE: 60% Minimum Passing Percent Average of Subject: 60 Range of Computed Averages Range of Transmuted Values Grade General Classification Outstanding Excellent Superior Very Good Good Satisfactory Fairly Satisfactory Fair Passed Below Passing Average 5.00 Failed Page 14 of 15

15 STANDARD TRANSMUTATION TABLE Transmuted Value Grade General Classification 97 and over 1.00 Outstanding 94 to Excellent 91 to Superior 88 to Very Good 85 to Good 82 to Satisfactory 79 to Fairly Satisfactory 76 to Fair Passed Below Failed 6.00 Failure due to absences 8.00 Unauthorized withdrawal 9.00 Dropped with permission Page 15 of 15