Transcription
Introduction to Cyber Security (Spring 2020), COS 200/ITT 200, CRN#4739/4740 Course Meeting M/W 12:30 PM – 1:45 PMCourse Meeting room: Room 242 in the John Mitchell CenterEmail: lori.sussman@maine.eduOffice Location: John Mitchell Center, #224Gorham CampusOffice Phone: (207)780-5445Student Hours: Mon – Thurs 10 AM to noonDay(s)/Time(s)/Room #: M/W 12:30 PM – 1:45 PM– Room 242 in the John Mitchell CenterCourse Materials & Books:AFTInstructor: Lori SussmanOptional:RRequired:Principles of Cybersecurity Common Cartridge, 1-year accessBy Linda K. LavenderISBN: 9781635637151, Edition: 1st, Type: Access CardPublisher: GOODHEART WILCOX COMPANYDPrinciples of Cybersecurity (Hardcover)By Linda K. LavenderISBN: 9781635635539Edition: 1stPublisher: GOODHEART WILCOX COMPANYPrinciples of Cybersecurity (Paperback)By Lavender, LindaISBN: 9781635635546Edition: LabPublisher: Goodheart-Willcox PubCompTIA Security All-in-One Exam Guide, Fifth Edition (Exam SY0-501)By Conklin, Wm. Arthur; White, Greg; Williams, Dwayne; Cothren, Chuck; Davis, RogerISBN: 9781260019322Edition: 5th1
Technology Requirements:COMPUTER ACCESS: A substantial amount of exchange is via notes and assignments and principally deliveredthrough USM Blackboard found at https://bb.courses.maine.edu/ Your success hinges on having the appropriatecomputer configurations as stated necessary for accessing course resources, course calendar, turning inassignments, contacting the instructor, and taking assessments. If you do not have a windows computer, you willhave do either partition your machine to run a PC emulation or use lab or library machines. Refer to https://help.blackboard.com/Learn/Student for specifics USM Tech Support for Blackboard contact is techsupport@maine.edu or 1-800-696-4357 (Monday-Friday7:00 AM - 7:30 PM) USM Faculty & Students help: http://usm.maine.edu/helpdesk call 207-780-4029.Course Description: An introduction to the fundamentals of cyber security and information assurance. Students willdevelop a knowledge base for defining and recognizing both online threats and potential targets and developintellectual tools for evaluating relative risks within cyberspace. Students will apply theories and best practices foraddressing potential costs of countermeasures for cyber-attacksRAFTLearning Outcomes: Demonstrate an understanding of cybersecurity tools, techniques and technologies Discuss how traditional intelligence methods and procedures are applied to the cybersecurity domain Apply critical thinking and information related to the discipline of cybersecurity, Demonstrate an understanding of intelligence, computer forensics, cyber operations, electronic crime,and malware analysis Demonstrate an understanding of the legal and technical aspects of a cybercrime investigation and theapplication of computer forensic tools Explain how ethical issues impact decision making in the cybersecurity area Demonstrate an understanding of different forms of malware Demonstrate an understanding of risk assessment and management methods related to cybersecurity andnational critical infrastructures Differentiate between cyber defense and attack methods Apply fundamental cybersecurity concepts when assessing organizationsDClass Schedule and Assignments:Course Outline: The topics and assignments by date and week are shown below. Please note that this is a TENATIVEschedule, meaning that it is subject to change. The instructor reserves the right to amend, adjust, or otherwisemodify this course outline/syllabus at any time during the course. The students should check the syllabus onBlackboard often since it is the ultimate version and overrides any other versions, revisions, etc. It is each student’ssole responsibility to keep abreast of any changes.2
Date1Mon 1/20TopicsNo Class - MLK, Jr. DayObservanceWed 1/22Read SyllabusReview Blackboard andIntroductions, SyllabuseBook with SupportingReview, Blackboard Review, Materialsand Overview of NIST Model Pick Assessment Targetsand AssessmentFill out nondisclosureRequirementagreements (NDA)Mon 1/27Read Chapter 1:Introduction toCybersecurity Homework:Introduction toLab 1-1 Security ReportsCybersecurity, Virtualized(Each extra lab is extraMachines, Skills Needed by credit point)Cybersecurity ProfessionalsWed 1/29Read Chapter 2:Information SecurityFundamentals Homework:Lab 2-3 Advanced GoogleSecurity Principles,Search (Each extra lab isVulnerabilities and Threats, extra credit point)Legal Requirements3DR2AssignmentAFTWeekMon 2/3Wed 2/5Read Chapter 3: ManagingUser SecurityAuthentication and Control, Homework: Choose one ofAccess to Files and Folders four labs (Each extra lab isextra credit point)Read Chapter 4: CommandLine InterfaceManagementAuthentication and Control, Homework: Choose one ofAccess to Files and Folders five labs (Each extra lab isextra credit point)3
5Mon 2/10Wed 2/12Read Chapter 6: ProtectingHost Systems, OperatingSystem Services pp 178199 (Section 6-1)Homework: Lab 6-3 (EachBusiness Controls,extra lab is extra creditEnvironmental Controls, and point)User ActionsMon 2/17No Class - President's DayObservanceAFT4Read Chapter 5:Controlling PhysicalEnvironments and UserWindows Command Prompt, ActionsHomework: Lab 5-2 (EachWindows PowerShell,extra lab is extra creditIntroduction to Linuxpoint)67DRWed 2/19Mon 2/24Read Chapter 6: ProtectingHost Systems, pp 200-217(Section 6-2)Homework: Lab 6-4 (EachOperating System Services, extra lab is extra creditSystem Vulnerabilitiespoint)Identify Assessment DueRead Chapter 7: SecurityVulnerabilities andProtection ofNontraditional HostsHomework: Lab 7-5 (Eachextra lab is extra creditMobile Devices andpoint)Nontraditional HostsRead Chapter 8 : Overviewof Network Security andNetwork ThreatsHomework: Lab 8-3 (Eachextra lab is extra creditpoint)Wed 2/26Network Basics, NetworkThreatsMon 3/2Read Chapter 9:Protecting NetworkServices and Infrastructurefrom AttacksHomework: Lab 9-1 (EachNetwork Design, Protecting extra lab is extra creditNetwork Devicespoint)4
Wed 3/4Read Chapter 11:Encryption andCryptographyHomework: Lab 11-3 (Eachextra lab is extra creditpoint)Wed 3/11Mon 3/16Wed 3/18No Class - Spring BreakNo Class - Spring BreakMon 3/23Wed 3/2511Read Chapter 10: WirelessNetwork SecurityHomework: Lab 10-4 (Eachextra lab is extra creditpoint)Read Chapter 12: Threatsto DataHomework: Lab 12-1 (Eachextra lab is extra creditThreats to Software, Threats point)to Web Applications, Threats Detect and ProtectAssessment Dueto DatabasesD10Encryption Overview,Validating and SecuringNetwork Transmission,Other Uses of ComputerEncryptionAFT9Mon 3/9R8Wireless NetworkingOverview, WirelessVulnerabilities, WirelessAccessMon 3/30Overview of PenetrationTesting, Certifications forPenetration TestingRead Chapter 13:Penetration TestingHomework: Lab 13-3 (Eachextra lab is extra creditpoint)Read Chapter 14: CloudComputingHomework: Lab 14-1 (EachCloud Basics, Cloud Services, extra lab is extra creditOther Cloud Considerations point)Overview of Risk, HandlingRiskRead Chapter 15: RiskManagementHomework: Lab 15-3 (Eachextra lab is extra creditpoint)5
Wed 4/1Mon 4/613Wed 4/8Workplace Readiness,Understanding IndustriesMon 4/13Panel DiscussionWed 4/15Team PreparationPlan PresentationsPlan PresentationsRed Hat PresentationsRed Hat PresentationsFINALS WEEKMon 4/20Wed 4/22Mon 4/27Wed 4/29Wed 5/4R14D1516Incident Response,Computer ForensicsAFT12Business Continuity andDisaster Recovery, FaultTolerance and RedundancyRead Chapter 16: BusinessContinuity and DisasterRecoveryHomework: Lab 16-1 butuse information from thedepartment you areassessing (Each extra lab isextra credit point)Read Chapter 17: IncidentResponse and ComputerForensicsHomework: Lab 17-4 (Eachextra lab is extra creditpoint)Read Chapter 18: Careerand WorkplaceConsiderations Homework:Lab 18-3 (Each extra lab isextra credit point)Respond & RecoverAssessment DueIndependent group timeNo classReflection DueASSESSMENTS:ItemPointsIndividual Assignments18 Labs @ 5 pts each90Identify Assessment30Protect and Detect Assessment30Respond and Recover Assessment30Final Reflection Paper20Group AssignmentsGroup Cybersecurity Assessment50PresentationGroup Red Hat Presentation50TOTAL3006
Grading Criteria:Grading 963-6560-620-59AFTAAB BBC CCD DDFCourse Evaluations:At the end of each semester every student has the opportunity to provide constructive feedback on thecourse. It is important to me that you take the time to let me know your thoughts about the course. I useyour feedback to make improvements in the course materials, assignments, and outcomes.RThe class took an anonymous poll and created an aspirational goal to achieve 100% participation for courseevaluations. Each individual in the class will get three bonus points if the class achieves 100% participation inthe course evaluation by the end of the day on 4/28/2020 (Poster Presentation Day).COURSE POLICIESDATTENDANCE POLICYThese classes are a substantial part of the learning experience. As such, a second unexcused absence willresult in a letter grade reduction. Three unexcused absences result in course failure. Health relatedabsences do NOT require a written excuse from University Health Services and will be treated as an absence,beyond 2 health related absences may affect your grade. All other excused absences (sports and academic)must be supported with written documentation. It is the responsibility of the student to providedocumentation. Those with excused absences are expected to work with the instructor and peers to makeup the material. Students should contact classmate(s) for missed notes.CLASS CANCELLATIONThe instructor will inform students via Blackboard and university email about how the week’s content that isexpected for students to cover on their own if class is cancelled due to inclement weather or other reasonsdeemed necessary by USM. Cancellations due to inclement weather are announced on the radio or may beobtained by calling the University of Southern Maine's hotline: 780-4800.ATTENDANCE POLICY: Inclement Weather7
From time to time USM will close the University due to inclement weather. When the cancellation is for anentire day, the class content will be made up at another time or through additional, outside of class,assignments.When the school opens late or closes early, and the time selected is during the middle of class, we will stillhold the class unless you are otherwise notified by me. Two examples: If class starts at 1pm, but the University is closing at 1:30pm, we will still have class unless you hearfrom me. If class starts at 1pm, but the University is opening at 1:30pm, we will still have class unless you hearfrom me.DRAFTSTUDENT RESPONSIBILTIESYou are expected to complete all assignments on time. All assignments have firm due dates. If you do notunderstand an assignment, or anything else we have discussed in class, do not hesitate to ask for clarification(either in class or in Blackboard Q & A). The professional world expects everyone treat colleagues with dignityand respect which is mirrored in this class. Homework: Homework in the form of labs will be assigned and graded. Homework must be submittedby the due date for which it was assigned. Late homework will be graded as ‘0’. Readings should be completed before class Group Work: Today’s technology environment requires collaboration. For this reason, teams will beassigned for presentations and exercises. If a partner is not contributing their fair share, it is theteammates’ obligation to take corrective action. Hold your teammates accountable, as you will inyour future jobs. Continuous and open intra-team communication is crucial to group success. Submissions: Back up all work and retain copies of all materials Needing to leave the classroom: If you need to leave the classroom for any reason (bathroom,hygienic, etc.) please excuse yourself quietly and return quietly. If there is a reason to be tardy or misspart of a class for other personal/professional reasons, please consult with your instructor about theforthcoming event through email or in person. Food in the classroom: No eating during the class session. Students may bring nonalcoholic beverages,but they should be in spill proof containers. Class notes: Note taking is supported and encouraged as part of your coursework. Students may alsouse notepads and laptops to type notes as long as this is done quietly under reasonable circumstance.However, no texting, audio, images, and/or video recording technologies will be allowed to be usedfor capturing lectures, reviews, or labs within the classroom without the instructor's specific consentor permission for accommodations specified by the Disabilities Services Center(https://usm.maine.edu/dsc). When students are sitting at computer stations during exams, lecturesand demonstrations, all social networking sites will be turned off. Student owned technologies in the classroom: Students may use their own laptop/notepadcomputers in the classroom but are responsibility for the security and safety of these devices. Mobile phones and tablets: Please remember to be respectful of others and tum cell phones offduring class. No calls will be taken during class unless prior approval is given by the instructor.Repeated disruptions may require a request to have the phone turned off. Texting in class is notallowed. Texting could be seen as an issue conflicting with a Student's Academic Integrity Policy.Repeated offenses will require request to have the phone turned off and stored off the desk.ACADEMIC INTEGRITY / PLAGIARISMEveryone associated with the University of Southern Maine is expected to adhere to the principles of8
academic integrity central to the academic function of the University. Any breach of academic integrityrepresents a serious offense. Each student has a responsibility to know the standards of conduct andexpectations of academic integrity that apply to academic tasks. Violations of academic integrity include anyactions that attempt to promote or enhance the academic standing of any student by dishonest means.Cheating on an examination, stealing the words or ideas of another (i.e., plagiarism), making statementsknown to be false or misleading, falsifying the results of one's research, improperly using library materials orcomputer files, or altering or forging academic records are examples of violations of this policy which arecontrary to the academic purposes for which the University exists. Acts that violate academic integritydisrupt the educational process and are not acceptable.Evidence of a violation of the academic integrity policy will normally result in disciplinary action. A copy ofthe complete policy may be obtained from the office of Community Standards and Mediation, onlineat ic-integrity or by calling and requesting a copyat (207) 780-5242.AFTFINAL EXAMINATIONS/FINAL PROJECTTests/Exam: There are labs and papers, but no major tests in this course. The individual written assessmentportions (identify, protect, detect, respond, recover), group cybersecurity assessment presentation, andgroup red-hat presentation allow you to actually do something with the material, and not simply recitefacts. Ideally, you will create a cyber security assessment using methods and tools we discuss during theclass. Use the rubric to guide your final product.It is a USM academic policy that no tests or exams may be scheduled during the last week of classes.UNIVERSITY POLICIES AND RESOURCESDRDISABILITY ACCOMMODATIONSThe university is committed to providing students with documented disabilities equal access to all universityprograms and services. If you think you have a disability and would like to requestaccommodations, you must register with the Disability Services Center. Timely notification isessential. The Disability Services Center can be reached by calling 207-780-4706 or by emaildscusm@maine.edu. If you have already received a faculty accommodation letter from theDisability Services Center, please provide me with that information as soon as possible. Pleasemake a private appointment so that we can review your accommodations.TUTORING AND WRITING ASSISTANCETutoring at USM is for all students, not just those who are struggling. Tutoring provides active feedback andpractice, and is available for writing, math, and many more subjects. Walk-in tutoring is available at theGlickman Library in Portland, the Gorham Library, and the LAC Writing Center. For best service, werecommend making an appointment at oringappointment. Questions about tutoring should be directed to Naamah Jarnot at 207-780-4554. Interested inbecoming a more effective, efficient learner? Check out https://usm.maine.edu/agile!COUNSELINGCounseling is available at USM. The best way to schedule an appointment is by phone at 780-5411. Moreinformation is available at https://usm.maine.edu/uhcs.NONDISCRIMINATION POLICY9
The University of Southern Maine is an EEO/AA employer, and does not discriminate on the grounds of race,color, religion, sex, sexual orientation, transgender status, gender expression, national origin, citizenshipstatus, age, disability, genetic information or veteran’s status in employment, education, and all otherprograms and activities. The following person has been designated to handle inquiries regarding nondiscrimination policies: Sarah E. Harebo, Director of Equal Opportunity, 101 North Stevens Hall, University ofMaine, Orono, ME 04469-5754, 207.581.1226, TTY 711 (Maine Relay System).STATEMENT ON RELIGIOUS OBSERVANCE FOR USM STUDENTSAbsence for Religious Holy Days: The University of Southern Maine respects the religious beliefs of allmembers of the community, affirms their rights to observe significant religious holy days, and will makereasonable accommodations, upon request, for such observances. If a student’s religious observance is inconflict with the academic experience, they should inform their instructor(s) of the class or other schoolfunctions that will be affected. It is the student’s responsibility to make the necessary arrangementsmutually agreed upon with the instructor(s).AFTTITLE IX STATEMENTThe University of Southern Maine is committed to making our campuses safer places for students. Becauseof this commitment, and our federal obligations, faculty and other employees are considered mandatedreporters when it comes to experiences of interpersonal violence (sexual assault, sexual harassment, datingor domestic violence, and stalking). Disclosures of interpersonal violence must be passed along to theUniversity’s Deputy Title IX Coordinator who can help provide support and academic remedies for studentswho have been impacted. More information can be found online at http://usm.maine.edu/campus-safetyproject or by contacting Sarah E. Holmes at sarah.e.holmes1@maine.edu or 207-780-5767.DRIf students want to speak with someone confidentially, the following resources are available on and offcampus: University Counseling Services (207-780-4050); 24 Hour Sexual Assault Hotline (1-800-871-7741);24 Hour Domestic Violence Hotline (1-866-834-4357).10
Introduction to Cyber Security (Spring 2020), COS 200/ITT 200, CRN #4739/4740 Course Meeting M/W 12:30 PM - 1:45 PM Course Meeting room: Room 242 in the John Mitchell Center Instructor: Lori Sussman Office Location: John Mitchell Center, #224 Gorham Campus Email: lori.sussman@maine.edu Office Phone: (207)780-5445
